Why is this permitted? Does anyone other than me think the guards should also be prosecuted for this behavior? Worst of all who are the sort of people who apply for these jobs, behave like this all day and then just go home at the end of the day to have a nice evening with family. Very disturbing.
Aside, odd feeling reading this article featuring a US-Canada border crossing right after playing Detroit: Become Human last night.
Anyway to a mind that's flexible and agile, nothing feels particularly like gymnastics, but I do note that there is a weird disproportionality of anguish and outrage on this thread, over something that happened to me just now -- 3 hours without a sandwich. Partly because of fortune and partly by my own will not to fuck people over, I've never seen the inside of one of these places, but I'm still willing to wager that "no sandwich" is not the worst abuse that goes on "in custody." So if it outrages you, and prisoner rights is something that matters to you, all that energy might be better directed toward addressing some of those more serious abuses.
Sorry to say, there are myriad other ways that the systems and institutions we all participate in, will ruin entire lives, including of non-prisoners, in cruel and dehumanizing ways. And there are criminals dead-set against those systems, who will do the same. Neither one is particularly your friend. Or sorry, that's presumptuous... neither one is particularly my friend.
I do, but there's a whole lot of people who are happy with behavior like this because they think prisoners should suffer and they are 100% ok with this.
You mean, assuming they have do have a family and are capable of having a nice evening? Sometimes people's behavior convey their inner issues. Not that I'm justifying their behavior in any way, just objective thinking.
Putting them into mutually exclusive categories is an attempt to hide from the discomfort of that idea and is ultimately counter-productive.
I was just saying this was a possibility but I totally see what you mean, which probably results from human nature not being necessarily "good".
Does anyone other than me think the guards should also be prosecuted for this behavior
who are the sort of people who apply for these jobs, behave like this all day and then just go home at the end of the day to have a nice evening with family
> There are hardly any excesses of the most crazed psychopath that cannot easily be duplicated by a normal kindly family man who just comes in to work every day and has a job to do.
- Terry Pratchett, Small Gods
That some transportation guards were reportedly jerks. If tossing a sandwhich just outside of arms reach is cruel and unusual punishment to you, must not have had older siblings.
People are jerks sometimes. These kids, had a lot more than an out of reach sandwhich coming to them.
This is the first time I’ve read that conduct legally ruled cruel and unusual punishment and used by authoritarian regimes around the world is actually a loving act of kindness, so I’m very curious about how youve reached that conclusion.
In the same vein, do you also believe victims in abusive relationships that the violence towards them is their fault, and that their abusers are doing it out of love?
Your definition of torture is a guard tossed a sandwich out of arms reach for a 3 hour ride because he's a jerk.
I rest my case.
But it's much more complex than this. There's a question of how much we want to prevent such things, and, even supposing we're willing, how many resources we're willing to dedicate to the solution. There's also a question of prevention via cultural change, which is a hard problem if there ever was one.
One of those kids was wondering around the exact floor where my desk was. I got a job and career out of it, these kids got jail time and one suicide. Geez.
I personally doubt whether one wants to be a productive member of a society that put one into jail.
I agree with the mind of this statement. The problem is: For lots of such skills, it is hard to find jobs where these are needed (for example reverse engineering). Based on my personal observation, to stay in the example, there exist much more skilled reverse engineers than jobs where these skills are useful/needed.
I know lots of examples where this is the case (I am talking about Germany, where the situation might be a little different, but I do not believe that the difference is too large).
I know some really great reverse engineers who have difficulties to find a decent job (they get through with some badly paid jobs that are far below their skills).
I can assure that I have hardly ever seen a job ad where reverse engineering (as in software) skills are even mentioned. And I openly admit that I (who also have some knowledge in reverse engineering) would not even know where to ask/look for a job that gratifies such skills. Be assured that I would have passed on such job hints if I knew of any.
