Then you should quit before you do any more harm to the industry.
"Not a security specialist, though."
Yes, the fact you don't have the slightest clue about computer security kind of gave that away.
"Regarding bugs and security: you can mot proof a system had no bugs. You can only find bugs. You agree?"
Theoretically you can through induction (you should know this if you're a computer scientist, but you don't, so you're not) but in practice no one ever does, there's no fully verified hardware on the market, much less operating systems, or many other key elements of a typical stack today (i.e. web servers).
"Hence secure and bug free software is possible. The space shutle flight controll software, some 500k lines of code, went into production with no known bugs, during the first years 4 bugs where found and fixed, henceforth they did not discover further bugs. We assume the software was bug free from that point in time."
What? No. We don't ever assume that. Please do not EVER let yourself get involved in any safety critical system. You'll actually kill people, I'm not joking here.
"I never had a bug made by me or my team escape into production."
Hahahaha. Good one. This is how I know you're full of shit, and not actually a computer scientist. I'd love to see your software, I'd wager I can trivially disprove this.
"Anyway, attitudes like yours is the reason there is so much unsecure and buggy software in the world."
Yes that's right, anyone who doesn't pretend they're magic is responsible for software not being magic. Fuck me you're the most stupid person on Slashdot, again, please step away from computers, I REALLY don't want you to get anyone killed with your profoundly dangerous ignorance.
Nope, it's really still not. If they'd never have made a sale to me because I object to buying anything from them then there's still no sale to lose.
Don't preach to me about how I'm killing content creation. I'm a content creator, I'm a software developer, and I make a perfectly good living whether people pirate software I produce or not because I have this thing called a job, where I keep working and producing to make money, rather than naively believing it's okay to do a few hours of work once and then to profit off that few hours of work for all eternity.
Don't come here bitching and crying because you're lazy and feel entitled to a free ride in life, the world doesn't owe you jack shit, it's up to you to work in a way that fits in with the world, not vice versa. No amount of logic rape and mental gymnastics you decide to engage in will change the fact that people have a finite amount of money and where that goes depends on who plays the game in a way that successfully convinces people to trade effort for money. If you lost that game then well, sucks to be you - try a different tactic instead of expecting the world to revolve around you and give you money for sitting on your arse just because you did something once, long ago.
"And that's exactly what wrong with YOUR view. If you consumed the content you should have payed for it, it's just like a shopowner who got stuff lifted, he has to write off the stolen good as the shoplifter has 'consumed the content'."
But that's a different thing "Should have paid for it" is NOT the same as "Would have paid for it". It's a simple concept, and morality is subjective.
Some might reasonably argue that not paying money to organisations that have been willing to pay millions to lobby governments to eliminate key planks of human rights legislation such as the right to fair trial, or the presumption of innocence until proven guilty, or to push internet censorship, and spying on consumers computers, is an incredibly moral decision to make, but each to their own.
You're completely and utterly wrong. Your argument literally makes no sense.
Whether something is viewed or not makes no difference to whether it was a lost sale. I could watch or not watch a pirated film that I was never going to buy and I would still never have bought it.
The premise of your argument is that if someone was to watch something then they would ALWAYS have bought it, but that's just obviously not true.
It's only a lost sale if the act of pirating content led to someone not making the purchase where they would have otherwise, but sometimes people's value calculation is as simple as "I'd watch this for free, but it's not worth paying for" - in that case they'd consume a pirated copy, but would never have paid for it because their calculation of whether it's worth watching falls to "No" as soon as a cost is attached to doing so.
I'm sorry that you don't like the conclusion of this study, but that's just the way the world works. Sometimes reality is different to how we would like things to be.
"Can you prove that it has 100% no bugs? No, you can't."
Oh dear, you're resorting to the god argument. "Can you prove god doesn't exist?", okay well he must then. When you resort to this, this is how I know you've lost the argument.
"The rest of your rant clearly indicates that YOU have no clue. A bit more respect to fellow computer scientists please:D"
But you're not, because you don't understand computer science. Don't even dare try and declare yourself something that you're clearly neither educated, nor qualified to declare yourself as whilst using logical fallacies to try and avoid accepting that you were wrong, and are out of your depth.
Specifically in my case the problem was a little odd in that I first felt the pain when I got down to about 8 metres, and tried ascending, repeated, descent and it was still there, I thought I'd try just gently descending to see if it would pass, and it actually did by about 15 metres so I continued the dive down to 42 metres okay. On the ascent I felt the pain again at around 15 metres, tried descending, and re-ascending a couple of times and the same problem. I decided again to just try and gently ascend to see if it would pass during my safety stop and it again disappeared at around 8 metres before I even begun the safety stop at the surface support tank hanging at 3 metres.
My palate felt a bit sore, but I didn't really think anything of it - I more presumed it was simply precisely because I had a cold and it was just sore throat, but it wasn't until I was at work the next day and my chocolate tasted funny that I realised my taste had gone, and it wasn't until a week later when my cold had completely cleared that I realised the taste loss was more serious, by about a month I was genuinely concerned, then as I say thankfully it went at about 2 months and I learnt my lesson.
What was particularly odd in this case was the fact that the pain cleared both during compression through descent at depths > 15 metres, and during expansion through ascent at depths less than 8 metres. This was less about nitrogen/oxygen absorption and more about air bubbles trapped in my palate caused from mucus from my cold such that both the actions of expansion and contraction of air in the mucus were both moving around the mucus to cause pain, and damage.
So it was actually not related to the issues of gas absorption from diving but purely to do with expansion and contraction of gas outside the bloodstream. The real reason this doesn't typically affect people on planes is because the pressure differences from flying are pretty negligible compared to those whilst diving simply because the vast density difference of air and water.
This is for what it's worth also why you shouldn't dive with a cold, not because of risk of the bends but because the mucus does prevent you from equalizing, which is effectively exactly what happened to me - although I could equalize generally to prevent pain from pressure changes in my ears etc. the trapped mucus was preventing localised pressure equalisation in my palate.
That said I should probably quantify my previous comment, I guess I would still dive with a cold, some of my most fun dives have been in the shallows down to no more than 6 metres, or even as little as 3 metres on occasion in warm tropical shallow reefs, and even in the North Sea off the coast of England and Scotland. Pressure changes at that depth aren't sufficient to really cause much problem because at that depth I typically don't ever even need to equalize anyway, and even if something goes horribly wrong it's not exactly difficult to surface at that depth. I certainly would never pass 18 metres anymore with a cold though, and wouldn't even go that deep if there was any sign of not feeling quite right.
I stupidly went diving once when I had a bit of a cold, got really nasty squeeze in my palate at the top of my mouth when ascending. I lost my taste for about 2 months afterwards as a result, even eating chocolate basically just felt like having mud in my mouth.
I now take the "Don't dive even if you have a minor cold" thing seriously now, as no doctor could help, and I genuinely was beginning to wonder if I'd lost the sense of taste for good.
