That and in 1999, if you were writing cracks, very few people were doing that in the demo scene at that point. The demo scene and the scene split up. In 1996 RNS started this change. By 1999 pre nets were already up, as well as top sites.
I miss the 90s. I was 12 years old in 1999, but I started disassembling code when I was 8, so as you can imagine, people online thought I was an adult with all of illegal things I did. I even broke into PayPal and bragged about it. lol embarrassing today.
That being said, I feel like back then a most vulnerabilities were so simple due to lack of foresight/security that quite a few 12-year olds with a decent understanding of computing could perform them:
I fondly remember an IIS bug which allowed you to basically 'cd' into any directory on the host machine and execute cmd.exe remotely. I believe it was as simple as the server not sanitising '..\' when written using unicode escape characters...
Even back in just 2012 I found one of our clients who had an ecommerce site came up with the "genius" idea of solving SQL injection by checking the unparsed URL for an apostrophe. Same self taught developer also decided to log the CC name, number, expiry, and CVV code for all orders instead of just storing the transaction ID from Authorize.net. There were 750,000 rows in that table when I found the SQL injection vuln.
Yah. There was a backdoor on all MS operating systems in net bios. As long as they were not behind a firewall and had not manually setup file sharing settings you could get full access / root.
All the way through the thousands there was a backdoor on OSX' remote desktop. As long as they were not behind a firewall and had not manually setup remote desktop, you could get full access as well.
And all the way through the 90s and the thousands, there was a backdoor on Motorola and Buffalo cable models, so you could remotely inject your own firmware and remotely reboot the router if you wanted. Everyone online was soldering those things to get hacked internet back then and I was just scratching my head as to why they were not using the backdoor instead.
I can go on. I haven't done anything infosec in a very long time. When I was 18 I got interested in certificate decryption and my passions took a more math heavy direction, eventually leading to quantitative finance.
edit: Oh, and to keep more on topic, regarding listening to cell phone chatter, the cell tower where I lived didn't change to digital until 2006, so in the thousands I knew you could listen in, but frankly I wasn't interested. I was more interested in making cantennas and injecting an 802.11 signal 2 miles away, decrypting their WPA. Surprisingly I did not find a single router that had a different admin password than its WPA password.
In the 90s all the way into the early thousands, to get online I had to get hacked internet, as my parents didn't really understand the internet and thought it was a fad. This may be what inspired some of the black hat stuff I did.
Before I make a change in residence or work, I have a plan for continuity of good habits.
Sign up for the new gym. Figure out where going will fit into my likely future schedule. Set an explicit period of lapse due to the effort of moving (or whatever life change is disrupting the norm).
Of course that is in an ideal situation. Sometimes you don't have enough notice for this (COVID stay-at-home threw me off).
I can have them delivered for very little premium. If my co-workers and I pool our orders we can reduce the impact of those deliveries (or rotating pickup), and have more choice about what snacks we get.
Donut and coffee clubs (and similar) in offices have worked this way forever.
Rail was a hugely impactful tool during the US Civil War.
I would guess that geography and the demographics of the American west are as much to blame as the relative lack of continental conflict in the rail era.
> They shield you from product owners and stakeholders by meeting with them and giving you only the information you need
I've worked at a lot of places like this, and I'm continually surprised people enjoy it. For me, it always ends up having the telephone game problem. You spend a huge amount of time error-correcting.
How do folks scale it? Given the aforementioned error-correction process, the amount of time a manager spends facilitating that process caps with very few engineers.
We have gone another way and our engineering teams work with product managers and together they make decisions. The PM deals with gathering feedback from our analytics teams, end-users and clients, and summarizes that for the team.
We feel this gives a sense of ownership to individual engineers and allows them to make better decisions without a lot of back and forth communication funneled through a proxy. And it also means we don't need a dozen managers.
Good engineers are expensive and hard to find, and I'd say finding excellent managers is just as onerous.
