It's essentially a union for people with non-linear skills. Who should, thus, not get paid solely on seniority. So it's a union minus a pay-scale and mandatory wage increases.
Actors have one. Sets minimum pay levels, has 'residues', which is a fairly weird pension system (I think a normal pension system would be better for programmers.), sets regulations about treatment of actors, etc.
Writers for books, TV shows, movies, all have one, too. Musicians do not have one, but desperately desperately need one.
While actors don't have 'mentors', that actually was a part of the original guild system, and would not be impossible to figure out. Neither would professional standards.
We don't need a union, we need a guild. (Which is exactly what you're talking about with 'partner system'.)
Don't look at mine workers, look at actors.
We don't need to try to standardize wages or anything.
What we want is:
Minimum required skill levels. Preferably with tests, as a lot of colleges are turning out shit workers.
Minimum required pay levels, including contributions to pension plans.
Ability to specify our own time limits for jobs, so rush jobs don't happen. (This is vague, but it's been figured out in other professions.)
No working with non-guild programmers, or on code contracted from non-guild programmers.(Erm, since the guild agreement was signed, of course.)
No confusing us with support or help desk or electrical engineers.
Possibly royalties?
Someone needs to look at SAG's contract. That's the sort of thing we should be looking at.
Incidentally, the 'HTML Writer's Guild' has the same sort of idea for web designers...except they have no power at all. But if programmers make a guild, and they make a guild, and we only work with each other, and we managed to get the IT union guys with us...
I don't think he's claiming that a business name is enough.
I think he's saying that an unwillingness to spend a few hundred dollars to actually legally start a business is a good indication that the person with the idea isn't serious, and no one is going to pay them any attention at all. Certainly no one is going to invest in them.
Of course, if they haven't spent that much, they probably don't have a server or anything either. Or at least no any sort of dedicated modern server with a fast connection....an old 1.6Ghz running Linux connected to your DSL is not 'a server'.
Bruce is right....if you aren't willing to spend $200-$300 on your 'idea', don't bother to try to get people to help. Get a business license, rent a cheap server hosted somewhere for a test platform(1), get a domain name, etc. Then, and only then, look for people to help build and invest in your idea.
Not to be confused with bouncing your idea off tech guys and marketing guys, earlier, so they can point out if it's stupid or not, which most ideas are, and you should find that out before spending money on it.
1) Even if you are 'going' to do your own hosting. What you are 'going' to do doesn't matter. You can't afford that yet, and you need somewhere that actually exists that you can build and test on.
Or 'It solves a need that Joomla + VirtueMart + a custom component developed for $100 could solve, so why aren't customers buying my $5000 proprietary software?'.
The really funny things is that there are lots of people with 'ideas' that basically boil down to this.
For a news site, you don't even need 'just' a programmer...you need a damn CMS with forum software. (Granted, at the origin of slashdot, you actually did need a programmer. What software did exist was shitty. Of course, so was slashdot's software.) You don't need to worry about any non-off-the-shelf software until well after the businesses would fail.
When people outside the computer industry start talking about what they want to do, 30% of the time it's impossible, requiring AI or even magic(1), and another 30% of the time it's laughable easy, (If sometimes absurdly expensive to scale up, like building another google.) but sure as hell can't magically make a business.
1) Yes, while I've heard plenty of business ideas that require human-level AI to do, I've also heard problems where there is not enough data for a person to figure it out, but they somehow think a computer can.
he moved on to talk about "Howard Johnson's power amplifier" which is a generator that outputs more energy than it takes in and is based on "The fifth element, magnetism".
That is the crappiest slogan for a hotel ever. 'Howard Johnson: The Fifth Element, Magnetism'. It's right up there with 'Super 8: Lions live in South America'.
Howard Johnson published multiple "papers" leading up to how his design works, but since he was scared of being murdered by the government, he decided that he'd keep the last magical component hidden until he found a way to safely release the information without fearing for his life... or something of the sort.
I have a book with a Heinlein story in it that I can't think of the name of. In it, two inventors discover a 99.999% efficient light to electricity conversion process. (And it works the other way around, which is what they were actually trying to find.) And it's pretty cheap, too, it's just a form of clay. Obviously, this level of solar power and cheapness threatens all current energy interests in the world, and assassins soon follow. They solve the problem with a fairly obvious, if you know anything about the laws at all, solution:
They patent the damn thing and manage to get it printed on the front page of the newspaper. (Ah, the days before the internet, where getting stuff in front of a hundred thousand people took effort.) They figure that, yeah, 90% of individuals might steal the patent, you can make the stuff from a hardware and gardening store, but they'd still sell enough to businesses and governments and home builders that they're billionaires. Plus, no more assassins..what would be the point?
