POPULARITY
When a mental hack promises an easier path, it can lead to choices that prioritize immediate gratification over the company's fundamental values and long-term objectives. In the podcast, Greg and I speak of how to move a business forward maintaining a long-term perspective, ensuring that as methods and technologies evolve in a New Way of Doing Business, a healthy mindset, core values and purpose remain steadfast with sustainable success. Full article here: https://goalsforyourlife.com/mindset-mission Get all our free articles here: https://goalsforyourlife.com/newsletter A New Way of Doing Business is an online course to help you implement principles of a business you own and doesn't own you: https://goalsforyourlife.com/new-way-doing-business CHAPTERS: 00:00 - Intro 01:59 - Mindset Hacks 05:14 - Overcoming Feeling Stuck 08:19 - Limiting Mindsets 13:25 - Identifying Unhealthy Mindsets 17:17 - Impact of Mission Statement on Goals 19:38 - Goal Evaluation Techniques 24:03 - The "Good Enough" Mentality 26:08 - Mindset and Personal Mission 29:00 - Conclusion
It's very subjective topics & cliche reasoning as well if you know what I mean
A global IT outage wreaked havoc across industries across the entire world Thursday night and Friday morning. Michael got immediate, early expertise from Richard Clarke, who, along with being a presidential national security advisor, served as a special advisor for cyberspace, serving as the first "Cyber Czar." In his consulting work today, he has several clients who were affected. Original air date 19 July 2024.
About Adam: Adam Tornhill is a programmer who combines degrees in engineering and psychology. He's the CTO and founder of CodeScene, where he develops tools for software engineering intelligence. Adam is also the author of multiple technical books, including Lisp for the Web, Software Design X-Rays, Patterns in C, and the best-selling Your Code as a Crime … The post 265 CodeScene connects Bad Code to People Problems first appeared on Agile Noir.
In a conversation on The New Stack Makers, co-hosted by Alex Williams, TNS founder and publisher, and Charles Humble, an industry expert who served as a software engineer, architect and CTO and now podcaster, author and consultant at Conissaunce Ltd., discussed why software developers and engineers should care about their impact on climate change. Humble emphasized that building software sustainably starts with better operations, leading to cost savings and improved security. He cited past successes in combating environmental issues like acid rain and the ozone hole through international agreements and emissions reduction strategies.Despite modest growth since 2010, data centers remain significant electricity consumers, comparable to countries like Brazil. The power-intensive nature of AI models exacerbates these challenges and may lead to scarcity issues. Humble mentioned the Green Software Foundation's Maturity Matrix with goals for carbon-free data centers and longer device lifespans, discussing their validity and the role of regulation in achieving them. Overall, software development's environmental impact, primarily carbon emissions, necessitates proactive measures and industry-wide collaboration. Learn more from The New Stack about sustainability: What is GreenOps? Putting a Sustainable Focus on FinOpsUnraveling the Costs of Bad Code in Software Development Can Reducing Cloud Waste Help Save the Planet?How to Build Open Source Sustainability Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Trump DENIED Extension on $355M Fine; Hunter Biden Reporter FILES SEIZED By CBS: Report (00:00) AT&T Blames BAD CODE For MASSIVE Nationwide Outage, SOLAR FLARES To Blame? Rising (10:57) State Dept 'NOT CHECKING ISRAEL'S HOMEWORK' As Taxpayers Fund Potential Rafah Invasion: Rising (19:48) DEBT FORGIVENESS: Biden CANCELS $1.2B In Student Debt for Select Borrowers (31:32) WATCH: Biden MISNAMES Navalny's Wife as White House SPURNS Age Concerns (41:00) Iowa Gov't TARGETS State Auditor After Revelations of MASS FRAUD and MISSPENT DOLLARS: Analysis (50:18) Alabama Supreme Court ENFLAMES Tensions Over IVF, Is This CHRISTIAN NATIONALISM?: Rising (59:10) Chicago CANCELS Shotspotters Technology After Advocates Say it's RACIST & EXPENSIVE: Rising Reacts (01:14:24) Learn more about your ad choices. Visit megaphone.fm/adchoices
How can a software manager fix a team that is writing bad code?
DEBORAH JOHNSON, M.A., international award-winning music artist, author, speaker and creator of Hero Mountain(R), helps others get unstuck by producing and executing a successful plan for their second half. Up for multiple GRAMMY Awards and spending over 20 years in the entertainment industry, she's an expert on how to constantly reinvent yourself in a gig-economy. Deborah is the author of Stuck is Not a Four Letter Word, Bad Code and Women at Halftime. She speaks and performs in both live and virtual events. Deborah is also current President of the National Speaker's Association, Los Angeles Chapter. Surviving in in the volatile field of Performing Arts makes one uniquely qualified to speak on the subject of positive mental code in life and leadership. We proudly welcome her to the Rick Flynn Presents podcast and invite all to contact her at www.DeborahJohnsonSpeaks.com with links to all of her other sites from there. Her books(s) are available anywhere books are sold including Amazon and Barnes & Noble. --- Support this podcast: https://podcasters.spotify.com/pod/show/rick-flynn/support
This interview was recorded for the GOTO Book Club.gotopia.tech/bookclubRead the full transcription of the interview hereChristian Clausen - Author of "Five Lines of Code" & CEO & Founder of Mistware Kevlin Henney - Consultant, Programmer, Keynote Speaker, Technologist, Trainer & WriterRESOURCESmist-cloud.euhbr.org/2016/01/trick-yourself-into-breaking-a-bad-habitChristian@thedrlambdagithub.com/thedrlambdalinkedin.com/in/thedrlambdathedrlambda.medium.comKevlinabout.me/kevlin@KevlinHenneylinkedin.com/in/kevlininstagram.com/kevlin.henneykevlinhenney.medium.comDESCRIPTIONFive Lines of Code is a fresh look at refactoring for developers of all skill levels. In it, you'll master author Christian Clausen's innovative approach, learning concrete rules to get any method down to five lines—or less! You'll learn when to refactor, specific refactoring patterns that apply to most common problems, and characteristics of code that should be deleted altogether.You will learn:• The signs of bad code• Improving code safely, even when you don't understand it• Balancing optimization and code generality• Proper compiler practices• The Extract method, Introducing Strategy pattern, and many other refactoring patterns• Writing stable code that enables change-by-addition• Writing code that needs no comments• Real-world practices for great refactoring* Book description: © ManningThe interview is based on the book "Five Lines of Code"RECOMMENDED BOOKSChristian Clausen • Five Lines of CodeKevlin Henney & Trisha Gee • 97 Things Every Java Programmer Should Know Kevlin Henney • 97 Things Every Programmer Should KnowMartin Fowler • Refactoring 2nd Ed.Fowler, Beck, Brant, Opdyke, Roberts & Gamma • Refactoring 1st Ed.Edsger W. Dijkstra • A Discipline of ProgrammingGamma, Helm, Johnson, Vlissides & Booch • Design PatternsTwitterLinkedInFacebookLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily
Do devs need to explain to new hires why bad code is the way it is?
