You're right about restricted access, but you're misinterpreting the sentence. He's talking about a backdoor created *for* the good guys. As in, they wanted to have it, so it was put in. Not as in it's ours so only we can use it.
Funny, but untrue - it's a common misconception that academics' code is bad. I think you would be pleasantly surprised at the quality of the code if you worked with them directly. There are bad apples of course, but the vast majority are very capable programmers with solid fundamentals.
UX is good, and you have to invest in it no matter what, but it'll never be a silver bullet unless you strip your apps way way way down - something that'll be painful for both you and your established users.
But if your docs really are a bottomless pit, it might behoove you to invest in your community instead of documentation. Grow some in-house experts and put them on the forums and a chat system. Send your users there instead of to increasingly out-of-date help docs and get them in the habit of searching for answers there. Build a reputation for responsiveness to get free customer loyalty on the side. Send your UX people and engineers to the forums as well so they get the pulse of your most frustrated customers. Slowly your community will become your experts as well.
If USPS delivers mail monday through friday and packages monday through saturday, why would they bother doing dvd processing on Saturday? They can't mail anything out... there's no point...
I wasn't ecstatic about all the non-major courses I had to take when my primary worry was getting a programming job after I got my degree, and I might have taken an $100K out if it was available. But now 10-15 years later I'm glad I that my formal education included a psychology class, a statistics class, a history class, and others. Maybe I would have picked all that up on my own, or maybe I'd have a giant black hole in my world view.
There's a training side to education and there's a wisdom side to education, and they're both important in the long run. Telling young people to get jobs right out of high school because being well-rounded isn't necessary for "smart" people just means it's going to be a crap shoot as to whether their decisions repeat history or learn from it.
We love fantasy novels where someone discovers a box that holds ancient power and destruction, and then the hero has to save the day.
Well, it just happened.
Cool, that's great, and I don't think you should stop doing that, but you aren't really the case the story is talking about. Although you could be, if the security firm you hire fails to catch all of the vulnerabilities and some white hat somewhere reports something to you. Then it'd be better if you could have some assurance that they were trustworthy.
I don't think we disagree on any specific points so far. I'm not trying to replace security audits, just to encourage people who do the right thing without being paid to do so.
Determining who to trust is the goal of the system I described, because the only real trust is reciprocal trust. Researchers trust an authority with full record of their activities, and thereby earn the trust of the people they're ostensibly trying to help.
Today this would be done by the owner of the system choosing a security firm to audit their system, but we know that doesn't happen because it's expensive and people are lazy. Still, it needs to be done, so today's researchers just do it without getting permission, which results in vulnerabilities exposed (good), but sometimes also results in lawsuits (bad).
In my proposal, the law defines the terms of that initial agreement, which lets researchers find security flaws without having to get the system's owners' permission.
Identifying the good guys is a question of trust, so you can imagine why lawmakers are hesitant to throw trust around willy-nilly. Building a system that shows how that trust is reciprocated and enforced would be a good start.
Seems like there could be a law that tries to differentiate "Research Hacking" by setting requirements to qualify as a researcher. They must provide full transparency to prove they have no malicious intent. They inform law enforcement authorities of their activities before and after the exercise and constantly upload logs of their actions and any data transactions they execute. Maybe on a virtual "research sandbox" machine that deletes itself at the end of the session as an added layer of protection. Then if the vulnerability gets out before it's been reported, maybe that researcher (or people with access to their machine) is a good place to start the investigation, so there's incentive to report vulnerabilities quickly. Overly simplistic, probably not quite workable as-stated, but you get the idea.
/agree about publishing, but not about impracticality. It's not like the police are going to go to everyone's house after a breakup and take their photos away, and those photos will probably exist in the hard drives and minds of millions of people who never make a big deal about it. But it also means that if your ex is holding what amounts to blackmail photos over you, you now have a legal recourse.