This story should be mandatory reading in school. There are way too many crackpots out there who only manage to function because people know nothing about patent law, and even more theories that require no knowledge of it.
I have a friend who thinks the auto industry bought up all 'car running off water' patents in the 1980s. I have pointed out that a) patents are public, so he should be able to find that and build his own car from it, even if no one can make or sell it, and b) any patent in the 80s has expired by now. Somehow, pointing this out has not dissuaded him.
People, oil companies do not make cars. CAR COMPANIES make cars. If a car company came out with a car that didn't require oil, they'd be rich.
Likewise, oil companies do not make power. POWER COMPANIES make power. If they could make power without paying for oil, they would.
And, no, those things are 'secretly controlled' by oil companies, as new ones appear all the time. You might even be able to get away with claiming 'the big three' are, somehow, owned by oil, but that certainly wouldn't stop from French or even Korean startup from making a shitty, tiny...FREE ENERGY CAR that the entire world would, um, notice.
And same with power. If you could make energy out of nowhere, surely one of these guys constantly begging for funds would, at some point in time, actually get enough month to build one such device. (In fact, they claim they already have.) At which point, they hook it to a power line, and, hey, they get paid money from the power company, and can use that to build more devices, which they can also hook to the power line...you see where I'm going here?
I mean, I have as little faith in the free market being 'fair' as the next progressive, but you have to have something wrong with your head to think it's that broken, to think that people with actual functioning free energy devices couldn't somehow build a business on them no matter what 'The Man' wanted.
Dreaming of a world where neodymium powers our future
I have to wonder how many crackpot theories there would be about neodymium magnets if it wasn't called 'neodynium' and sounded all futuristic. It's a damn magnet, people.
I've already made 10x more off the idea than what I've paid him in total and couldn't be happier with the success of my idea.
I keep having ideas for Joomla components that I really suspect I could hire someone to do at $15 an hour, get $100 worth of work out of them, and then sell for $10 a copy. Sell at least 15 and I've made money, including my time and effort.
I mean, simple shit that it's amazing that no one has ever done, or at least I can't find it. (Sometimes, sadly, I do find it...damn you, MetaMod! I had that idea!)
And, yes, I'm a programmer, and all the stuff I thought of is pretty easy, and there are a lot of non-programmers using Joomla.
I keep putting it off, however, because if I did it myself, I'd make even more money. I just need to find the time and energy.
It seems to me that the real problem is that many developers are completely removed from the design process.
The problem is that the backend developers and the frontend developers are working independently.
What they really needed was a better design team, made up of both of them, than can 'compromise' on things.
Often the design team will come up with something that the UI people thinks makes sense, but that unknowingly makes things 10x harder for the API people, and the UI people would have no problem doing it in a slightly different way.
Likewise, often the API people think in terms of low-level functionality, and forget that this all has to be presented to users, and there's an easy change that would make the UI people happy, or an easy-to-add extra functionality that the UI people want, but isn't part of the original design.
But the only way to fix this is to have very good UI and API people to start with on the design team at the start who can magically hold the entire hypothetical implementation in their heads and see where they will have issues...or be willing to revise things as you go along.
And revising things as you go along has other, obvious problems.
4) Ideas that, while possible in theory, but requires a decade of theoretical AI research before even starting, and probably would become #3 at that point.
5) Ideas that are simply doing something 'better' than the other guys, except there is no actual technological improvement hypothesized...the programmer is just expected to be told 'Do something better than facebook' and he'd realize 'Hey, I can do that! I'll add some 'better' over here.'.
The other point I'll make is that if you really 'need' to find programmers, I highly doubt you've got a very good idea.
To put it better: If all the 'idea' requires is 'programmers do a simple thing', it's entirely possible the idea person does not know anything about computers. Programmers have already done all the simple stuff.
Actual 'ideas' require putting those simple things together and figuring out how to aim them at a market, which, tada, requires you actually know what those simple things are, and their limitations. I.e., you need to sit down with a marketing guy and a tech guy (Or be one and sit down with the other.) and actually figure out what a) sells, and b) you can actually create to sell.
Often new ideas would fail both these people's sanity check, like 'a better google', which the tech guy will inform you require a huge up-front cost and months of getting it working, and the marketing guy will go 'Uh, better in what way? Why would people switch to us?' (This is such an obvious objection even the tech guy would come up with it, especially as Microsoft is trying to do it, and not having a lot of luck.)