Consider Russia as a likely culprit, not because of the tide of anti-Russian paranoia in the US right now, but simply because of the politics of it.
The US has in the last 9 months (since this started happening) expelled more and more Russian diplomats from it's soil and denied it access to a number of it's buildings in the US that were typically used as listening stations. The US/Russia tacitly accepted these in each others countries as it meant they had less secrets from each other and built trust post-cold war. Now they're being shut down on both sides in the US and Russia proper.
Russia closed it's listening post in Cuba for exactly this reason back in 2001, because with the cold war supposedly having come to an end, and tacit acceptance of such listening posts in the territories themselves meant it was largely defunct.
But Russia reopened it in 2014, and with it's US mainland listening posts now shut down it wants to make damn sure that the US and Cuba don't get close - given Cuba's proximity to the mainland US it would be astoundingly easy for the US to make Cuba Western within a very short time period because fully opening up to each other would create such a massive flow of Western culture, coupled with the ageing leadership that change in Cuba could occur in less than a decade. See here:
So ignoring the whole Trump/Russia thing as irrelevant, there is a very strong incentive for Russia to keep the US out of Cuba and they have both the skills and the technological capability to design, build, and deploy such a weapon as well as the political and security reason to want to do so.
I don't believe any Cuban group could build anything like this. It would require money, skills, and technology that a rag tag bunch of ex-rebels simply do not possess. This is something that requires a fairly powerful nation state behind it - I think even Venezuela would struggle, so you'd be looking at a European nation (none of which hate the US, or Cuba enough to have reason to do this), India, which has no interest in Cuba/US relations, Brazil, which again has no real reason to do this, China - again, not clear what this would achieve, very little for them to gain here, or some wealthy arab states or Israel - a possibility perhaps, but again, not the clear motive that Russia has.
"How the heck will you attack a system without input? changing its rom? Then it is no longer the same "system"."
Because there is no such thing as an inputless system - you think because you can write one simple piece of software with no input that the entire stack on which it runs must be inputless, this is patently false. An inputless computer is not a computer because by the very definition of a computer it requires some form of input to produce some form of output. That simple program you refer to IS an input, and it has to execute on something, that something else may be vulnerable. You're failing completely at comp. sci. 101 yet claiming I'm clueless about software engineering. Are you really that fucking retarded? Seriously?
"That is not the question."
Yes it is, because you're saying there's such thing as 100% secure system. There isn't.
"We know since decades how to prevent bugs. And a security flaw is just the same, a bug in the area of security."
And yet to this day we still have bugs in every single piece of meaningful software and hardware stack ever produced. So no, we haven't known for decades how to prevent bugs because no one's yet produce a 100% bug free hardware and software stack.
You literally have no idea what the fuck you are talking about, you shouldn't be doing much more than building PCs by sticking the components together like a monkey with your astounding lack of knowledge. Anything else and you're just a danger to the industry with your ignorance of computing.
It's illegal in the whole of the EU, I think the biggest combined economy in the world most definitely is big enough to make a difference. No US tech company is going to give up the opportunity to operate in the wealthiest single market in the world.
"As long as Inprint the static text 'hello world', no to all of them."
So you know of 100% secure hardware and OS? Really? The world would love to hear about it. That's also a big if, it requires a substantial presumption on your behalf - you'd be better off admitting that actually, you're wrong, you cannot guarantee absolute security in a system rather than continuing with stupid and verifiably false arguments.
"Of course I can. The system does not sccept any input, hence you can not feed anything into it to compromise it."
If you think input into the top layer on a stack is the only way to attack a system then you're just further highlighting that you don't have the foggiest about IT security.
"Actually it is the opposite around. Your idea that there is no secure system is a self fulfilling prophecy by guys who don't care about security or bugs. Care for it, adress the issues, learn, improve and most important: stop bitching, stop being fatalistic."
Come back with that argument when you've told us what this magical 100% secure hardware set and OS is.
I'm waiting, we're all waiting. I suspect we will be for a while in fact.
Really? This sounds like stuff I'd expect vested interests to be lobbying for all the time regardless of the breach.
Is there any reason to think a firm like this wouldn't want to be deregulated regardless of whether the breach happened or not?
I'm not sure these two things are related, I think they were lobbying because they lobby for this sort of stuff all the time anyway. Is there any reason to think that lobbying for reduced regulation isn't the norm in this particular area of financial services as opposed to any other?
Right, but that's not really relevant to your earlier comment - it's still hard to see what alternative technology stack would've mitigated this when Java based MVC frameworks are some of the most secure tried and tested frameworks in the world.
You're right, that doesn't protect against stupid if someone builds stupid on top of it, but that's a different problem and not a fault of using a Java based MVC framework as of and in itself. Organisations ranging from Amazon to eBay, major banks to Google have run Java based MVC systems for years and had absolutely no security breaches (which as per my other comments in this article doesn't mean they wont but that they're at least doing far better than average).
"I doubt there is a zero day exploit hidden... but well, the PRINT implantation could have a bug, but as long as you only print literal text... what could happen?"
Could it overflow causing a dump of sensitive data? Could the interpreter have a vulnerability in it? Could the OS have a vulnerability in it? Could the hardware have a vulnerability in it?
You still cannot guarantee that nothing bad will come of running a machine with that software on it. There's still every possibility someone could hijack the system.
"So, you gave the solution to your claims already in your explanation: "full and 100% accurate auditing of the entire hardware and software stack", that is what you do, if you want a secure system."
Which doesn't exist, because no static or dynamic code analysis software is 100% perfect, and neither are humans. You're suggesting the impossible needs to happen, and it can't, because by definition, it's impossible. If you can't see how a machine with an example as simple as yours above may still be vulnerable then what hope in hell does anyone else have of doing that with a complex distributed multi-tier system with thousands or sometimes even millions of lines of code?
"Your parent is perfectly right: if you can not afford that, you have the wrong business model."
Thus I am also right, because as that does not exist you are effectively saying every business has the wrong business model, which of course makes absolutely zero sense - they obviously don't because they're all still in business and people prefer the services they provide to a world without them.
"As soon as the are completely secured: no."
Again, no such thing. You have a dangerous naivety towards IT security if you believe absolute security is a thing - your mindset is why more attacks are successful than necessary because you think you've provided a perfectly secure system and are naive to the fact that you're still vulnerable - when you get hit you'll end up doing exactly what Equifax has and end up with a completely hopeless response because you were unprepared due to your naivety. You can't criticise companies like Equifax when you're part of the problem.
You can never guarantee that someone wont find a zero day somewhere in your hardware and software stack that you simply could not prevent without full and 100% accurate auditing of the entire hardware and software stack, something, which to date, has never yet once been achieved for reasons ranging from use of proprietary non-open hardware and software, through to simple sheer complexity of modern software. Even if you use a full FOSS stack you can't guarantee that people have prevented each and every possible vulnerability, which is why Heartbleed was present for so long hiding in plain sight.
