●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Become a fan of Slashdot on Facebook
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
bybradley13 ( 1118935 ) writes:
IMHO, these problems stem from the following source problems:
- Incompetent developers. Look at the number one problem, number one for years now: injection. I teach students how to avoid this the first time they touch a database, which is typically in year two of their degree program. It doesn't matter: half of them still write injectable queries, even though using "prepared statements" isn't any more complex. The thing is: there is so much code to be written, that even these students - who evidently don't u
bygweihir ( 88907 ) writes:
I fully agree on all of these. I also teach a software security lecture, and last year one student summarized the purpose as "warn everybody to get an expert and not to do it themselves". Well, at least that one learned something.
As to the last point: This is a real catastrophe in the making. Nobody still understand what they do and their dependencies seem to grow all the time. I now push "does not depend on frameworks" as a sign of quality to customers, wherever possible.
bydougTheRug ( 649069 ) writes:
If you were teaching civil engineering, the first day you would be showing them a film about the bridge that blew down because of its design failing to accommodate for its stress inputs. And the fact that people's lives were on the line.
I would very much like to know what the first day in your course is like.
I think you have to honestly look at yourself and if you are not educating developers on how and why injection flaws work, and how they must be stopped at every handoff of data between interpretatio
bygweihir ( 88907 ) writes:
Ah, yes. "Bouncing Betty" (or "Galloping Gertie"), the Tacoma Narrows Bridge. I saw a picture in my Software Engineering course. Do you have a source of the video that is not YouTube? I should indeed show that to my students as a reminder that they will be engineers and that engineering failure can kill.
My first lecture starts stating that almost every piece of software these days is connected to the Internet in some way. Then it gives a broad overview over the things that can go wrong. I will treat them in-depth later. (Web Application Security is Part II and has its own "first" lecture.) I do buffer overflow including a demo that the students need to replicate themselves, discuss ways this can and cannot be fixed (e.g. NX bit is nice, but does not solve the issue). Next is Taint Checking as a data-path technique. Then data-leakage by behavior, e.g. when you can tell from the error-message that you had guessed a user right. Wherever possible, I add a current example. Final Slide is "human factors", including "Incompetent and unaware of it", The Peter Principle, The Yosemite "bear proof" trashcans that smart bears can still open, but dumb tourists cannot, and finally the "shoot the messenger" problem.
In later lectures, I have all the classics on architecture, design and implementation level, including privilege separation in connection with input validation and normalization and the least privilege principle, fuzzing, password breaking, DoS defense, economic aspects, software maintenance, etc. Unfortunately, space is limited and many things I can only touch on the surface. I would like to make this a 2 semester course, but that is unlike to happen. So I have to select were to dive deep and were to stay on the surface.
Parent
twitter
facebook
byK. S. Kyosuke ( 729550 ) writes:
Do you have a source of the video that is not YouTube? I should indeed show that to my students as a reminder that they will be engineers and that engineering failure can kill.
Why does it have to be not from YouTube? And if it for some reason can't be from YouTube, wouldn't it be sufficient to simply download it from YouTube first?
The description of the course sounds interesting. I assume the materials aren't available on something like OCW?
bytepples ( 727027 ) writes:
Why does it have to be not from YouTube?
The "appropriate use" filter on the classroom network forbids access to YouTube, or the national firewall forbids access to all services provided by Google.
And if it for some reason can't be from YouTube, wouldn't it be sufficient to simply download it from YouTube first?
Downloading the video is copyright infringement. A professor can't officially recommend this.
byK. S. Kyosuke ( 729550 ) writes:
The "appropriate use" filter on the classroom network forbids access to YouTube, or the national firewall forbids access to all services provided by Google.
Hey, you're not gweihir! ;) I assume these are possibilities, but I've only heard of such insanities from other parts of the world. Putting an access filter into a school is the last thing you'd witness around here. Especially when it comes to universities.
Downloading the video is copyright infringement. A professor can't officially recommend this.
That highly depends on local jurisdiction. Around here, your ass is covered by the law on both counts, when it comes to downloading it *and* when it comes to playing it to students in school settings. (After all, playing the video locally requires downloa
bytepples ( 727027 ) writes:
Putting an access filter into a school is the last thing you'd witness around here. Especially when it comes to universities.
Non-profit universities don't have unlimited bandwidth. Nor do they want to contribute to Internet access patterns that are more likely than not to disrupt instruction in the classroom. Toward this, many universities tend to block access to certain Internet resources from classrooms while allowing it from dormitories.
After all, playing the video locally requires downloading the data anyway
Both U.S. copyright law and the YouTube terms of use distinguish an ephemeral copy of a few seconds of a work at a time from a permanent copy of its entirety. And even in the case where the cac
byK. S. Kyosuke ( 729550 ) writes:
Non-profit universities don't have unlimited bandwidth.
That's because no universities have unlimited bandwidth, which in turn is because nobody has unlimited bandwidth.
Both U.S. copyright law and the YouTube terms of use distinguish an ephemeral copy of a few seconds of a work at a time from a permanent copy of its entirety.
Yes, they may very well do that, which is why I was mentioning local jurisdiction. Despite the US-majority on /., the US is still only about four percent of the global population and I'm trying not to make any assumptions about who lives where.
byangel'o'sphere ( 80593 ) writes:
It is only a copyright infringement if:
a) the video has a copyright
b) you redistribute it
Teaching purpose btw. is in american copyright laws explicitly allowed! But not necessary in every country.
bytepples ( 727027 ) writes:
Even if a defense to copyright infringement is successful, downloading a permanent copy of the video from YouTube's server without permission from YouTube is still a violation of YouTube's terms of use and therefore of the Computer Fraud and Abuse Act and foreign counterparts.
byangel'o'sphere ( 80593 ) writes:
If those terms of use are enforceable ...
bydavid_thornley ( 598059 ) writes:
It's copyrighted, at least in all Bern signatories. Trust me.
Digital video is sufficiently recent that none of it will have come out of copyright yet, and in order to be used it has to be in a fixed form, which means it's automatically copyrighted.
If you don't like current copyright treaties, I certainly understand, but that's the law as it stands.
byangel'o'sphere ( 80593 ) writes:
I don't know the video in question.
However you are right in so far as digitizing an out of copyright old work creates a new derived work with new copyright.
● your current threshold.
●our current threshold.
bygweihir ( 88907 ) writes:
Sorry, I cannot give you the materials. They would be in German anyways...
byK. S. Kyosuke ( 729550 ) writes:
The subject doesn't even have a web page with references? Well, too bad.
bymfnickster ( 182520 ) writes:
Do you have a source of the video that is not YouTube?
Try Archive.org [archive.org]
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
It is much harder to find a job than to keep one.
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...