Same here. And secondary for about the same with a different provider. Also my own DNS for that. But sadly, most people, even most people here today, are not capable of running an email server.
You cannot have much experience with writing software in an enterprise environment. "Probably real bugs" does not cut it. Maintainers "will never see them" does not cut it. Anything that can be hit by a fuzzer can be hit by some other application doing something stupid. You will find arbitrarily misbehaving code in any enterprise environment. If you the have this crap in your way when trying to find out what is wrong, a problem turns into a disaster.
IT security people that cannot code, cannot configure a network and generally are not engineers are basically worthless. All they can do is stand in people's way by insisting on usually pretty worthless "compliance". The thing is, however, there are security people out there that can code and can do it well. They are just a tad more expensive and more difficult to keep happy, but if you really want them, you can get them.
You are delusional. Modern warfare is the very embodiment of cowardice, for multiple reasons. It is a logical optimization when losing troops becomes costly.
Most attackers use fuzzing for finding bugs to analyse further. Hence these need to be bugs that can be found by fuzzing. Fuzzing needs either a crash or crass bad behavior to detect a bug. So all these "non exploitable" bugs can actually be exploited for DoS or will break your application for the right input data. That is the first reason this is unworkable. The second one is that this makes software hard to maintain and hard to test. It is already hard to maintain and test software, and tthis will make it much worse.
If you want to demotivate attackers, use careful input validation, input normalization and privilege separation and you are pretty much done. But these elementary measures are apparently already beyond most people writing software. And that is the real problem here. There is no magic technology that will make insecure software secure. There is only getting people that are experienced, know what they are doing and understand security write it. Nothing else will help.
Only that it has been available forever. The only problem was that while killing a BIOS from userspace was always easy, updating it successfully was not.
We do not have a lot of people that can be good at either. Both areas require dedication and talent. Sure, we should make sure the rare people that have it do get into the respective fields, but that will be 10% of the population, if that. The real problem we have at this time in both IT and liberal arts is far too many people that are bad at it and should never have gone there.
Systems are definitely getting more complex and that is a problem. I agree on that. But the complexity is there and hiding it only makes it even harder to handle.
Example: Some time ago I implemented a custom lookup table, and it turned out that for good performance I needed to request maximum memory at the start and then manage it myself. Sure, for simpler uses the memory management system was just fine, but have something a bit more demanding and it stands in your way and you need to go back to do something even more complex yourself. The difference between me and most "coders" is probably that I can do this competently, as I have done this several times before, for example when I needed to deal with a really huge data-set during my PhD.
That is what I mean by "hiding" complexity. It will still be there, and you wills till need to understand it, even if you deal with it less often. It cannot be made to go away or at least nobody has found a way to do that. And since computers are not really getting faster anymore, the solution of just sacrificing performance to actually get rid of some complexity will not work either.
The answer I have for the security angle is simple: Stop increasing complexity. Do solid, KISS-respecting, software engineering that only implements what is really needed and the complexity becomes manageable if you have good, experienced, competent people. Put in more and more badly designed or not really needed features, make things more complex (like the insanity to push megabytes of JavaScript to a client to just render a table, for example) and the whole house of cards will eventually come crashing down.
And they ignore that the cheap coders used so often today are already hugely expensive because of their low level of competence. Making this even worse will drive costs for software up, not down.
Well, about half a century of research and experiments into making programming easier has yielded nearly nothing. You still need to understand what you are doing and how the machine (and the network, these days) works. Maybe this complexity is inherent in the task and any calls to make programming easier are just utterly disconnected from reality?
Neither. Conditions in Finland are very different. There are no high obstacles to entry into this market there, for one thing. But you seem to be pretty full of it, come to think of it, since you cannot see the obvious.
Fail. Markets do not work when there are high obstacles to entry. In that case, they devolve into monopolies, as the example at hand nicely shows. Capitalism has to be regulated, because it rewards those of unlimited egoism, and they are destroyers, not builders.
While I agree, the influx of unspeakably clueless morons into/. has been going on for a while. Not the only place where this is happening. Maybe Internet access for the masses was not so good an idea after all.
... I pay $70 for 1Gbps symmetrical. It is really staggering how countries like the US or Germany are unable to get reasonably fast Internet to everybody at a reasonable price. Apparently, everybody there is so convinced they are firmly in the leadership position, that they will not wake up until it is far too late to salvage anything of their former position.
Indeed. Even if I had to remove the recently upgraded spyware (damn MS creeps) manually, it is possible to do so.
When I move to Win 10, I will treat it as inherently untrusted and compromised by design. That means all my email, web-surfing, etc. will be on Linux, the Win10 machine will essentially be a game console.
Is that they "promise" this today, and when they find that selling this data is more profitable than being trustworthy, they will just forget that promise. Standard procedure. Just think of "don't be evil" by Google. That went pretty fast.
Slashdot Mirror
Same here. And secondary for about the same with a different provider. Also my own DNS for that. But sadly, most people, even most people here today, are not capable of running an email server.
You cannot have much experience with writing software in an enterprise environment. "Probably real bugs" does not cut it. Maintainers "will never see them" does not cut it. Anything that can be hit by a fuzzer can be hit by some other application doing something stupid. You will find arbitrarily misbehaving code in any enterprise environment. If you the have this crap in your way when trying to find out what is wrong, a problem turns into a disaster.