If you believe you can absolutely secure a system then you're one of the people I mentioned in my previous post who are dangerous because your understanding of security is insufficient to know why your systems are always going to have an element of risk present.
"However, I disagree with your opinion that their "best" is no where near up-to-par. To me, it seems that many Americans think "good enough" is what they aim for in everything. That is unacceptable to me. Especially, it should at least be "good" or "excellent" and not "good enough". If the quality is "good enough", then there will be many of this kind of situations occur over and over again."
But that's really my point - you have no idea what their best is, you just know that something happened that you don't like, but the pragmatic reality of IT security is that as absolute security is a myth, something can always go wrong even if you've done everything absolutely right, and until it's clear they haven't, it's not entirely fair to assume they have.
It's possible that they were fulfilling your definition of good or excellent and still got screwed, but until we know what happened you have no frame of reference as to how good their procedures were.
It's actually in my interest that they did screw up as that harms them more as a business and I work for a competitor, however I'm trying to make a broader point here that I think we need to stop pretending that any company that got hacked was entirely to blame and could've avoided it by pouring more money in - that's not necessarily the case because as I say, the myth of absolute security in IT coupled with numbers alone means it's inherently going to be the case that sometimes organisations or individuals that get hacked simply just got unlucky - as Cederic said in response to my other post, you have to secure against it as best you can, but you also have to plan for it happening too, it looks like Equifax didn't do the latter at least based on their poor response and can rightly be criticised for that, but whether they did the former is still an unknown.
Sure but that's my point - people who understand security such that they understand that data loss is always going to be a risk don't want to put themselves in that kind of role in the first place because when it happens they know they'll be in the firing line.
Hence, the people that do the job are the people naive enough to think they can implement absolute security. This is why all too many security departments are staffed by people who are themselves a risk because they do not recognise, and hence do not plan for the risk.
Out of interesting, what are you proposing as an alternative?
It's just after years of CGI w/C or C++, PHP, and many other things it's pretty clear that managed languages like C# and Java have suffered the least, and least serious attacks.
So I'm genuinely intrigued to know what you believe is both more simple, and more secure because I'm aware of no such thing. I still have nightmares of the full server control buffer overflow vulnerabilities from the days people were writing web apps in native code.
"If you are offering services and you cannot secure your customer's data absolutely, then you shouldn't be offering services."
This is absolute drivel, there's no such thing as absolute security. The choice you're offering therefore is to simply not do business at all, or to hire people who don't understand security sufficiently to falsely believe they have absolute security rather than people who understand absolute security is non-existent and that it's simply a measure of risk.
"If proper security is "too expensive" for your profit margin, then you have a failed business model, and shouldn't be offering services."
Again, nonsense. As absolute security is a myth then you're basically saying every business model in the world ever has failed and every company should shut down. That's complete and utter nonsense, obviously.
You've not considered another possibility - that Equifax actually did the best they could and it just wasn't good enough. Given that all security can be compromised given sufficient effort this could simply be a case of them falling foul of measured risk.
That also might not be the case, it might also turn out to be absolute incompetence of course, but until we have more details we simply do not know. The summary pre-supposes they were victim to an old known exploit and not a recently publicised zero day - it's possible that the recently publicised zero day was in fact discovered precisely because of this hack for all we know - the idea that it was an old unpatched vulnerability is entirely speculation right now.
We just don't know how much blame they deserve right now. What I personally know is that it's hard to recruit good security professionals precisely because those who truly understand security often don't want to touch it precisely because they know there's always a chance someone determined could breach security. What I do know is that as a result of this most the industry is full of people parroting the myth you have of being able to implement absolute security and as a result creating a false sense of security.
Stop it. It's not helpful, it just puts you in the same basket as all those in the industry who peddle the myth and create the problem in the first place. I'd take someone who accepts that there's always a risk, but is honest about to what extent they believe they've been able to mitigate it, and then give them a waiver from blame if something happens any day over someone like you that pretends they can implement perfect security. But because people like you exist peddling the myth we instead find ourselves with an industry full of you, and we find ourselves with problems like this happening time and time again.
We need to accept that security is always imperfect, and we need to start blaming only on relative effort applied to try and make the system secure - if someone took reasonable measures and still got fucked we need to accept that that's an inevitable consequence of the fact that absolute security doesn't exist, and that therefore due to simple statistics even some of the most fortified companies will inevitably be hit.
So wait until we have the facts before assuming they did much wrong.
And what do you think the EU does with the money? EU politicians don't even get remotely the income of US politicians so it's not like they're just making themselves rich off of grants like this.
EU funding goes to various projects, many are science and technology projects, and ARM has in fact successfully bid for EU research funding in the past.
So yes, good job EU. You fined a predatory company willing to abuse it's illegally obtained market position sufficiently well enough to have a deterrent effect whilst also obtaining funds from the damage caused that could go on to help stimulate further competition in the market.
This can't even be billed as an anti-US action as the summary suggests because the complaint was by and ruled in favour of another US company - AMD. This was a good example of the EU ruling impartially that market laws apply on EU territory, and that companies cannot get away with the monopoly abuse and illegal trading practices they have been allowed to get away with in the US. This complaint was about two US companies operating on EU soil, one of whom was deemed to be operating illegaly, resulting in a favourable ruling for the other US company operating in the EU.
Hopefully this is not just upheld, but the fine increased to send a message to Intel that it should be grateful it got to keep it's monopoly position for a mere $1bn the first time around - still a relatively small price to pay for illegally obtained dominance in the grand scheme of things.
Don't really give a shit what the study claims to find, I've always found binge watching preferable and found shows I've binged watched consistently more memorable.
It's because when you have to wait a week, or in some cases, even wait a month (i.e. shows like Arrow which they drag each series out over about 9 months) I just stop giving a shit, and I'm just not invested in the storyline anymore by the time the next episode comes around.
The great thing about binge watching is that you can enjoy the story from start to finish without interruption, you don't forget anything about what's going on, or forget who a character is or what they were upto. You get the full story experience because everything flows nicely together without interruption and that's lost when there is too big a gap between episodes.
I've even watched shows piecemeal as and when episodes have come out then binge watched a middle or final portion, and I've always found the binge watched portions to be the best bit for exactly this reason. Similarly I only got into Game of Thrones by binge watching it and the seasons I watched week by week were the ones that just weren't memorable for me, so I always wait until the whole lot are out now so I can actually enjoy the story and not lose track of the billion different characters.
This is just another of those nonsense studies, performed by one of the many people who do studies but don't even have a basic grasp of how to reach valid conclusions and just find what they want to find which seem to be rife in "popular science" nowadays. 51 students is hardly a meaningful or representative sample, especially as we already know ability to concentrate, learn, and focus varies wildly throughout the population based on things like age, diet and so forth.