In my observation the whole "IT security" scene (I am aware this is a somewhat different area than reverse engineering) is a close-knit circle that is hard to get into. If you are able to get into, I have strong evidence that the salary is actually rather good. But I have no idea how to get into the inner circle where the job offers await.
Seriously: I have some colleagues who even asked me with my knowledge about security why I do not get into this the field of activity of IT security. I tell them to give me hints how to get into this inner circle where the interesting job offers await. None of these loudmouths could tell me. Of course...
EDIT: I could go on and on. The statements stay the mostly the same all the time: Where can such a person find job offers?
I will not disagree. But I am explicitly talking about reverse engineering as in the original article (i.e. mostly software and to a lesser (but not less important) sense electronics).
I do not know enough details about the other segments that you mention to make deep statements about them. But I am pretty confident in my opinion that the kind of skills that you require for them are really different from those that you need for software/electronics reverse engineering. What I want to say with this: The skills that you need for hacking an XBox (as in the article) do hardly ever transfer to any of your examples (bomb squad detectives, Root cause analysis experts, market/competition research, Prototyping, NTSB agent).
In my opinion/experience, finding loopholes/security bugs in an existing system and designing systems that are unprone to security bugs are two very distinct skills. It is quite imaginable that many people that people who work in the branch become good at both, but being good at one of them does not make you good at the other.
EDIT: The only kind of knowledge that comes spontanously to my mind that transfers well between both areas is having an immense amount of obscure knowledge about weaknesses in lots of protocol designs.
See, its a progression not a dichotomy. A hacker possesses only a subset of a truly skilled security programmer. And the security programmer always has home field advantage. As a hacker becomes more seasoned, they learn more and more about the system until they reach the level of the security programmer or the person implementing all the locks and keys
Indeed. For this one loves to build mathematical models, formulate security properties, make proofs, think deeply about the limits of the formulated models (e.g. tempest attacks, cache timings etc. which might introduce side channels) etc.
Finding exploits is quite a different job: Here you very often have lots of legacy systems which have an architecture that is hard to make secure. To give an example: A parser for a very complicated and ill-specified file format where mistakes can easily lead to catastrophes (for example because the format allows to embed "executable scripts" that are run in a JIT-based virtual machine). So you look for loopholes in an often badly designed or at least complex and thus error-prone system and think about how you can exploit these mistakes in a clever way.
I am very sure that both can be very exciting jobs, but they are in my opinion quite different in nature.
> If I am an expert an building impenetrable servers, then I must know how to penetrate servers since I've added patches to block all known attacks. How could I do that without first being a hacker?
I think the essential difference is that if you are an expert in building impenetrable servers, you simply avoid lots of design decisions that are prone to security problems (to stay in my explanation above: these also typically have the property that they can be specified rather well formally). On the other hand, if you want to penetrate servers, you need creativity to turn "suspicious looking design decisions/oversights" into working exploits.
So being an expert in building impenetrable servers will not make you good in penetrating servers: Knowing what design decisions are hard to keep in control security-wise does not (necessarily) give you the knowledge about how to concretely exploit them. On the other hand: Having a strong creativity for how one can in practice exploit oversights does not (necessarily) make you a good engineer for systems that are hard to exploit.
The coder oversights wont be there because that seasoned expert once exploited someone else like that and knows where to defend. There is such a thing as 100% secure code. Although instances of it are very small. My point is, you get to be so good at building defenses because youve seen so many offenses and know what to expect and how to counter.
> Of course, they do! Reverse engineering is the skill of being able to see how things are put together without having the whole picture.
I disagree and have done quite some reverse engineering out of private interest. To me it was mostly about learning and applying an excessive amount of knowledge about obscure trivia that can hardly be applied anywhere else (except perhaps for some really rare embedded developing stuff), such as knowledge about some obscure flags in the linker format, knowledge about aracane details of the call convention and instruction encoding, arcane features of the respective CPU/chipset that probably only OS developers are even aware of, etc.