Before, if you told the police that you accidentally dated a psycho and now they're showing naked photos of you to everyone in town, they'd say "your ex owns those photos, so maybe you should have kept all your naked pictures to yourself." Which is great if you have a time machine, but not if you're looking to stop someone from being an asshole today. With this, if you make a request, they have legal grounds to take away the photos.
And sure it's probably going to be abused by some people (and that scene from Forgetting Sarah Marshall won't make sense anymore), but before we had people abusing their possession of naked photos. So, which is worse?
If kiwis are related to the much bigger elephant birds, that might explain why they lay such ridiculously big eggs - they've shrunk but their eggs haven't caught up yet.
Why are we talking as though the options are "tell the truth and ream them" and "lie through your teeth to be nice"? Didn't we learn constructive criticism back when we were junior whatevers at our first job?
The only benefit to you in an exit interview is data you can glean from them, and any satisfaction from acting out will burn you in the long run. So get outside yourself and attempt to join forces with the person interviewing you so you both can avoid having to do this in the future. You'll have time for complaining about the bad times when you're with your buddies at the bar.
The ideal exit interview gets to the heart of the problem without pointing fingers. It is impartial, it gets information as often as it gets, and it helps you grow as a person:
It's not "my boss was the worst asshole in the world," it's "I couldn't find a way to improve my work relationship with my manager. Maybe it was a personality clash, but I had taken these steps [insert steps], and felt that my attempts were rebuffed. Can you think of ways I might have done better?"
It's not "you guys are so great I'm so sad and you'll do great," it's "I know we didn't really get along, please be honest, what do you think most damaged our work relationship? [hear answer] Oh, good points, I thought it was also this [insert problems]"
And if you're being polite and constructive and they're they opposite, then ask to cut it short and move on with your life.
Slashdot Mirror
We have a hammer that no one can figure out how to swing.
You're right about restricted access, but you're misinterpreting the sentence. He's talking about a backdoor created *for* the good guys. As in, they wanted to have it, so it was put in. Not as in it's ours so only we can use it.
Build a trench from yellowstone to the grand canyon.
Planes spontaneously appear in the anti-bermuda triangle. Full of people who hadn't existed.
Funny, but untrue - it's a common misconception that academics' code is bad. I think you would be pleasantly surprised at the quality of the code if you worked with them directly. There are bad apples of course, but the vast majority are very capable programmers with solid fundamentals.
Maybe it was an assignment statement. They want us to refer to Bitcoin as !anonymous from now on.
CA is already getting plenty of Michigan water. Read that Dasani label, it was bottled in Detroit.
There is, it's just expensive.
I'm sure I'd be able to come up with some comment to refute this, but I just can't wrap my head around it.
UX is good, and you have to invest in it no matter what, but it'll never be a silver bullet unless you strip your apps way way way down - something that'll be painful for both you and your established users.
But if your docs really are a bottomless pit, it might behoove you to invest in your community instead of documentation. Grow some in-house experts and put them on the forums and a chat system. Send your users there instead of to increasingly out-of-date help docs and get them in the habit of searching for answers there. Build a reputation for responsiveness to get free customer loyalty on the side. Send your UX people and engineers to the forums as well so they get the pulse of your most frustrated customers. Slowly your community will become your experts as well.
If USPS delivers mail monday through friday and packages monday through saturday, why would they bother doing dvd processing on Saturday? They can't mail anything out... there's no point...
... in the "tiny universe" experimenter's particle accelerator.
I wasn't ecstatic about all the non-major courses I had to take when my primary worry was getting a programming job after I got my degree, and I might have taken an $100K out if it was available. But now 10-15 years later I'm glad I that my formal education included a psychology class, a statistics class, a history class, and others. Maybe I would have picked all that up on my own, or maybe I'd have a giant black hole in my world view.
There's a training side to education and there's a wisdom side to education, and they're both important in the long run. Telling young people to get jobs right out of high school because being well-rounded isn't necessary for "smart" people just means it's going to be a crap shoot as to whether their decisions repeat history or learn from it.
We love fantasy novels where someone discovers a box that holds ancient power and destruction, and then the hero has to save the day.