In a sane world, the US would protect its domestic industries and prevent hemorrhaging money all over the world by making offshoring outright illegal and not allowing foreign labour into the country. As is, it's rabidly de-industrializing and going bankrupt as a result.
Not 'illegal'...just taxed more.
No, you won't be. An Indian accepts a smaller salary than an American because he won't be spending it in America, he'll be spending it in India.
And even if he is spending it over here, he's a) used to a smaller standard of living, and b) trapped by the law so that he can't negotiate for a smaller salary, and c) expect to retire back to India and doesn't need as much savings.
Meanwhile, that smaller salary depresses wages, which both decreases tax revenue and makes people poorer.
Indeed, the problem isn't the low salary or why it would be accepted, the problem is that having people willing (and able) to work for lower wages depresses an industry...and having that happen economy-wide depresses an economy.
You seem to think the way to stop this problem is to stop one single way that a hijacker of a web server is using to attack other people.
They still have other ways to attack people. (Like rewriting the actual files of the site.) And, more importantly, they're still in control of a server!
Like I said somewhere else, this article is 'Assassins who break into people's houses are now shooting people out the window, instead of just the door', which is a moderately useful thing to know, especially when that means they can look like they're coming from another, actually secured, location in the building.
But it has inexplicably which has lead to a discussion about boarding up windows.
While that is a fine thing to do, it is, I must submit, is not the actual problem, nor is it the actual solution.
The problem is that there are assassins in people's houses.
No, having an external firewall is not a solution to the problem that attackers are running programs as root on your server.(1)
Neither is stopping them from doing one particular thing, like opening another port.
1) As someone else mentioned, they might not be running as root, just launching apache with a new config file...at which point iptables would work fine stopping them from opening additional ports.
Usually they just spawn a new apache process as the hacked user with something like apache2 -d/tmp/haxorsite -c "listen 13675"...
Well that's just stupid not to notice. I thought we were talking about something in the apache config, where you'd have to notice either the port being open or config files.
That's not really anything to do with apache at all. They could run netcat from a shell script or something with that.
Thats why any decent hosting provider uses some front end servers, eventually with mod_security, so the back-end cluster has very restricted network setup only able to talk to the front servers.
And, again, I must point out that I find this incomprehensible and serving no purpose. If that's really the issue, and they aren't priv'd users, just use iptables to stop extra ports.
Or, even better use selinux to stop children of php-fpm or whatever from opening additional ports.
FTP down the entire contents of your site, and see if anything seems wrong. Directories you don't remember with frame pages, stuff like that.
If you have a CMS like Joomla or Drupal, download a clean copy of the same version, extract it somewhere, and run something like WinMerge on the entire two directories. See what's different...should only be stuff you've installed, like themes and components, unless you've done some manual hacking.
Likewise, if it's just 'your site', if you're the only editor, and you upload it using FTP...download it to a different directory, and run WinMerge to compare. They obviously should be identical.
Downloading via FTP will also run a virus scan on it if you have real-time scanning, although feel free to also do that manually.
Incidentally, that won't do anything for this problem. If they've hacked your hoster to put extra web sites up on your domain on other ports, it's unlikely you'll be able to notice this, and they certainly won't be in your directories. But doing that requires root access, and this article is idiotic...if attackers have root on your server, the fact they can add extra http servers is the least of your problems.
Checking all the files helps for the more common attack of them putting up a directory on your site, and sticking malicious stuff in there, or including javascript files that pull in malicious stuff from elsewhere.
Also, checking every link won't help.You don't have to have a link to that stuff for it to get into Google.
They just shouldn't get a pagerank bump by being on the same hostname as something else.
Why not? If google thinks that's a useful way to treat pages, that's fine.
If this is 'fixed', attacks will just go back to hosting files in hidden directories. The 'alternate ports' aspect of this isn't the problem, it's the fact that people don't locate malicious files they are hosting.
Yes, you're right, but if someone can change web server config files, they're root. (Or will soon be.)
So any firewall on the machine is easy to disable.
Granted, you could use an external firewall, but at this point you're boarding up windows so that the assassins who are wandering in and out of your house can only shoot out the doorway to kill people. That is not an actual solution to the actual problem you have, which is 'there are assassins wandering around inside your house trying to kill people'.
Technically, apache's config file permissions could be set so the apache user could reconfigure them without root privs, so the attacker might not have root...to start with.
Of course, if they can reconfigure apache as a normal user, they can configure it to, tada, run as root, which neatly solves the whole 'not having root' problem.
I'm a little amazed that attackers are reconfiguring apache instead of coming up with some rootkity http server of their own.
