So I got one of my good friends a job next door to me. He works with a girl who is cool. Her boyfriend is going to school for CS at a community school and has another year left and is about 24.

He tilts me pretty hard at times. He thinks he is a sick computer hacker. Wears shirts that say "hacker" and at times talks what I guess is a big game, saying he can do things but cant speak to specifics.

Im offering him a prop that he cant do something specific, such as change content on a major state government website. All I have to go off of is that last time I spoke to him he was currently disappointed Hacker News was not for "real hackers" and his general inability to produce anything except his gf (who is semi technical) saying she "has been shown some.cool things".

Is this a terrible prop on my side?

I would legitimately call it underblown. This is a huge security flaw and not only does it give attackers access to basically everything - as far as I know it does it in a way that nobody will ever know. Add in that it affects (or did affect) a huge percentage of the web and it seems reasonable to call this the worst security flaw ever found.

I have no idea. But just hypothetically if 5% of people had info stolen over the course of their life I'd call that really really bad even though the vast majority won't be affected.

Seems really vague so you might be in trouble that way. There's also a lot of hacking tools out there that require little to no skill to use and I'd guess a lot of public websites blow and are exploitable by those common tools.

If you flip it around to he needs to get something private from one of your accounts (banking, email, twitter, ...) I'd call you a huge favorite (assuming you take a few precautions).

What do I make of this from heartbleed checker?

ERROR: tls: oversized record received with length 20527

I'm getting this off of both of my ports from the online tool and the command line tool.

For Nchabazam, there is a bright side: he was considering learning Go and now it's installed.

That makes sense. I was thinking there are probably tons of vulnerabilities that would be inherent to any ****ty public website.

In other news, this dude came out tonight for beers and apparently knows 2+2 and lurks here regularly. I'm hoping he doesnt find that post. For once I am going to be pumped the 2+2 search function blows.

What class are you taking that spends so much time on swing? Especially in your senior year?

I am taking a community college class into to java programming and we spend maybe a day on it. Thank god

Job opening for a technical BI programmer with good analytical instincts for a Sr. BI Analyst-type role. Bonus points for knowledge in SAS, SQL, Tableau, double bonus if you've done data warehouse dimensional modeling. Location in Vegas.

It's all rubymotion all the time!

+1

Regarding "real hacker"...just ask him some OpenBSD specific questions and laugh at him if he uses Linux (or worse).
Or tell him you found this interesting sequence of packets on the wire and would like to get his opinion.
Tell him you reverse engineered <non-x86-hardware here> and would like his opinion on this piece of assembly code.
Ask him if he could explain feature XYZ in IDA Pro.

Most important thing is to call him a "script kiddie" the second he can't answer one technical question.

Basically just talk a better talk and hint at being some superelite gibsoncrack0r without bragging. It's a lot of fun, I've done it before (I really hate those ZOMG-haxhax folks almost as much as the startup-mmmkay crowd).

Yes, DUCY?

Tableau as in formal logic? I think it has an extra x (tableaux) if so I'd be curious what it's used for. If it's just some tool with a similar sounding name...carry on :P Not interested in the job (lack of skill on my part)

I have a question about US jobs though. Iirc a masters degree+ means it's really easy to get a workvisa. I'm curious if that's only the case if it's actually called a masters because I'm old (lol) and my degree is from pre BA/MA times in Germany. It's an MA-equivalent over here but I've always wondered how much explanation it would need for jobs abroad.

Tableau is a query tool.

Not sure if Masters help or not. Likely depends on the employer.

I'm not entirely sure (because Canadians have access to a better work visa than Europeans) but I think its still 'easy' to get a work visa with just a bachelors (or equivalent) and a job offer.

I think the biggest challenge historically was the US just not offering enough H1B visas to satisfy the demand of American companies. I don't really know what the situation is like now though.

