I don't give a shit about the hack, I want to find out about the arrest! Chances are we won't, and probably for good reasons, but this is good news!
I suspect they'll probably get a lot of info out of this guy. One thing to be tough anonymously over the internet... in a room with a bunch of people basically telling you you're going to spend the rest of your life getting ass-raped in prison is a whole different story.
If the unused addresses were to be put back into the pool it would give us most likely a good 5 to 6 years to do a nice orderly IPV6 rollout instead of the mess we are in now.
More time isn't what is needed. They've already had lots of time (nearly a decade).
So I say my proposal would buy us the time we need to fix the above problems and make the IPV6 transition a nice slow methodical orderly change over rather than the "Oh shit what are we gonna do?" mess that we have now.
That's the only way it's gonna happen. Like many other problems (pollution or fossil fuel) that cost a lot of money to fix just to get back to nominal, it's not gonna be dealt with until stuff starts actually breaking.
I have no plans ever to switch my home network to IPv6 unless someone can make a compelling case as to why that would make any sense at all.
Yup. Unless you are a business and have to figure something out more complicated than "the addresses of my machines have all changed", there isn't much reason in playing around with ipv6 until your ISP actually starts cooperating. I mucked around a little just to get some familiarity (and truth is, I actually don't like how ipv6 works), but once I got stuff communicating it got kinda dull.
Until IPv6 is available to most residential users, it's gonna make more sense to buy ipv4 addresses at high prices than to switch to ipv6 where the huge majority of the internet can't actually get to your site.
The problem here isn't the web hosts, it's the residential ISPs who are _still_ dragging their feet on this.
Right now most residential ISPs don't offer IPv6 period.
We arn't even at the "getting customers to buy into it" phase yet, we are at the "getting it available" point. Which is (and I know this dead horse has been sufficiently beaten already) quite sad considering how much the ipv4 problem has been known about and a solution available.
It's like when you buy a lock for your front door - you don't really need to study how many pins are in the lock; and your locksmith who installs it doesn't need to do research in what kind of metal the springs pushing the pins are made out of.
To carry on the analogy, buying a lock from the hardware store and installing it is quite the same as just enabling SSL in apache and plugging in a certificate. For most users, this is gonna be more than enough.
If you need higher security, you generally need to bring in someone who knows what they are doing in both cases though. What this guy is basically saying is: "I don't trust medico any more because someone at defcon figured out a really obscure way to break it so I'm thinking of building my own door lock. How many pins should I be using?"
But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?
The problem is, in this day you have little choice. Yes you can pick and choose the sites you think are likely to be secure (despite everything, before the PSN incident I would have guessed Sony's servers would be secure...) but just about anything can get hacked (RSA got hacked... wouldn't have guessed that one either).
I don't think people implicitly trust anything.. it's just that the only other choice is to restrict ourselves to services which don't require personal info.. a category which is getting smaller and smaller.
The two things that really need to happen are:
- This info needs to somehow become irrelevant. I'd love a day where I could post all this info to the world and it mean absolutely nothing. Relying on a set of secrets that you have to share with virtually everyone you do business with is kinda stupid. - People who managed need to be held responsible.. and I mean _really_ be held responsible. People should be going to jail over the PSN thing, as it stands we'll be lucky if they get a fine.
Prepared statements are a decent half-step, but they aren't easily applicable to variable-length queries such as "advanced search" or anything else with optional parameters.
I've generally managed this by dynamically building the query, preparing it, then dynamically building the data statement. Requires a little extra work, but I'll take it any day to mucking with various escape_string methods.
Code wise, I've found it makes it a little prettier to abstract the "search" from the SQL. So you have a "SearchComponent" object that contains say, field, comparator, value.. your advanced search is comprised of a collection of arbitrary SearchComponents.. you then iterate through this array when building your query (inserting the appropriate operation and token where appropriate).. then iterate through the collection again when building your DATA statement. This works just as well for optional arguments.
negating what little advantage the prepared statements offered.
I strongly disagree with "little advantage". Personally I think decoupling query from data and essentially eliminating most injection attacks and escaping/formatting nightmares is a pretty substantial advantage. Plus you get a performance boost when executing the same insert query over and over.. as it can cache a lot of the execution plan.
