Developer at Knewton
30 stories
·
18 followers

An Old-School Reply to an Advertiser’s Retro Threat

1 Comment and 5 Shares

Financial Times columnist Lucy Kellaway has written the best “go fuck yourself” piece I’ve seen in a long time.

Read the whole story
bluegecko
676 days ago
reply
New York, NY
Share this story
Delete
1 public comment
glenn
676 days ago
reply
Ah yes Meg Whitman. Killing another tech company while fiddling.
Waterloo, Canada

I, for one, welcome our new robot reindeer overlords

1 Comment

Boston Dynamics wins the holidays with this trio of robot reindeer drawn sleigh.

Tags: holidays   robots
Read the whole story
bluegecko
723 days ago
reply
Well. Glad to see another thing Futurama got eerily right, anyway.
New York, NY
Share this story
Delete

Git

19 Comments and 38 Shares
If that doesn't fix it, git.txt contains the phone number of a friend of mine who understands git. Just wait through a few minutes of 'It's really pretty simple, just think of branches as...' and eventually you'll learn the commands that will fix everything.
Read the whole story
bluegecko
777 days ago
reply
New York, NY
Share this story
Delete
18 public comments
jhudson
712 days ago
reply
yup..
Olympia, WA
jsonstein
772 days ago
reply
how it really works
43.128462,-77.614463
rhelewka
774 days ago
reply
Xkcd on git and nails it:
ÜT: 43.642301,-79.378671
JayM
775 days ago
reply
:)
Atlanta, GA
Brstrk
775 days ago
reply
Git is really easy, once everything clicks. I'm waiting for it anytime now.
npiasecki
777 days ago
reply
For us crusty old geezers still clinging to Subversion, this translates to "something didn't work, so 'svn update' and try again, and if that doesn't work, save it somewhere else and download a fresh copy" ... it's like the cirrrrrrcle ... the circle of source control
llucax
777 days ago
reply
xkcd did it again...
Berlin
jshap999
777 days ago
reply
You just need to appease the evil git elves.
ktgeek
777 days ago
reply
I have lived this conversation multiple times.
Bartlett, IL
mrobold
777 days ago
reply
Truth.
Orange County, California
jepler
777 days ago
reply
how did you get this number? stop calling me
Earth, Sol system, Western spiral arm
jimwise
777 days ago
reply
heh
kafka
777 days ago
reply
True.
Austin, TX
brianhoch
777 days ago
reply
I'm not alone!
Spokane, WA
mburch42
777 days ago
reply
My life.
GeekyMonkey
777 days ago
reply
It's sad, because it's true.

Alt: If that doesn't fix it, git.txt contains the phone number of a friend of mine who understands git. Just wait through a few minutes of 'It's really pretty simple, just think of branches as...' and eventually you'll learn the commands that will fix everything.
Ennis, Ireland
marcrichter
778 days ago
reply
Touché!
tbd
alt_text_bot
778 days ago
reply
If that doesn't fix it, git.txt contains the phone number of a friend of mine who understands git. Just wait through a few minutes of 'It's really pretty simple, just think of branches as...' and eventually you'll learn the commands that will fix everything.

Important Information About the Anti-Choice Extremists Trying to Destroy Planned Parenthood

1 Share
Tonight I'd like to direct your attention to two excellent pieces on the ongoing attempts by the Orwellian "Center for Medical Progress" to destroy Planned Parenthood -- just the latest right wing reactionary attack on this vitally necessary women's health organization. First, a piece at Think Progress by Tara Culp-Ressler: Everything ...
Read the whole story
bluegecko
878 days ago
reply
New York, NY
Share this story
Delete

One Company’s New Minimum Wage: $70,000 a Year

1 Comment and 4 Shares

Patricia Cohen, reporting for the NYT:

The idea began percolating, said Dan Price, the founder of Gravity Payments, after he read an article on happiness. It showed that, for people who earn less than about $70,000, extra money makes a big difference in their lives.

His idea bubbled into reality on Monday afternoon, when Mr. Price surprised his 120-person staff by announcing that he planned over the next three years to raise the salary of even the lowest-paid clerk, customer service representative and salesman to a minimum of $70,000.

