You could have a semi-secure way of doing it by answering from the perspective of someone else. If all your security questions are answered as if you were Monty Hall, who would guess THAT?
Even if one's boss should Know Better doesn't mean you can't let them bypass the rules if they can get permission to do so.... as an aside, little of this seems now to apply to Childs, given what's come out from jurors about the degree to which he'd taken ownership of the network, and of how he effectively refused to transfer control to another city employee who was replacing him. However, the general rule of "tell people what you need in order to secure an exception to the rule" is a good one that I think applies to almost anything we do at work, whether we're in IT or not.
My wife was a girl scout, and held a fairly high rank. I forget whether she earned their highest award or not. I was a boy scout, and never progressed past star scout. (I didn't earn the next two ranks, Life and Eagle, because I was in boy scouts primarily for Awesome Backpacking Fun.)
My wife had some really great experienced in Girl Scouts. She had to do leadership-related things similar to what high-ranking boy scouts do, and did community service projects similar to what an Eagle scout does. Both programs seem to focus on developing personal responsibility, social skills, and other things which young people will really benefit from.
In boy scouts, I could have done that too... but I didn't feel the drive to. On the other hand, I had lots of informal training in social dynamics (such as dealing with personality conflicts or leadership disputes in the middle of a two week backpacking trip), opportunities to bond with other boys (which I didn't really get elsewhere, since I didn't play sports), a place where being a nerd was okay since you tended to be the one who knew how to do all the knots and lashings.;)
There were definitely times when things seemed on the verge of Lord of the Flies, too. Jokes were not appropriate for any audience [aside from other teenage boys], pranking was a constant endeavour/risk, and there were always people who you had to learn to deal with despite them being jerks sometimes. On the other hand, there were lots of more-mature or older scouts who we looked up to: they were old hands at camping and hiking and getting along with others. It was a great learning experience.
I'm not sure how well BSA/GSA would work if they were to merge. (Not that I think that's even remotely likely, since they're separate corporations.) On the one hand, the jackassery that arises in an all-male group seems like something that it's important to learn to overcome... but at the same time, there was nothing we did (climbing, hiking, tying knots, camping, wilderness survival, shooting, etc...) which a girl wouldn't be able to do just as well. I imagine the teenage boys would respect the girls in their peer group a lot more if they knew that some of the girls were crack marksmen, or carried heavier packs, and so on. Seeing each other as social equals is something that I think I had to learn outside scouting. (We had men and women as parent chaperones for hiking trips, so that helped too.)
This sucks for people on work visas. I don't know how to say that better. For citizens who want to ensure they don't get too screwed by this, GET YOUR PASSPORT. (Can permanent residents get passports too? I hope so...) Make sure you and your loved ones know where it is; consider making a photocopy so they can fax that, too.
While I sympathize with Arizona residents who are fed up with illegal immigration, this policy is one that makes me want to never visit your state. Sorry.
You're modded funny, but there's some truth in it. As developers, we often tend to underestimate the opacity of our code or of how we intend it to be used. Since we have access to sources and headers, which might be in flux, sometimes we don't do much more than API documentation. When we do, we rarely feel that we have time to write a tutorial on how it is Meant To Be Used (otherwise known as a user's manual), nor to write documentation explaining/why/ we made the design decisions we did. (e.g., we chose to use X awkward feature because that's central to the spec that we are trying to mimic.)
Sometimes it takes someone demonstrating a fundamentally wrong understanding for us to realize that other people Don't Get It, and therefore need a better explanation. If we're good, we will manage to convey that explanation with tact, rather than belligerance.
What does his past miconduct, his being a Jerk, or having bad things at home have to do with his treatment of the city network? I don't see the connection. Only being a jerk, in fact... and if he was following the letter of the laws and policies (which discussion here seems to indicate), that should have been OK.
The take-away from this seems to be, if a superior is bullying you for passwords or other information you're contractually obliged to not give them, don't just tell them "No". Rather, tell them, "(Company|City|State|DOD) policy XYZ prevents me from doing this over the phone. I need to either do it in writing, or get a written statement from Q, P, or W that doing so will violate neither my contract nor any applicable laws." This makes it clear you DO want to help them, but with constraints.
Many of the complaints levied against Ogg were not about its technical merits, but about its inadequate documentation -- a feature Matroska shares. Other complaints were about features of Ogg (such as mappings) which nearly every other container format has as well.... I've only gotten about a quarter of the way through, so far.