Around here, certifications mean very little. Employers are generally more concerned about the kind of work you've done at previous jobs. A few good references who will tell people how awesome you are and an impressive list of "my duties included" does you more good than a sheet full of "ABC+ Pro Certified" here.
That said, I've talked to friends elsewhere that have related the exact opposite.
I'd say ask around your local area. No point in getting a plate full of certifications if they mean nothing to the employers in your area.
The Connections series is indeed timeless! They need to start making documentaries like that again... with real scientists/historians and not actors reading lines... and the assumption that the audience has an IQ of at least room temperature. Also the production values of that series are still impressive by today's standards. It blows my mind how they seem to have constructed entire elaborate sets with lots of extras and costume, just for these 10 second clips between segments. Just James Burke talking in front of a podium would be enough, but the high quality of the show makes it extra watchable.
Would also recommend "The Machine That Changed the World" as worth checking out! The first 3 parts make a fairly comprehensive overview of the history of computing.
My point definitely wasn't that people should choose their education based solely on what is going to make them the most money. You spend a huge chunk of your life at work, so I think it damn better be something you like.
My point was more that the long term goal of said education should factor into it. The whole exploring yourself thing is all well and good, and in the long term works out for a few... but it's a pretty damn big chunk of money to spend on personal growth with no idea what you are going to do with it. Unless of course you have rich parents or something.. then go nuts!
This is a serious problem: how many people do you know who hate their jobs but feel stuck? I know many of them.
Quite a few, and most of them either didn't get an education, or got a degree in something with zero employability and ended up in a shitty McJob. That music therapy thing wasn't something I pulled out of my butt.. I actually know someone who got an education in it. For a free internet, what do you think they are currently doing. I actually know very few people who chose a career based soley on economic outcome... and the few I do are probably better off.
We also have a fairly large art school in this area... why I don't know.. from what I've heard the only employment in this province is pretty much teaching at said art school.
in our society, 18 year-olds embarking on a university education are still children
I always consider myself very lucky in that regard and I'm sure a lot of the slashdot crowd can relate to this. I knew exactly what I wanted to do going into high school. Hell I knew long before that, I just hadn't really started looking into the education/career side of things. I find it very hard to relate to making it that far in life with no clue what you want to do. Surely in 18 years _something_ has to have occurred where you said "hey, I could do this for a living". At the very least it might occur to people in their last year of high school that "hey, maybe I should think about what I'm gonna spend the next 40 years or so doing". Obviously I know this isn't the case. Most people seem to randomly pick... which results in the mess we are all familiar with. Just not something I understand.
Would be brilliant if there was anything interesting on!
Seriously.. all TV related technology is kind of meh these days because ultimately you are choosing between 50 different reality TV shows, maybe one or two token sitcoms/dramas and re-runs of real shows you’ve already seen and probably already own the DVD.
It’s not like music where there is enough variety that you can be taken aback by some band you didn’t even know existed. There is a limited amount of TV programming, and if you had any interest in it, you’ve probably already seen it or are at least aware of it.
I kinda said this in another post, but I think it should be a requirement of a student loan to research and detail how you plan to turn your degree into an actual job. As you said, a lot of people getting degrees are doing so because they've been told degree = better job. This is true where degree = computer science or engineering. This is generally not true where degree = music therapy.
Not saying oddball degrees can't result in a job.. and if you are _really_ pationate about something like that, then I think people should go for it... just do some research and figure out how you are going to make a living with it _before_ getting the loan.
I would also note that the ability to live very frugally for a few years after graduating and working a McJob throughout school/summers does a lot for avoiding the lifelong crippling debt thing.
They didn't do enough research / made a bad choice?
Ok, that's really not fair. Job markets change dramatically over short periods of time, but I still see a _lot_ of people getting degrees in things with absolutely no plan for how to turn it into a job when they graduate.
I almost think this should be a requirement for any student loan... write an essay detailing how, in the current job market, this degree will result in a decent job. Look at local job ads, maybe even call a few up and see what kind of education they are expecting people to have and such. Are you willing to move? If so, where? What's the job market like over there?
Not saying people shouldn't persue something they are pationate about, but getting your degree in music therapy may not be the best choice.