Uh, no, ideally you shouldn't allow the web server to rewrite its own config.
If it can do that, it's either already running as root, or, duh, its config files can be rewritten so it, from then on, runs as root. Which means the attacker is now running as root either way.
Frankly, half the time it'd be easier to detect extra ports than extra files. A lot of people have either gui interfaces to their http config, at which point an extra server on a weird port showing up would be noticeable, or have a script that writes the config files from a database, in which case an extra server might be erased (Depends on where it was added, though.)
Hell, you'd probably notice it from netstat at some point.
Whereas malicious files hidden in a web site tend to be hidden in a.whatever directory and some obscure CMS include/ file patched to include them, which no one will ever notice.
But stopping 'extra ports' actually does fuck-all for security anyway...it hardly matters if attackers are running malicious web sites out of extra http locations they've set up, or the pre-existing web server...the security implication of that is exactly the same.
The security implications of attackers rewriting http config files, OTOH, are through the roof. If you want to rewrite the http config from web pages, either use something like Webmin, which is designed for it and allows you to run your actual websites as a unprived user, or use a page that rewrites a database, and have a root-owned and root-running script that looks for updates to that database and rewrites everything. Do not, I repeat, do not, make/etc/httpd/domains.d/ owned by apache. (Or whatever the path and user for your web server.)
Like I said, it's trivially easy for an attacker with just web-server permissions to figure out that location and write a file that gives the web server root access, and next time it gets restarted...hey, look, their malicious scripts have root access also.
the bondholders would have perhaps been made whole (or close) by the sale of assets to new companies who would have been able to rebuild GM's VALUABLE divisions into something useful by now
No, they wouldn't have. There was no one to buy GM. There was certainly no one to buy it at the level you think there was.
And perhaps more importantly, the bondholders agreed to the exchange they go, which rather implies they knew this, that they knew if GM went into bankrupcy they'd get less than the 20% they got in equity.
No, that's the other part of Medicare, the part that's funded like social security. That's called FICA, and operates the same as Social Security, and you cannot opt out.
But that tax is practically nothing. That requires ten years of a 1.4% tax. Over your entire life, that might come to $7000.
And, like social security, if we stop Medicare Part A, we'd presumably stop the withholding for it also.
I was talking about the other thing, the actual insurance, which is 2/3rd of Medicare, Medicare parts B and C. (Part D is just nonsense.)
So, yes, if I wished to be more specific I'd have said: Social Security and some of Medicare are funded by a tax specifically for those things, a tax that would presumably be removed if we removed them. The rest of Medicare is funded by voluntary premiums that people would stop signing up to pay if they did not get health care out of it.
It's fraud, obtaining goods by deception, and is illegal independent of whether the phone is locked or not.
Technically, yeah, but it's near impossible to prove they signed the loan in bad faith, unless there was some sort of pattern there.
The problem is that, at that point, the phone company has an unsecured loan and no way to get their goods back or the money owed for their goods.
Which is why, apparently, we need laws and technological solutions and laws to protect those solutions and bribes to protect those laws, etc, etc. Instead of them just not having a fucking business model that results in them making unsecured loans to people who can then run off with their stuff.
The rules never apply to large corporations. If I was stupid enough to do what phone companies do, I'd have to hire a lawyer and sue. Hell, I work for a very small company, and we have people defraud us. We don't have the time or money to hire lawyers to prove they really get their package or whatever, so they win. We just try to minimize the risk and the damages.
But despite the fact the phone company already has lawyers, and could functionally do these lawsuits 'in bulk' with near identical documents, that's apparently too much work for them. Heaven forbid a large corporations needs to sue anyone, or change their business practices so they don't have to sue people. They should be able to make collateral free loans and have the damn government enforce them.
Oh, you're commenting on the actual story. You must have read that elsewhere. See, over here at slashdot, we still don't know what the story is.
For all we know from the information provided, even after following the links and nto just read the summaries, all we know is that NASA had some big press conference, and Gizmodo made a guess what it is.
We have been supplied absolutely no evidence that Gizmodo was right, or that the press conference happened.
I choose to believe that Gizmodo believed NASA was going to announce something about discovering something, but they were wrong. Instead, NASA was going to announce that they were getting out of the space business, and starting up a touring musical group to put on Cats. However, NASA officials were abducted by actual aliens at the actual press conference.
As far as slashdot has actually linked to things, my story is just as plausible as yours. Strictly speaking, we don't even know even know it's after 2pm on Thursday yet!