This is what > 90% of reverse engineering consist of for me: Learning/having/applying an immense knowledge of a giant amount of arcane details that are hardly useful anywhere else.
> It's having an intuition of where to find the clues to solve the bigger puzzle.
I am not aware that I have used a lot of intuition. It is rather a lot about documenting everything well, documenting how each subsystem/function relates to others, ... lots of long, monotonous (but not boring) documentation. The reasons is that if you do not document a lot, you will soon be struck by the immense amount of details.
A little bit like how you would document the inner workings of a space ship that landed on earth exhaustively in terms of lots engineering diagrams.
If someone were looking to join the easiest way would be find a conference near you. In the US pretty much any major city has these, but in other countries I'm sure they are just as common. Some are very professional, some are less so. If there is copious amounts of drinking you're at the right place. Generally the smaller the conference the better, so that also means less advertising and harder to find
Lots of different InfoSec groups go to meetups so at that point just talk to as many people as you can, it might seem difficult to break into a group without anyone to vouch for you but most of the time everyone is open to newcomers
When you say "IT security" do you mean pentesting? Access management? Network security? ISO 27001 auditing? Working with any of the many security-related software suites around?
If you really were not doing any real harm (where I believe you), why didn't you become an activist to abolish/change the laws on which you were cease and desisted?
Also I was 17 and I imagine I was more easily intimidated.
My old watering hole used to get them from Archie Comics and ended up changing their name to avoid the (legal) usage of a trademarked name, mostly because they didn't want to spend the money to prove they were in the right.
They did not attempt to let the targeted companies know so they could improve their security. They were hacking for profit.
In my observation, this is a branch of industry that is very hard to get into.
> You could essentially be paid by companies to hack their own product entirely legally for the purpose of better securing it against potentially malicious hackers.
For this purpose, one uses quite different techniques than for blackhat hacking. E.g. in the whitehat case, the source code is often available etc.. So brutal code reviews, which require rather different skills (e.g. knowing all the subtle details of the language standard (e.g. C/C++)), are much more effective to secure applications than using the typical "blackhat techniques" (reverse engineering, knowing subtle details of CPU behaviour etc.).
There are some who work in reverse engineering, CPU interactions or static analysis but those are often more senior positions within a company, are more research focused or specifically marketed as such; my role as a pentester is focused on dynamic testing from a blackbox perspective. Sometimes we are lucky to have architecture diagrams, API docs, or source code but they only serve to benefit the test from an external perspective. I don't analyze the code and report vulnerabilities there, I report findings from a perspective of breaking the application in runtime; the code only makes that easier.
Anyone here wishing to break into security to "be a hacker" might find web app pentesting to be the most familiar for developers (it's not far from skills used for UAT, QA and debugging) and provides a pathway down the OSI model. There are companies that will take strongly motivated and technical people to train into pentesters, as the field is vastly understaffed and it's easier to train someone on your methodology from day 1. However, this normally starts as Web App (it's where the money and clients are) and one can move into other areas over time.
I'm more than happy to provide more details or resources to those interested. My knowledge is more in the attacker area, but its possible to start in either side and pivot into the other. Time, patience, and a willingness to learn.
I know some people (myself included) who would work as consultant but have no idea how to even get hold of consulting jobs. Yes, I often ask people who are much much successful in getting those, how they got them. These successful consultants eventually admit that they themselves have no real idea. People just approached them etc. I (and lots of other people) are not the kind of people "that are simply approached".
TLDR: I would not even know how to start to get consulting jobs (and lots of people have a similar problem).
Disclaimer: I am talking about the situation in Germany. In the USA, it might be different.
First of all, forget about the "situation in Germany". Work is everywhere, so be willing to accept work anywhere. There's definitely a pecking order in consulting firms and you can get projects because the company gets a one off engagement with a new client who wants the work done on site. The company has some really awesome full time employees who could do it in their sleep, but they're busy on long term contracts with key clients. Be willing to go, as a subcontractor, to some unglamorous location for a week long project to pentest some shitty internal application that nobody has ever heard of. Get a few of those under your belt and you'll know how it works.