Yes a degree in liberal arts or religion isn't gonna carry you far... and yes there are extreme cases of CS majors flipping burgers and multi-mullionaire highschool dropouts, but in general I still think getting a degree results in a better job and more money later on in life. Good to see an article not trying to "rock the establishment"!
It maybe one of those bad corrolation dealies (people who can suck it up through a degree would have done better either way).. but I suspect the paper still helps.
The only reason I'd ever go to a Radio Shack is the same reason I'd go to a Best Buy - I'm desperate and I need something RIGHT NOW and it can't wait 48hrs for me to order it online and have it shipped to my door.
Oh I know that pain. Where I live (Atlantic Canada), you can't get much in less than a week. Nothing like forking out twice as much money for something half as good so you can finish a project over the weekend. It fills me with rage every time I do it:(
I think while analog electronics and amateur radio are fading (though I think ham is gonna be the last great true geek hobby for some time), I think digital electronics will see an upsurge.
I think the question really is whether it's viable in a brick and mortar model. Very hard to compete with digikey and mouser, especially in areas (like here in Atlantic Canada) with low population density. I'd love to not have to wait a week for that one little $2 component... but realistically I just don't see it as viable where I live.
More on topic, radio shack here in Canada was always a little more "TVs and Cell Phones" compared to down in the US... but a while ago they were bought out and converted to "The Source". Now all they sell in terms of components are things for high school projects (LEDs, a few switches, some wire). Your chances of finding even a resistor is pretty slim.
Depends on the button I guess. Some are fine, some suck (like the ones found on even pricey monitors). I find the ones on the (admittedly mid to low end) LG flatron monitors to be especially frustrating. They are unresponsive, have a slow reset rate (can only register 1 press a second.. very annoying when trying to navigate menus), and unless you hit the button square on the dot, it's a crap shoot if it'll select the button you want, or the one next to it (or neither).
Would be interesting but I can't really come up with an answer!
I mean, I gripe a lot about the direction that software in general is heading.. cloud computing and web apps and such... but core computing fundementals, there isn't really much that I miss.
Only think I can think of is the gradual death of the non-widescreen monitor. I suspect if there were any software features people missed in large enough groups... someone would re-implement them...
Their designs all presume that the memory is infinite, and that the hardware is infinitely fast, and that caches are also of infinite size.
To be fair, in most cases it is!
We should be seeing this kind of attention to UI updating make a resurgance with mobile.. but the concept of thinking this way is probably lost... and people have gotten used to the white boxes, almost treating them as a busy cursor.
By all rights we should be on the final phases of replacing VOIP with whatever would follow.. as it stands we arn't even really at mainstream VOIP yet!
If the replacement can't figure out the super-secret file path to a shell script or function call they use to do X, the replacement won't be able figure out a way of getting X done. Not the case.
This has been my exact experience! You assume someone is irreplaceable because only _he_ understands how that system works. So he quits, or gets promoted, or whatever.. someone steps in and figures it out. Before you blink the role is filled. Some things might get pushed back while someone comes up to speed on what said person was doing.. but any manager worth his weight in hammers accounts for this on any lengthy project. The old "lead dev hit by a bus" problem is well known and factored into most project plans.
People take some equity in leu of being paid the full going rate, and absorb some risk (but also stand to make serious money if they work hard and the thing takes off). The time to negotiate for equity would have been up front, not after the business is somewhat established and running smoothly.
If the owners of a six person company become billionaires and the employees only get their piddly (in comparison) salaries, and NOTHING more for what they accomplished, who's being greedy now?
Those owners also took all the risk. Again with the trade off. Some startups give out equity as a way of distributing the risk to employees (and the potential reward as well). This employer chose not only to not do this, but not even have him as a full time employee. More importantly this employee chose to work as a contractor at a contract rate (which is probably far from "piddly").
And this is all assuming this guy is really as indispensable as he thinks he is. He could just be a replaceable cog.. most people working on contract are. First step would be to go full time.. next step would be to talk about buying into the company some how.
Slashdot Mirror
My thoughts _exactly_.
I don't give a shit about the hack, I want to find out about the arrest! Chances are we won't, and probably for good reasons, but this is good news!