Slashdot Mirror
The goal of the Swedish justice system is to unroll all the facts before deciding what to do
Really? Shouldn't they have fucking interviewed him after he offered after they leaked bogus rape accusations about him, then?
One word: guild.
It's essentially a union for people with non-linear skills. Who should, thus, not get paid solely on seniority. So it's a union minus a pay-scale and mandatory wage increases.
Actors have one. Sets minimum pay levels, has 'residues', which is a fairly weird pension system (I think a normal pension system would be better for programmers.), sets regulations about treatment of actors, etc.
Writers for books, TV shows, movies, all have one, too. Musicians do not have one, but desperately desperately need one.
While actors don't have 'mentors', that actually was a part of the original guild system, and would not be impossible to figure out. Neither would professional standards.
We don't need a union, we need a guild. (Which is exactly what you're talking about with 'partner system'.)
Don't look at mine workers, look at actors.
We don't need to try to standardize wages or anything.
What we want is:
Minimum required skill levels. Preferably with tests, as a lot of colleges are turning out shit workers.
Minimum required pay levels, including contributions to pension plans.
Ability to specify our own time limits for jobs, so rush jobs don't happen. (This is vague, but it's been figured out in other professions.)
No working with non-guild programmers, or on code contracted from non-guild programmers.(Erm, since the guild agreement was signed, of course.)
No confusing us with support or help desk or electrical engineers.
Possibly royalties?
Someone needs to look at SAG's contract. That's the sort of thing we should be looking at.
Incidentally, the 'HTML Writer's Guild' has the same sort of idea for web designers...except they have no power at all. But if programmers make a guild, and they make a guild, and we only work with each other, and we managed to get the IT union guys with us...
I don't think he's claiming that a business name is enough.
I think he's saying that an unwillingness to spend a few hundred dollars to actually legally start a business is a good indication that the person with the idea isn't serious, and no one is going to pay them any attention at all. Certainly no one is going to invest in them.
Of course, if they haven't spent that much, they probably don't have a server or anything either. Or at least no any sort of dedicated modern server with a fast connection....an old 1.6Ghz running Linux connected to your DSL is not 'a server'.
Bruce is right....if you aren't willing to spend $200-$300 on your 'idea', don't bother to try to get people to help. Get a business license, rent a cheap server hosted somewhere for a test platform(1), get a domain name, etc. Then, and only then, look for people to help build and invest in your idea.
Not to be confused with bouncing your idea off tech guys and marketing guys, earlier, so they can point out if it's stupid or not, which most ideas are, and you should find that out before spending money on it.
1) Even if you are 'going' to do your own hosting. What you are 'going' to do doesn't matter. You can't afford that yet, and you need somewhere that actually exists that you can build and test on.
Or 'It solves a need that Joomla + VirtueMart + a custom component developed for $100 could solve, so why aren't customers buying my $5000 proprietary software?'.
Say I had an idea for a news site for nerds.
The really funny things is that there are lots of people with 'ideas' that basically boil down to this.
For a news site, you don't even need 'just' a programmer...you need a damn CMS with forum software. (Granted, at the origin of slashdot, you actually did need a programmer. What software did exist was shitty. Of course, so was slashdot's software.) You don't need to worry about any non-off-the-shelf software until well after the businesses would fail.
When people outside the computer industry start talking about what they want to do, 30% of the time it's impossible, requiring AI or even magic(1), and another 30% of the time it's laughable easy, (If sometimes absurdly expensive to scale up, like building another google.) but sure as hell can't magically make a business.
1) Yes, while I've heard plenty of business ideas that require human-level AI to do, I've also heard problems where there is not enough data for a person to figure it out, but they somehow think a computer can.
he moved on to talk about "Howard Johnson's power amplifier" which is a generator that outputs more energy than it takes in and is based on "The fifth element, magnetism".
That is the crappiest slogan for a hotel ever. 'Howard Johnson: The Fifth Element, Magnetism'. It's right up there with 'Super 8: Lions live in South America'.
Howard Johnson published multiple "papers" leading up to how his design works, but since he was scared of being murdered by the government, he decided that he'd keep the last magical component hidden until he found a way to safely release the information without fearing for his life... or something of the sort.
I have a book with a Heinlein story in it that I can't think of the name of. In it, two inventors discover a 99.999% efficient light to electricity conversion process. (And it works the other way around, which is what they were actually trying to find.) And it's pretty cheap, too, it's just a form of clay. Obviously, this level of solar power and cheapness threatens all current energy interests in the world, and assassins soon follow. They solve the problem with a fairly obvious, if you know anything about the laws at all, solution:
They patent the damn thing and manage to get it printed on the front page of the newspaper. (Ah, the days before the internet, where getting stuff in front of a hundred thousand people took effort.) They figure that, yeah, 90% of individuals might steal the patent, you can make the stuff from a hardware and gardening store, but they'd still sell enough to businesses and governments and home builders that they're billionaires. Plus, no more assassins..what would be the point?
