Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Programming

Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower 221

Posted by Soulskill
from the better-figure-out-an-alter-ego-quick dept.
theodp writes: The idea of programming as a superpower was touched upon by CS teacher Alfred Thompson back in 2010, but it became a rallying call of sorts for the Hour of Code after Dropbox CEO Drew Houston described coding as "the closest thing we have to a superpower" in a Code.org video that went viral. And if the kids who learned to code with the President last week were dubious about the power of coding, this week's decision by Sony to scrap the release of the satirical film The Interview after a massive hack attack should put aside any doubts, especially after new revelations that Sony had reached out to the White House for help and screened the film for administration officials back in June. White House press secretary Josh Earnest said Thursday that the Obama Administration is viewing the Sony attack as a "serious national security matter" and is considering a range of possible options as a response, which could turn things into a contest of U.S. Superpower vs. Coding Superpower. In case it wasn't mentioned last week, remember to always use your coding superpower for good, kids!

Comment: Re:The Systemd Fiasco or Hello FreeBSD (Score 4, Insightful) 581

by c0d3g33k (#48416787) Attached to: Debian Votes Against Mandating Non-systemd Compatibility

Linux has become the laughingstock of the computing world thanks to the Systemd Fiasco.

An entire operating system trashed by a single incompetent clown and his shit pet project rammed down distro throats by his foaming at the mouth fanboys.

A healthy open source community would never have let this fiasco happen.

Hello FreeBSD. A pure Unix operating system run by grownups only interested in technical excellence.

There seems to be a little foaming at the mouth going on right there in your own post.

Comment: Thank you, Mr. Ellis (Score 2) 15

by c0d3g33k (#48412173) Attached to: Interviews: Warren Ellis Answers Your Questions

Thanks for responding to my off-the-cuff question (Talk about Planetary for a bit).

I found that I just wanted to try and scrape away all those barnacles to see the thing that charmed and fascinated people right at the start. I still don’t know that I managed that to anyone’s satisfaction, but the act of it seemed to me to reveal a story about the genre itself.

If you don't know that you managed it to anyone's satisfaction you're either stupid or deliberately humble and obtuse. I'm guessing the latter. What you describe is the very reason many people love this work. You scraped away the barnacles and managed to produce something that identified what people love about this stuff. Look, back when I was a kid, I KNEW that Godzilla was a guy in a rubber suit, but it was still cool. The same thinking applies to all popular culture. We KNOW there is a man behind the curtain - we're not stupid. The all powerful OZ is just a sham - we get it. But the illusion he's weaving is kind of cool. That's the part we love. I know I'm never going to be Carson of Venus, Superman, Doc Savage, or Tarzan, Lord of the (Ebola-ridden) Jungle. But the fact that I can imagine those ideals inspires me to be a better person, just a little bit. That's what these stories are all about. When faced with the issue of the day, having these stories in the back of my mind helps me to be just a little better. Given the behavior of many that don't have this kind of value system in this world, I recognize that these stories have brought some good to the world.

So scraping off the barnacles and distilling the essence of what people loved about these stories managed to remind me of why they were interesting and important in the first place. And so I try to be a better person with renewed vigor, thanks to you. You have my gratitude.

Comment: Re:I would never give Home Depot my address... (Score 1) 99

by c0d3g33k (#48330983) Attached to: Home Depot Says Hackers Grabbed 53 Million Email Addresses

You don't have to set anything up - just use the address tag when you supply an email address. It's still a valid email address (see link below), so will still get delivered to your inbox. The extra information in the tag/extension makes the address unique (if you made the tag info unique), so can be used to filter messages, sort them to subfolders etc. depending on what your mail provider supports. Different providers support different separators, Gmail happens to be one that supports the plus.

https://en.wikipedia.org/wiki/...

Comment: Just talk about Planetary for a bit (Score 2) 58

by c0d3g33k (#48311103) Attached to: Interviews: Ask Warren Ellis a Question

Mr Ellis,

I enjoy all your work, but I view Planetary as a "love letter to the things I love". I would appreciate it if you just wrote a little bit about what you were thinking/feeling when you were working on Planetary. That work covers a lot of territory, but my reaction on first reading was to weep because you captured so perfectly the essence of all those wonderful stories that I loved as a young man. I didn't think anyone loved that shit as much as I did, but Planetary seemed to capture the essence of all those great stories whilst bringing them in to the modern age and reminding us why they were relevant and maybe still are.

So, if you would, just riff a bit on Planetary and all the things you had in your head when you were working that all out. Planetary as the finished work we have as a reference - I'm interested in the stew in your mind containing all that wonderful stuff that eventually was distilled into Planetary. Talk about that a bit, if you are so inclined.

Thanks.

Security

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw 76

Posted by timothy
from the big-targets-get-hit-first dept.
Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.

Comment: Re:We can be certain of one thing (Score 1) 152

by c0d3g33k (#48265505) Attached to: Stan Lee Media and Disney Battle For Ownership of Marvel Characters

That was an analogy and was not intended to be identical in every way. The similarity is in the relationship between employee and employer, and the significance of what someone might consider the "main work" when in fact it is not.