I imagine SOME people don't like binge watching as much, and I imagine SOME people like it more. I imagine SOME people have a happy medium whereby a new episode say every day would be ideal.
But the idea that ALL of us like shows we've binge watched less than shows we've not binged watched is patently false as I'm absolutely not in that category whatever this fucking study purports to find.
This is just someone pulling a completely unrepresentative tiny sample together, finding a correlation and jumping to an entirely unjustifiable conclusion on it. It's not even science, it's just pure drivel.
It's the bit that they arrest him for that's alleged.
It's false of course, he even admits in his own blog that what he was actually arrested for was obstruction - interfering with an ongoing police incident by trying to take photos of car crashes despite being asked to stay a distance away behind the cordon, which he then tried to circumvent by going off road into the field instead.
But that obviously hasn't stopped him trying to play the victim in this case by outright lying in the headline about why he was arrested and so forth.
Why is this drivel on Slashdot? Since when did it become a site where criminals get to try and justify to the world why it wasn't their fault and why the police made them commit the crime?
At the end of the day this guy was trying to make money from taking photos of injured people and literal car wrecks, with no care for the risk he causes to others or himself by leaving his vehicle parked up near an accident when the police need to keep roads clear, whilst trying to leave the injured with at least some dignity - i.e. so some dickhead isn't photographing a flash in their face whilst they're bleeding out. He proclaims the scene was clear, he proclaims the first accident was minor - that's not his judgement call to make, it's the police's, they gave him a judgement he didn't like and he actively decided to fight them on it and disrupt their work, then wondered why he was cautioned for obstruction.
The fact is contrary to popular belief police don't hang around car accidents and such for shits and giggles, in fact, I suspect the last thing they want to be doing is lingering bored shitless in whatever weather may currently be occuring asking people not to come any closer because there's been an accident. The fact is no one other than the first responders know who may still waiting to be cut out of a wreck regardless of how many ambulances may have already left the scene, no one knows if there's a decapitated body in there, no one else knows if there's a dangerous fuel leak, or a fire, or hazardous materials in the vehicle such as gas canisters. The police protect scenes like this with an abundance of caution and ask people not to park up next to such scenes because of the amount of times some idiot has pulled up and gotten out only to be hit getting out their car causing a second incident and so forth.
If the police were arbitrarily taking his stuff without warrant, or genuinely harassing him whilst he was trying to expose police wrongdoing or something then fine. But that's absolutely not what's happening here. His own blog paints how utterly fully of shit he is - he claims that when the police wanted his photos they'd refused to take his statement that he witnessed no violence but then goes on to admit that the person in question was found guilty by a fucking jury of committing violence with his own photos used as evidence - that is, he's basically admitting that he wanted to lie to police about what he saw.
Maybe rather than making the already difficult job the police in the UK have even more difficult he should respect them when they tell him "not today" at a car crash scene and stop trying to fight them on it just because he's desperate for the car crash porn money he's so desperately after.
Google has a history of this - they didn't like being held to EU data protection laws, so they created a think tank and spent millions sending it around Europe, except all questions to the think tank were pre-screened and you could be turned away if you asked a question they didn't like.
Think tanks as a lobbying tool is already a well established part of Google's modus operandi, thus all think tanks Google produce are effectively meaningless for the reasons you cite - they simply can't be trusted to act as a think tank.
"Anything that happens, Seoul will be leveled by traditional artillery."
Apparently this is largely a myth, North Koreas only long range artillery is pretty large and slow to move around. It's also not particularly numerous. As such whilst it would do some nasty damage in Seoul you'd probably only be talking a few hundred dead before counter-fire destroyed all that long range artillery.
The rest of the artillery would have to come close to the border to hit Seoul, and so would likely have already been flattened by an armada of M1 Abrams and A-10s before it even got close enough to fire.
Hence why the argument that North Korea could level Seoul with conventional artillery is basically entirely false - at most it'd probably kill a few thousand in a city of 10 million.
Honestly the primary reason not to start a war with NK is the risk of the Chinese marching South and a potential repeat of the last Korean War (well, technically the current one given that that one never ended). But really, it's getting to the point where people are rightly questioning whether it's sufficient to just topple the NK regime and let China do what the fuck they want with the country after that. To be clear, many more people have died to NK dicking around over the last 70 years than would die to a NK attack on Seoul, and a nuclear armed NK would risk a far greater number of lives - this would genuinely put all 10 million at risk, rather than just a few thousand.
Actually I see a different pattern in the data- it sounds like the languages being used more in Western countries are languages that are used to solve hard problems.
That does include core game engine development, but it also includes advanced analytics, machine learning and so forth where languages like R and Python are the defacto standards nowadays.
We often hear about how countries such as India can churn out a thousand first class graduates from their universities for every one mediocre graduate in the West and other such nonsense, but the reality is that of the top 500 universities in the world, the vast majority are in the West. So for example, India doesn't have a single university in the top 100, and in fact, it's first entrant in the top 500 is the University of Delhi as the 316th university in the world and only 4 in total in the top 500.
There's a reason why the West is so dominant in the services industries and it's precisely because we have the education systems needed to stay ahead in solving difficult problems - it doesn't matter how many graduates countries like India can churn out in sheer volume alone if their best University is the 316th in the world. Compare and contrast to say, the UK, which has only 0.86% of the world's population but 9% of the top 100 universities. India has 17.6% of the world's population with 0% of the world's top 100 universities.
China is really the only nation that is on the right path to catch the West, but that's because they've spent the last 30 years doing the hard stuff - building infrastructure, skills, and education, but I'd warn that their political system will inevitably become a constraint on ever being able to completely reach parity with the West as the more educated a population becomes, the more liberal they become - that's at complete odds with China's political system.
The fundamental problem therefore is that many "tech hubs" in poorer nations are largely selling snake oil, the idea that they can always produce the same thing is cheaper, they simply don't have the skills, the talent, and the R&D centres to do so for more complicated tasks, and that's why the West shines in these areas, and that's why languages related to difficult problems are more prominent in the West.
But a word of warning, there's been a marked trend in the West in recent years against education, against experts, and against knowledge and science, this puts our advantage in these areas fundamentally at risk if it persists, if we want to continue being world leaders in areas such as this, then we have to fight back this wave of populism, and worship of ignorance, else it will leave all that hard earned talent, knowledge, and that research culture ripe for poaching by others who are willing to nurture it more than we have been. Brexit for example puts Britain's top universities at fundamental risk as they can no longer easily draw in the global talent required to make those universities as successful as they are, and if you lose that R&D edge that universities provide then you're just another India - sure you can do GUIs cheap, but you ain't going to be a serious contender as global tech leader doing cutting edge work which is where the money is (i.e. Silicon Valley for tech, the City of London for finance etc.).
Slashdot Mirror
"Well,
I'm a computer scientist."
