Actually, given that most software (except some carefully hardened server software) is insecure, an open port is very much a risk if it connects to an app.
It is actually a lot more long-term. As IT people have been treated badly pay- and career-wise (and in other ways) for a while now, many people that would have been good at it decided to enroll in other subjects at university or learn another trade-skill. The skill-gap is real, but those that complain now are the morons that caused it by focusing on short-term goals instead of on long-term survival.
Musk has a lot of money and one good product (much like other super-rich people). Even if he claims the most outrageous bullshit, it will still be heralded as the next great thing in the press. Also typical for the super-rich, it looks very much like he has surrounded himself with yes-men.
And you think countries with good train systems do not have that issue? And maybe they have solutions for it? All your posting shows how unaware you are of what is possible and being done in modern countries. (No, the US does not qualify as "modern".)
... and better hidden. The NSA does not think its immoral acts were the problem, it thinks getting caught was the problem. They are, as so many people, completely unaware of history.
Well, it is just yourself you want to convince, sure. But for others, you sort-of have to have demonstrated skills and that is where the PhD comes in. After all, you cannot just call yourself a surgeon or a pilot or the like either. Well, you can, but it will be meaningless. Although almost all self-styled "scientists" have no clue what they are doing and due to Dunning-Kruger are in addition unable to see that. The scientific method is a bit more involved than most people realize and that includes some pretty smart people. For example, "following the scientific method" is necessary but not sufficient. And even that part is actually pretty difficult to do and takes a lot of different forms. A single life is too short to find out all that by yourself.
Hence assuming that somebody without a PhD is not a scientist is a pretty safe bet.
As these are consumer devices, security will suck. Maybe it will be better than average, but even then it likely takes one talented black-hat and pictures from your bedroom will make it on the Internet.
Science actually works well, if practiced by competent and honest scientists. Unfortunately, there are just as many bad and dishonest scientists than there are incompetent and dishonest people in any other field. The medical fields is an extreme offender here though, probably dues to hugely inflated egos as additional problem.
I.e. if you carefully estimated the time, tell them you need twice that. If needed, waste some time to be accurate. Of course, even this method requires a high level of skill, because the average developer (i.e. not really good at anything) will deliver results with even more delay if given more time.
First, nothing technologically created is becoming "sentient" anytime soon, and certainly not "fast". At that position I stopped reading, because there was no chance left of anything worthwhile reading in the rest.
Luck is involved in the parts of finding things that others have not yet found and that hence give you a high payout. In particular, this gets progressively harder and the harder it gets, the lower the payouts. So while this person made $600'000 over 2 years, a repeat performance over the next 10 years, or so is exceptionally unlikely.
An actually professional code security review does not depend on luck. It also does not try to maximize "bugs found". It looks at architecture, design, input validation, critical data-paths, etc. and more than half of the result will not be description of bugs found, but analysis of severity and conclusions to be drawn and even things that are not directly bugs, like critical data-paths that rely on one protection mechanism, configuration options that are hard to get right and breaks security (or remove one layer of protection) when done wrong, code structure that is misleading, security functionality in surprising places, etc.
The whole focus on "finding bugs" is misplaced. You will never find them all and due to the randomization aspect of this, a different attacker may just find ones you did not find, regardless of how hard you looked. In fact, it is basically always cheaper and has a better result to re-implement with highly skilled and trusted people that thoroughly understand software security. Doing background-checks on these people and making sure they are satisfied with their jobs is actually much more important than to look at the code they produce. As so often in IT security, skewed and outright wrong ideas from bad movies are prevalent in the area of code security as well.
You miss the point. Sure all those you are quoting will gladly spy on, maim and kill others, but they will not touch each other. While these actors are pretty bad, it would be far worse if they were at war with each other.