How do you avoid getting sad when working with bad code?
What about working with bad code on a deadline?
How to deal with bad code?
You don't need a psychology degree to unlock a healthy mindset, though this type of higher degree provides tools to make it easier to do research. Ana Melikian, PhD, was born in Portugal and achieved her psychology degree abroad but transformed herself into a life and business coach here in the states. She loves tapping into the human potential and much of what she does dives into neuroscience and cognitive research. According to Georgetown University, neuroscience focuses on the brain and its impact on behavior within the nervous system. However, life experience plays a very important role for any type of mindset coach and two bouts with cancer has provided plenty of life experience for Ana as well as direct application in establishing a healthy mindset. Fear and inaction are limiting behaviors, fed by limiting beliefs. In this article, timed for the crest of beginning a new year, we will cover some basics of a healthy mindset with steps to uncover possibilities for the future by uncovering blind spots and quieting your inner critic. Full article here: https://goalsforyourlife.com/healthy-mindset
In this episode, Dave and Jamison answer these questions: About a year ago I joined what it seemed to be the best company ever. It's a pretty big, pretty successful company which has been fully remote for decades. They have a great work culture where async written communication is the norm. There's no scrum, no micro management, no crazy and absurd planning/guessing meetings, etc. Of course we also have some pressure to ship product, but nothing out of the ordinary. Salary is good, work life balance is awesome, I like my team a lot and overall people are awesome too, so this sounds like paradise to me. However, on the technical side, this is the worst careless outdated bug-ridden untested unmaintainable inscrutable ide-freezing mindblowing terrible wordpress codebase I've ever seen in my life. No linters, no formatters, the repository is so big you can't even open the entire thing on your editor and you need to open just the folders you're touching. The development environment is “scp files to a production server taken out of the load balancer”. Zero tests, manual QA by a team mate before merging, outdated tooling, outdated processes, css overriden 10 times because nobody wants to modify any existing rule, security incidents hidden under the rug every now and then and the worst part: any attempt to improve this gets rejected. My team laughed at me when I tried to write an acceptance test in my early days. Months later I can see how ridiculous it looks now I have a better grasp of the technical culture over here. I'm towards the second half of my career. So “learning” and “staying up to date” with the trends is not my priority. I really enjoy this company and love working here until the moment I open my code editor. I'm seriously thinking on starting to look for another job, but I have this feeling that wherever I go the code might be slightly better but the perks will be worse. Now I understand why we have these perks, otherwise nobody would be here I guess. Have you been in this situation, or maybe the opposite one? Not sure what to do at this point. Thanks! My team got a new manager about 6 months ago. While I've had managers all across the spectrum of weird quirks in my time as an engineer, this person has one that's new for me, and I'm not sure how to handle it. He operates in a very top-down fashion, which isn't unusual. What is unusual, however, is that he will insist that everyone on the team give him feedback on a given issue…and then inevitably just proceed with whatever he had decided beforehand. I take giving feedback very seriously, and spend a lot of time getting my thoughts in order when I'm asked to give input on something. Having someone request that and then immediately throw my input in the proverbial paper shredder is frustrating and a waste of my time, especially since the team and company are growing rapidly and there are a lot of these kinds of decisions that have to be made. How should I approach this? I don't want to keep spending time and effort on feedback that's going to be ignored, but I also don't know a polite corporate-speak equivalent of “please don't ask my opinion on this when we both know you've already made up your mind”.
Video content can be found here: https://www.youtube.com/channel/UC0BAd8tPlDqFvDYBemHcQPQ/
How do you prepare for the times you wake up with a start, feeling totally unprepared trying to remember where you were and why you were feeling that way. You have a horrible pit in your stomach and you feel light-headed. You do remember grasping for your notes, trying to find something that will help you navigate the horrible feeling that you can't find your place to fulfill your responsibilities. That feeling gets worse and worse, like you can't get away from the situation fast enough. You then realize it was a nightmare. It's a nightmare many of us have experienced and it doesn't always happen at night and in a bad dream. The feeling of being unprepared is real and it's not comfortable at all, opening the gate for anxiety and fear. How do you prepare? We will cover three principles here to help answer that question including: planning ahead, establishing a routine and reviewing and practicing. Full article here: https://GoalsForYourLife.com/blog/how-do-you-prepare
Video content can be found here: https://www.youtube.com/channel/UC0BAd8tPlDqFvDYBemHcQPQ/
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/bad-code-and-bad-urls.html This week is a shorter episode looking at some bad code in mermaid.js and Moodle's Shibboleth plugin, and a bit of research regarding URL parsing issues. [00:00:44] Orca Security Discovered Two AWS Vulnerabilities [00:06:44] Cross-Site Scripting (XSS) in mermaid.js [00:12:41] Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth [00:20:24] Exploiting URL Parsing Confusion Vulnerabilities The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.
Corey gets another premium sponsor commitment and shares Black Friday results. Chris recaps No-Code Conf and has an epiphany when it comes to testing software. They also discuss code rewrites, throwing away your MVP, and of course, end with Corey's Crypto Corner.Ask us a question →Notable mentions: Working Effectively With Legacy Code ConstitutionDAO More podcasts for bootstrappers Learn more about their businesses: Swipe Files Jetboost Follow them on Twitter: @coreyhainesco @c_spags
#5amMesterScrum Show 769 Live - Building on Bad Code, TikTok videos from earlier - Today's topic: (1) I was removing old drywall from my house and there were all these nails still in the wall. Do I count it as "Done" because the drywall is down? Do I leave it for the next group to find and fix? Please like and subscribe and share 5amMesterScrum. Please send me your topics. You are are doing Great Please Keep on Sharing. 5am Mester Scrum #5amMesterScrum #agile #scrum #coaching #philadelphia #philly #testing #code #handoff #done 5am Mester Scrum Show 769 went live on Youtube Saturday 11/27/2021 from Philadelphia, PA Happy Scrumming, Social Media: - search 5amMesterScrum or #5amMesterScrum and you should find us and if not please let us know LinkedIn, Youtube, Facebook, Instagram, Twitter, TikTok Podcasts: (search 5amMesterScrum)
Video content can be found here: https://www.youtube.com/channel/UC0BAd8tPlDqFvDYBemHcQPQ/
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Chinese hackers had a hacking tool before it was leaked online Microsoft's free tool for finding SolarWinds malware Maryland sued by tech groups to block digital-ad tax Laser-based random number generators Google invests in Linux kernel devs Treasury nominee Yellen may want to curtail the use of cryptocurrency Nevada to allow big tech "innovation zones" Apple is already working on developing 6G wireless tech Bad UI design costs Citibank $500 million MWC to proceed w/o vaccination requirements GitLab's Sr. Developer Evangelist Brendan O' Leary talks about managing rapid releases without sacrificing code quality Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Brendan O' Leary Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Sponsors: enterprisetech30.com Melissa.com/twit canary.tools/twit - use code: TWIT
Video content can be found here: https://www.youtube.com/channel/UC0BAd8tPlDqFvDYBemHcQPQ/
Coming Fall 2020, the podcast Bad Code Kills is part history lesson, part topical conversation on code and life, mixed with a dollop of coding rant. It is designed to inform, educate, and entertain listeners of all backgrounds on the importance of good code, the disastrous effects of bad code, and why that matters more than ever in this technological utopian hellscape. Each episode will retell the story of one coding mishap that had a profound (and sometimes deadly) result. We’re talking planes and missiles literally falling out of the sky; cancer patients seeking medical help and getting the exact opposite; and democracy falling to its knees — all because of coding mistakes, lazy coding, or just plain ol’ patriotism, stupidity, or greed.