I suspect they'll probably get a lot of info out of this guy. One thing to be tough anonymously over the internet ... in a room with a bunch of people basically telling you you're going to spend the rest of your life getting ass-raped in prison is a whole different story.
The lack of tracability probably makes bitcoin more apt for this task, which I think is the real story.
Overall, bitcoin has that same "cool concept used by too many of the wrong people" feeling as freenet.
If the unused addresses were to be put back into the pool it would give us most likely a good 5 to 6 years to do a nice orderly IPV6 rollout instead of the mess we are in now.
More time isn't what is needed. They've already had lots of time (nearly a decade).
So I say my proposal would buy us the time we need to fix the above problems and make the IPV6 transition a nice slow methodical orderly change over rather than the "Oh shit what are we gonna do?" mess that we have now.
That's the only way it's gonna happen. Like many other problems (pollution or fossil fuel) that cost a lot of money to fix just to get back to nominal, it's not gonna be dealt with until stuff starts actually breaking.
I have no plans ever to switch my home network to IPv6 unless someone can make a compelling case as to why that would make any sense at all.
Yup. Unless you are a business and have to figure something out more complicated than "the addresses of my machines have all changed", there isn't much reason in playing around with ipv6 until your ISP actually starts cooperating. I mucked around a little just to get some familiarity (and truth is, I actually don't like how ipv6 works), but once I got stuff communicating it got kinda dull.
Even then it probably won't.
Until IPv6 is available to most residential users, it's gonna make more sense to buy ipv4 addresses at high prices than to switch to ipv6 where the huge majority of the internet can't actually get to your site.
The problem here isn't the web hosts, it's the residential ISPs who are _still_ dragging their feet on this.
Right now most residential ISPs don't offer IPv6 period.
We arn't even at the "getting customers to buy into it" phase yet, we are at the "getting it available" point. Which is (and I know this dead horse has been sufficiently beaten already) quite sad considering how much the ipv4 problem has been known about and a solution available.
It's like when you buy a lock for your front door - you don't really need to study how many pins are in the lock; and your locksmith who installs it doesn't need to do research in what kind of metal the springs pushing the pins are made out of.
To carry on the analogy, buying a lock from the hardware store and installing it is quite the same as just enabling SSL in apache and plugging in a certificate. For most users, this is gonna be more than enough.
If you need higher security, you generally need to bring in someone who knows what they are doing in both cases though. What this guy is basically saying is: "I don't trust medico any more because someone at defcon figured out a really obscure way to break it so I'm thinking of building my own door lock. How many pins should I be using?"
But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?
The problem is, in this day you have little choice. Yes you can pick and choose the sites you think are likely to be secure (despite everything, before the PSN incident I would have guessed Sony's servers would be secure...) but just about anything can get hacked (RSA got hacked... wouldn't have guessed that one either).
I don't think people implicitly trust anything .. it's just that the only other choice is to restrict ourselves to services which don't require personal info .. a category which is getting smaller and smaller.
The two things that really need to happen are:
- This info needs to somehow become irrelevant. I'd love a day where I could post all this info to the world and it mean absolutely nothing. Relying on a set of secrets that you have to share with virtually everyone you do business with is kinda stupid.
- People who managed need to be held responsible.. and I mean _really_ be held responsible. People should be going to jail over the PSN thing, as it stands we'll be lucky if they get a fine.
Prepared statements are a decent half-step, but they aren't easily applicable to variable-length queries such as "advanced search" or anything else with optional parameters.
I've generally managed this by dynamically building the query, preparing it, then dynamically building the data statement. Requires a little extra work, but I'll take it any day to mucking with various escape_string methods.
Code wise, I've found it makes it a little prettier to abstract the "search" from the SQL. So you have a "SearchComponent" object that contains say, field, comparator, value .. your advanced search is comprised of a collection of arbitrary SearchComponents.. you then iterate through this array when building your query (inserting the appropriate operation and token where appropriate) .. then iterate through the collection again when building your DATA statement. This works just as well for optional arguments.
negating what little advantage the prepared statements offered.
I strongly disagree with "little advantage". Personally I think decoupling query from data and essentially eliminating most injection attacks and escaping/formatting nightmares is a pretty substantial advantage. Plus you get a performance boost when executing the same insert query over and over.. as it can cache a lot of the execution plan.
Probably depends a lot on where you are.