Then you should quit before you do any more harm to the industry.
"Not a security specialist, though."
Yes, the fact you don't have the slightest clue about computer security kind of gave that away.
"Regarding bugs and security: you can mot proof a system had no bugs. You can only find bugs. You agree?"
Theoretically you can through induction (you should know this if you're a computer scientist, but you don't, so you're not) but in practice no one ever does, there's no fully verified hardware on the market, much less operating systems, or many other key elements of a typical stack today (i.e. web servers).
"Hence secure and bug free software is possible. The space shutle flight controll software, some 500k lines of code, went into production with no known bugs, during the first years 4 bugs where found and fixed, henceforth they did not discover further bugs. We assume the software was bug free from that point in time."
What? No. We don't ever assume that. Please do not EVER let yourself get involved in any safety critical system. You'll actually kill people, I'm not joking here.
"I never had a bug made by me or my team escape into production."
Hahahaha. Good one. This is how I know you're full of shit, and not actually a computer scientist. I'd love to see your software, I'd wager I can trivially disprove this.
"Anyway, attitudes like yours is the reason there is so much unsecure and buggy software in the world."
Yes that's right, anyone who doesn't pretend they're magic is responsible for software not being magic. Fuck me you're the most stupid person on Slashdot, again, please step away from computers, I REALLY don't want you to get anyone killed with your profoundly dangerous ignorance.
Nope, it's really still not. If they'd never have made a sale to me because I object to buying anything from them then there's still no sale to lose.
Don't preach to me about how I'm killing content creation. I'm a content creator, I'm a software developer, and I make a perfectly good living whether people pirate software I produce or not because I have this thing called a job, where I keep working and producing to make money, rather than naively believing it's okay to do a few hours of work once and then to profit off that few hours of work for all eternity.
Don't come here bitching and crying because you're lazy and feel entitled to a free ride in life, the world doesn't owe you jack shit, it's up to you to work in a way that fits in with the world, not vice versa. No amount of logic rape and mental gymnastics you decide to engage in will change the fact that people have a finite amount of money and where that goes depends on who plays the game in a way that successfully convinces people to trade effort for money. If you lost that game then well, sucks to be you - try a different tactic instead of expecting the world to revolve around you and give you money for sitting on your arse just because you did something once, long ago.
"And that's exactly what wrong with YOUR view. If you consumed the content you should have payed for it, it's just like a shopowner who got stuff lifted, he has to write off the stolen good as the shoplifter has 'consumed the content'."
But that's a different thing "Should have paid for it" is NOT the same as "Would have paid for it". It's a simple concept, and morality is subjective.
Some might reasonably argue that not paying money to organisations that have been willing to pay millions to lobby governments to eliminate key planks of human rights legislation such as the right to fair trial, or the presumption of innocence until proven guilty, or to push internet censorship, and spying on consumers computers, is an incredibly moral decision to make, but each to their own.
You're completely and utterly wrong. Your argument literally makes no sense.
Whether something is viewed or not makes no difference to whether it was a lost sale. I could watch or not watch a pirated film that I was never going to buy and I would still never have bought it.
The premise of your argument is that if someone was to watch something then they would ALWAYS have bought it, but that's just obviously not true.
It's only a lost sale if the act of pirating content led to someone not making the purchase where they would have otherwise, but sometimes people's value calculation is as simple as "I'd watch this for free, but it's not worth paying for" - in that case they'd consume a pirated copy, but would never have paid for it because their calculation of whether it's worth watching falls to "No" as soon as a cost is attached to doing so.
I'm sorry that you don't like the conclusion of this study, but that's just the way the world works. Sometimes reality is different to how we would like things to be.
"Can you prove that it has 100% no bugs? No, you can't."
Oh dear, you're resorting to the god argument. "Can you prove god doesn't exist?", okay well he must then. When you resort to this, this is how I know you've lost the argument.
"The rest of your rant clearly indicates that YOU have no clue. A bit more respect to fellow computer scientists please :D"
But you're not, because you don't understand computer science. Don't even dare try and declare yourself something that you're clearly neither educated, nor qualified to declare yourself as whilst using logical fallacies to try and avoid accepting that you were wrong, and are out of your depth.
Specifically in my case the problem was a little odd in that I first felt the pain when I got down to about 8 metres, and tried ascending, repeated, descent and it was still there, I thought I'd try just gently descending to see if it would pass, and it actually did by about 15 metres so I continued the dive down to 42 metres okay. On the ascent I felt the pain again at around 15 metres, tried descending, and re-ascending a couple of times and the same problem. I decided again to just try and gently ascend to see if it would pass during my safety stop and it again disappeared at around 8 metres before I even begun the safety stop at the surface support tank hanging at 3 metres.
My palate felt a bit sore, but I didn't really think anything of it - I more presumed it was simply precisely because I had a cold and it was just sore throat, but it wasn't until I was at work the next day and my chocolate tasted funny that I realised my taste had gone, and it wasn't until a week later when my cold had completely cleared that I realised the taste loss was more serious, by about a month I was genuinely concerned, then as I say thankfully it went at about 2 months and I learnt my lesson.
What was particularly odd in this case was the fact that the pain cleared both during compression through descent at depths > 15 metres, and during expansion through ascent at depths less than 8 metres. This was less about nitrogen/oxygen absorption and more about air bubbles trapped in my palate caused from mucus from my cold such that both the actions of expansion and contraction of air in the mucus were both moving around the mucus to cause pain, and damage.
So it was actually not related to the issues of gas absorption from diving but purely to do with expansion and contraction of gas outside the bloodstream. The real reason this doesn't typically affect people on planes is because the pressure differences from flying are pretty negligible compared to those whilst diving simply because the vast density difference of air and water.
This is for what it's worth also why you shouldn't dive with a cold, not because of risk of the bends but because the mucus does prevent you from equalizing, which is effectively exactly what happened to me - although I could equalize generally to prevent pain from pressure changes in my ears etc. the trapped mucus was preventing localised pressure equalisation in my palate.
That said I should probably quantify my previous comment, I guess I would still dive with a cold, some of my most fun dives have been in the shallows down to no more than 6 metres, or even as little as 3 metres on occasion in warm tropical shallow reefs, and even in the North Sea off the coast of England and Scotland. Pressure changes at that depth aren't sufficient to really cause much problem because at that depth I typically don't ever even need to equalize anyway, and even if something goes horribly wrong it's not exactly difficult to surface at that depth. I certainly would never pass 18 metres anymore with a cold though, and wouldn't even go that deep if there was any sign of not feeling quite right.
I stupidly went diving once when I had a bit of a cold, got really nasty squeeze in my palate at the top of my mouth when ascending. I lost my taste for about 2 months afterwards as a result, even eating chocolate basically just felt like having mud in my mouth.
I now take the "Don't dive even if you have a minor cold" thing seriously now, as no doctor could help, and I genuinely was beginning to wonder if I'd lost the sense of taste for good.