Why do I have to explain this?

Because in the case of creator's rights that your analogy is aluding to, it's the relationship of the creator and employer that are the most relevant to the discussion.
It's the creator, or their estates, who often claim control of the rights and demand compensation retroactively for a share of the total profits. That hardly if ever happens with the dozens of people who created new material using the characters after the creator has moved on.

So the players in a relevant analogy are:

The creator who had the original idea for a character = The inventor of the recipe for the burger, nuggets, joyful meal etc.
The people who do the "main work" for decades after the creator stops working on the character (and usually generate more total revenue than the creator ever did alone). Writers, artists, colorists, inkers, letterers, editors = burger flippers, fry cooks, managers, etc.
The employer = The employer.

That last one was spot on, I'll say.

Comment: Re:Only usefull for wine? (Score 1) 55

by c0d3g33k (#48176209) Attached to: Direct3D 9.0 Support On Track For Linux's Gallium3D Drivers

You make no sense, since having only the proprietary driver available sounds to me like "require you to have a specific driver installed". The Gallium3D driver, which supports Radeon cards since the R300 series (Oct 2002), offers an alternative to the required proprietary driver. And since AMD regularly drops support for older hardware in the proprietary driver, the Gallium3D drivers supports a wider variety of hardware, and will continue to do so. Seems like writing for the proprietary driver is the more risky approach with a smaller potential audience.

Programming

Code.org: Blame Tech Diversity On Education Pipeline, Not Hiring Discrimination 227

Posted by Soulskill
from the maybe-fix-both dept.
theodp writes: "The biggest reason for a lack of diversity in tech," says Code.org's Hadi Partovi in a featured Re/code story, "isn't discrimination in hiring or retention. It's the education pipeline." (Code.org just disclosed "we have no African Americans or Hispanics on our team of 30.") Supporting his argument, Partovi added: "In 2013, not one female student took the AP computer science exam in Mississippi." (Left unsaid is that only one male student took the exam in Mississippi). Microsoft earlier vilified the CS education pipeline in its U.S. Talent Strategy as it sought "targeted, short-term, high-skilled immigration reforms" from lawmakers. And Facebook COO and "Lean In" author Sheryl Sandberg recently suggested the pipeline is to blame for Facebook's lack of diversity. "Girls are at 18% of computer science college majors," Sandberg told USA Today in August. "We can't go much above 18% in our coders [Facebook has 7,185 total employees] if there's only 18% coming into the workplace."

Comment: Re:So essentially... (Score 1) 76

by c0d3g33k (#48056635) Attached to: JP Morgan Chase Breach Compromised Data of 76 Million Households

Don't trivialize this by ignoring the true nature of the breach.

This is more like obtaining an exclusive unlisted client list detailing who exactly is doing business with a given organization. The phone book doesn't provide that connection - knowing names, addresses and phone numbers doesn't tell you which crucial and vulnerable businesses are associated with a household. Obtaining the same information from a business of interest is a different story entirely. Metadata is crucially important.

Comment: Re:Security through obscurity - useful but inadequ (Score 0) 76

by c0d3g33k (#48056559) Attached to: JP Morgan Chase Breach Compromised Data of 76 Million Households

Well, that's hardly comforting. So even spending an ENORMOUS amount of money on IT and security can't prevent your system from being breached in a big and spectacular way? Then either that enormous amount of money was spent poorly, or that information should not have been exposed to the internet in the first place until it was properly secured. They were breached, in a big way. So their systems were exactly as weak as I think, enormous expenditure aside. I fail to see your point. "They tried REALLY hard" doesn't count for beans if they don't succeed.

Comment: Security through obscurity - useful but inadequate (Score 4, Insightful) 76

by c0d3g33k (#48055657) Attached to: JP Morgan Chase Breach Compromised Data of 76 Million Households

The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan's computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application

I find this interesting because it shows both the usefullness but ultimate inadequacy of security through obscurity. Had the hackers been unable to obtain this information, the implication is that the breach would not have happened, or at least not happened as soon. Without the ability to create a road map, they would have had to take the less efficient approach of randomly guessing and probing with the hope that something worked. So keeping that list of applications and programs a secret has some value.

On the other hand, it underscores the importance of the point that people have been making about security through obscurity for decades: it's very weak security, and once that layer of the security onion is breached, there had better be stronger security layers underneath. Like patched and updated programs and web applications that close known vulnerabilities. I'm guessing that didn't happen, because the JP Morgan Chase management has probably acted like many other management teams I've had the "pleasure" of working with - they placed higher value on the secrecy than actually fixing stuff, because the former costs less, and it kind of works until it doesn't (and then that policy fails in a big way).

I sincerely hope that these breaches light a fire under the asses of lax management at these large companies and they realize that spending the time and resources to *really* secure their systems is worth it in the long run.

And then I laugh sadly, because that's wishful thinking.

If mathematically you end up with the wrong answer, try multiplying by the page number.

Working...