02:58 - Damien’s Superpower: Being able to hold contradictory beliefs at the same time. * Working in VERY Local Government (for the City of Los Angeles) 07:05 - What is “Bad Code”? * Episode 188: Going Off the Rails with Damien Burke (https://www.greaterthancode.com/going-off-the-rails) (Damien’s Previous GTC Episode) * Objectivity vs Subjectivity: Why does code lie on that spectrum? * Metrics to Measure Beautiful Code: * Does it make the world a better place? * Is it clear? 16:38 - What should you do with “Bad Code”? * Nothing? (I know it’s bad but it’s okay!) * Do it later? (If you can put it off and make it better later, put it off!) 19:12 - Working With Others: Agreeing on “Good Code” * Go-to Values * Can we understand this? Does it convey the meaning we want it to convey? * What is most communicative? 24:34 - Damien’s Background in Hypnosis * Speaking to the Subconscious * Prescriptivity: Judgement & Punishment 34:14 - Doing Things The Easy Way * Easy Doesn’t Necessarily Mean Fast 41:07 - Distinctions Between Teaching and Learning * Learning is Goal-Driven * Perfection * Numbers tell a story. Numbers can’t give you wisdom. 54:02 - Creating Shared Understanding (in code) Reflections: Jamey: 1) Doing things yourself. 2) I want code to be beautiful because I like things that are beautiful. Rein: The importance of small changes. Damien: The power of language and story and its’ application in the engineering world in a team and in the code you write. This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Special Guest: Damien Burke.
Show Notes [00:00:45] Michael talks about his blog and how he got started with Vue, what his motivation was, and what his first blog post was about. [00:03:21] Reusable components is discussed as well as the biggest pain points that people run into when creating reusable components and what people responded most to. [00:08:16] Tessa asks Michael how would we know when you would reach for something like this inheritable slot in slot solution, since it his recent newsletters he talks about the idea of 6 levels of reusability and is this a tool that developers can use? He also tells us what the process was like to identify the architecture patterns and how he came up with that. [00:10:02] Michael tells what it means it means to have a component that is clean versus a reusable component. [00:14:50] Tessa wants to know how Michael comes up with his ideas and she refers to talk he did at VueConf Toronto 2019. [00:16:38] Chris asks Michael what patterns he’s used in the past that he most regrets. He also tells us why middleware was such a headache after he implemented it. [00:19:53] Michael tells us the component he’s been responsible for that he’s regretted the most. He mentions a blog post he wrote about this. He also mentions the gold plating syndrome. [00:27:19] Tessa asks Michael if she was a developer coming into a project and thinking I want to build a library, how do I decide what works for me or how do I find a balance there? [00:33:19] Chris gives us a really useful tip when he refactors components. [00:42:24] Tessa wants to know when Michael’s blog post will come out about when to use provide and inject and how it’s different from dependency injection. [00:46:02] We wrap up here by finding out where you can find Michael on the internet. Picks of the week: [00:47:24] Ari’s pick is a show called Floor is Lava on Netflix. [00:48:07] Ben has two picks: Clean Components Course by Michael Thiessen and a blog post called, “Zettelkasten-How One German Scholar Was So Freakishly Productive.” [00:50:17] Chris’s pick is Amazon Prime Wardrobe. [00:52:05] Michael’s pick is Kobo e-reader. [00:54:02] Tessa has three picks: Foam, Eurovision Song Contest: The Story of Fire Saga, and TwoSet Violin. Resources mentioned: Michael Thiessen-Twitter (https://twitter.com/MichaelThiessen) Michael Thiessen (https://michaelnthiessen.com/) Michael’s Medium Blog Post-“Checklist for Writing Highly Reusable Components in React and Vue (https://medium.com/hackernoon/checklist-for-writing-highly-reusable-components-in-react-and-vue-531f963864bd).” “The Paradox of Abstraction: When Good Code is Bad Code” by Michael Thiessen (https://michaelnthiessen.com/paradox-of-abstraction) Dunning-Kruger effect (https://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect) Gold plating (project management) (https://en.wikipedia.org/wiki/Gold_plating_(project_management)#:~:text=From%2520Wikipedia%252C%2520the%2520free%2520encyclopedia,the%2520point%2520of%2520diminishing%2520returns.) Provide/Inject Have Nothing to Do With Dependency Injection by Michael Thiessen (https://michaelnthiessen.com/provide-inject-not-dependency-injection/) How to Take Smart Notes (https://bookshop.org/books/how-to-take-smart-notes-one-simple-technique-to-boost-writing-learning-and-thinking-for-students-academics-and-nonfiction-book-writers/9781542866507) (Sönke Ahrens; mentioned in episode 23 (https://enjoythevue.io/episodes/23/)) Floor is Lava-Netflix (https://www.netflix.com/title/81006858) Clean Components Course by Michael Thiessen (https://michaelnthiessen.com/clean-components) Zettelkasten-How One German Scholar Was So Freakishly Productive (https://writingcooperative.com/zettelkasten-how-one-german-scholar-was-so-freakishly-productive-997e4e0ca125) Amazon prime wardrobe (https://www.amazon.com/learn-more-prime-wardrobe/b?ie=UTF8&node=16122413011) Kobo e-Reader (https://us.kobobooks.com/) Foam (https://foambubble.github.io/foam/) Eurovision Song Contest:The Story of Fire Saga (https://en.wikipedia.org/wiki/Eurovision_Song_Contest:_The_Story_of_Fire_Saga) TwoSet Violin (https://www.twosetviolin.com/home) Special Guest: Michael Thiessen.