Consider Russia as a likely culprit, not because of the tide of anti-Russian paranoia in the US right now, but simply because of the politics of it.
The US has in the last 9 months (since this started happening) expelled more and more Russian diplomats from it's soil and denied it access to a number of it's buildings in the US that were typically used as listening stations. The US/Russia tacitly accepted these in each others countries as it meant they had less secrets from each other and built trust post-cold war. Now they're being shut down on both sides in the US and Russia proper.
Russia closed it's listening post in Cuba for exactly this reason back in 2001, because with the cold war supposedly having come to an end, and tacit acceptance of such listening posts in the territories themselves meant it was largely defunct.
But Russia reopened it in 2014, and with it's US mainland listening posts now shut down it wants to make damn sure that the US and Cuba don't get close - given Cuba's proximity to the mainland US it would be astoundingly easy for the US to make Cuba Western within a very short time period because fully opening up to each other would create such a massive flow of Western culture, coupled with the ageing leadership that change in Cuba could occur in less than a decade. See here:
http://www.bbc.co.uk/news/worl...
So ignoring the whole Trump/Russia thing as irrelevant, there is a very strong incentive for Russia to keep the US out of Cuba and they have both the skills and the technological capability to design, build, and deploy such a weapon as well as the political and security reason to want to do so.
I don't believe any Cuban group could build anything like this. It would require money, skills, and technology that a rag tag bunch of ex-rebels simply do not possess. This is something that requires a fairly powerful nation state behind it - I think even Venezuela would struggle, so you'd be looking at a European nation (none of which hate the US, or Cuba enough to have reason to do this), India, which has no interest in Cuba/US relations, Brazil, which again has no real reason to do this, China - again, not clear what this would achieve, very little for them to gain here, or some wealthy arab states or Israel - a possibility perhaps, but again, not the clear motive that Russia has.
"How the heck will you attack a system without input? changing its rom? Then it is no longer the same "system"."
Because there is no such thing as an inputless system - you think because you can write one simple piece of software with no input that the entire stack on which it runs must be inputless, this is patently false. An inputless computer is not a computer because by the very definition of a computer it requires some form of input to produce some form of output. That simple program you refer to IS an input, and it has to execute on something, that something else may be vulnerable. You're failing completely at comp. sci. 101 yet claiming I'm clueless about software engineering. Are you really that fucking retarded? Seriously?
"That is not the question."
Yes it is, because you're saying there's such thing as 100% secure system. There isn't.
"We know since decades how to prevent bugs. And a security flaw is just the same, a bug in the area of security."
And yet to this day we still have bugs in every single piece of meaningful software and hardware stack ever produced. So no, we haven't known for decades how to prevent bugs because no one's yet produce a 100% bug free hardware and software stack.
You literally have no idea what the fuck you are talking about, you shouldn't be doing much more than building PCs by sticking the components together like a monkey with your astounding lack of knowledge. Anything else and you're just a danger to the industry with your ignorance of computing.
It's illegal in the whole of the EU, I think the biggest combined economy in the world most definitely is big enough to make a difference. No US tech company is going to give up the opportunity to operate in the wealthiest single market in the world.
"As long as Inprint the static text 'hello world', no to all of them."
So you know of 100% secure hardware and OS? Really? The world would love to hear about it. That's also a big if, it requires a substantial presumption on your behalf - you'd be better off admitting that actually, you're wrong, you cannot guarantee absolute security in a system rather than continuing with stupid and verifiably false arguments.
"Of course I can. The system does not sccept any input, hence you can not feed anything into it to compromise it."
If you think input into the top layer on a stack is the only way to attack a system then you're just further highlighting that you don't have the foggiest about IT security.
"Actually it is the opposite around.
Your idea that there is no secure system is a self fulfilling prophecy by guys who don't care about security or bugs.
Care for it, adress the issues, learn, improve and most important: stop bitching, stop being fatalistic."
Come back with that argument when you've told us what this magical 100% secure hardware set and OS is.
I'm waiting, we're all waiting. I suspect we will be for a while in fact.
Really? This sounds like stuff I'd expect vested interests to be lobbying for all the time regardless of the breach.
Is there any reason to think a firm like this wouldn't want to be deregulated regardless of whether the breach happened or not?
I'm not sure these two things are related, I think they were lobbying because they lobby for this sort of stuff all the time anyway. Is there any reason to think that lobbying for reduced regulation isn't the norm in this particular area of financial services as opposed to any other?
Right, but that's not really relevant to your earlier comment - it's still hard to see what alternative technology stack would've mitigated this when Java based MVC frameworks are some of the most secure tried and tested frameworks in the world.
You're right, that doesn't protect against stupid if someone builds stupid on top of it, but that's a different problem and not a fault of using a Java based MVC framework as of and in itself. Organisations ranging from Amazon to eBay, major banks to Google have run Java based MVC systems for years and had absolutely no security breaches (which as per my other comments in this article doesn't mean they wont but that they're at least doing far better than average).
"I doubt there is a zero day exploit hidden ... but well, the PRINT implantation could have a bug, but as long as you only print literal text ... what could happen?"
Could it overflow causing a dump of sensitive data? Could the interpreter have a vulnerability in it? Could the OS have a vulnerability in it? Could the hardware have a vulnerability in it?
You still cannot guarantee that nothing bad will come of running a machine with that software on it. There's still every possibility someone could hijack the system.
"So, you gave the solution to your claims already in your explanation: "full and 100% accurate auditing of the entire hardware and software stack", that is what you do, if you want a secure system."
Which doesn't exist, because no static or dynamic code analysis software is 100% perfect, and neither are humans. You're suggesting the impossible needs to happen, and it can't, because by definition, it's impossible. If you can't see how a machine with an example as simple as yours above may still be vulnerable then what hope in hell does anyone else have of doing that with a complex distributed multi-tier system with thousands or sometimes even millions of lines of code?
"Your parent is perfectly right: if you can not afford that, you have the wrong business model."
Thus I am also right, because as that does not exist you are effectively saying every business has the wrong business model, which of course makes absolutely zero sense - they obviously don't because they're all still in business and people prefer the services they provide to a world without them.
"As soon as the are completely secured: no."
Again, no such thing. You have a dangerous naivety towards IT security if you believe absolute security is a thing - your mindset is why more attacks are successful than necessary because you think you've provided a perfectly secure system and are naive to the fact that you're still vulnerable - when you get hit you'll end up doing exactly what Equifax has and end up with a completely hopeless response because you were unprepared due to your naivety. You can't criticise companies like Equifax when you're part of the problem.
You can never guarantee that someone wont find a zero day somewhere in your hardware and software stack that you simply could not prevent without full and 100% accurate auditing of the entire hardware and software stack, something, which to date, has never yet once been achieved for reasons ranging from use of proprietary non-open hardware and software, through to simple sheer complexity of modern software. Even if you use a full FOSS stack you can't guarantee that people have prevented each and every possible vulnerability, which is why Heartbleed was present for so long hiding in plain sight.