Around here, certifications mean very little. Employers are generally more concerned about the kind of work you've done at previous jobs. A few good references who will tell people how awesome you are and an impressive list of "my duties included" does you more good than a sheet full of "ABC+ Pro Certified" here.
That said, I've talked to friends elsewhere that have related the exact opposite.
I'd say ask around your local area. No point in getting a plate full of certifications if they mean nothing to the employers in your area.
The Connections series is indeed timeless! They need to start making documentaries like that again... with real scientists/historians and not actors reading lines... and the assumption that the audience has an IQ of at least room temperature. Also the production values of that series are still impressive by today's standards. It blows my mind how they seem to have constructed entire elaborate sets with lots of extras and costume, just for these 10 second clips between segments. Just James Burke talking in front of a podium would be enough, but the high quality of the show makes it extra watchable.
Would also recommend "The Machine That Changed the World" as worth checking out! The first 3 parts make a fairly comprehensive overview of the history of computing.
My point definitely wasn't that people should choose their education based solely on what is going to make them the most money. You spend a huge chunk of your life at work, so I think it damn better be something you like.
My point was more that the long term goal of said education should factor into it. The whole exploring yourself thing is all well and good, and in the long term works out for a few... but it's a pretty damn big chunk of money to spend on personal growth with no idea what you are going to do with it. Unless of course you have rich parents or something.. then go nuts!
This is a serious problem: how many people do you know who hate their jobs but feel stuck? I know many of them.
Quite a few, and most of them either didn't get an education, or got a degree in something with zero employability and ended up in a shitty McJob. That music therapy thing wasn't something I pulled out of my butt.. I actually know someone who got an education in it. For a free internet, what do you think they are currently doing. I actually know very few people who chose a career based soley on economic outcome... and the few I do are probably better off.
We also have a fairly large art school in this area... why I don't know.. from what I've heard the only employment in this province is pretty much teaching at said art school.
in our society, 18 year-olds embarking on a university education are still children
I always consider myself very lucky in that regard and I'm sure a lot of the slashdot crowd can relate to this. I knew exactly what I wanted to do going into high school. Hell I knew long before that, I just hadn't really started looking into the education/career side of things. I find it very hard to relate to making it that far in life with no clue what you want to do. Surely in 18 years _something_ has to have occurred where you said "hey, I could do this for a living". At the very least it might occur to people in their last year of high school that "hey, maybe I should think about what I'm gonna spend the next 40 years or so doing". Obviously I know this isn't the case. Most people seem to randomly pick... which results in the mess we are all familiar with. Just not something I understand.
Would be brilliant if there was anything interesting on!
Seriously.. all TV related technology is kind of meh these days because ultimately you are choosing between 50 different reality TV shows, maybe one or two token sitcoms/dramas and re-runs of real shows you’ve already seen and probably already own the DVD.
It’s not like music where there is enough variety that you can be taken aback by some band you didn’t even know existed. There is a limited amount of TV programming, and if you had any interest in it, you’ve probably already seen it or are at least aware of it.
I kinda said this in another post, but I think it should be a requirement of a student loan to research and detail how you plan to turn your degree into an actual job. As you said, a lot of people getting degrees are doing so because they've been told degree = better job. This is true where degree = computer science or engineering. This is generally not true where degree = music therapy.
Not saying oddball degrees can't result in a job.. and if you are _really_ pationate about something like that, then I think people should go for it... just do some research and figure out how you are going to make a living with it _before_ getting the loan.
I would also note that the ability to live very frugally for a few years after graduating and working a McJob throughout school/summers does a lot for avoiding the lifelong crippling debt thing.
They didn't do enough research / made a bad choice?
Ok, that's really not fair. Job markets change dramatically over short periods of time, but I still see a _lot_ of people getting degrees in things with absolutely no plan for how to turn it into a job when they graduate.
I almost think this should be a requirement for any student loan... write an essay detailing how, in the current job market, this degree will result in a decent job. Look at local job ads, maybe even call a few up and see what kind of education they are expecting people to have and such. Are you willing to move? If so, where? What's the job market like over there?
Not saying people shouldn't persue something they are pationate about, but getting your degree in music therapy may not be the best choice.
My thoughts exactly!
