I could barely take a seat through the masses pushing me to escape. Then when I thought no more people could possibly leave, they kept going. The room was almost empty when I gave in and left also.
Heck, I was only there because we pwned the very resources you were talking about. My first security conference was B-Sides Orlando in Before the conference, I had been hanging out in the hackucf IRC channel and had known about the event well in advance and got along with all the organizers and most of the would-be attendees , and considered applying to their CFP. Such is the danger of being self-taught! If it can happen to me, it can happen to anyone interested in tech. At this point, more clarifying questions came in, this time from Fredrick Brennan.
And, my whole point is you're no expert because you didn't see them. One of Zed A. Without even looking past the directory structure, we can already see that it implements an algorithm called TrueRand , which cryptographer Matt Blaze has this to say:. In dog years, it's eligible for retirement.
Otherwise, why would he behave with such arrogance? Earlier versions of the protocol are out of scope; as are proposed variants e.
Professor Matthew D. The first two are trivial:. The third is more interesting. The other SRP security issues still stand; this erroneous analysis only affects the u validation issue. As a consequence, this is additionally vulnerable to a local-only timing attack that leaks your private exponent which is the SHA1 hash of your salt and password.
Exploiting the timing attack against SRP requires the ability to run code on the same hardware as the SRP implementation. L1 and L2 caches , unless other protections are employed by the hypervisor.
Leaking the private exponent is equivalent to leaking your password in terms of user impersonation , and knowing the salt and identifier further allows an attacker to brute force your plaintext password which is an additional risk for password reuse. Earlier when I mentioned the black hat hacker group Zero For 0wned, and the negative impact their hostile rhetoric, I omitted an important detail: Some of the first words they included in their first ezine.
For those of you that look up to the people mentioned, read this zine, realize that everyone makes mistakes, but only the arrogant ones are called on it. If Zed A. Stop buying them, stop stocking them, stop recommending them. Without a time machine, there is no actionable path to improvement. An antidotal documentation of an event is not a body of work. The body of work of a journalist would be measured differently than simply the subject of one event that they are asked to cover.
There could be exceptions to the rule but I doubt many journalists hit it big and hang up the cleats. A body of work around a certain subject that lots of people study and use in their professions is different.
It should be judged without the author in mind, otherwise how are you going to remain neutral and form your own calculated reality of how it works when you review work by other authors?
Why should I remain neutral? We live in a sea of biases. I think it's better to know one's biases and consider how that affect what one wants to do, rather than remain neutral.
I've been watching archeology videos recently. The archeologists are not neutral on what how to interpret their finds. They use their non-neutral viewpoints to help guide where they work next. They are also well aware that the views of their profession have changed over time, and that those views can reflect implicit personal and cultural biases. In this case I do not think Zed Shaw's personality outside of "Learn Python the Hard Way" affects the interpretation or use of that book.
But I think Galileo was foolish for putting the words of the pope in the mouth of the character Simplicio and expect the pope and his supporters to remain neutral. Keep on hatin'. It's certainly possible to both be rude and write books that help people. The two behaviors are not mutually exclusive. I think it's completely reasonable to laud Zed for his efforts to teach while questioning his manner. Except this is a post about his book and his teaching? But here we are dedicating all this time to rehashing all this stuff that happened years ago with people who obviously weren't there at the time.
Unless you have to work with him, why does his manner even matter? Funnily enough, I actually knew Zed before he became "Zed" we were both team leads for related organizations.
He came off as one of the more caring and right-headed leads that I'd known at the time. Things change of course it's been years , but I wouldn't infer too much about what he'd do to a team from his internet persona. I suppose internet persona being very different from the real person also tells something about the person. I've only had one dealing with him. While I was interviewing for a job with a company he was working at, they had him look at the code of one of my personal projects.
He was polite and complimentary, just as you'd expect from anyone you were dealing with in a professional capacity. I actually asked one of his colleagues what it was like working with him. Words like "quiet" and "pussy cat" were used. They said he has strong opinions, but is never contrary for the same if it, and is often just quietly sitting in a corner listening. I find it interesting that many people go out of their to defend someone like Linus Torvalds, but with someone like Zed Shaw, go out of their to criticize Zed Shaw.
Its really pretty simple. Torvalds has a community and communities tend to defend their own. Happens in politics all the time because that's what humans do. Zed doesn't have as big a community and he offended some in the Ruby community.
I think Zed's lecture in Toronto was an amazing presentation on values, but I've not read his books. Its also why people say they "hate" a politician, leader, or band without listening to one word they say or believe snippets represent the whole of a person.
The group think spreads quite nicely. At the end of it all, there is so much information and we have so little time, we outsource some of our beliefs. Comedians tend to use this to craft some jokes and sometimes abuse folks.
For example, President Ford slipped a couple of times in slick shoes. Chevy Chase made him out to be a klutz and un-athletic on SNL to great merriment. President Ford was probably the most athletic President the US has had. He played linebacker in American Football and was consider a decent athlete.
My Dad was not a fan of this and did tend to scold his children that "if we were going to hate someone, we better damn well know why". I do admit to failing at this since there is so much, but it is a good lesson and tends to result in new joys. Disclaimer: I don't have a horse in this race, know 0 of the principals involved, couldn't write FizzBuzz in Ruby, etc.