If you believe you can absolutely secure a system then you're one of the people I mentioned in my previous post who are dangerous because your understanding of security is insufficient to know why your systems are always going to have an element of risk present.
"However, I disagree with your opinion that their "best" is no where near up-to-par. To me, it seems that many Americans think "good enough" is what they aim for in everything. That is unacceptable to me. Especially, it should at least be "good" or "excellent" and not "good enough". If the quality is "good enough", then there will be many of this kind of situations occur over and over again."
But that's really my point - you have no idea what their best is, you just know that something happened that you don't like, but the pragmatic reality of IT security is that as absolute security is a myth, something can always go wrong even if you've done everything absolutely right, and until it's clear they haven't, it's not entirely fair to assume they have.
It's possible that they were fulfilling your definition of good or excellent and still got screwed, but until we know what happened you have no frame of reference as to how good their procedures were.
It's actually in my interest that they did screw up as that harms them more as a business and I work for a competitor, however I'm trying to make a broader point here that I think we need to stop pretending that any company that got hacked was entirely to blame and could've avoided it by pouring more money in - that's not necessarily the case because as I say, the myth of absolute security in IT coupled with numbers alone means it's inherently going to be the case that sometimes organisations or individuals that get hacked simply just got unlucky - as Cederic said in response to my other post, you have to secure against it as best you can, but you also have to plan for it happening too, it looks like Equifax didn't do the latter at least based on their poor response and can rightly be criticised for that, but whether they did the former is still an unknown.
Sure but that's my point - people who understand security such that they understand that data loss is always going to be a risk don't want to put themselves in that kind of role in the first place because when it happens they know they'll be in the firing line.
Hence, the people that do the job are the people naive enough to think they can implement absolute security. This is why all too many security departments are staffed by people who are themselves a risk because they do not recognise, and hence do not plan for the risk.
Out of interesting, what are you proposing as an alternative?
It's just after years of CGI w/C or C++, PHP, and many other things it's pretty clear that managed languages like C# and Java have suffered the least, and least serious attacks.
So I'm genuinely intrigued to know what you believe is both more simple, and more secure because I'm aware of no such thing. I still have nightmares of the full server control buffer overflow vulnerabilities from the days people were writing web apps in native code.
"If you are offering services and you cannot secure your customer's data absolutely, then you shouldn't be offering services."
This is absolute drivel, there's no such thing as absolute security. The choice you're offering therefore is to simply not do business at all, or to hire people who don't understand security sufficiently to falsely believe they have absolute security rather than people who understand absolute security is non-existent and that it's simply a measure of risk.
"If proper security is "too expensive" for your profit margin, then you have a failed business model, and shouldn't be offering services."
Again, nonsense. As absolute security is a myth then you're basically saying every business model in the world ever has failed and every company should shut down. That's complete and utter nonsense, obviously.
You've not considered another possibility - that Equifax actually did the best they could and it just wasn't good enough. Given that all security can be compromised given sufficient effort this could simply be a case of them falling foul of measured risk.
That also might not be the case, it might also turn out to be absolute incompetence of course, but until we have more details we simply do not know. The summary pre-supposes they were victim to an old known exploit and not a recently publicised zero day - it's possible that the recently publicised zero day was in fact discovered precisely because of this hack for all we know - the idea that it was an old unpatched vulnerability is entirely speculation right now.
We just don't know how much blame they deserve right now. What I personally know is that it's hard to recruit good security professionals precisely because those who truly understand security often don't want to touch it precisely because they know there's always a chance someone determined could breach security. What I do know is that as a result of this most the industry is full of people parroting the myth you have of being able to implement absolute security and as a result creating a false sense of security.
Stop it. It's not helpful, it just puts you in the same basket as all those in the industry who peddle the myth and create the problem in the first place. I'd take someone who accepts that there's always a risk, but is honest about to what extent they believe they've been able to mitigate it, and then give them a waiver from blame if something happens any day over someone like you that pretends they can implement perfect security. But because people like you exist peddling the myth we instead find ourselves with an industry full of you, and we find ourselves with problems like this happening time and time again.
We need to accept that security is always imperfect, and we need to start blaming only on relative effort applied to try and make the system secure - if someone took reasonable measures and still got fucked we need to accept that that's an inevitable consequence of the fact that absolute security doesn't exist, and that therefore due to simple statistics even some of the most fortified companies will inevitably be hit.
So wait until we have the facts before assuming they did much wrong.
And what do you think the EU does with the money? EU politicians don't even get remotely the income of US politicians so it's not like they're just making themselves rich off of grants like this.
EU funding goes to various projects, many are science and technology projects, and ARM has in fact successfully bid for EU research funding in the past.
So yes, good job EU. You fined a predatory company willing to abuse it's illegally obtained market position sufficiently well enough to have a deterrent effect whilst also obtaining funds from the damage caused that could go on to help stimulate further competition in the market.
This can't even be billed as an anti-US action as the summary suggests because the complaint was by and ruled in favour of another US company - AMD. This was a good example of the EU ruling impartially that market laws apply on EU territory, and that companies cannot get away with the monopoly abuse and illegal trading practices they have been allowed to get away with in the US. This complaint was about two US companies operating on EU soil, one of whom was deemed to be operating illegaly, resulting in a favourable ruling for the other US company operating in the EU.
Hopefully this is not just upheld, but the fine increased to send a message to Intel that it should be grateful it got to keep it's monopoly position for a mere $1bn the first time around - still a relatively small price to pay for illegally obtained dominance in the grand scheme of things.
Don't really give a shit what the study claims to find, I've always found binge watching preferable and found shows I've binged watched consistently more memorable.
It's because when you have to wait a week, or in some cases, even wait a month (i.e. shows like Arrow which they drag each series out over about 9 months) I just stop giving a shit, and I'm just not invested in the storyline anymore by the time the next episode comes around.
The great thing about binge watching is that you can enjoy the story from start to finish without interruption, you don't forget anything about what's going on, or forget who a character is or what they were upto. You get the full story experience because everything flows nicely together without interruption and that's lost when there is too big a gap between episodes.
I've even watched shows piecemeal as and when episodes have come out then binge watched a middle or final portion, and I've always found the binge watched portions to be the best bit for exactly this reason. Similarly I only got into Game of Thrones by binge watching it and the seasons I watched week by week were the ones that just weren't memorable for me, so I always wait until the whole lot are out now so I can actually enjoy the story and not lose track of the billion different characters.
This is just another of those nonsense studies, performed by one of the many people who do studies but don't even have a basic grasp of how to reach valid conclusions and just find what they want to find which seem to be rife in "popular science" nowadays. 51 students is hardly a meaningful or representative sample, especially as we already know ability to concentrate, learn, and focus varies wildly throughout the population based on things like age, diet and so forth.