Today we are speaking with entrepreneur, speaker, software engineer, and founder of 7Factor Software, Jeremy Duvall. Jeremy believes that it's both an art and a science when hiring technical talents and that good culture is essential within your company to create an environment where people can enjoy themselves yet still deliver desired results. Main Takeaways on this episode: 1.) Hiring for Culture 2.) The Toxic Subcultures in Start-Ups 3.) Bad Code Kills Be sure to check out full show notes at Innovation Meets Leadership Podcast or click "Episode Website" below. You can connect with Jeremy on LinkedIn or visit his company website https://www.7factor.io/ These are proven solutions to advance your leadership and innovation process. Check out our website innovationmeetsleadership.com or connect with us on Instagram or Facebook @innovationmeetsleadership Don't forget to subscribe and leave a 5-star review! Let's go transform something! --- Send in a voice message: https://anchor.fm/natalie-born/message Support this podcast: https://anchor.fm/natalie-born/support
The vehicles could house an issue with the SUVs' precollision assist system that could make it entirely inoperable. Learn more about your ad choices. Visit megaphone.fm/adchoices
RIP Denton! --- Support this podcast: https://anchor.fm/tvarchive/support
#LiveLoveThrive Show Host Catherine Gray interviews Deborah Johnson, President of the National Speakers Association, and they discuss “Empowering Women Through Public Speaking.” Deborah is an international award-winning music artist, author, and speaker. She helps others to get unstuck with mindsets and to reinvent their lives and reach expansive goals. Up for multiple Grammy Awards over the last 20 years in the entertainment industry, she's an expert on how to constantly reinvent yourself in a gig-economy. Deborah is the author of “Stuck is Not a Four Letter Word,” “Bad Code” and “Music for Kids.” Don't miss a single episode of these women's amazing true stories. Subscribe today to our YouTube channel! www.youtube.com/LiveLoveThrivePodcast You can also subscribe to our iTunes podcast: https://podcasts.apple.com/us/podcast/live-love-thrive/id1134670723 Follow 360Karma Website: www.livelovetthrivepodcast.com Facebook: www.facebook.com/catherinegray1 Instagram: www.instagram.com/LiveLoveThrivePodcast
PJ sits down with Jeff Reich to talk about Security being not in fact job one (unless you are building security tools) and the truth about how everyone understands two-factor authentication. Jeff shares some stories from the trenches, where he has been focusing on security in the public, private, and government sectors for over forty years.
We’re talking with Adam Barr, a 23 year Microsoft veteran, about his book “The problem with software,” sub-titled “Why smart engineers write bad code.” We examine that very idea, the gap between industry and academia, and more importantly what we can do to get a better feedback loop going between them.
We’re talking with Adam Barr, a 23 year Microsoft veteran, about his book “The problem with software,” sub-titled “Why smart engineers write bad code.” We examine that very idea, the gap between industry and academia, and more importantly what we can do to get a better feedback loop going between them.
In this episode, Chris and Jason start off with a quick discussion on utilizing RailsUJS in JavaScript. The discussion takes a hard turn into thoughts on best practices, design patterns, good/bad code, and resources for the aforementioned.
A 23. adásban szó volt a CSS nevezéktanról: functional CSS és modular CSS és kitértünk a BEM-re is. Ismét előkerült a kliens oldali kód tesztelésének megoldatlansága. Szubjektív vagy objektív dolog az, hogy egy kód jó vagy rossz? Erre a kérdésre is meglett a válasz. Végül kis kitekintésként a szabadalmi hivatal munkáját elemeztük. Résztvevők: Róka Edu […]
In This Episode: - Keith shares another great resource, one he uses as a regular "go to": the iPerf3 Lamination Reference Card - Lee Badman makes a passionate argument that bad code can have some serious consequences. - Mark Raats shares his journey to CWNE and shares some of his own life lessons he has been learning along the way.
Vikram and Faizaan discuss the recent Bitcoin ETF filing by SolidX and VanEck, how it is reminiscent of the alternative energy ETF boom of the mid to late 2000s and also talk about what an actively managed ETF in crypto might look like. They also talk about ZCash’s incentive structure and founders reward, and developer incentives more broadly. They also discuss how crypto teams are leaking secret keys to Github, a missing deposit on Golem Network’s mainnet, and how to investigate bad code for your crypto investments. Topics: What they've added to QuantLayer's platform - Seven new exchanges for listening when they add and remove trading pairs - Telegram client side filtering Bitcoin ETF filing with the SEC - What a SEC filing is all about - Investment objective - The section on Bitcoin: It's history and how Bitcoin network works - Specific industries that are useful in blockchain-focused applications - OTC market in Bitcoin - The section titled "Bitcoin Security and Storage for the Trust" - The insurance they have on their Bitcoin - Less interested in price tracking ETF funds and more interested in participating directly in the network - Primary and other major issues with an ETF Coinbase announced they added 10 customers to their custody service Zcash and the founders reward What Eric Meltzer posted on the Zcash forum Arjun Balaji wrote a great piece on Zcash and incentives and the current debate Good incentives systems and bad incentives systems Ledger Live launch Reviewed some alerts that came in and talked about them - $GNT (golem network) - $REP AWS creds - Less than half of ICOs survive 4 months - Bancor hack - Crypto price insurance - Bittrex hack, even with 2FA enabled - VeChain wallet released early - Chinese hackers infect 1M computers to mine bitcoin, arrested - Assassination plots on Vinnik & McAfee - Algolia credentials Links: SEC Filing List to all the comments Comment on accredited vs retail Someone commenting on Abraham Lincoln Someone who wants an SEC bailout of retail investors Someone on crypto being the future and bad grammar Bunch of these feel like “when moon, when lambo” type of comments: - https://www.sec.gov/comments/sr-cboebzx-2018-040/cboebzx2018040-167176.htm - https://www.sec.gov/comments/sr-cboebzx-2018-040/cboebzx2018040-167233.htm - Angry post: https://www.sec.gov/comments/sr-cboebzx-2018-040/cboebzx2018040-3958028-167098.htm Think Bitwise Coinbase Custody ZClassic by Rhett Creighton ZCash Forum Eric Meltzer Proposal to create a Zcash Ecosystem Fund directly funded by the Founder’s Reward Arjun Balaji Zcash and the Founder Incentive Trilemma Matthew Green Zcash Team
https://www.cbsnews.com/news/first-lady-melania-trump-announces-initiatives-on-childrens-well-being-live-stream/ First lady Melania Trump unveiled her "Be Best" initiative on Monday, a campaign to help bring awareness to the most important issues facing the nation's children including overall well-being, social media and opioid abuse. Her initiative comes after previously expressing her interest in children through numerous visits to hospitals and schools over the course of the Trump presidency. "There is one goal, to 'Be Best' -- that is to educate children about the many issues they're facing today," she said at the Rose Garden ceremony. "I feel strongly as adults we should be best about education our children about a healthy and balanced life."–CBS News WOMEN LEADERSHIP COACH DEBORAH JOHNSON, M.A., international award-winning music artist, author and speaker, helps others get unstuck with mindsets to reinvent their life and reach expansive goals. Up for multiple GRAMMY Awards and spending over 20 years in the entertainment industry, she's an expert on how to constantly reinvent yourself in a gig-economy. Deborah is the author of Stuck is Not a Four Letter Word and Bad Code and speaks and performs in both live and virtual events.