Might be, I recall some headline a la "skill visas for 2015 sold out" or something from recently

i dont know u, but methinks ur in the wrong field. programming is obviously very frustrating for you, and honestly you dont seem to have the kind of motivations that will keep u interested in it long term. for instance, cypherpunks write code for socio/economic/political reasons. When you have a deep underlying drive that is rooted in philophy or ethics, such as the cypherpunks, it seemz to me that programming ends up not being a job, but a way of life. trivial pursuits of money or sex R shallow, and shallow pursuits lead to shallow. frustrating. unfullfilling work,

its a terrible proposal beause he might be stupid enough to do something stupid and end up in prison. just ignore him, unless you really would feel great if he got sent to prison

I've never bought the you have to be a 100% dedicated, way-of-life, programmer to be successful.

The primary reason I'm still in this field is because it pays the bills and is generally pleasant (especially compared to the other options). But the amount of programming I do for fun is basically none and if I didn't need to pay the bills I'd probably just work 3-4 months a year.

Aside from that, Swing sucks. And its not particularly useful. So it seems pretty reasonable to complain about it. Hell I complain about stuff that's useful and a lot less painful. That's just life.

Good tip for heartbleed:

http://www.knowthenetwork.com/2014/0...r-web-browser/

I just assumed that browsers checked for revoked certificates.

might it b possible the National Security Agency's somewhat recent!y rep0rted crypto breakthru was the discovery of heartbleed?
http://www.economist.com/blogs/babba...g-cryptography

I agree with this. But I think what sets good programmers apart from code-zombies is that they try to see a challenge in fairly mundane stuff and strive to improve.

Basically the difference is "FML why do I have to write Java when I could use XYZ" vs "all right use of Java is a constraint so let's see how good I can get at writing Java/exploring the VM/etc. pp"

tl;dr: Swing "hatred" is mildly alarming.



My settings were correct but I don't remember when I changed them nor would I have checked. Def. assumed this would be correct by default.

I'm not a senior, it's the end of my first year.

And i love problem solving and i like programming but you're delusional if you say that there aren't things that are really fristrating and time consuming about it.

Especially when this class is basically an elective for me and the course description was "practical" applications of java. I'd much rather spend time learning about data structures and design patterns than waste time doing stuff i'll never use again and be tested on stuff like "how many methods does the ____ interface have"

There are companies that evaluate these for a fee. You send them your transcript and they send you a letter on a fancy letterhead that says "As an expert in qualification evaluations, I certify that clowntable is a holder of a Informationstechnikmagistermeisterschrift from the University of Twinkeldinkeldorf and that this degree is equivalent to a Master of Science in LOLCode from a top American university".

They look like a bit of a scam but the immigration lawyer who advised me on getting a US visa seemed to think they carried some weight and were a good use of money (and we were interested in cutting corners/saving money at the time). I don't have the name of the company we used to hand but I don't have any special reason to recommend it and I'm sure you can find an equivalent.

I think he was joking.

oh my bad.

I mean I do think it's sorta cool some of the stuff I'm learning, like for instance this week using swing I was able to figure out how to make a rudimentary tennis game similar to pong, which I'd never done before. I've been ****ing around with moving sprites and basic animations and stuff.

I probably shouldn't complain though but seriously you should hear some of the script kiddies in my class that are failing right now, they basically can't figure out the simplest logic and whine about how the class isn't teaching them anything. well why the **** are you here then?

and then there's some stuff I just will always be frustrated by, like our last assignment we had to draw a bowtie using the GeneralPath class. Like come on, that's so irritating. Oh well.

Then you get out of school you will have found you learned a lot of irrelevant stuff. I realize you are an underclass man but some of these programs seem Micky Mouse to me.

Since we are on the topic of security, I have a question about something that confuses me.

Why do so many websites allow this cruft to exist in their urls?

[pre]www.mysite.com/id=58730248app=9837293foo=83729939bar=383883929992 83bazz=9[/pre]

I know I don't understand security, but I've read enough facebook bug bounties to know that the common bottom denominator always ends with "just change this one character in the url and you can delete Zucks images."

I get it, people sanitize their url parameters, but if facebook with their incredible security team can't get this right, why would some individual or small team risk it?

Sometimes it's convenient?

It's easy to build. It's easy to test. And it's nice for users (they can bookmark a specific state and look at that link and understand the state).

Obviously that's not a good reason to ignore security related concerns in some cases but in others it is.