Second, understand that there's more to it than your technical skills. Make friends who work in the industry. Talk with them about what they're working on. Find any interesting bugs or behavior in what you're working on? Chat with them about that. Doesn't really matter if it's security related or not. The people who do the work in the industry are all generally interested in the details of software. If you're into that, then you belong.
Keep reminding your friends that you're hungry for work. Keeping in touch will keep you in mind when they need an extra guy to help out.
Once you start getting work be sure you contribute well. Everyone wants to have the most high severity findings, and obviously you will need to produce those if you wanna keep getting work, but also be that guy who goes the extra mile to help put the report together, write up extra recommendations that would be helpful.
Keep in touch with the people you work with. Be cool to the sales/project management/accounting people. It's simple things like getting your expenses/timesheets/invoices filed in a timely manner. There's more to the business than finding vulnerabilities. Everyone wants to close out the job, get paid, and move on. Show everyone that you know how to behave like a professional. Remember that the people responsible for staffing are asking themselves: Who do we know that we can send in there to take care of this work, so that we can bill them and collect this revenue, who will get the job done and be easy to work with?
Be that guy, and you will be approached too, and you can find full time work in the industry if you want.
I used to work at a company that did pentests (although I never did any myself). This was never the case. Every single one was approached in the same way an unprivileged attacker would approach it, apart from, when testing a production instance of an application:
- dummy accounts are set up, so that if user data must be extracted it doesn't come from real users
- you're not allowed to do anything that risks taking the application offline, destroying data, etc.
brandonjm wrote above (emphasis by me): "You could essentially be paid by companies to hack their own product entirely legally".
It would be a massive waste of time and ressources not to give the internal whitehead team any internal information possible to secure the application. For this I stand by my point that the methods that I stated are usually much more effective.
Pentesting is typically applied in very different scenarios (not a company hacking their own product as in brandonjm's scenario).
You are absolutely right about the massive waste of resources that holding back info causes. It's way better to give consultants complete control of a working test system with the full build environment. And they might as well just let you do it remotely. But many companies don't do that. Instead they would rather eat your travel and accommodation costs, and then when you show up you're being paid to sit around for a week because they don't even have things ready, so you sit around reading bullshit documentation so you look busy and your contact doesn't look bad. And when you finally do get something you spend lots of billable hours figuring out how to get it up and running, which provides absolutely no value to them and wasted valuable time you could have been finding bugs. But that's just how it goes.
That's not really an industry.
Pen. tester is, security researcher or implementer or auditor is, crime committer isn't.
The days of getting a career from unauthorized hacking into systems are over. That road leads to prison/death, as it should.
As it should?
English isn't my first language and I really hope you aren't suggesting that the one who does unauthorized hacking should die.
EDIT: I assumed good faith, according to the Hacker News guidelines. Apparently in this case I was wrong. I just read the GP's second, more in-depth, comment further down: he's absolutely in favour of prison and thinks that in some cases death may be warranted.
But I still don't understand how hacking is such a serious crime to be punished by death sentence.
In fact, there are very very few crimes which deserve death penalty.
The language was clear, its America that's at fault.
I think everyone in their right mind can agree that in most cases it's bad for society if you break into someone else's system.
If you take it on a case-by-case basis, it's a little hard to make that statement. E.g. would it be bad if someone broke into a Chinese network and use the information to help/warn human rights activists? To break into a company that's conducting unauthorized experiments on unwilling or uninformed subjects and leak that to the press? It's easy to say that vigilante justice is never a good idea, but the victims who can't get any other kind of justice might very rightfully disagree.
It's hard to even agree that it's always wrong to break into a computer system. To pronounce a minimum acceptable sentence of jailtime, and maybe even suggest that death penalty would be a good idea, too, is not something that's going to be taken well in the civilized world.