I have yet to see ClearType (subpixel rendering) work correctly on an LCD monitor that is rotated 90 degrees. I believe I read rumors that it's Better in Windows 7, but I've not sprung for that, nor can I use it at work.
I love my giant Emacs window, but wish the ClearType worked right so it would be more legible.
And if your computer is for hobbying and you enjoy working with a potentially-unstable system, good for you. A lot of people think that's a fine trade-off for what they're going to do with their systems. None of which invalidates GP's question - which is "what exactly might a disabled-by-default core do if you turn it on when it really was disabled for a reason?"
WoW might crash while I'm tanking our guild's best attempt at the Lich King. Realistically, that's the worst case scenario I can think of for me, as a gamer, and even there I highly doubt that would happen. (I'd likely see instability long before that, and revert to 4 cores.) I obviously wouldn't suggest using hardware this way on my office machine, where numerical accuracy and stability are important, but... if games are reasonably stable, going for 6 vs 4 cores seems like a pretty good deal.
Sometimes people leave their glasses in the car, or aren't wearing contacts, or sometimes the lighting is just bad enough that there's an inconvenient glare. Some people (like me) genuinely take a long time deciding - I will be thinking about what I want to order from the time I get in the line, but occasionally can't decide between two items, and eventually have to decide to be dissatisfied with which ever decision I make.
Interesting, since that's generally the first place I go when I'm curious about what's going on in tech (and I haven't seen much new stuff on slashdot). What are the better blogs I should be going to instead?
hmmm. actually it sounds like you're the one with a poor grasp of what's going on here. Definition of 'take' - "to remove, capture, consume, or dispossess from someone else."
the sourcecode was not stolen. a copy of the sourcecode was stolen. and this is a crucial distinction since "steal" means to deprive from another. and while google has been violated, they most absolutely have not been deprived of any code.
You're right. One might say they infringed the copyright of Google's source code... depending on how you define copying. That said, "stealing" fits just fine here as a means of communicating an idea. The secret source code was precious of it, and they are now deprived of that secrecy. Moreover, every single reader here, when seeing "stolen", understood exactly what happened, and it's pretty pedantic of us to be arguing over the meaning of stolen.
Wow. Those are awesome. I love how this thread is split between saying "God, why? It's a CLI script! We don't need fancy tricks!", and other people sharing Cool Shell Tricks. I do most of my shell-ish coding in Perl, but these are simple and elegant enough that I could see doing it this way too. Thanks!
This is why you plan for it, and work around that possibility.
"Joe Developer's GAME OF AWESOME" sells well. EA buys out JD's company and rights to the game... he makes a new one, and markets "Joe Developer's SUPER SWEET SIDESCROLLER" (or something). People will realize it's not EA's game, and will recognize that it's from the same creator as something they liked -- witness Peter Molyneux's games, or Sid Meier's. We don't know them by their studio, but by the creator.
In secure, encryption is done in a Java applet.... they do not have access to your keys, because they are never sent. While they would certainly "rat you out" if they don't have the goods, they can cheerfully comply with the law (or the NSA pseudo legal equivalent) without providing much of value: just encrypted emails.
The NSA is one of the few organizations that I would expect to be able to break the encryption on a mass of encrypted e-mails -- not by brute forcing it, but by awesome cryptanalysis. I'd be surprised if the Java applet didn't have some implementation errors, or the data being encrypted had enough recognizable patterns in it to allow some work with known plaintexts.
That said, Hushmail giving them a copy of all your (encrypted) e-mail is not a whole lot different than your normal e-mail provider doing the same. About the only significantly different situation (that I can think of) would be if they were to have physical access to your drives... but for that they'd (we assume) need a warrant.
Should someone make such an argument, how would you suggest countering it? Are there big well known names that we can point to as running Linux or BSD? Of course there are, but can we give a concise list? I'm looking for samples of things one could bring in an expert witness to counter that claim with, as well as a clear NON-"HACKER" usage pattern for it that would "explain" why Joe User (like me) would have it on my computer.
If I say, "I run Linux so that I can write code in Clojure more easily", wouldn't they just counter with, "... so you're a hacker."? It's absurd, but so is the claim that only hackers use Linux. "LOL" is not a proper response in court to such a claim, even if it seems to be the most correct.
I disagree. Most sites track IPs for analysis, advertising, or troll-banning reasons. If I were writing a blog, forum, or discussion tool that was intended to have anonymous posts, I would never store the IP [except for the above reasons]. In light of anonymous things needing to be turned over to the police, I'd simply not collect it as part of my published privacy policy and data retention policy.