Well, it just happened.
Pandora's box - it's easier to spread fear than to take it back.
KB in this context stands for KiloBuck
This is the only thing he DIDN'T want to last longer than him. Don't be cruel.
Cool, that's great, and I don't think you should stop doing that, but you aren't really the case the story is talking about. Although you could be, if the security firm you hire fails to catch all of the vulnerabilities and some white hat somewhere reports something to you. Then it'd be better if you could have some assurance that they were trustworthy.
I don't think we disagree on any specific points so far. I'm not trying to replace security audits, just to encourage people who do the right thing without being paid to do so.
Determining who to trust is the goal of the system I described, because the only real trust is reciprocal trust. Researchers trust an authority with full record of their activities, and thereby earn the trust of the people they're ostensibly trying to help.
Today this would be done by the owner of the system choosing a security firm to audit their system, but we know that doesn't happen because it's expensive and people are lazy. Still, it needs to be done, so today's researchers just do it without getting permission, which results in vulnerabilities exposed (good), but sometimes also results in lawsuits (bad).
In my proposal, the law defines the terms of that initial agreement, which lets researchers find security flaws without having to get the system's owners' permission.
Identifying the good guys is a question of trust, so you can imagine why lawmakers are hesitant to throw trust around willy-nilly. Building a system that shows how that trust is reciprocated and enforced would be a good start.
Seems like there could be a law that tries to differentiate "Research Hacking" by setting requirements to qualify as a researcher. They must provide full transparency to prove they have no malicious intent. They inform law enforcement authorities of their activities before and after the exercise and constantly upload logs of their actions and any data transactions they execute. Maybe on a virtual "research sandbox" machine that deletes itself at the end of the session as an added layer of protection. Then if the vulnerability gets out before it's been reported, maybe that researcher (or people with access to their machine) is a good place to start the investigation, so there's incentive to report vulnerabilities quickly. Overly simplistic, probably not quite workable as-stated, but you get the idea.
/agree about publishing, but not about impracticality. It's not like the police are going to go to everyone's house after a breakup and take their photos away, and those photos will probably exist in the hard drives and minds of millions of people who never make a big deal about it. But it also means that if your ex is holding what amounts to blackmail photos over you, you now have a legal recourse.
Before, if you told the police that you accidentally dated a psycho and now they're showing naked photos of you to everyone in town, they'd say "your ex owns those photos, so maybe you should have kept all your naked pictures to yourself." Which is great if you have a time machine, but not if you're looking to stop someone from being an asshole today. With this, if you make a request, they have legal grounds to take away the photos.
And sure it's probably going to be abused by some people (and that scene from Forgetting Sarah Marshall won't make sense anymore), but before we had people abusing their possession of naked photos. So, which is worse?
If kiwis are related to the much bigger elephant birds, that might explain why they lay such ridiculously big eggs - they've shrunk but their eggs haven't caught up yet.
Please don't make water into a fuel. I need water for other things.
The only benefit to you in an exit interview is data you can glean from them, and any satisfaction from acting out will burn you in the long run. So get outside yourself and attempt to join forces with the person interviewing you so you both can avoid having to do this in the future. You'll have time for complaining about the bad times when you're with your buddies at the bar.
The ideal exit interview gets to the heart of the problem without pointing fingers. It is impartial, it gets information as often as it gets, and it helps you grow as a person:
It's not "my boss was the worst asshole in the world," it's "I couldn't find a way to improve my work relationship with my manager. Maybe it was a personality clash, but I had taken these steps [insert steps], and felt that my attempts were rebuffed. Can you think of ways I might have done better?"
It's not "you guys are so great I'm so sad and you'll do great," it's "I know we didn't really get along, please be honest, what do you think most damaged our work relationship? [hear answer] Oh, good points, I thought it was also this [insert problems]"
And if you're being polite and constructive and they're they opposite, then ask to cut it short and move on with your life.
Galaxy Zoo could possibly benefit from this tech. Or oncologists who stare at MRI images looking for tumors.