“Is anyone else freaking out right now?” Mr. Price asked after the clapping and whooping died down into a few moments of stunned silence. “I’m kind of freaking out.”

Read the whole story
bluegecko
976 days ago
reply
New York, NY
Share this story
Delete
1 public comment
JayM
976 days ago
reply
.
Atlanta, GA

Lessons from the Sony Hack

4 Comments and 6 Shares

Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment's computer systems and began revealing many of the Hollywood studio's best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama's presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of "The Interview," a satire targeting that country's dictator, after the hackers made some ridiculous threats about terrorist violence.

Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company (though it is still amazing that Sony made it so easy).

To understand any given episode of hacking, you need to understand who your adversary is. I've spent decades dealing with Internet hackers (as I do now at my current firm), and I've learned to separate opportunistic attacks from targeted ones.

You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus­people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.

High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered "zero-day" vulnerabilities in software, systems and networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you've heard about in the past year or so.

But even scarier are the high-skill, high-focus attacks­the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies, using such spying tools as Regin and Flame, which many in the IT world suspect were created by the U.S.; Turla, a piece of malware that many blame on the Russian government; and a huge snooping effort called GhostNet, which spied on the Dalai Lama and Asian governments, leading many of my colleagues to blame China. (We're mostly guessing about the origins of these attacks; governments refuse to comment on such issues.) China has also been accused of trying to hack into the New York Times in 2010, and in May, Attorney General Eric Holder announced the indictment of five Chinese military officials for cyberattacks against U.S. corporations.

This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple's iCloud and posted them. If you've heard the IT-security buzz phrase "advanced persistent threat," this is it.

There is a key difference among these kinds of hacking. In the first two categories, the attacker is an opportunist. The hackers who penetrated Home Depot's networks didn't seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do.

But a skilled, determined attacker wants to attack a specific victim. The reasons may be political: to hurt a government or leader enmeshed in a geopolitical battle. Or ethical: to punish an industry that the hacker abhors, like big oil or big pharma. Or maybe the victim is just a company that hackers love to hate. (Sony falls into this category: It has been infuriating hackers since 2005, when the company put malicious software on its CDs in a failed attempt to prevent copying.)

Low-focus attacks are easier to defend against: If Home Depot's systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company's security is superior to the attacker's skills, not just to the security measures of other companies. Often, it isn't. We're much better at such relative security than we are at absolute security.

That is why security experts aren't surprised by the Sony story. We know people who do penetration testing for a living­real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker­and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren't sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won't end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn't have to leave so much information exposed. And they didn't have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff.

For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.

The time to start is before the attack hits: Sony would have fared much better if its executives simply hadn't made racist jokes about Mr. Obama or insulted its stars­or if their response systems had been agile enough to kick the hackers out before they grabbed everything.

My second piece of advice is for individuals. The worst invasion of privacy from the Sony hack didn't happen to the executives or the stars; it happened to the blameless random employees who were just using their company's email system. Because of that, they've had their most personal conversations­gossip, medical conditions, love lives­exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now.

This could be any of us. We have no choice but to entrust companies with our intimate conversations: on email, on Facebook, by text and so on. We have no choice but to entrust the retailers that we use with our financial details. And we have little choice but to use cloud services such as iCloud and Google Docs.

So be smart: Understand the risks. Know that your data are vulnerable. Opt out when you can. And agitate for government intervention to ensure that organizations protect your data as well as you would. Like many areas of our hyper-technical world, this isn't something markets can fix.

This essay previously appeared on the Wall Street Journal CIO Journal.

Read the whole story
bluegecko
1092 days ago
reply
New York, NY
Share this story
Delete
3 public comments
acdha
1092 days ago
reply
Very true: “Like many areas of our hyper-technical world, this isn't something markets can fix”

As an industry we love to see everything tech as market-driven and efficient to the point where we hate to recognize the ways markets fail or are actively gamed. The existence of identity theft is a great example of how successfully companies have managed to push the costs of their neglect onto others and even use hype about regulation to get many of the people at risk to fight against fixing it.
Washington, DC
toddgrotenhuis
1092 days ago
reply
Wrong on the finale, but otherwise good.
Indianapolis
drchuck
1092 days ago
reply
Take steps to secure your vulnerable data.
Long Island, NY
Next Page of Stories