If a website doesn't record IPs of posters, and doesn't keep logs of who posts anonymously, it'd be rather hard to be able to comply with this. Hopefully they can do a "best that we can" response.
People say the same thing about many other languages that some developers to be remarkably expressive and non-ugly. Lisp and Perl come to mind -- maligned for parentheses or type-indication-prefixes, they each have their strengths. I believe that one of Erlang's strengths is its sparse syntax and ability to express complex ideas in few lines of code. Many would consider that "elegant", even if the syntax seems strange to the uninitiated.
I've programmed for years in Perl and in a Lisp, and Iquite like them. I've looked enough at an Erlang book to wish I understood it better, but haven't used it for any programming projects. Looking at how it easily handles things which in Java or C++ would require lots of crufty syntax is mindboggling. "That's it? What did I miss?" was a common thought.
~$ perl -e '%^$%^$%^$%^$%^ NO CARRIER' Scalar found where operator expected at -e line 1, near "%^$%"
(Missing operator before $%?) syntax error at -e line 1, near "%^$%"
If someone has a password which has a portion of it that could be considered "strong", is it weakened AT ALL by adding a "weak" portion?
Is Tcs@mn1g7 any more secure than Tcs@mn1g7-a, Tcs@mn1g7-b, or Tcs@mn1g7-c? I doubt that the addition of extra characters weakens a phrase, in cases like this.
This is also a symptom of a group of players (and DM) who are trying to "win" at the game, rather than "tell an awesome story".
When your swashbuckler says, "I take a swig from my flagon of mead, kiss the saucy wench, climb over the table, and engage the ruffian in swordplay," your DM could hit him with a bunch of penalties (multiple actions, perhaps, movement penalties, acrobatics or atheletics checks, etc... or he could simply ask your character to roll to hit. When your players are in it to participate as protagonists in a story, they're less likely to try to "cheat" or fear that their DM is actively trying to kill them.
So you are ok with your kids... accidentally running across goatse guy?
Before a certain age? No. I couldn't even explain it to them adequately. Once they're teens? I think it's OK for them to learn that not every unknown link should be trusted. (To be fair, Rickrolling serves the same purpose in a milder manner. I sure wish I'd learned about strange links via Rickrolls, rather than the eyefuls of various "Dear god, why??" sorts of pictures.
On the other hand, I don't plan to let them on the internet without supervision.:)
Slashdot Mirror
If I were willing to put a bumper sticker on my car, I would need to get one that says this. A T-shirt might do.
You could have a semi-secure way of doing it by answering from the perspective of someone else. If all your security questions are answered as if you were Monty Hall, who would guess THAT?
Even if one's boss should Know Better doesn't mean you can't let them bypass the rules if they can get permission to do so. ... as an aside, little of this seems now to apply to Childs, given what's come out from jurors about the degree to which he'd taken ownership of the network, and of how he effectively refused to transfer control to another city employee who was replacing him. However, the general rule of "tell people what you need in order to secure an exception to the rule" is a good one that I think applies to almost anything we do at work, whether we're in IT or not.
My wife was a girl scout, and held a fairly high rank. I forget whether she earned their highest award or not.
I was a boy scout, and never progressed past star scout. (I didn't earn the next two ranks, Life and Eagle, because I was in boy scouts primarily for Awesome Backpacking Fun.)
My wife had some really great experienced in Girl Scouts. She had to do leadership-related things similar to what high-ranking boy scouts do, and did community service projects similar to what an Eagle scout does. Both programs seem to focus on developing personal responsibility, social skills, and other things which young people will really benefit from.
In boy scouts, I could have done that too ... but I didn't feel the drive to. On the other hand, I had lots of informal training in social dynamics (such as dealing with personality conflicts or leadership disputes in the middle of a two week backpacking trip), opportunities to bond with other boys (which I didn't really get elsewhere, since I didn't play sports), a place where being a nerd was okay since you tended to be the one who knew how to do all the knots and lashings. ;)
There were definitely times when things seemed on the verge of Lord of the Flies, too. Jokes were not appropriate for any audience [aside from other teenage boys], pranking was a constant endeavour/risk, and there were always people who you had to learn to deal with despite them being jerks sometimes. On the other hand, there were lots of more-mature or older scouts who we looked up to: they were old hands at camping and hiking and getting along with others. It was a great learning experience.
