Oh, I have. Your Ad Hominem is entirely misplaced.
And note that you require a "talented team". That "talented team" is not any of "tools, languages, coding-styles, etc.". It is people that know what they are doing and that take care to structure and document it as well as possible. This requires intelligence and creativity.
Incidentally, I disagree about the frameworks. They often hide too much. One of my main scopes is security and frameworks are one of the worst problems, because coders do not understand anymore where their data is and were it goes. These frameworks make it easier to get something to run, but much, much harder to get it to run well and securely. The framework designer cannot really do anything about that as they cannot know the specific security requirements that apply to applications using the frameworks later on.
If your critical thinking/programming skills are up to par, all you need is an honest interest in what it is you're programming for.
And I disagree on that. Rather strongly in fact. I am not talking about algorithms you can copy from a book or find in your run-of-the mill libraries. And I am certainly talking about related issues like cache-awareness, doing your own custom memory management, doing good privilege-separation on the architecture side, understanding side-channels, etc. Most coders just scratch the very surface and then mistakenly think they are good at it.
Well, most do not have what it takes. But it is certainly true that of the few that do have it, many are lost to coding because of an inadequate education system and bad job prospects. I mean these people are smart. Many of them will not go into coding when they can expect to have low job security, a bad salary and being treated badly. At the same time a small number of really good coders can often replace hundreds of mediocre and bad ones. Due to bad management in most larger companies, nobody seems to have noticed so far though.
Same here. But I see tons of people that either only understand the problem but cannot code or the other way round. Of course there are also people that suck at both. The fact of the matter is that only a small number of people can both code well (including understanding design, architecture, performance, security and reliability) and can understand the application problem well at the same time. Of course the latter is with the help of the customer or user, but even that seems to be too hard for many coders.
It is not laziness or unwillingness, IMO, it is simple inability. And people that can do one of these things well cannot be called stupid by any sane measure either. The problem of doing both things well is just very, very hard.
At least not too hard for everybody. But the simple plain fact is that thinking about code above a certain minimal complexity requires special talent. Tools, languages, coding-styles, etc. make no real difference.Those that do not have it ( probably something like 95% of all people) should stay away from professional coding. Incidentally, the same applies to mathematical thinking and reasoning, for example. Nothing surprising here, just too many people writing code that do not have what it takes.
Very true. Also, those that do get breached are not all attacked successfully because they made a really bad beginner's mistake. Although the list of companies with amateur-level security is long: RSA, Deloitte, Citibank,...
The truth is that security has zero ROI in an environment where you can just say "oops," write a small check and move on like nothing happened.
And that is the problem. If this was classified routinely as gross negligence (unless the company can prove having followed best practices), and the CEO was jailed, then things would look a bit differently. Before that or something similar happens, data-security used to protect customer data will remain a dark joke.
Even average attackers can get in. Also, when you make really stupid mistakes, in a working legal system that is called "gross negligence" and you become liable for the damage you did. Of course, Equifax being really large, they do not need to fear the law.
Seriously, who cares about Edge? If you write a Chrome plugin, it runs on Chrome and a lot of other browsers using the same engine (Vivaldi, for example). And you are not tied to one platform (Windows) either. Even learning how to write an Edge plugin is a waste of time, the market is far too small.
Most stupid comment already at the beginning. You probably do not realize that there is a dynamic to the behavior of anti net-neutrality entities as well.
Still, this may be a really bad idea. Of course, some of the hate will just fizzle out, given no easy to access forum. But for other people it may fester and drive them underground. That would be worse. We will have to wait and see, it is really unknown whether this is a good idea or not. It is a big experiment, to be sure.
I also doubt this is well thought out. It looks very much like the old, primitive cave-man reflex of "apply violence to anything you do not want to see", which is something most people are willing to go along with unreflected even today. Lets hope it does at least work to some degree.
If that is enough. As the Tape is basically inside the write coil core when data is written, magnetic field strengths used on tape are extreme. The other problem is that tapes are non-conductive. An EMP is going to do nothing at all.
These attacks are not particularly large or impressive. The only surprising thing was that somebody was willing to expose themselves (somewhat) by going larger than others before. But measured against what is possible, these werw not that big.
Cloudflare may at this time be able to mitigate simple flooding-based DDoS as long as it does not get too large. If you are willing to make yourself dependent on them, that is. As soon as the DDoS is a bit more sophisticated and masks as legitimate traffic, your visitors will either be tortured by inane captchas or the mitigation vanishes. That is, if captchas hold up longer-term. Which is highly questionable.
In the end, this is a transparent and empty gesture implying strength, intended to sway those weak of mind.
Oh, I have. Your Ad Hominem is entirely misplaced.
And note that you require a "talented team". That "talented team" is not any of "tools, languages, coding-styles, etc.". It is people that know what they are doing and that take care to structure and document it as well as possible. This requires intelligence and creativity.
Incidentally, I disagree about the frameworks. They often hide too much. One of my main scopes is security and frameworks are one of the worst problems, because coders do not understand anymore where their data is and were it goes. These frameworks make it easier to get something to run, but much, much harder to get it to run well and securely. The framework designer cannot really do anything about that as they cannot know the specific security requirements that apply to applications using the frameworks later on.