Myself and a lot of other people don’t believe in death sentence no matter the severity of the crime.
The two main reasons why I don’t support a death sentence in any case are:
1. People sometimes get sentenced for crimes they did not commit. By at least letting them live in prison rather than killing them we give them a chance to fight the sentence.
2. The law is not objectively “correct” because there is no such thing as a single “true” morality. Multiple moral stances exist, and we should be somewhat tolerant of that.
Amnesty International has some more arguments against death penalty as well. https://www.amnesty.org/en/what-we-do/death-penalty/
Finally I believe that the justice system should to the greatest extent possible exist to prevent crime and reform criminals so that they can be productive members of society, not primarily exist to punish criminals.
In my country — Norway — this is reflected in how the police handle confrontational situations. The Norwegian police force always tries to deescalate, whereas in the US the police are very aggressive in a lot of situations that should not call for that sort of reaction.
There are very many people that do bad things not because they are fundamentally bad people but because of their circumstances. Everyone deserves a chance.
Some people cannot be helped and need to remain locked up because they pose a threat to the rest of society, but that should be what we do when we see that we cannot reform them, not how we treat everyone who breaks the current set of laws.
Laymen jury is a very disputed system in Europe. To have laymen scentencing someone is very, very questionable.
The US judicial system is more about revenge. Why have parole hearing with relatives?
The system in Europe is more about rehabilitation.
(I strongly disagree with the original commenter, by the way. I do think capital punishment is warranted in extreme cases.)
This from someone who is theoretically ok with capital punishment, but in practice opposed. I do not trust that the state gets the right people all the time. I also think it's too slow and burocratic a process to work as anything other than revenge.
(1.) In high profile federal cases executions occur relatively swiftly. The reason it's slow in many cases is due to all of the procedural safeguards that we have in place to protect defendants.
(2.) People often dismiss retribution without explaining why it's not a valid basis for punishment. Personally, I believe Norway is morally bankrupt for viewing rehab as the only acceptable goal of punishment, as the Breivik case vividly illustrates. You may not find the Breivik sentence appalling, but you should recognize that you are in the minority. And if this guy is going to lecture Americans about the ethics of punishment, I have a right to criticize the Norwegian approach.
(3.) Alex Kozinski made an interesting observation about the possibility of wrongfully executing someone: due to all of the procedural protections in place and all of the resources devoted to capital cases, the odds of being wrongfully executed are an order of magnitude lower than the odds of being wrongfully dealt a life sentence.
Given how awful life imprisonment is, I totally reject the premise that capital punishment can only be justified if it is infallible.
No, it's not being 'taken badly'. It's on you. What you're saying is an outrage. HackerNews isn't a YouTube comment thread; we expect better.
Rather than complaining about how your readers misunderstood you, you might think to at least explain yourself when you go ahead and say that teenaged hackers deserve death.
I have friends a long time ago that used to buy CoD modded lobbies from these guys. Crazy to see how their lives unfolded.
Cheat prevention is another big reason that often came up for the hardened environment.
Slightly OT: Michael Mrozek (EvilDragon1717) indeed attempts to create a handheld gaming console that is as free as commercially possible: the Pyra, which hopefully comes out this year:
Having to compete with companies that haven't just been around and known for decades, but have massive resources and synergies due to their sheer size, is a pretty daunting task, and that's just the hardware side.
Trying to convince major developers, and especially publishers, to get on board with such a project is also no small feat, you'd pretty have to convince publishers to do a 180° on how they've handled a lot of things so far because publishers are also known to be quite big fans of draconian copyright laws.
No, "nothing stopping you from selling your own" would be a trivialization (because there are things). It's easy enough (~20 hours of effort, including research) to build a computer, install Linux, and start playing DRM free games. If you want to distribute it, that's another story.
was at least in Germany, where the main developer Michael Mrozek lives, somewhat popular in nerd circles despite the high price.