This story should be mandatory reading in school. There are way too many crackpots out there who only manage to function because people know nothing about patent law, and even more theories that require no knowledge of it.
I have a friend who thinks the auto industry bought up all 'car running off water' patents in the 1980s. I have pointed out that a) patents are public, so he should be able to find that and build his own car from it, even if no one can make or sell it, and b) any patent in the 80s has expired by now. Somehow, pointing this out has not dissuaded him.
People, oil companies do not make cars. CAR COMPANIES make cars. If a car company came out with a car that didn't require oil, they'd be rich.
Likewise, oil companies do not make power. POWER COMPANIES make power. If they could make power without paying for oil, they would.
And, no, those things are 'secretly controlled' by oil companies, as new ones appear all the time. You might even be able to get away with claiming 'the big three' are, somehow, owned by oil, but that certainly wouldn't stop from French or even Korean startup from making a shitty, tiny...FREE ENERGY CAR that the entire world would, um, notice.
And same with power. If you could make energy out of nowhere, surely one of these guys constantly begging for funds would, at some point in time, actually get enough month to build one such device. (In fact, they claim they already have.) At which point, they hook it to a power line, and, hey, they get paid money from the power company, and can use that to build more devices, which they can also hook to the power line...you see where I'm going here?
I mean, I have as little faith in the free market being 'fair' as the next progressive, but you have to have something wrong with your head to think it's that broken, to think that people with actual functioning free energy devices couldn't somehow build a business on them no matter what 'The Man' wanted.
Dreaming of a world where neodymium powers our future
I have to wonder how many crackpot theories there would be about neodymium magnets if it wasn't called 'neodynium' and sounded all futuristic. It's a damn magnet, people.
I've already made 10x more off the idea than what I've paid him in total and couldn't be happier with the success of my idea.
I keep having ideas for Joomla components that I really suspect I could hire someone to do at $15 an hour, get $100 worth of work out of them, and then sell for $10 a copy. Sell at least 15 and I've made money, including my time and effort.
I mean, simple shit that it's amazing that no one has ever done, or at least I can't find it. (Sometimes, sadly, I do find it...damn you, MetaMod! I had that idea!)
And, yes, I'm a programmer, and all the stuff I thought of is pretty easy, and there are a lot of non-programmers using Joomla.
I keep putting it off, however, because if I did it myself, I'd make even more money. I just need to find the time and energy.
It seems to me that the real problem is that many developers are completely removed from the design process.
The problem is that the backend developers and the frontend developers are working independently.
What they really needed was a better design team, made up of both of them, than can 'compromise' on things.
Often the design team will come up with something that the UI people thinks makes sense, but that unknowingly makes things 10x harder for the API people, and the UI people would have no problem doing it in a slightly different way.
Likewise, often the API people think in terms of low-level functionality, and forget that this all has to be presented to users, and there's an easy change that would make the UI people happy, or an easy-to-add extra functionality that the UI people want, but isn't part of the original design.
But the only way to fix this is to have very good UI and API people to start with on the design team at the start who can magically hold the entire hypothetical implementation in their heads and see where they will have issues...or be willing to revise things as you go along.
And revising things as you go along has other, obvious problems.
You have forgotten the other options:
3) Ideas that are not technically possible.
4) Ideas that, while possible in theory, but requires a decade of theoretical AI research before even starting, and probably would become #3 at that point.
5) Ideas that are simply doing something 'better' than the other guys, except there is no actual technological improvement hypothesized...the programmer is just expected to be told 'Do something better than facebook' and he'd realize 'Hey, I can do that! I'll add some 'better' over here.'.
The other point I'll make is that if you really 'need' to find programmers, I highly doubt you've got a very good idea.
To put it better: If all the 'idea' requires is 'programmers do a simple thing', it's entirely possible the idea person does not know anything about computers. Programmers have already done all the simple stuff.
Actual 'ideas' require putting those simple things together and figuring out how to aim them at a market, which, tada, requires you actually know what those simple things are, and their limitations. I.e., you need to sit down with a marketing guy and a tech guy (Or be one and sit down with the other.) and actually figure out what a) sells, and b) you can actually create to sell.
