Salary transparency

When negotiating, the less information your opponent has, the better. If you know how much everyone else in your role earns you will hold at that amount. If you have no idea, you might accept less. Making this information publicly could:

  • close the gender wage gap
  • help everyone to wheel, deal, demand and self-advocate

When a company hire another employee they have no idea how much value that person will add to the company. Salary transparency ensures that the employee knows what the company makes and the company knows what he makes which may help level salaries and eliminate discrimination.

 

Homo Sapiens – the useless class

Most important question of the twenty-first-century economics: what to do with the superfluous people after we will have highly intelligent non-conscious algorithms that can do almost everything better?

As long as machines competed humans merely in physical abilities, there were countless cognitive tasks that humans performed better. What will happen once algorithms outperform us in remembering, analysing and recognising patterns?

Over the last few thousands years we humans have been specialising. For AI to squeeze humans out of the job market it needs only to outperform us in the specific abilities a particular profession demands. The crucial problem is not to create new jobs but to create new jobs that humans perform better than algorithms.

Very soon the traditional model where life was divided into two main parts,a period of learning followed by a period of working, could become utterly obsolete and the only way for humans to stay in the game will be to keep learning throughout their lives and to reinvent themselves repeatedly.

 

 

Objects and data structures

A class should not push its variables out through getters and setters. It should expose abstract interfaces that allows its users to manipulate the essence of the data without having to know its implementation. We want to express data in abstract terms.

Procedural code (code using data structures) makes it easy to add new functions without changing the existing data structures. Object oriented code makes it easy to add new classes without changing existing functions.

Not everything is an object.

The Law of Demeter – a module should not know about the innards of the objects it manipulates. A method  of a class C should call only the methods of these:

  • C
  • an object created by f
  • an object passed as an argument to f
  • an object held in an instance variable of C

Talk to friends, not to strangers.

Data Transfer Objects – a very useful structure with public variables and no functions used especially when communicating with database which often become the first in series of translatio stages that convert raw data in a database into objects in the application code.

Active Records – a special form of DTO with navigational methods like save or find and are direct translations from database tables.

Objects expose behavior and hide data making it easy to add new kinds of object without changing existing behaviors. It also hard to add new behaviors to existing objects.

Data structures exposes data and have no significant behavior. That makes it easy to add new behaviors to existing data structures but makes it hard to add new data structures to existing functions.

Choose the right approach:

  • objects – the flexibility to add new data types
  • data structure – the flexibility to add new behaviors

 

 

Functions

A function (method) is a the first line of organisation in any program.

Rules for making the functions communicate their intent:

  • not small but very small
  • do one thing – can you extract another method from it with a name that is not a restatement?
  •  use descriptive names
  • number of arguments: niladic, monadic,  dyadic, triadic (to avoid)
  • no side effects, no hidden things, do only what you promised in the name
  • do something (change the state of an object )or answer to something (return some information about the object), not both
  • use exceptions instead of error codes
  • Don’t Repeat Yourself – duplication, the root of all evil.

Homo Sapiens – free will

Can humans give a meaning to the world?

How do biotechnology and AI threaten humanism?

Who might inherit humankind and will replace humanism?

The contradiction between free will and contemporary science. Scientists say there is no soul, no free will and no « self », but genes, hormones and neurons and the electrochemical brain processes are either deterministic or random. Free will exists only in the imaginary stories humans created.

Humans act according to their desires meaning they have free will, but also do the dogs or chimpanzees. The question would be: can they control their desires? At least, they don’t get the choose them.

 

Man in the middle

A man-in-the-middle attack occurs when someone eavesdrop remotely and undetected on unsecured chatter between people and website. To intercept or possibly alter the website traffic a hacker can set up an unsecure WiFi hotspot (evil twin attack), installing a malware on the user’s PC or using a sniffer to intercept the traffic (network sniffer).

Evil twin attacks can be prevented by carefully considering networks before connecting. Oddities like frequent disconnects, promises of fast WiFi networks or strange WiFi locations can signal an evil twin attack.

A network sniffer is used to monitor the network traffic, view details of unencrypted requests or detect network vulnerabilities.

Websites often communicate with web browser over HTTPS which uses cryptography. So, two important measures to use a secure connection would be:

  • connect to a familiar, secured WiFi network
  • ensure the website uses HTTPS

Path traversal

Path traversal attack exploits improper handling of filenames in a website’s query string. Typically, the hackers are looking for private files not intended for user browsing, files that may contain sensitive data (payment data, server configuration elements, etc).

A way to prevent this kind of attack is by segregation. Public and private files are kept in different locations. For examples, the public files are on server A, the private files would be either in a secure partition on server A or on a secure file on server B.

Another way to prevent is to restrict permissions on the server. The principle of least privilege – systems operate with the least amount of privilege necessary.

Other measures are: keeping the server OS up-to-date, sanitizing paths for illegal character patterns or not relying on user input for filenames.

Session hijacking

A session ID is used to identify the visit of an user when he logs into a website. This information is exchanged between the server and the browser.

Typically, the session ID must be lengthy, random, unique and difficult to guess. This will increase the time for those trying to hijack it. If the session ID is predictable any type of hackers (novices, black hats, elites) could write a script to guess it.

A weak session ID can lead to the exposure of the user’s profile and his payment information and allowing the hackers to access the website without authentication.

Hackers can use a script to enumerate potential session IDs and try to access the website with them.

Many websites rely on web frameworks to generate safe and strong session IDs. Some measures like: deactivating session IDs after a period of time, change session IDs after each request or prevent reuse of session IDs. Also, some web frameworks choose to sign the cookies (append some encoded text to the cookie data) that hold the session ID. This digital signature is an enciphered value that can only be deciphered by the website. Cryptography!

SQL Injection

SQL injection is a very common and straight-forward website attack that can help hackers to expose a website database. With SQL injection we can execute unintended commands against website databases (many websites use SQL databases). Using SQL injection a hacker can become the database administrator and tamper with user data.

Typically,  the hackers use input fields on website to inject SQL.  For example, a form uses SQL to check the user’s account in the database – login, checkout , registration or contact forms. Any form on a website can be exploited during the SQL injection attempts.

The website can reject the suspicious form data by cleaning/sanitizing the input. That means ensuring that inputs don’t contain certain symbols, rejecting whitespace characters and using regular expressions to validate data. There are many characters that a hacker can use to exploit input

The best defense against SQL injection is to use parameterized SQL (prepared SQL). Parameters are placeholders and ensure input is safely used in SQL. They are interpreted by the database drivers.

There a lot of scripts to automate the SQL injection attacks.

 

Passwords

Many users choose short and simple passwords. Easy to remember makes them easy to crack only by guessing them.

The strength of a password increases with its length. Adding just a few more characters to a password can increase the time to crack it by years.

A way to generate strong password is to string together some meaningful words (combine some words) into a password phrase. Adding some complexity by adding some special characters and numbers.  A strong password should contain all of these elements (uppercase letters, numbers, lowercase letters, symbols like !, @, #, $).

An online dictionary attack There are some programs trying to login on a website using a dictionary file containing a list of common passwords (leaked passwords from another websites, a vocabulary list with words in different languages). The website can prevent that by limiting the amount of login attempts or by using a CAPTCHA on the login form.

Cryptography is used to make the passwords harder to crack. Before storing a password it must be encrypted. It can be decrypted only by those who have the key.

An offline dictionary attack occurs when a program is used to decrypt an encrypted password. This way the hacker can decrypt it in the comfort of his hideout.

A website can protect its password by encrypting the stored passwords, limiting the unsuccessful login attempts and require users to change passwords often.