I imagine SOME people don't like binge watching as much, and I imagine SOME people like it more. I imagine SOME people have a happy medium whereby a new episode say every day would be ideal.
But the idea that ALL of us like shows we've binge watched less than shows we've not binged watched is patently false as I'm absolutely not in that category whatever this fucking study purports to find.
This is just someone pulling a completely unrepresentative tiny sample together, finding a correlation and jumping to an entirely unjustifiable conclusion on it. It's not even science, it's just pure drivel.
It's the bit that they arrest him for that's alleged.
It's false of course, he even admits in his own blog that what he was actually arrested for was obstruction - interfering with an ongoing police incident by trying to take photos of car crashes despite being asked to stay a distance away behind the cordon, which he then tried to circumvent by going off road into the field instead.
But that obviously hasn't stopped him trying to play the victim in this case by outright lying in the headline about why he was arrested and so forth.
Why is this drivel on Slashdot? Since when did it become a site where criminals get to try and justify to the world why it wasn't their fault and why the police made them commit the crime?
At the end of the day this guy was trying to make money from taking photos of injured people and literal car wrecks, with no care for the risk he causes to others or himself by leaving his vehicle parked up near an accident when the police need to keep roads clear, whilst trying to leave the injured with at least some dignity - i.e. so some dickhead isn't photographing a flash in their face whilst they're bleeding out. He proclaims the scene was clear, he proclaims the first accident was minor - that's not his judgement call to make, it's the police's, they gave him a judgement he didn't like and he actively decided to fight them on it and disrupt their work, then wondered why he was cautioned for obstruction.
The fact is contrary to popular belief police don't hang around car accidents and such for shits and giggles, in fact, I suspect the last thing they want to be doing is lingering bored shitless in whatever weather may currently be occuring asking people not to come any closer because there's been an accident. The fact is no one other than the first responders know who may still waiting to be cut out of a wreck regardless of how many ambulances may have already left the scene, no one knows if there's a decapitated body in there, no one else knows if there's a dangerous fuel leak, or a fire, or hazardous materials in the vehicle such as gas canisters. The police protect scenes like this with an abundance of caution and ask people not to park up next to such scenes because of the amount of times some idiot has pulled up and gotten out only to be hit getting out their car causing a second incident and so forth.
If the police were arbitrarily taking his stuff without warrant, or genuinely harassing him whilst he was trying to expose police wrongdoing or something then fine. But that's absolutely not what's happening here. His own blog paints how utterly fully of shit he is - he claims that when the police wanted his photos they'd refused to take his statement that he witnessed no violence but then goes on to admit that the person in question was found guilty by a fucking jury of committing violence with his own photos used as evidence - that is, he's basically admitting that he wanted to lie to police about what he saw.
Maybe rather than making the already difficult job the police in the UK have even more difficult he should respect them when they tell him "not today" at a car crash scene and stop trying to fight them on it just because he's desperate for the car crash porn money he's so desperately after.
Google has a history of this - they didn't like being held to EU data protection laws, so they created a think tank and spent millions sending it around Europe, except all questions to the think tank were pre-screened and you could be turned away if you asked a question they didn't like.
Think tanks as a lobbying tool is already a well established part of Google's modus operandi, thus all think tanks Google produce are effectively meaningless for the reasons you cite - they simply can't be trusted to act as a think tank.
"Anything that happens, Seoul will be leveled by traditional artillery."
Apparently this is largely a myth, North Koreas only long range artillery is pretty large and slow to move around. It's also not particularly numerous. As such whilst it would do some nasty damage in Seoul you'd probably only be talking a few hundred dead before counter-fire destroyed all that long range artillery.
The rest of the artillery would have to come close to the border to hit Seoul, and so would likely have already been flattened by an armada of M1 Abrams and A-10s before it even got close enough to fire.
Hence why the argument that North Korea could level Seoul with conventional artillery is basically entirely false - at most it'd probably kill a few thousand in a city of 10 million.
Honestly the primary reason not to start a war with NK is the risk of the Chinese marching South and a potential repeat of the last Korean War (well, technically the current one given that that one never ended). But really, it's getting to the point where people are rightly questioning whether it's sufficient to just topple the NK regime and let China do what the fuck they want with the country after that. To be clear, many more people have died to NK dicking around over the last 70 years than would die to a NK attack on Seoul, and a nuclear armed NK would risk a far greater number of lives - this would genuinely put all 10 million at risk, rather than just a few thousand.
Actually I see a different pattern in the data- it sounds like the languages being used more in Western countries are languages that are used to solve hard problems.
That does include core game engine development, but it also includes advanced analytics, machine learning and so forth where languages like R and Python are the defacto standards nowadays.
We often hear about how countries such as India can churn out a thousand first class graduates from their universities for every one mediocre graduate in the West and other such nonsense, but the reality is that of the top 500 universities in the world, the vast majority are in the West. So for example, India doesn't have a single university in the top 100, and in fact, it's first entrant in the top 500 is the University of Delhi as the 316th university in the world and only 4 in total in the top 500.
There's a reason why the West is so dominant in the services industries and it's precisely because we have the education systems needed to stay ahead in solving difficult problems - it doesn't matter how many graduates countries like India can churn out in sheer volume alone if their best University is the 316th in the world. Compare and contrast to say, the UK, which has only 0.86% of the world's population but 9% of the top 100 universities. India has 17.6% of the world's population with 0% of the world's top 100 universities.
China is really the only nation that is on the right path to catch the West, but that's because they've spent the last 30 years doing the hard stuff - building infrastructure, skills, and education, but I'd warn that their political system will inevitably become a constraint on ever being able to completely reach parity with the West as the more educated a population becomes, the more liberal they become - that's at complete odds with China's political system.
The fundamental problem therefore is that many "tech hubs" in poorer nations are largely selling snake oil, the idea that they can always produce the same thing is cheaper, they simply don't have the skills, the talent, and the R&D centres to do so for more complicated tasks, and that's why the West shines in these areas, and that's why languages related to difficult problems are more prominent in the West.
But a word of warning, there's been a marked trend in the West in recent years against education, against experts, and against knowledge and science, this puts our advantage in these areas fundamentally at risk if it persists, if we want to continue being world leaders in areas such as this, then we have to fight back this wave of populism, and worship of ignorance, else it will leave all that hard earned talent, knowledge, and that research culture ripe for poaching by others who are willing to nurture it more than we have been. Brexit for example puts Britain's top universities at fundamental risk as they can no longer easily draw in the global talent required to make those universities as successful as they are, and if you lose that R&D edge that universities provide then you're just another India - sure you can do GUIs cheap, but you ain't going to be a serious contender as global tech leader doing cutting edge work which is where the money is (i.e. Silicon Valley for tech, the City of London for finance etc.).