Yes a degree in liberal arts or religion isn't gonna carry you far... and yes there are extreme cases of CS majors flipping burgers and multi-mullionaire highschool dropouts, but in general I still think getting a degree results in a better job and more money later on in life. Good to see an article not trying to "rock the establishment"!
It maybe one of those bad corrolation dealies (people who can suck it up through a degree would have done better either way) .. but I suspect the paper still helps.
The only reason I'd ever go to a Radio Shack is the same reason I'd go to a Best Buy - I'm desperate and I need something RIGHT NOW and it can't wait 48hrs for me to order it online and have it shipped to my door.
Oh I know that pain. Where I live (Atlantic Canada), you can't get much in less than a week. Nothing like forking out twice as much money for something half as good so you can finish a project over the weekend. It fills me with rage every time I do it :(
I think while analog electronics and amateur radio are fading (though I think ham is gonna be the last great true geek hobby for some time), I think digital electronics will see an upsurge.
I think the question really is whether it's viable in a brick and mortar model. Very hard to compete with digikey and mouser, especially in areas (like here in Atlantic Canada) with low population density. I'd love to not have to wait a week for that one little $2 component ... but realistically I just don't see it as viable where I live.
More on topic, radio shack here in Canada was always a little more "TVs and Cell Phones" compared to down in the US... but a while ago they were bought out and converted to "The Source". Now all they sell in terms of components are things for high school projects (LEDs, a few switches, some wire). Your chances of finding even a resistor is pretty slim.
Depends on the button I guess. Some are fine, some suck (like the ones found on even pricey monitors). I find the ones on the (admittedly mid to low end) LG flatron monitors to be especially frustrating. They are unresponsive, have a slow reset rate (can only register 1 press a second.. very annoying when trying to navigate menus), and unless you hit the button square on the dot, it's a crap shoot if it'll select the button you want, or the one next to it (or neither).
Oh.. one more (more hardware related):
The death of the physical button! These "smart" touch sensitive buttons, especiually the ones on many computer monitors, are the work of satan!
Would be interesting but I can't really come up with an answer!
I mean, I gripe a lot about the direction that software in general is heading.. cloud computing and web apps and such... but core computing fundementals, there isn't really much that I miss.
Only think I can think of is the gradual death of the non-widescreen monitor. I suspect if there were any software features people missed in large enough groups... someone would re-implement them ...
Their designs all presume that the memory is infinite, and that the hardware is infinitely fast, and that caches are also of infinite size.
To be fair, in most cases it is!
We should be seeing this kind of attention to UI updating make a resurgance with mobile.. but the concept of thinking this way is probably lost... and people have gotten used to the white boxes, almost treating them as a busy cursor.
Phone tech still moves pretty damn slow.
By all rights we should be on the final phases of replacing VOIP with whatever would follow.. as it stands we arn't even really at mainstream VOIP yet!
If the replacement can't figure out the super-secret file path to a shell script or function call they use to do X, the replacement won't be able figure out a way of getting X done. Not the case.
This has been my exact experience! You assume someone is irreplaceable because only _he_ understands how that system works. So he quits, or gets promoted, or whatever.. someone steps in and figures it out. Before you blink the role is filled. Some things might get pushed back while someone comes up to speed on what said person was doing.. but any manager worth his weight in hammers accounts for this on any lengthy project. The old "lead dev hit by a bus" problem is well known and factored into most project plans.
That's where equity comes in.. up front.
People take some equity in leu of being paid the full going rate, and absorb some risk (but also stand to make serious money if they work hard and the thing takes off). The time to negotiate for equity would have been up front, not after the business is somewhat established and running smoothly.
If the owners of a six person company become billionaires and the employees only get their piddly (in comparison) salaries, and NOTHING more for what they accomplished, who's being greedy now?
Those owners also took all the risk. Again with the trade off. Some startups give out equity as a way of distributing the risk to employees (and the potential reward as well). This employer chose not only to not do this, but not even have him as a full time employee. More importantly this employee chose to work as a contractor at a contract rate (which is probably far from "piddly").
And this is all assuming this guy is really as indispensable as he thinks he is. He could just be a replaceable cog.. most people working on contract are. First step would be to go full time.. next step would be to talk about buying into the company some how.