DEBORAH JOHNSON, M.A., international award-winning music artist, author and speaker, helps others get unstuck by producing and executing a successful plan for their second half. Up for multiple GRAMMY Awards and spending over 20 years in the entertainment industry, she's an expert on how to constantly reinvent yourself in a gig-economy. Deborah is the author of Stuck is Not a Four Letter Word and Bad Code and speaks and performs in both live and virtual events. BAD CODE VIDEO ONLINE TRAINING GoalsForYourLife.com, DJWorksMusic.com, https://www.facebook.com/deborah.johnson
360Karma’s Live Live Thrive Show guest this week is Deborah Johnson, President of the National Speakers Association, discussing “Empowering Women Through Public Speaking.” Deborah is an international award-winning music artist, author, and speaker. She helps others to get unstuck with mindsets and to reinvent their lives and reach expansive goals. Up for multiple Grammy Awards over the last 20 years in the entertainment industry, she’s an expert on how to constantly reinvent yourself in a gig-economy. Deborah is the author of “Stuck is Not a Four Letter Word,” “Bad Code” and “Music for Kids.”
A listener named Dan talks about ThanksBot, an internal tool at Facebook to support gratitude. Dave and Jamison answer these questions: I became an engineer because I loved my programming assignments and CS degree. However, at work I’m struggling to contribute beyond competing the tasks assigned to me. How do I participate more in broader technical solutions, process, etc? I recently started a new job, and a lot of the existing code is really bad. How can I raise this concern, or make improvements to the code, without offending my teammates who wrote it? Thanks!
Kai Koenig talks about “Improve your CFML Code Quality (with some Cool Tools)” in this episode of ColdFusion Alive Podcast, with host Michaela Light. Episode highlights: Why does code quality matter? Long code lifetime Reduce maintenance cost Easier to read Reduce bugs without testing What does code quality mean in practice? Bad Code smell (see […] The post 050 Improve your CFML Code Quality (with some Cool Tools) with Kai Koenig appeared first on TeraTech.
Learn what the Espionage Act of 1917 is all about. Learn the average cost of an espionage trial. The Recap On this week’s episode, Matt and Tony deep dive into some of the craziest and darkest parts of the legal history of the United States. Matt is a recovering Big Law attorney-turned-comedian with a passion for legal history, while Tony has no legal background whatsoever - except for a few minor brushes with the law. Ultimately, it’s Tony’s absurd and funny point of view on laws that will rub Matt the hilarious way. Enjoy provoking laughter as Matt and Tony blow our minds on this week’s topic: espionage - AKA whistleblowers, spies, and agents. Know how much it will cost you if you mess with this country! Check out these episode highlights 02:30 – Overview of Espionage Act of 1917 07:28 – Why does espionage happen? 12:27 – The first espionage cases against the US 22:29 – Edward Snowden leaks US NSA spy program 26:51 - Foreign Agents Registration Act 30:00 - The Pizza Hut Connection: Hezbollah Reveals 10 Undercover CIA Officer 33:12- The Sterling Trial: Operation Merlin Meets Curveball
Sometimes it happens - what to do now?
Sometimes it happens - what to do now?
Sometimes you have to live with bad code. No one will let you change it. There's many good and bad reasons, so make sure you're consciously making the decision instead of accidentally doing it. I discuss some reasons people would keep bad code, how management should think through it, and then some options for coping as needed. It was Joel, back in 2000, who said not to re-write code (https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/). I recorded this with a Mevo (http://amzn.to/2gIMFM3), hence the kind of echo'y noise. See the video over in Facebook where I LIVESTREAMED IT (https://www.facebook.com/drunkandretired/videos/10154853806469169/)!
Sometimes you have to live with bad code. No one will let you change it. There’s many good and bad reasons, so make sure you’re consciously making the decision instead of accidentally doing it. I discuss some reasons people would keep bad code, how management should think through it, and then some options for coping as needed. It was Joel, back in 2000, who said not to re-write code (https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/). I recorded this with a Mevo (http://amzn.to/2gIMFM3), hence the kind of echo'y noise. See the video over in Facebook where I LIVESTREAMED IT (https://www.facebook.com/drunkandretired/videos/10154853806469169/)!
Sometimes you have to live with bad code. No one will let you change it. There’s many good and bad reasons, so make sure you’re consciously making the decision instead of accidentally doing it. I discuss some reasons people would keep bad code, how management should think through it, and then some options for coping as needed. It was Joel, back in 2000, who said not to re-write code (https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/). I recorded this with a Mevo (http://amzn.to/2gIMFM3), hence the kind of echo'y noise. See the video over in Facebook where I LIVESTREAMED IT (https://www.facebook.com/drunkandretired/videos/10154853806469169/)!
