In the third example box of the "Immutable Updates" section, I believe the text '(joe,dob,"Joe Bob") ===> Answer' should be changed to '(joe,dob,"1978-01-01") ===> Answer'.
Inferring device does encryption, while silently allowing data leakage in complex ways that are beyond the typical consumer is deceptive at best.
It provides a very weak link to the entire claim of end-to-end.
Security minded knows that you also need attribution and chain of command. Your example of hopping through hoops is your own doing, which you are free to do on your own. For free. This product is provided as a SECURE means of communication and it IS NOT.
You are not an attractive target. That is ok, usually preferred. That is not the situation for everyone. However I bet someone will using Zoom is likely to be a person of influence in a major industry of organization that you have an interest in. With a target in mind, you now have a goal: Find a way to convince zoom to send encrypted comms to any device within reach. Note it doesn't mean you NEED a device to be dumb. You just need the smart device to convize Zooms servers that is is "dumb" (or a land line, fax machine, etc). Once convinced it will happily send the data onward.
This is the type of problem that will eventually be exploited in a major way if their mixed messaging is not curtailed. Suggesting otherwise is only kicking that can down a longer road, off a bigger ciff.
> This product is provided as a SECURE means of communication and it IS NOT.
Are you claiming that there are actual customers who believed that if they called up a Zoom conference via a phone number, their connection would be encrypted from their landline phone all the way to the other end, and were surprised to learn it was not?
> With a target in mind, you now have a goal: Find a way to convince zoom to send encrypted comms to any device within reach.
This attack has nothing to do with end-to-end encryption (i.e., it is equally possible against systems that are well-accepted as "end-to-end encryption," so if you're using this as a criterion, nothing is end-to-end encrypted.)
That doesn't mean I don't think it's a problem. That just means I think that words have meanings, and "end-to-end encrypted" is not a synonym for "secure under the threat model I care about," and never has been, for anyone.
"Robotic process automation" was indeed what came up in my web search for the term, but it seemed an unlikely fit for generic distributed app development. Why is robotic process automation sweeping "IT shops"?
Because rather than upgrading software and building APIs that integrate at a low level, IT shops are building software and APIs on top of UI automations. Some new fancy service desk platform the suits want may not have a connector to your 15 year old heavily-customized SAP instance (which is run by another team you have no influence with), and budget / time constraints leave RPA as the only option.
It's pretty easy to see why this would cause problems, but the consulting companies have been pushing hard on RPA because when it blows up in 5 years, who are you going to call? I say this as a consultant who has to sell this awful crap because "partnerships".
Thanks for the context. Seems like the latest incarnation of scripting 3270/mainframe terminals, telnet/expect sessions or web/selenium/headless browsers.
Copy&paste is the enterprise API/data integrator of last resort. Image/video is another integration point. iOS can screen capture full-page images of web pages, with tools for human annotation. Soon the local ML/bionic processor and AR toolkit can perform text recognition on those images, which means they can be live edited, re-composed and fed into another system.
> fancy service desk platform the suits want may not have a connector to your 15 year old heavily-customized SAP instance (which is run by another team you have no influence with)
This intersects with DRM and the title of the OP story. When OrgA and OrgB fail to partner/cooperate (e.g. no formal integration) or are actively hostile (implement DRM to prevent data movement between OrgA and OrgB products), it creates pain for customers and new business opportunity for OrgC and OrgD.
Which is why scraping and reverse engineering are never going away, they are society's last line of defense against vendor org dysfunction.
Oh it's so much worse than that. Swivel-chair / copy-paste integrations are often a better solution than RPA in today's world.
It was one thing scripting mainframe terminals, but the equivalent today are SaaS apps. The major enterprise vendors like Salesforce are pretty good about roadmaps and release schedules, but a lot of the smaller ones work on more of a continuous deployment model. This means your RPA integrations are constantly breaking, and suddenly you have to hire a whole bunch of RPA analysts to deal with fixing them. Or you can just hire a few more data entry people to do it manually.
I ... I feel bad saying this, but I can totally see a use for RPA.
One, and more often than not, applications embed a ton of business logic in the client which is not easily available in the API.
Two, and honestly I feel dirty writing this, the UI is usually a lot better tested. Or tested at all.
I'm just the messenger, here. We were very adamant about NOT doing this in my previous company or our current projects, but I can totally understand the "it's good enough for humans, it's good enough for machines" attitude. It makes me sad though.
This type of commentary only serves to move the progressive goalpost closer towards the conservative (imho also the regressive side) of the debate.
Yes everyone does it. But is that ok? To suggest so, is to suggest there is no better alternative. This thinking ultimate leads to it's predicted outcome, not because of any sort of prescience, but out of the lack of will to use the available light to find a better way out.
I hear what you're saying. But the enemy will poison the minds of gen pop with such messages. Divide and conquer is the one true strategy to the game.
Drawing these lines proverbially is akin to perforating our social fabric. Lots of small holes, that left untouched, provide the strength to maintain structure. But once enough of those dots are connected by tears, it's usually too late to rebuild without starting from scratch.
As citizens, we have the right to argue that BOTH angles apply. Whether one out weighs another is significantly less consequential in the heat of battle. Navigating the seas, making progress towards your goal, that should remain the focus when having discussions that often gets lost. IMHO at least
Human's are lazy by what once was necessity, and that is still deeply rooted in our behavior.
Most folks in tech can grok that Laziness can be a virtue.
However, modern society has perverted the image this trait reflects to appear somehow inferior to "hard work."
We live in a society where we are raised to "endure" adulthood. It definitely doesn't have to be like this now. Whether it did in order to achieve the tech at hand is a lovely debate to be had... if only more people could hear the opportunity is literally pounding at the door begging to come in.
i believe lists of its obsessively chiseled, unique, world-class features would only get contrasted with its pardonable shortcomings as an editor.
so, that question is a no go because the thing has a transcendent dimension, it puts you at the heart of the storm, the center of computing where you commune with the gods of our field in perfect calm.
I am saying that the people signing the checks made a business decision to narrow the focus of one of their brands. In my own opinion, a large number of the people working at Deadspin should have rightly been fired at this point.
Another thread mentions Google's 20% time, something that largely doesn't even exist anymore and for a long time still required approval to work on. Business changes and adapts with time. They aren't asking their writers to generate fake news stories or to not include culture in their sports writing, but that articles should have a focus on sports. They have other brands that write the types of articles they're asking Deadspin to stop writing.
In the end, the owners don't want another general millenial rage bait woke journalism site. They want a focused sports brand that they can grow in that space. Branding is important, and having a focus on branding is important. That's why PowerAid isn't labelled "Coca Cola". There are many valid business reasons why the people paying for the site want a specific brand focus.
I'm pretty sure that this has been explained at least once to Deadspin editors. However, it seems to me like the editors are a bunch of petulant children who don't understand that there are times where the person signing your check makes decisions you don't agree with, and not everything deserves to be rallied or protested against and that the adult decision is to either comply or find another job.
I've left jobs when decisions were made that I didn't agree with. I once mentioned I'd leave if the MPAA were taken on as a client. There wasn't malice, there wasn't a fit involved that brought a lot of undue public attention. These people need to grow the fuck up already.