In RedWest, we had a building that was pretty much all Xbox employees, and other Microsoft employees couldn't just badge in. In Studio A, if I remember correctly, it was all just public access.
The consoles are everywhere, and people's offices weren't normally locked (before most people moved into to bullpens, which didn't even have doors).
For the most part, you can trust the employees. We had take home consoles that were signed with the proper keys to run retail games, but could also be debugged and get crash logs, and those were fairly safe and well tracked. (You were told, don't let your friends see/play them) But you can't trust anyone else who just randomly enters the building, and with teams so big that you don't know everyone, politely holding the door open for someone is just asking for it.
Source: I worked on the Xbox 360 team.
I rather believe that most such people (including adolescents) are not that willing to go down the path of easy money. The problem rather is in my opinion: The other side is simply not there to make counteroffers (i.e. less money, but perfectly legal etc.). So it is not a choice between "going on the dark side vs light side" (which is a serious decision to make, and confronted with this decision, I believe, most people (again including adolescents) would indeed choose the "light side"), but rather a situation of "only the dark side makes an offer: will you go into it or not - 'we have lots of money to offer'". Confronted with this, I can understand quite well that there exist people (in particular
adolescents might be prone to that because they have less life experience) who will go into it.
So provocatively one could even state that the problem rather is that "the other side is at fault", since they make no serious legal offers to prevent such people from "turning much into the dark side".
Now, a little older, the prospect of fines that will take a lifetime to repay and/or prison is way more deterring. As a kid, you just never think about it.
I believe one does think about that, but concludes that the risk to get rich is worth it (because one has few such chances in life) and if all things go bad, there is still the suicide option.
Some interesting stuff in there, some of which you're probably already familiar with. You could argue that a kid does "think" about it. But to use the word "concludes" may be a stretch.
I found this passage by Sapolsky on the neurobiology of risk/reward assessment in adolescents especially interesting and relevant here:
Age differences in absolute levels of dopamine are less interesting than differences in patterns of release. In a great study, children, adolescents, and adults in brain scanners did some task where correct responses produced monetary rewards of varying sizes. During this, prefrontal activation in both children and adolescents was diffuse and unfocused. However, activation in the nucleus accumbens in adolescents was distinctive. In children, a correct answer produced roughly the same increase in activity regardless of size of reward. In adults, small, medium, and large rewards caused small, medium, and large increases in accumbens activity. And adolescents? After a medium reward things looked the same as in kids and adults. A large reward produce a humongous increase, much bigger than in adults. And the small reward? Accumbens activity declined. In other words, adolescents experienced bigger-than-expected rewards more positively than do adults and smaller-than-expected rewards as aversive. A gyrating top, nearly skittering out of control.
This suggests that in adolescents strong rewards produce exaggerated dopaminergic signaling, and nice sensible rewards for prudent actions feel lousy.
That's not the whole story when it comes to kids' decision making, but it's of a piece with the rest of the chapter and shows that most kids are literally -- anatomically -- unable to think about things like this in a way they will be able to a few years later.
Software security is hard; placing any trust whatsoever in software you cannot completely control is a recipe for insecurity. Game development security is a nightmare.
Obfuscated and protected binaries are moving targets. Targets that can be overcome, absolutely; but they remain in motion so long as they are rebuilt.
If thrill-seeking adolescents can compromise your systems, you deserve to be out of business.
Yes, security is hard, but it is an spectrum, from compromisable by adolescent thrill-seekers to state-nation actors.
Most systems are there to facilitate business, personal, or even more critical, industrial or military operation, none of which you want to be easy to compromise.
And as for SaaS, it does nothing to security but increase the attack surface by requiring more components in your system and requiring the system to be always online, in 99% of cases anyways. On top of that, with SaaS you not only have to secure your systems but also safeguard your clients' data, which only reinforces the idea that: if you can't do basic security, you should be out of business.
And in what world does DRM helps with security? DRM is nothing short of a device of enforcing draconian copyright laws.