I'm not sure how well BSA/GSA would work if they were to merge. (Not that I think that's even remotely likely, since they're separate corporations.) On the one hand, the jackassery that arises in an all-male group seems like something that it's important to learn to overcome ... but at the same time, there was nothing we did (climbing, hiking, tying knots, camping, wilderness survival, shooting, etc ...) which a girl wouldn't be able to do just as well. I imagine the teenage boys would respect the girls in their peer group a lot more if they knew that some of the girls were crack marksmen, or carried heavier packs, and so on. Seeing each other as social equals is something that I think I had to learn outside scouting. (We had men and women as parent chaperones for hiking trips, so that helped too.)
This sucks for people on work visas. I don't know how to say that better. For citizens who want to ensure they don't get too screwed by this, GET YOUR PASSPORT. (Can permanent residents get passports too? I hope so...) Make sure you and your loved ones know where it is; consider making a photocopy so they can fax that, too.
While I sympathize with Arizona residents who are fed up with illegal immigration, this policy is one that makes me want to never visit your state. Sorry.
You're modded funny, but there's some truth in it. As developers, we often tend to underestimate the opacity of our code or of how we intend it to be used. Since we have access to sources and headers, which might be in flux, sometimes we don't do much more than API documentation. When we do, we rarely feel that we have time to write a tutorial on how it is Meant To Be Used (otherwise known as a user's manual), nor to write documentation explaining /why/ we made the design decisions we did. (e.g., we chose to use X awkward feature because that's central to the spec that we are trying to mimic.)
Sometimes it takes someone demonstrating a fundamentally wrong understanding for us to realize that other people Don't Get It, and therefore need a better explanation. If we're good, we will manage to convey that explanation with tact, rather than belligerance.
What does his past miconduct, his being a Jerk, or having bad things at home have to do with his treatment of the city network? I don't see the connection. Only being a jerk, in fact... and if he was following the letter of the laws and policies (which discussion here seems to indicate), that should have been OK.
The take-away from this seems to be, if a superior is bullying you for passwords or other information you're contractually obliged to not give them, don't just tell them "No". Rather, tell them, "(Company|City|State|DOD) policy XYZ prevents me from doing this over the phone. I need to either do it in writing, or get a written statement from Q, P, or W that doing so will violate neither my contract nor any applicable laws." This makes it clear you DO want to help them, but with constraints.
Summary so far:
Many of the complaints levied against Ogg were not about its technical merits, but about its inadequate documentation -- a feature Matroska shares. Other complaints were about features of Ogg (such as mappings) which nearly every other container format has as well. ... I've only gotten about a quarter of the way through, so far.
I have yet to see ClearType (subpixel rendering) work correctly on an LCD monitor that is rotated 90 degrees. I believe I read rumors that it's Better in Windows 7, but I've not sprung for that, nor can I use it at work.
I love my giant Emacs window, but wish the ClearType worked right so it would be more legible.
WoW might crash while I'm tanking our guild's best attempt at the Lich King. Realistically, that's the worst case scenario I can think of for me, as a gamer, and even there I highly doubt that would happen. (I'd likely see instability long before that, and revert to 4 cores.) I obviously wouldn't suggest using hardware this way on my office machine, where numerical accuracy and stability are important, but ... if games are reasonably stable, going for 6 vs 4 cores seems like a pretty good deal.
Sometimes people leave their glasses in the car, or aren't wearing contacts, or sometimes the lighting is just bad enough that there's an inconvenient glare. Some people (like me) genuinely take a long time deciding - I will be thinking about what I want to order from the time I get in the line, but occasionally can't decide between two items, and eventually have to decide to be dissatisfied with which ever decision I make.
Interesting, since that's generally the first place I go when I'm curious about what's going on in tech (and I haven't seen much new stuff on slashdot). What are the better blogs I should be going to instead?
Or, they remotely bricked all of them, and then everyone could bring theirs in the next day and un-brick it. (Again, they'd know whose wasn't there.)
You're right. One might say they infringed the copyright of Google's source code... depending on how you define copying. That said, "stealing" fits just fine here as a means of communicating an idea. The secret source code was precious of it, and they are now deprived of that secrecy. Moreover, every single reader here, when seeing "stolen", understood exactly what happened, and it's pretty pedantic of us to be arguing over the meaning of stolen.