If your critical thinking/programming skills are up to par, all you need is an honest interest in what it is you're programming for.
And I disagree on that. Rather strongly in fact. I am not talking about algorithms you can copy from a book or find in your run-of-the mill libraries. And I am certainly talking about related issues like cache-awareness, doing your own custom memory management, doing good privilege-separation on the architecture side, understanding side-channels, etc. Most coders just scratch the very surface and then mistakenly think they are good at it.
Well, there are people that can do both. Just not a lot. And some have peculiar other issues, like thinking they are an AI ;-)
Yes, that too. Here is another gem: https://www.schneier.com/blog/...
It is both though.
Well, most do not have what it takes. But it is certainly true that of the few that do have it, many are lost to coding because of an inadequate education system and bad job prospects. I mean these people are smart. Many of them will not go into coding when they can expect to have low job security, a bad salary and being treated badly. At the same time a small number of really good coders can often replace hundreds of mediocre and bad ones. Due to bad management in most larger companies, nobody seems to have noticed so far though.
Or maybe you have never written any piece of code that actually had to solve a real problem and was not just simple business-logic.
Same here. But I see tons of people that either only understand the problem but cannot code or the other way round. Of course there are also people that suck at both. The fact of the matter is that only a small number of people can both code well (including understanding design, architecture, performance, security and reliability) and can understand the application problem well at the same time. Of course the latter is with the help of the customer or user, but even that seems to be too hard for many coders.
It is not laziness or unwillingness, IMO, it is simple inability. And people that can do one of these things well cannot be called stupid by any sane measure either. The problem of doing both things well is just very, very hard.
At least not too hard for everybody. But the simple plain fact is that thinking about code above a certain minimal complexity requires special talent. Tools, languages, coding-styles, etc. make no real difference.Those that do not have it ( probably something like 95% of all people) should stay away from professional coding. Incidentally, the same applies to mathematical thinking and reasoning, for example. Nothing surprising here, just too many people writing code that do not have what it takes.
Apparently, this distinction is too difficult for people writing about technology these days.
Apparently. The headline makes no sense at all.
Very true. Also, those that do get breached are not all attacked successfully because they made a really bad beginner's mistake. Although the list of companies with amateur-level security is long: RSA, Deloitte, Citibank, ...
The truth is that security has zero ROI in an environment where you can just say "oops," write a small check and move on like nothing happened.
And that is the problem. If this was classified routinely as gross negligence (unless the company can prove having followed best practices), and the CEO was jailed, then things would look a bit differently. Before that or something similar happens, data-security used to protect customer data will remain a dark joke.
Even average attackers can get in. Also, when you make really stupid mistakes, in a working legal system that is called "gross negligence" and you become liable for the damage you did. Of course, Equifax being really large, they do not need to fear the law.
Very true.
To be fair, the linked article makes the same, very basic mistake.
Seriously, who cares about Edge? If you write a Chrome plugin, it runs on Chrome and a lot of other browsers using the same engine (Vivaldi, for example). And you are not tied to one platform (Windows) either. Even learning how to write an Edge plugin is a waste of time, the market is far too small.
Most stupid comment already at the beginning. You probably do not realize that there is a dynamic to the behavior of anti net-neutrality entities as well.
It is a virtual certainty that invisible spy-rays have infected all Telegram employees!
In other news, the most dumb story on /. today has been identified, and it has something to do "Telegram". Seriously, stop this utterly demented crap.
Still, this may be a really bad idea. Of course, some of the hate will just fizzle out, given no easy to access forum. But for other people it may fester and drive them underground. That would be worse. We will have to wait and see, it is really unknown whether this is a good idea or not. It is a big experiment, to be sure.
I also doubt this is well thought out. It looks very much like the old, primitive cave-man reflex of "apply violence to anything you do not want to see", which is something most people are willing to go along with unreflected even today. Lets hope it does at least work to some degree.
Tapes are offline and disconnecting drives is a) technologically difficult and b) one main failure points for disks is when you start them.
If that is enough. As the Tape is basically inside the write coil core when data is written, magnetic field strengths used on tape are extreme. The other problem is that tapes are non-conductive. An EMP is going to do nothing at all.
These attacks are not particularly large or impressive. The only surprising thing was that somebody was willing to expose themselves (somewhat) by going larger than others before. But measured against what is possible, these werw not that big.
Cloudflare may at this time be able to mitigate simple flooding-based DDoS as long as it does not get too large. If you are willing to make yourself dependent on them, that is. As soon as the DDoS is a bit more sophisticated and masks as legitimate traffic, your visitors will either be tortured by inane captchas or the mitigation vanishes. That is, if captchas hold up longer-term. Which is highly questionable.
In the end, this is a transparent and empty gesture implying strength, intended to sway those weak of mind.
Indeed. And it is pretty important to let kids see and try a lot of different things.
Naa, $2B would still be a joke. Make that $20B per year and you start getting somewhere.