When technology doesn’t work when it should, is it a tech fail? Or perhaps because humans are creating the technology, fails should be more accurately called a human fail? In this episode, we discuss various types of “fails”, including the latest popular Pokémon Go, why we can’t vote online and the biggest fail of all, a data breach. Pokémon Go full access, tech fail or win Is it possible to delete an entire company with one line of code? Why can’t we vote online? Should one person be blamed for a tech fail? Technologies that can predict your next security fail Parting Gifts Pokémon Go full access: tech fail or win? Cindy: This week, I’m calling our show #techfails. But in preparing for this show and thinking deeply about our fails, I just want to echo what Kilian has been voicing these past couple of episodes, that when our technology fails; like for an instance, if my Skype for business isn’t working, then my first thought is, “Oh, it’s a tech fail. I can’t believe it’s not working.” But we’re the one creating the technology. So, for me, it feels, at the end of the day, a human fail. Let’s discuss this and debate it for a bit. To set the context, there was an article in the Harvard Business Review, and eventually turned into a LinkedIn post too. It’s titled “ A New Way for Entrepreneurs to Think About IT.” It said that IT’s primarily known as a necessary evil, IT support or IT as a product. With many different types of technologies at our fingertips, we can really do a blend of both. For instance, APIs have really changed how firms interact and share information with each other. And we really take this for granted these days, because back then you’d have to get permission from legal to sign contracts before experimenting with partnerships. Now you can easily partner up with another service within API or use OAuth . It’s really increased our productivity, but it can also have some potential problems if we’re not careful. For instance, if you downloaded Pokémon Go earlier this week, you might have been given Google full access. That meant that the Pokémon people could read all your emails and send out emails for you. But since then they fixed it. I think, Kilian, they fixed it pretty quick. Kilian: Yeah, in about, I think, 24 hours, more or less, they had a patch out that it addressed it already. I think, as opposed to a technology fail, that might be a technology win, for a company really taking these concerns seriously and addressing it as soon as it’s kind of brought up. Mike: Before we get into that, I just want to know, what’s your guys’ level? How you been doing on Pokémon Go? Have you been getting out there, doing your Pokémon? Cindy: I’ve been…I actually downloaded it at the office. And I could have thrown something at somebody, but I didn’t. I’m like, “Well, I’m just doing this for work, so better not start running after people and throwing stuff at them.” Mike: You couldn’t convince the rest of the office that playing Pokémon Go was part of your job? Cindy: Actually, we had a mobile photography class earlier this week, and Michelle, our HR person, was walking around telling people that Pokémon’s gonna be there. She was doing that for me. Mike: Nice. How about you, Kilian, have you tried it? Kilian: No, I haven’t downloaded it. That would require going outside and interacting with things, maybe. Mike: The first couple ones show up right around you. And I think this is kind of where I was going with this, which is that a lot of this…in terms of tech fails, this is really about managing complexity. In terms of IT, trying to manage these external services, it’s about managing complexity on an organizational level instead of a personal one. Because when you think about what is involved for this stupid game of Pokémon Go, you’re talking about interacting with geosynchronous orbital satellites for GPS, the internet to get all these apps, these multiple different services. And to pull all that together requires this huge thing. The security issue came about because Google was asking for OAuth access, and that’s just when you use Google to log into it. You log in with your account and it has these things. And it’s so complex because even though it doesn’t look like it, it actually uses Google Maps data underneath. A trick you can do, is if you have Google Maps installed on your iPhone, you can enable offline map access. And in order to achieve the app to app communication on your sandbox apps on the iPhone, it needs all these extra permissions, and it’s just insane trying to make that work. It’s so easy when you’re building something to just like, just give me all the permissions, and we’ll slowly back it down until where it’s supposed to be. Cindy: Do you think this is kind of like, “okay, we’re gonna use external service, and then just not really look at the settings because we’re so focused on making Pokémon Go just a wonderful experience?” Mike: Well, that’s the consumer side. The level we work at, people try to look at something like Amazon web services, which this article mentions. It is fantastically complex. It’s something like 60 different individual services that do individual things and also overlap with other ones where like, oh, there’s like six different ways to send an email with AWS. There’s 20 different ways to put a message in a queue to be picked up by something else. Just trying to wrap your head around like, what actually is it doing, is just insane. And it’s possible to do the stuff. I think it’s just a really hard equation of, “Do we bring this in-house and have a dedicated person for it? Is that more or less of a threat than having this outside?” Something I see a lot of is…coming more from the app side of things is, people swearing up and down that, “I’m gonna get on a virtual private server somewhere for ten bucks a month, put my own version of Ubuntu on it and keep it up to date.” And it’s really hard to imagine that that is as secure as having a dedicated security team at AWS or Heroku or one of the other Azure platforms as a service. It’s that same scenario, sort of, at the organizational level, that either it’s a tremendous amount of effort to maintain and secure all those things yourself, or you’re essentially paying for that in your service contract. Cindy: I think those are all really good questions to ask, and it requires a huge team. Is it possible to delete an entire company with one line of code? Cindy: I kind of want to transition into another fail that’s different than asking good questions and figuring out the architecture. The next fail is a fail on many different levels. It would be interesting for us to discuss. Back in April, there was an article published and shared over 65,000 times when a small hosting company with a little over 1,500 users said that he deleted their customer’s hosted data with a single command. Then later we found out that he was just trying to market his new Linux service for his company. And then people were outraged, “He didn’t do a better job backing up,” they were outraged that he lied to server fault, like a community that really helps one another figure stuff out. It’s security, and backing up, and just technology, it’s complicated. I was a little skeptical reading the article with the headline that said “One Person Accidentally Deletes His Entire Company With One Line of Bad Code.” As you’re responsible for hosting data, you should have multiple backups. One of my favorite comments is, how do you even accidentally type that you accidentally deleted stuff? What are your thoughts and reactions to this article? Mike: Kilian, you want to go? I have my own thoughts. Kilian: Sure. First off, that’s a terrible job of advertising. I don’t know what he’s advertising for. Like, “Host with us and I might break your stuff.” I think the point he was probably going for is that it’s easy to make mistakes, so get a dedicated person that knows better. But I don’t think that really came across. For the actual command itself, a lot of people are in such a hurry to automate and make things easier that it is easy to make mistakes, especially as Mike mentioned earlier, with these vastly complicated systems with dozens of ways to do the same thing. The more the complex the system gets, the easier it is to make a mistake. Maybe it could be that disastrous. But a lot of things really have to go wrong, and kind of poor decisions made throughout the chain. But it’s conceivable that someone could have done that. Mike: Specifically, to the question that’s asked on server fault, which is like a question and answer side for these issues. There’s a lot of utilities that can either take a single or multiple different directories as arguments. So you say, “Hey, copy these two things,” or “Copy this one thing.” And so, in this, the person, they put a space so they have like: /pathfolder /. And so, that last slash got interpreted as the root of the volume they were on. And so, hey, we just destroyed everything, and everything includes all your keys and stuff. Something we talk a lot about