IT security people that cannot code, cannot configure a network and generally are not engineers are basically worthless. All they can do is stand in people's way by insisting on usually pretty worthless "compliance". The thing is, however, there are security people out there that can code and can do it well. They are just a tad more expensive and more difficult to keep happy, but if you really want them, you can get them.
You are delusional. Modern warfare is the very embodiment of cowardice, for multiple reasons. It is a logical optimization when losing troops becomes costly.
Most attackers use fuzzing for finding bugs to analyse further. Hence these need to be bugs that can be found by fuzzing. Fuzzing needs either a crash or crass bad behavior to detect a bug. So all these "non exploitable" bugs can actually be exploited for DoS or will break your application for the right input data. That is the first reason this is unworkable. The second one is that this makes software hard to maintain and hard to test. It is already hard to maintain and test software, and tthis will make it much worse.
If you want to demotivate attackers, use careful input validation, input normalization and privilege separation and you are pretty much done. But these elementary measures are apparently already beyond most people writing software. And that is the real problem here. There is no magic technology that will make insecure software secure. There is only getting people that are experienced, know what they are doing and understand security write it. Nothing else will help.
Only that it has been available forever. The only problem was that while killing a BIOS from userspace was always easy, updating it successfully was not.
The military fights terrorism? News to me. Unless you mean they plan to shoot the FBI "agents" that create fake terrorists?
There is no "valor" in modern warfare. That is long past. But it is no surprise that people like you have not gotten that message...
We do not have a lot of people that can be good at either. Both areas require dedication and talent. Sure, we should make sure the rare people that have it do get into the respective fields, but that will be 10% of the population, if that. The real problem we have at this time in both IT and liberal arts is far too many people that are bad at it and should never have gone there.
Good luck with that. This practice is as demented as it is widespread.
Systems are definitely getting more complex and that is a problem. I agree on that. But the complexity is there and hiding it only makes it even harder to handle.
Example: Some time ago I implemented a custom lookup table, and it turned out that for good performance I needed to request maximum memory at the start and then manage it myself. Sure, for simpler uses the memory management system was just fine, but have something a bit more demanding and it stands in your way and you need to go back to do something even more complex yourself. The difference between me and most "coders" is probably that I can do this competently, as I have done this several times before, for example when I needed to deal with a really huge data-set during my PhD.
That is what I mean by "hiding" complexity. It will still be there, and you wills till need to understand it, even if you deal with it less often. It cannot be made to go away or at least nobody has found a way to do that. And since computers are not really getting faster anymore, the solution of just sacrificing performance to actually get rid of some complexity will not work either.
The answer I have for the security angle is simple: Stop increasing complexity. Do solid, KISS-respecting, software engineering that only implements what is really needed and the complexity becomes manageable if you have good, experienced, competent people. Put in more and more badly designed or not really needed features, make things more complex (like the insanity to push megabytes of JavaScript to a client to just render a table, for example) and the whole house of cards will eventually come crashing down.
And they ignore that the cheap coders used so often today are already hugely expensive because of their low level of competence. Making this even worse will drive costs for software up, not down.
Well, about half a century of research and experiments into making programming easier has yielded nearly nothing. You still need to understand what you are doing and how the machine (and the network, these days) works. Maybe this complexity is inherent in the task and any calls to make programming easier are just utterly disconnected from reality?
I think he did not say anything about "good quality". "Predictable" loses its value when it is "predictably bad".
The only good thing you can say about MS is that whatever they do it is consistently bad.
Neither. Conditions in Finland are very different. There are no high obstacles to entry into this market there, for one thing.
But you seem to be pretty full of it, come to think of it, since you cannot see the obvious.
Number from a large European peering point from a few years back: 1Gbps peering $200/month, unlimited traffic.
Fail. Markets do not work when there are high obstacles to entry. In that case, they devolve into monopolies, as the example at hand nicely shows. Capitalism has to be regulated, because it rewards those of unlimited egoism, and they are destroyers, not builders.
While I agree, the influx of unspeakably clueless morons into /. has been going on for a while. Not the only place where this is happening. Maybe Internet access for the masses was not so good an idea after all.
... I pay $70 for 1Gbps symmetrical. It is really staggering how countries like the US or Germany are unable to get reasonably fast Internet to everybody at a reasonable price. Apparently, everybody there is so convinced they are firmly in the leadership position, that they will not wake up until it is far too late to salvage anything of their former position.
Indeed. Even if I had to remove the recently upgraded spyware (damn MS creeps) manually, it is possible to do so.
When I move to Win 10, I will treat it as inherently untrusted and compromised by design. That means all my email, web-surfing, etc. will be on Linux, the Win10 machine will essentially be a game console.
Even worse. This "promise" will keep until they find it profitable to sell this data.
Is that they "promise" this today, and when they find that selling this data is more profitable than being trustworthy, they will just forget that promise. Standard procedure. Just think of "don't be evil" by Google. That went pretty fast.
Not at all. I might just, unlike you, base mine on reality and what can and cannot be done.
You do not understand the proposal on the table. Hence you mistakenly believe you are right. Common moron at work.