Often new ideas would fail both these people's sanity check, like 'a better google', which the tech guy will inform you require a huge up-front cost and months of getting it working, and the marketing guy will go 'Uh, better in what way? Why would people switch to us?' (This is such an obvious objection even the tech guy would come up with it, especially as Microsoft is trying to do it, and not having a lot of luck.)
In a sane world, the US would protect its domestic industries and prevent hemorrhaging money all over the world by making offshoring outright illegal and not allowing foreign labour into the country. As is, it's rabidly de-industrializing and going bankrupt as a result.
Not 'illegal'...just taxed more.
No, you won't be. An Indian accepts a smaller salary than an American because he won't be spending it in America, he'll be spending it in India.
And even if he is spending it over here, he's a) used to a smaller standard of living, and b) trapped by the law so that he can't negotiate for a smaller salary, and c) expect to retire back to India and doesn't need as much savings.
Meanwhile, that smaller salary depresses wages, which both decreases tax revenue and makes people poorer.
Indeed, the problem isn't the low salary or why it would be accepted, the problem is that having people willing (and able) to work for lower wages depresses an industry...and having that happen economy-wide depresses an economy.
Yes, I am responding to you.
You seem to think the way to stop this problem is to stop one single way that a hijacker of a web server is using to attack other people.
They still have other ways to attack people. (Like rewriting the actual files of the site.) And, more importantly, they're still in control of a server!
Like I said somewhere else, this article is 'Assassins who break into people's houses are now shooting people out the window, instead of just the door', which is a moderately useful thing to know, especially when that means they can look like they're coming from another, actually secured, location in the building.
But it has inexplicably which has lead to a discussion about boarding up windows.
While that is a fine thing to do, it is, I must submit, is not the actual problem, nor is it the actual solution.
The problem is that there are assassins in people's houses.
No, having an external firewall is not a solution to the problem that attackers are running programs as root on your server.(1)
Neither is stopping them from doing one particular thing, like opening another port.
1) As someone else mentioned, they might not be running as root, just launching apache with a new config file...at which point iptables would work fine stopping them from opening additional ports.
Usually they just spawn a new apache process as the hacked user with something like apache2 -d /tmp/haxorsite -c "listen 13675" ...
Well that's just stupid not to notice. I thought we were talking about something in the apache config, where you'd have to notice either the port being open or config files.
That's not really anything to do with apache at all. They could run netcat from a shell script or something with that.
Thats why any decent hosting provider uses some front end servers, eventually with mod_security, so the back-end cluster has very restricted network setup only able to talk to the front servers.
And, again, I must point out that I find this incomprehensible and serving no purpose. If that's really the issue, and they aren't priv'd users, just use iptables to stop extra ports.
Or, even better use selinux to stop children of php-fpm or whatever from opening additional ports.
FTP down the entire contents of your site, and see if anything seems wrong. Directories you don't remember with frame pages, stuff like that.
If you have a CMS like Joomla or Drupal, download a clean copy of the same version, extract it somewhere, and run something like WinMerge on the entire two directories. See what's different...should only be stuff you've installed, like themes and components, unless you've done some manual hacking.
Likewise, if it's just 'your site', if you're the only editor, and you upload it using FTP...download it to a different directory, and run WinMerge to compare. They obviously should be identical.
Downloading via FTP will also run a virus scan on it if you have real-time scanning, although feel free to also do that manually.
Incidentally, that won't do anything for this problem. If they've hacked your hoster to put extra web sites up on your domain on other ports, it's unlikely you'll be able to notice this, and they certainly won't be in your directories. But doing that requires root access, and this article is idiotic...if attackers have root on your server, the fact they can add extra http servers is the least of your problems.
Checking all the files helps for the more common attack of them putting up a directory on your site, and sticking malicious stuff in there, or including javascript files that pull in malicious stuff from elsewhere.
Also, checking every link won't help.You don't have to have a link to that stuff for it to get into Google.
They just shouldn't get a pagerank bump by being on the same hostname as something else.
Why not? If google thinks that's a useful way to treat pages, that's fine.
If this is 'fixed', attacks will just go back to hosting files in hidden directories. The 'alternate ports' aspect of this isn't the problem, it's the fact that people don't locate malicious files they are hosting.
Pssst. Email.
Yes, you're right, but if someone can change web server config files, they're root. (Or will soon be.)
So any firewall on the machine is easy to disable.
Granted, you could use an external firewall, but at this point you're boarding up windows so that the assassins who are wandering in and out of your house can only shoot out the doorway to kill people. That is not an actual solution to the actual problem you have, which is 'there are assassins wandering around inside your house trying to kill people'.