in here is layered security, but you need layered backups and recovery as well. That was really the answer to this, is that they were on a virtual private server. In addition to just backing up the local data, their database, the files on it, it takes system images of your entire VPS and keeps it somewhere else. I am incredibly paranoid with backups, especially backups of systems like this. So I always try to even just get it out of the system that…if it’s on…in this case, it was Hetzner, which is a European hosting system, that you get that out onto S3 or you get it out on to Rackspace cloud or something else, just to try to make that a better scenario. Kilian: That’s a great point, is having multiple different…you can’t have one single point of failure in a system like this. Otherwise, you could be very vulnerable. Even for myself when I, for example, backup pictures off of my camera, I have to go to my laptop, I have to go to a network share, and then I have a separate hard drive that I plug in just for that, and then unplug and put it away afterwards. So I have three different places for it. Not that they’re that valuable like a hosting system, but silly things happen sometimes. You know, if I lose power or power surge, I lose two of my systems for some reason, I still have that hard drive that’s sitting in a drawer. Mike: I have a lot of discussions with people where they have backups and this very elaborate system. They’re like, “All right, I have my local network attach storage here, then I got this ‘nother server, and then I rotate them and do all this stuff.” That’s awesome until their house catches on fire and they lose everything. And that’s the stuff you have to think about. It’s like these things come in in weird ways, especially everything is so interconnected and everything is so dependent upon each other that you can just have these weird cascading levels of failure. And from very crazy sources of stuff. Like, DNS goes like a DNS server gets a DDoS attack. And then that actually ends up taking down like a third of the internet just because everything is so connected. Why can’t we vote online? Cindy: Our next fail…I want to know if you guys think that our inability to vote online is a human fail or a tech fail. What do you guys think? Or any opinion, really. Mike: It’s all in the execution, like all this stuff. That if there was a verifiable, cryptographically secure way of knowing that you could vote, that would be a very positive thing, potentially. It’s a really interesting mix of software and technological concerns, and people, and sociological and political concerns. What I just said about having almost a voting receipt that says, “Great, you used your key to sign, and you have definitely voted for this person and done this thing.” One of the reasons that’s never been done, even on most paper stuff, is that that was a huge source of fraud that in like the olden days, when they had voting receipts, you would go and turn them into your councilman and they would be like, “Great, here’s your five bucks for voting for me in this election.” So that’s just something that’s not done. That’s not a technical issue. It’s certainly possible to do those things, but it leads to all these other unforeseen, I don’t know if you’ve heard of the cobra effect kind of things, these horrible unintended consequences. Cindy: I think this article on why we still can’t vote online was just very thoughtfully written. It talked about how it can potentially destabilize a country’s government and leadership if they don’t get voting online right. It was really just like, wow, I can’t believe a researcher at The Lawrence Livermore National Lab said, “We do not know how to build an internet voting system that has all the security, and privacy, and transparency and verifiable properties that a national security application like voting has to have.” And they’re worried about malware, they’re worried about ransomware, they’re worried about being able to go in and track, do a complete security audit. They said something interesting too about how, in the finance system, sure, you have sensitive data, and you can go back and track where the money went more or less, if you have these systems in place. But you might not necessarily be able to do that with voting, and someone can say, “I voted for so and so,” and then change it to somebody else, and they can’t go back and verify that. There are so many elements that you need to consider. It’s not just Pokémon, or you’re not trying to create a wonderful gaming experience, or you’re not trying to back things up. They’re a multitude of things you need to take in to consider. Kilian: The one big thing, and I think the heart of it, was the need for anonymity in the voting process. That’s kind of the way it was set up to avoid coercion and some other problems with it, is you need to be anonymous when you cast that vote. By putting it online, the real down side is… Like, if you think about online banking, it’s important to know and verify that you are who you say you are, and have a transaction of that entire process so you can ensure…it’s kind of both parties know that the money transfer from X to Y or so on and so forth. And you have the track of the steps. But when you try and introduce anonymity into that equation, it completely falls apart. Because if you have that tracking data going back to somebody casting a vote, then they could be a target of coercion or something like that. Or if the opposition party finds out, they could go after them for not voting for whoever. Cindy: Yeah, they did that with Nelson Mandela. Kilian: Yep. And then the other thing too is, as a person casting a vote, if you think about it, you’re kind of trusting the system. It’s completely blackboxed you at that point. So when you click the button and say, “I vote for candidate XYZ,” you have no idea, because, again, you want to be anonymous. You don’t have that verification of the system that says, “Hey, my vote wasn’t changed to candidate ABC in the process.” You kind of have to go along with it. Even if you look back at some of the physical problems with the George W. Bush election with the ballots not lining up right with the little punches. It was punching for… I forget what the other candidate’s name was. Cindy: Al Gore? Kilian: No, no, no. It was like Paton Cannon or somebody. Whoever the third party candidate was. But they were saying, “No, no, I voted for Al Gore…” whoever, but it registered somebody else. They had to go back and manually look at that, and look at the physical paper to see that to validate that. But if you think in a digital system, if you click the button, you have no way to audit that really. Because if the system says, “No, you’ve voted for this guy,” you have no proof, you have no additional evidence to back that up, and that’s the big problem. Cindy: They actually showed this in “The Good Wife,” the TV show that is no longer around, or they just ended. The voters would go in and they would vote for someone, but then it would also give the other person five additional more votes. I think another thing to…they didn’t mention it, but I think politicians or just that kind of industry are kind of a tad bit slower in the technology side. Because Barack Obama’s campaign really set the tone for using technology and using social media to kind of engage the voters. It’s kind of like he really changed how now politicians are marketing and connecting with people. I don’t know, do you feel like they’re kind of behind? Or maybe that’s just me? Kilian: My personal opinion is, we have laws that don’t make sense with where technology’s at, because they are slow. We’re still running on laws, and been prosecuting cases with laws that were made in the ’80s and early ’90s, and even older in some cases, where technology was vastly different than what we have today. This might be off topic, but there was just, I think, a ruling that the Computer Fraud and Abuse Act could theoretically mean that if you share your Netflix password, it’s a federal crime. Now, that’s open to interpretation, but that was a story I had seen the other day. We have all this technology and it’s evolving much, much faster than the people making the regulations can kind of keep up with it. Mike: I just want to see a Poke stop at every voting registration. Cindy: Mike has Pokémon on his mind. Kilian: It’s great, it’s good fun. Cindy: Now I have Pokémon…I actually visualized us playing Pokémon at a voting station. That would be interesting. It’s too hot and humid in New York to do that. Kilian: Vote to vote or play Pokémon. Cindy: I almost want to say Poke because it’s so hot. Kilian: Well, to the candidates out there, the first one to get on top of this making a Poke stop at the voting booths in November might seize the election with the youth vote. Mike: A Pokémon at every pot. Should One Person Be Blamed For A Tech Fail? Cindy: Let’s also kind of think about potential fails, though. We’ve seen Target, Sony, the data breaches. And so, when