If you are a weak person, does that justify the actions of a few armed robbers that are going to mug you on the street? Do you mean I had to take care of my own security by hiring someone all the time? Then why am I paying my taxes to support the police force?
Most of the businesses in the real world operate on a combination of trust and optimism. The moment you take away that stability, businesses suddenly become way less efficient.
Let’s be honest: security in IT is just like security in the physical world. Stealing a car that had an open door is as illegal as stealing a car by picking it’s lock. In such a scenario hacking is just another dimension to physical warfare - and frankly warfare belongs to the military.
The fact that most of the bigger companies had to deal with security themselves is just another matter: they had to operate in the world where the authorities were yet not good enough at tracking hackers. Today though - I can see where businesses that don’t think their security matters would just not bother. It’s not their area of responsibility and I would rather they did what they do well - make money.
It is not hard to argue that the subject matter of each and every law and code is based on immediate or at least likely, if not precedent, events rather than to naively assume that, that which is illegal should not happen and leave your car unlocked.
Besides, my argument and criticism is not concerned with sanctioning of unfavorable behavior but rather holding accountable those who make promises and sales you products.
> It’s not their area of responsibility and I would rather they did what they do well - make money.
But why not? the car maker is not in the business of providing security guards, but I bet you wouldn't be happy if they made cars that were easy to pick, why would this not apply to other business?
Most online business make a big deal of security in their sales, why not holding accountable for those promises?
No, it is completely different: In the internet
- the culprit can be anywhere in the world
- the computer/network, where the attack comes from is usually just a node in a botnet
- So you do not have to just deal with the judicial system of your own country, but with any possible judicial system in the world.
- You can hardly ever find out, where the real origin of the attack is - so you cannot even know which judicial system you have to call to.
So, literally everyone deserves to be out of business? I am not aware of any major software company that has at all times been invulnerable to thrill-seeking adolescents.
Perhaps we should coin a new law. The law concerns a statement of the form: "If X, you deserve to be out of business." The law is that the statement is generally false.
"If X, you deserve Y" is a figure of speech which means Y is a reasonable consequence of X. Just Desert.
However, "if you can't do _basic security_, you should be out of business", I mean that one in the literal sense of it.
Tell that to Equifax.
At some level, it is a matter of either validating all behaviour suggested by remote clients, not accepting anything more than controller inputs from remote clients, or throwing caution to the wind and letting them have at it. Each have their benefits and caveats.
And once you're hosting dedicated servers, why not go one farther and treat it as the SaaS it is?
In your world, there are no companies that use computers left.
There are other things that are convenient and fairly vulnerable. I don't think these things are discussed enough, but they ought to be. Many things in SaaS or PaaS are convenient, but you sacrifice a class of security. I'm not sure if the script is changed across the board enough to compensate.
My concern is the experience of not having control over our equipment (not a good experience or way to live), not a semantic technicality.
He got to keep the money even though he got convicted for wire fraud?
They’re literally trying to lawyer out evolution..
Obviously investing in secure software is more costly then having a lobbyist for prison sentences in Washington and a good PR-Department.
The problem is, that way, the whole stack from the metal up is basically crumble, untested and very frail - should one big time agent release a autonomous attack into the wild.
But hey, we saved a dime today. Tomorrow there might be no more dimes, so if it were not for those meddling kids, the bookies would have gotten away with it.
So I've never done anything that would result in my being deported, but man does this scare me. The current climate, if I fuck up in some minor way, I still feel like I could end up in prison for months waiting for them to send me back north.
It's just scary.
Ugh. Why do even supposedly "cool" companies go to the cops when they get pwned? Own up to your mistakes, change your passwords, fix your security. Don't report anything to the fucking authorities. What would punishing a kid even give you?
It isn't practical for each organization to maintain a staff of forensic security specialists. When one does need them, they can be found rather inexpensively in law enforcement given that a crime (likely) has been committed.
Millions of dollars in IP and potential liability depending on what was taken.