It depends on how toxic the rest of the organization is.
I've worked at places with a healthy culture (very little shielding was necessary) and I had awesome, close interactions with end users and the business side of things.
I've also worked somewhere where the culture of the executive team was bad and my manager (who was awesome at shielding things from the team) left.
This lead to close interaction with people who will insist that 7 different things can be the #1 priority for a single person. Or executives who repeatedly make people work nights & weekends to hit an internal deadline only to find out the internal deadline is weeks earlier than the client's actual deadline.
In the latter org the more time went on the more I missed my shielded ignorance of the rest of business's demands.
> I've worked at a lot of places like this, and I'm continually surprised people enjoy it.
That's been my experience as well. When a manager says they try to "shield you from the bullshit" it's just a lack of transparency that leads me to making my own (often worse) assumptions.
Wall of text incoming; I was trying to explore why I agreed with you and the parent post wholeheartedly while still finding some value in the "shield from the bullshit" concept, if perhaps not how it's commonly applied.
So I'm in an interesting position to comment on this, as a dev trying to transition into management. I've ALWAYS been on the full-transparency side as a dev, but have often had to defend that position to other managers and bosses, with the justification that I might scare the devs or distract them or have them focusing on things that aren't their core goal.
There's definitely a kernel of truth in that, but I've found most of the "grey area" is less ambiguous in practice; (e.g. don't be a rumor mill, don't get people worked up, realize there may be a proper time and place) and more importantly, _devs usually know most of what I would tell them._ They're not idiots. They have people they talk to, and they overhear things, they usually know how the games are played at some level and have some intuition that "something is happening." And by trying to hide this, and not being a partner and helper in wading through it/building confidence, you erode trust. So in terms of the "what's going on in the team" bullshit I'm pretty open, even if it's a bunch of political infighting and misaligned incentives, at least so the dev can understand the landscape and make sense of it.
The bullshit that I DO however think you can shield a dev from is the "Symptoms" of the above. Help balance out individuals playing favorites, individuals being biased against a certain dev, help a dev see if turmoil is coming and how they might navigate it, help a dev understand where motivations are pointed so they can avoid socio-political pitfalls, or optimize the decisions they make to drive their career to be responsive to the ecosystem they're in.
I believe one can be transparent enough to let a dev know WHAT is going on, but still provide them an ally and shield against potential negative impacts of it.
Lack of transparency is just bad communication. I see "shield you from the bullshit" not as bad communication.
I look at it more like this: The customer has an emergency and needs something ASAP. A bad manager will pass this bullshit straight to his team, including the "Oh my god this thing is going to blow up if you can't get it done by Friday!!!!",
A great manager however, will first figure out if this is a real emergency or not, how much it will cost, etc. (S)he will take into account who is currently working on what, what the priorities are, etc. Then will present a realistic solution to the customer/management: "Look, this we can do, this we cannot do".
In this situation, as a team member, work comes in as usual, and you probably were allowed to put an estimate on it. No "Help the world is going to end if this isn't done, DROP EVERYTHING!!!".
I've worked for multiple managers that fall in either bucket, and I had cases where something needed to be finished by Friday, because the customer needed it on Monday. Asking a week later after deadline: "Did it work?" "The customer hasn't tested it or put in production yet".
Great managers however, have great communication skills. Maybe a better wording is that they are able to filter the bullshit from the rest.
And when something bad happens because of this rushed code, they'll tell you, "you have to do more testing", make sure quality is not compromised. "We can do automated tests, we can do them as long as it doesn't eat up developer time".
Makes me think that in a consultancy business, everything hinges on getting the customer to fund your development properly. Ask too much and you'll lose the contract to a competitor.
I can understand that absolute values aren't very meaningful, as they're probably missing a lot of necessary context. BMI is one metric that doesn't paint a clear picture on its own -- but no doctor would ever rely solely on it.
I can't understand dismissing most of medical science. Can you expand on that part of your statement?