fails happen that costs them their jobs, do you think one person should be blamed for all of it or can we also kind of say, “We don’t have the technology right yet”? Mike: It’s interesting. What we’re talking about is, there have been a lot of very large data breaches. And what seems to happen is, it happens and then depending upon how much press it gets, the CEO has to resign or doesn’t. Or in the case of the OPM, the director. The parallel that I like to think of is Sarbanes Oxley, which has had a lot of other consequences. But the big one was that the chief executive has to sign off on the financials of the company. Before, it was always there were a lot of scandals where it was like, “I’m just running the company. My CFO and the accounting group, they were doing their own thing with the funds. And I wasn’t aware that this…” Then we said this like 10,000 pounds of coconuts we had on the dock, they were rotten were actually good. We counted those in the asset, all of those kind of shenanigans. And just that thought that, okay, the finances and the statements that are put out, that is an executive level sign off, that there’s a responsibility at that level to ensure that those are correct. What we’re seeing is sort of that happening on the IT security side. That maintaining integrity of your customer’s data, of the people you’re responsible for, that is something that the executives need to say is a priority, and to ensure that in any way they can. That if they aren’t doing that, that’s their job, that they failed at their job. Now, looking through these kind of stories, you typically find that the person in charge is not a network security person, because there’s not a lot of people that get their CISSP and then say, “I’m qualified to be CEO.” That’s just not how the normal job progression works. But they need to have people in place, and they need to make sure that the right things are happening, despite not having the personal expertise to implement those but that they make it a priority and they give budget, and they’re able to balance it against the other needs of the company. Technologies that can predict your next security fail Cindy: In order to come back from a security or technology fail…there was an article about “There’s new technology that can predict your next security fail.” They are essentially talking about predictive analytics. I really like a quote that they wrote that, “It’s only as good as the forethought you put into it, and the questions that you ask of it.” If you don’t think about it, if you don’t have a whole team to work on this huge security and technology problem…because there’s only so much you can…in terms of big data, machine learning, predictive analytics, there’s a lot of stuff, a lot of elements that you’re unable to kind of account for. So if you don’t consider all the different elements in security, you can’t build that into the technology that we build. What are some other things you think that can help companies prevent or come back from a tech fail or a security fail or a human fail? Kilian: The only thing I could get in my mind there was asking the right questions. For me is from Hitchhiker’s Guide to the Galaxy. If you ask it, what’s the meaning of life, the universe and everything, it’s gonna give an answer. But what’s the question you’re really trying to get out of it? That’s all I can think of in my head. I think that’s one thing people get stuck in a lot of times, is asking the wrong questions that they need from their data. I’m sorry, Mike, I cut you off there. You were gonna say something. Mike: I’m in agreement with you, Kilian, because I think too often the question posed is, “Are we secure?” There’s no crisp answer to that. It’s never gonna be yes, we’re 100% good, because the only way to do that is not to have any data, and not to have any interactions with customers. If that’s the case, then you don’t have a business. So you have to have something. You still have to have people interacting, and the moment you have two people interacting, you’re vulnerable at some level. They can be tricked, they could do anything. And then you have networks, and the networks are talking. So it’s much more about, what is the level of risk that you find acceptable? What steps can you take towards mitigating known dangers? How much effort and time and money can you put behind those efforts? There’s no quick fix. Something we talk about a lot on this is that data is, in a lot of ways, like a toxic asset. It’s something that you need to think about like, “Oh, we have all this extra data. Well, let’s try and get rid of some of it. Just so we don’t have it around to cause us a problem, just so we don’t have it around to be leaked in some way.” There’s lots of different ways to do that and lots of benefits of doing so. Parting Gift Cindy: Now in the parting gift segment of our show, where we share things we’re working on, or something we found online that we think our viewers and listeners would appreciate. I just read that Chrysler, the car brand, is offering a bug bounty between $150 to $1,500 for finding bugs. But you can’t make it public. And also, I just updated top InfoSec people to follow. I included a whole bunch of other women that were missed. So check that out at blog.varonis.com. Mike: Who’s the one person you think we should follow that we weren’t before? Cindy: I definitely think we should be all following Runa Sandvik. She’s the new InfoSec security person. She writes about the Info security at the New York Times. She also worked on Tor, and she did this really cool rifle hack. And she wrote about that. Or someone wrote about her hack on Wired. Any parting gifts, Mike? Mike: I was gonna recommend Qualys’ SSL lab server test. If you’re unaware of what it is, you can put it in your website and it will run through all the different ways in which you’ve screwed up setting it up properly to be secure. It gives you a nice letter grade. So, a couple interesting things about this. One: It’s really hard to make one of these yourself, because to do so, you have to maintain a system that has all of the old, bad libraries on it for connecting on SSL1 and 2 and 3 that are deprecated. Just so you can make the connections and say, like, “Yes, this remote system also connects with this.” So it’s not something you want to do, and it’s not something you can do trivially. So it’s great that this is an online service. And then two: I think it’s really interesting how…they essentially just made up these letter grades for what they consider as an A, A+, B. But in doing so, they were able to really improve the security of everyone. Because it’s one thing to say, “Okay, out of 200 possible things we comply with, 197 of them.” It’s a different thing to know, “Okay, we got a failing grade because one of those three things we didn’t do was actually really, really bad and exploitable.” And to be able to compare that across sites, I think, just has a lot of incentives to make everyone improve their site. Like, “Oh, gosh, this other site is a better grade than us. We should definitely improve things.” So for those reasons, I think it’s a really great part of the security ecosystem and a great tool for all of that. Cindy: Kilian, do you have a parting gift? Kilian: I was reading an article the other day, it was pretty interesting how we all come to rely on our phones and our digital assistance, like Siri or Google Now, to make our lives easier to interact with a device. Some researchers started thinking that, “Hey, this is a good avenue for exploitation.” They started kind of distorting voice commands so they can embed it in other things, to get your phone to do stuff on your behalf. So, it’s just an interesting thing to keep aware of and how you’re using your digital assistance, because other people could start to exploit it by issuing voice commands to it to maybe direct you to a malicious site or something. It’s one more thing to kind of keep in the back of your mind. Subscribe Now Join us Thursdays at 1:30ET for the Live show on Youtube, or use one of the links below to add us to your favorite podcasting app. iTunes Android RSS The post TechFails – IOSS 15 appeared first on Varonis Blog.
Ben and Mark talk about where we can find information to improve our skills (links below, in no particular order). Our tool star this week is f.lux, an application which could help you sleep better after some late night coding. Ben’s jukebox recommendation is ‘Never Mess With Sunday’ from Yppah’s 2012 album ‘Eighty one’. Mark suggests a couple of tracks from Daisuke Miyatani’s 2007 album ‘Diario’. - Mark Subscribe and keep in touch iTunes - http://relativepaths.uk/it Stitcher - http://relativepaths.uk/st SoundCloud - http://relativepaths.uk/sc Twitter - http://twitter.com/relativepaths Facebook - http://facebook.com/relativepaths If you like the show, please leave a review or comment wherever you like to listen to us. We'd particularly love an iTunes review :)
Person Of Interest 202 - Bad Code
Person Of Interest 202 - Bad Code