Dont judge a books value by your opinions of the author. I am contrarian and rude, but you most likely worship quite a few people in tech who are also contrarian and rude but you say nothing. I bet there's a CEO you admire who is even worse than me and you tout his words like they're a gospel. I personally would love nothing more than to have the industry flush everyone who behaves like that totally out of it, but as long as people like you hold those with no power to different standards than those with power, it'll never change.
As somebody who doesn't know Python I would never use this book or recommend it to others. The reason for that is nothing to do with drama over Ruby which I don't know either but purely because of the quality of his other work about languages that I do know.
In particular his C book and his comments about C on this site. He even takes pride in his lack of knowledge of the fundamental concepts that you need to understand to write correct C, and mocks those who do take the time to learn about the standard. Such a person should not be writing a book to teach C to beginners.
People following his advice are going to write code that is dangerously incorrect. If you want to take the position that C is insane and nobody should use it then that is fair enough and hard to disagree with, but in that case the honest thing to do is to encourage people not to use C; don't write a book teaching dangerous practices to beginners.
Since I don't know Python I have no way to know if he takes a similar attitude towards Python. What aspects of the language does he ignore because he is too prideful to read the standards or documentation?
Given what I know about his attitude towards C, I can't trust him to teach me the things I would need to know to use Python correctly and safely.
Your dismissal of his Python material is unfounded. This book is quite good, especially for beginners that literally would be unable to learn to code otherwise. As a professional educator myself, I strongly disagree with your sentiment about "teaching dangerous practices to beginners". By far , the biggest "danger" to beginners is that they won't learn how to code at all or get frustrated and quit because of pedants. Do we teach beginning drivers using wheeled tractor trailers? Or using F fighter jets?
No, we use cars with automatic shifting driving around in an empty parking lot at first. MollyR on March 27, root parent next [—]. When I started to learn python, I bought his book. It was okay. I actually found youtube tutorials,videos,and codeacademy to be far more interesting and effective. I don't think I would recommend a book to a pure beginner anymore, places like code academy have matured to be far better. I don't think your analogy really makes sense; the issue isn't that the author tries to teach people things which are too difficult to handle but that the author may state things which are just incorrect.
A better analogy would be teaching beginning drivers to use their knees instead of hands to drive. I suppose I'm in a different position than you though; I don't see any need to get everyone to start coding. I think if people want to code there are already good books out there, and if they don't then I don't think we need more developers who hate their job.
What about the C book is incorrect? I want data and citations. I'm not sure if you're being sarcastic but I'll respond in case you aren't.
I don't recall saying that I thought there were mistakes in the book; I wouldn't know I haven't read it. There was a link to a thread where the author of a book on C was wrong about one of the fundamental aspects of the language.
Again, I don't have the slightest idea whether there is wrong information in any of the author's books, but I can also see why one would be wary trusting a book written by someone who has shown a serious lack of mastery on previous occasion. I believe the person I was replying to misunderstood the cause of concern as being one where a person is taught poor or suboptimal practices as opposed to one where a person is taught things which are just flat out incorrect. Got it. No idea why you thought I was attempting to criticize it, validly or not.
I was just trying to elaborate on a previous comment that someone else seemed to have misinterpreted. It's interesting that you'd use an anonymous account to sling some slander, but I'll answer you: Yep, that comment thread is great and people should read it for an explanation as to how completely insecure C is. It made me realize that nobody can teach C safely. The language is completely unsafe by design.
Based on that, I killed my darlings. I should have never started this book as a "C book". How to learn any programming language quickly with some tricks I know. Secure programming and defensive coding skills, which a broken language like C is perfect for teaching. Testing and reliability. Most of the C I've found safe and useful, and how to avoid UB when possible.
Algorithms and how to apply them. And finally building projects as small challenges to get better at C. So everyone was right, and I adapted the book to denote that. I think a good catalog of how to cause security failure with C UB would be instructive to everyone. And then we can all just stop using C. It's terrible. Now that you have this new information, hopefully you'll update your slander.
I'm just commenting from the position of an observer who has found that your general attitude undermines the work you do, irrespective of whether you are right or wrong about the issue at hand.
We are all wrong at times. There is no shame in that. Shaw has a long-standing rant opposing Python 3, where he finds the new string type difficult to use, and as a result believes it should not be adopted.
He stated in November that "Python 3 is not Turing complete" due to claims from Python project developers that Python 2 code cannot be made to run in the Python 3 VM.
This statement has drawn a lot of criticism. Shaw has spoken about the amounts of vague and misleading information that is pervasive on the startup and entrepreneur culture, particularly concerning self-proclaimed startup advisors or entrepreneurship "gurus", having demonstrated publicly how some notable figures in the industry appear to speak and provide advice from a background of success that they never actually attained.
Zed Shaw. The basics. The details from wikipedia. Learn Code the Hard Way Shaw is the author of learncodethehardway. Positions Opposition to Python 3 "There is a high probability that Python 3 is such a failure it will kill Python.
0コメント