Wow. Those are awesome. I love how this thread is split between saying "God, why? It's a CLI script! We don't need fancy tricks!", and other people sharing Cool Shell Tricks. I do most of my shell-ish coding in Perl, but these are simple and elegant enough that I could see doing it this way too. Thanks!
This is why you plan for it, and work around that possibility.
"Joe Developer's GAME OF AWESOME" sells well. EA buys out JD's company and rights to the game... he makes a new one, and markets "Joe Developer's SUPER SWEET SIDESCROLLER" (or something). People will realize it's not EA's game, and will recognize that it's from the same creator as something they liked -- witness Peter Molyneux's games, or Sid Meier's. We don't know them by their studio, but by the creator.
The NSA is one of the few organizations that I would expect to be able to break the encryption on a mass of encrypted e-mails -- not by brute forcing it, but by awesome cryptanalysis. I'd be surprised if the Java applet didn't have some implementation errors, or the data being encrypted had enough recognizable patterns in it to allow some work with known plaintexts.
That said, Hushmail giving them a copy of all your (encrypted) e-mail is not a whole lot different than your normal e-mail provider doing the same. About the only significantly different situation (that I can think of) would be if they were to have physical access to your drives... but for that they'd (we assume) need a warrant.
Should someone make such an argument, how would you suggest countering it? Are there big well known names that we can point to as running Linux or BSD? Of course there are, but can we give a concise list? I'm looking for samples of things one could bring in an expert witness to counter that claim with, as well as a clear NON-"HACKER" usage pattern for it that would "explain" why Joe User (like me) would have it on my computer.
If I say, "I run Linux so that I can write code in Clojure more easily", wouldn't they just counter with, "... so you're a hacker."? It's absurd, but so is the claim that only hackers use Linux. "LOL" is not a proper response in court to such a claim, even if it seems to be the most correct.
I disagree. Most sites track IPs for analysis, advertising, or troll-banning reasons. If I were writing a blog, forum, or discussion tool that was intended to have anonymous posts, I would never store the IP [except for the above reasons]. In light of anonymous things needing to be turned over to the police, I'd simply not collect it as part of my published privacy policy and data retention policy.
If a website doesn't record IPs of posters, and doesn't keep logs of who posts anonymously, it'd be rather hard to be able to comply with this. Hopefully they can do a "best that we can" response.
People say the same thing about many other languages that some developers to be remarkably expressive and non-ugly. Lisp and Perl come to mind -- maligned for parentheses or type-indication-prefixes, they each have their strengths. I believe that one of Erlang's strengths is its sparse syntax and ability to express complex ideas in few lines of code. Many would consider that "elegant", even if the syntax seems strange to the uninitiated.
I've programmed for years in Perl and in a Lisp, and Iquite like them. I've looked enough at an Erlang book to wish I understood it better, but haven't used it for any programming projects. Looking at how it easily handles things which in Java or C++ would require lots of crufty syntax is mindboggling. "That's it? What did I miss?" was a common thought.
Sadly, it gives a compiler error:
~$ perl -e '%^$%^$%^$%^$%^ NO CARRIER'
Scalar found where operator expected at -e line 1, near "%^$%"
(Missing operator before $%?)
syntax error at -e line 1, near "%^$%"
If someone has a password which has a portion of it that could be considered "strong", is it weakened AT ALL by adding a "weak" portion?
Is Tcs@mn1g7 any more secure than Tcs@mn1g7-a, Tcs@mn1g7-b, or Tcs@mn1g7-c? I doubt that the addition of extra characters weakens a phrase, in cases like this.
This is also a symptom of a group of players (and DM) who are trying to "win" at the game, rather than "tell an awesome story".
When your swashbuckler says, "I take a swig from my flagon of mead, kiss the saucy wench, climb over the table, and engage the ruffian in swordplay," your DM could hit him with a bunch of penalties (multiple actions, perhaps, movement penalties, acrobatics or atheletics checks, etc... or he could simply ask your character to roll to hit. When your players are in it to participate as protagonists in a story, they're less likely to try to "cheat" or fear that their DM is actively trying to kill them.
Before a certain age? No. I couldn't even explain it to them adequately. Once they're teens? I think it's OK for them to learn that not every unknown link should be trusted. (To be fair, Rickrolling serves the same purpose in a milder manner. I sure wish I'd learned about strange links via Rickrolls, rather than the eyefuls of various "Dear god, why??" sorts of pictures.
On the other hand, I don't plan to let them on the internet without supervision. :)