It basically has no impact on employment. Industries that claim they now want to replace people with automation have planned to do this before anyways. They just found a pretext in minimal wages. The fact of the matter is that wherever people can be replaced with automation, they were not the main cost-factor anyways, with very few exceptions. Hence the effects of minimal wage are just to make sure people have more spending money and that is universally good for the economy. After all, what point is there in producing things, if people cannot buy them? Of course, this only works were people have jobs, and that is where the UBI comes in. Because in the medium-term future, a large part of the demographic will not have a job anymore due to automation. If they do not have reasonable spending money, the economy collapses due to market collapse and social unrest with become an extremely expensive problem.
I do however think that many of the opponents to an UBI are those that define their worth by their jobs and these people are scared extremely by the idea that they are actually not that special. The whole argument about it "being too expensive" is bogus.
Now also explain and make available effective contraception, or each person saved will spawn a few more to die from hunger and war two decades down the road. Messing with natural population control mechanisms is dangerous and tricky. Not saying it should not be done, but it needs to be done right or catastrophes will ensue.
Funny. There are not that many refugees. This is an artificially generated panic which serves to promote right-wing populists. Fortunately, in Germany they (AfD) are currently imploding, but other countries are not so lucky and the population anywhere always has a large faction that fall for the these people.
It can also be a "system security analyst" and a "software security analyst" or a lot more fuzzily an "IT Security Expert" or "IT Security Consultant". Of course, in a time where the BS term "Cyber" gets attached to anything, "Hacker" is actually a significant improvement.
white box = you have all documentation, accounts, technical authorizations, and access to people gray box = you have some of the above, often in limited form black box = you know how to reach the target systems
Black box pen-testing makes no sense, since it wastes a lot of time. The only reason to do it is that with a limited budget, it may not find things, i.e. create a false sense of security that management can then escalate as a great achievement.
Actually, given that most software (except some carefully hardened server software) is insecure, an open port is very much a risk if it connects to an app.
It is actually a lot more long-term. As IT people have been treated badly pay- and career-wise (and in other ways) for a while now, many people that would have been good at it decided to enroll in other subjects at university or learn another trade-skill. The skill-gap is real, but those that complain now are the morons that caused it by focusing on short-term goals instead of on long-term survival.
There are a few numbers, and they are not good at all. Also, time-frame would be multiple decades.
Musk has a lot of money and one good product (much like other super-rich people). Even if he claims the most outrageous bullshit, it will still be heralded as the next great thing in the press. Also typical for the super-rich, it looks very much like he has surrounded himself with yes-men.
And you think countries with good train systems do not have that issue? And maybe they have solutions for it? All your posting shows how unaware you are of what is possible and being done in modern countries. (No, the US does not qualify as "modern".)
The US is not a modern country in many regards. Its lack of a good train system is just one of them.
Yes. Utterly stupid, but all too human.
... and better hidden. The NSA does not think its immoral acts were the problem, it thinks getting caught was the problem. They are, as so many people, completely unaware of history.
Well, it is just yourself you want to convince, sure. But for others, you sort-of have to have demonstrated skills and that is where the PhD comes in. After all, you cannot just call yourself a surgeon or a pilot or the like either. Well, you can, but it will be meaningless. Although almost all self-styled "scientists" have no clue what they are doing and due to Dunning-Kruger are in addition unable to see that. The scientific method is a bit more involved than most people realize and that includes some pretty smart people. For example, "following the scientific method" is necessary but not sufficient. And even that part is actually pretty difficult to do and takes a lot of different forms. A single life is too short to find out all that by yourself.
Hence assuming that somebody without a PhD is not a scientist is a pretty safe bet.
Quite possibly that as well. MDs are not scientists. That requires an actual PhD.
As these are consumer devices, security will suck. Maybe it will be better than average, but even then it likely takes one talented black-hat and pictures from your bedroom will make it on the Internet.
Science actually works well, if practiced by competent and honest scientists. Unfortunately, there are just as many bad and dishonest scientists than there are incompetent and dishonest people in any other field. The medical fields is an extreme offender here though, probably dues to hugely inflated egos as additional problem.
