I'm guiding a few and sometimes they write pretty good code with the help of GPT but then in meetings have trouble understanding and explaining things.
I think it's a big productivity boost, but also a chance that the learning rate might actually be significantly slower.
If you actually want to solve the problems of monopolies and have a working free market you should. And in most countries monopolies are not allowed or frowned upon, regulation is already often in place
Look at the cat and mouse game the EU and apple are playing in regulation.
Where actually they are a full monopoly in the App Store market. Only way to solve it, is to break it up.
> Where actually they are a full monopoly in the App Store market.
They do, they absolutely do. What’s worse, it turns out they have a full monopoly in MacBooks, computers running macOS, iPads, and iPhones.
In other words, no they don’t. The legal definition of monopoly is not solely, “if there’s only one participant in a market, the participant in that market has a monopoly”. There is necessarily more to it than that, because if that’s all it was, literally every company selling a product would have a monopoly in that product.
Network effects like Big Tech employs ensures that inferior products will still be dominant in the market. Network effects strangle markets.
You could argue that markets are just the wrong kind of social formation for mediating software production and distribution, since software is not a commodity.
It’s very hard for management, even IT managers, to fully understand what such things mean.
I’ve seen huge issues, like exposed keys, being treated as a small issue. While an outdated js library, or lack of ip6 support being escalated.
I’m sure TSA and their partners wants to downplay potential exposure, I’m also sure it’s hard for a lot of their managers to fully understand what the vulnerability entails (most likely their developers are downplaying their responsibility and pointing fingers at others)
This is the Transportation SECURITY Agency. If the managers involved here can't understand why this is a huge deal, they're exceptionally unqualified for their jobs.
Edit: Fixed a double negative (previously: This is the Transportation SECURITY Agency. If the managers involved here can't understand why this is a huge deal, they're not exceptionally unqualified for their jobs.)
It was the most humongous deal if we talk about IT security. SQL injection shouldn't be a thing in today's IT landscapes. And here we are giving everyone and their mother admin access to a database where the attackers can literally get not only on a plane but also in the fucking Cockpit. So yes, big big deal.
> where the attackers can literally get not only on a plane but also in the fucking Cockpit.
You can easily get on a plane, you buy a ticket to board it.
People try and succeed to get weapons through TSA checkpoints. I don't know what the idea is though. If you want to shoot and kill someone, do it at the security checkpoint, as happened at Domodedovo. People hijacked planes because the media covered it. You could also hijack busses. I don't know. What is the threat model?
Bag handlers smuggle drugs. I don't know. Airports are fairly porous.
I don't think this little SQL hack gets you into a cockpit. I suppose I could also buy an ordinary ticket, change in the bathroom into pilot clothes, and then bluff my way in. It should be obvious what personal facts about me make that easier for me than for someone else.
Do you see what I mean? This isn't a big deal. It's fun to be dramatic about that's for sure. IMO the large number of high drama personalities in the "security" field - when you are a customer, and on the other side, the technical person is high drama - is harmful to security goals.
TSA spends $6.3 billion per year on screening operations. Someone being able to bypass the entire apparatus of airport screening using a SQL injection attack is a really big deal.
>> The TSA's response here is childish and embarrassing,
> It’s very hard for management, even IT managers,
I'm confident that the grandparent's comment is correct.
TSA is closer to the issue than HSA; I'd wager big that they sense embarrassment.¹²
TSA management would have immediate access to people capable of framing the issue correctly, including their own parent agency. Their reaction was never going to be held back by technical facts.
¹ US Sec/LEO/IC agencies have a long and unbroken history of attacking messengers that bring embarrassment. There is ~no crime they are more dedicated to punishing.
² The worlds easiest presupposition: Discussions took/are taking place on how they might leverage the CFAA to deploy revenge against the author.
Part of being a good manager is knowing how to get good folks to give you advice on things you don't understand, and knowing how to follow that advice. Yeah, its hard- but that's a huge part of the whole dang job!
No manager (or human) is perfect, mistakes happen- we need to be humble enough to listen and learn from mistakes.
Well said. One of my friends came to cyber management from a legal background. You'd better believe my buddy is calling the most respected nerd in the building when learning about a possible vulnerability. Knowing your technical limitations and where to go to get answers is an important skill for tech managers.
True but even though I’ve always been careful to escape sql, I’ve also made an oversight once by writing a custom SQL filter and missing to escape it. The code reviews also missed it (we were so used to the framework solving it for us). Luckily a pen test found it and was only shortly in production.
This is the opposite, fixing payment flow is something can be completely done without customer feedback. It’s q&a work.
You would want to test the response of customers on your product as well as your acquisition strategy, this is something you can’t fully predict, but still can get close if you spend a lot of time in that market