I.e. if you carefully estimated the time, tell them you need twice that. If needed, waste some time to be accurate. Of course, even this method requires a high level of skill, because the average developer (i.e. not really good at anything) will deliver results with even more delay if given more time.
First, nothing technologically created is becoming "sentient" anytime soon, and certainly not "fast". At that position I stopped reading, because there was no chance left of anything worthwhile reading in the rest.
Luck is involved in the parts of finding things that others have not yet found and that hence give you a high payout. In particular, this gets progressively harder and the harder it gets, the lower the payouts. So while this person made $600'000 over 2 years, a repeat performance over the next 10 years, or so is exceptionally unlikely.
An actually professional code security review does not depend on luck. It also does not try to maximize "bugs found". It looks at architecture, design, input validation, critical data-paths, etc. and more than half of the result will not be description of bugs found, but analysis of severity and conclusions to be drawn and even things that are not directly bugs, like critical data-paths that rely on one protection mechanism, configuration options that are hard to get right and breaks security (or remove one layer of protection) when done wrong, code structure that is misleading, security functionality in surprising places, etc.
The whole focus on "finding bugs" is misplaced. You will never find them all and due to the randomization aspect of this, a different attacker may just find ones you did not find, regardless of how hard you looked. In fact, it is basically always cheaper and has a better result to re-implement with highly skilled and trusted people that thoroughly understand software security. Doing background-checks on these people and making sure they are satisfied with their jobs is actually much more important than to look at the code they produce. As so often in IT security, skewed and outright wrong ideas from bad movies are prevalent in the area of code security as well.
You are welcome.
Indeed. And apparently, the ones that caused huge losses for society and cost a lot of people their jobs are somehow regarded as above punishment.
You are blind. There is also a thing called "software" that can be used to automate tasks, no robots involved. Apparently, you have never heard of it.
You miss the point. Sure all those you are quoting will gladly spy on, maim and kill others, but they will not touch each other. While these actors are pretty bad, it would be far worse if they were at war with each other.
It basically has no impact on employment. Industries that claim they now want to replace people with automation have planned to do this before anyways. They just found a pretext in minimal wages. The fact of the matter is that wherever people can be replaced with automation, they were not the main cost-factor anyways, with very few exceptions. Hence the effects of minimal wage are just to make sure people have more spending money and that is universally good for the economy. After all, what point is there in producing things, if people cannot buy them? Of course, this only works were people have jobs, and that is where the UBI comes in. Because in the medium-term future, a large part of the demographic will not have a job anymore due to automation. If they do not have reasonable spending money, the economy collapses due to market collapse and social unrest with become an extremely expensive problem.
I do however think that many of the opponents to an UBI are those that define their worth by their jobs and these people are scared extremely by the idea that they are actually not that special. The whole argument about it "being too expensive" is bogus.
Now also explain and make available effective contraception, or each person saved will spawn a few more to die from hunger and war two decades down the road. Messing with natural population control mechanisms is dangerous and tricky. Not saying it should not be done, but it needs to be done right or catastrophes will ensue.
Funny. There are not that many refugees. This is an artificially generated panic which serves to promote right-wing populists. Fortunately, in Germany they (AfD) are currently imploding, but other countries are not so lucky and the population anywhere always has a large faction that fall for the these people.
At the cost-point they claim? They maybe have verified the email address for that ...
It can also be a "system security analyst" and a "software security analyst" or a lot more fuzzily an "IT Security Expert" or "IT Security Consultant". Of course, in a time where the BS term "Cyber" gets attached to anything, "Hacker" is actually a significant improvement.
white box = you have all documentation, accounts, technical authorizations, and access to people
gray box = you have some of the above, often in limited form
black box = you know how to reach the target systems
Black box pen-testing makes no sense, since it wastes a lot of time. The only reason to do it is that with a limited budget, it may not find things, i.e. create a false sense of security that management can then escalate as a great achievement.