Technically, apache's config file permissions could be set so the apache user could reconfigure them without root privs, so the attacker might not have root...to start with.
Of course, if they can reconfigure apache as a normal user, they can configure it to, tada, run as root, which neatly solves the whole 'not having root' problem.
I'm a little amazed that attackers are reconfiguring apache instead of coming up with some rootkity http server of their own.
Uh, no, ideally you shouldn't allow the web server to rewrite its own config.
If it can do that, it's either already running as root, or, duh, its config files can be rewritten so it, from then on, runs as root. Which means the attacker is now running as root either way.
Frankly, half the time it'd be easier to detect extra ports than extra files. A lot of people have either gui interfaces to their http config, at which point an extra server on a weird port showing up would be noticeable, or have a script that writes the config files from a database, in which case an extra server might be erased (Depends on where it was added, though.)
Hell, you'd probably notice it from netstat at some point.
Whereas malicious files hidden in a web site tend to be hidden in a .whatever directory and some obscure CMS include/ file patched to include them, which no one will ever notice.
But stopping 'extra ports' actually does fuck-all for security anyway...it hardly matters if attackers are running malicious web sites out of extra http locations they've set up, or the pre-existing web server...the security implication of that is exactly the same.
The security implications of attackers rewriting http config files, OTOH, are through the roof. If you want to rewrite the http config from web pages, either use something like Webmin, which is designed for it and allows you to run your actual websites as a unprived user, or use a page that rewrites a database, and have a root-owned and root-running script that looks for updates to that database and rewrites everything. Do not, I repeat, do not, make /etc/httpd/domains.d/ owned by apache. (Or whatever the path and user for your web server.)
Like I said, it's trivially easy for an attacker with just web-server permissions to figure out that location and write a file that gives the web server root access, and next time it gets restarted...hey, look, their malicious scripts have root access also.
the bondholders would have perhaps been made whole (or close) by the sale of assets to new companies who would have been able to rebuild GM's VALUABLE divisions into something useful by now
No, they wouldn't have. There was no one to buy GM. There was certainly no one to buy it at the level you think there was.
And perhaps more importantly, the bondholders agreed to the exchange they go, which rather implies they knew this, that they knew if GM went into bankrupcy they'd get less than the 20% they got in equity.
No, that's the other part of Medicare, the part that's funded like social security. That's called FICA, and operates the same as Social Security, and you cannot opt out.
But that tax is practically nothing. That requires ten years of a 1.4% tax. Over your entire life, that might come to $7000.
And, like social security, if we stop Medicare Part A, we'd presumably stop the withholding for it also.
I was talking about the other thing, the actual insurance, which is 2/3rd of Medicare, Medicare parts B and C. (Part D is just nonsense.)
So, yes, if I wished to be more specific I'd have said: Social Security and some of Medicare are funded by a tax specifically for those things, a tax that would presumably be removed if we removed them. The rest of Medicare is funded by voluntary premiums that people would stop signing up to pay if they did not get health care out of it.
Then how do you go around and buy a computer from Best Buy?
What do you mean? Why would you do that?
It's fraud, obtaining goods by deception, and is illegal independent of whether the phone is locked or not.
Technically, yeah, but it's near impossible to prove they signed the loan in bad faith, unless there was some sort of pattern there.
The problem is that, at that point, the phone company has an unsecured loan and no way to get their goods back or the money owed for their goods.
Which is why, apparently, we need laws and technological solutions and laws to protect those solutions and bribes to protect those laws, etc, etc. Instead of them just not having a fucking business model that results in them making unsecured loans to people who can then run off with their stuff.
The rules never apply to large corporations. If I was stupid enough to do what phone companies do, I'd have to hire a lawyer and sue. Hell, I work for a very small company, and we have people defraud us. We don't have the time or money to hire lawyers to prove they really get their package or whatever, so they win. We just try to minimize the risk and the damages.
But despite the fact the phone company already has lawyers, and could functionally do these lawsuits 'in bulk' with near identical documents, that's apparently too much work for them. Heaven forbid a large corporations needs to sue anyone, or change their business practices so they don't have to sue people. They should be able to make collateral free loans and have the damn government enforce them.
I'm here for the comments, not the stories.
Oh, you're commenting on the actual story. You must have read that elsewhere. See, over here at slashdot, we still don't know what the story is.
For all we know from the information provided, even after following the links and nto just read the summaries, all we know is that NASA had some big press conference, and Gizmodo made a guess what it is.
We have been supplied absolutely no evidence that Gizmodo was right, or that the press conference happened.
I choose to believe that Gizmodo believed NASA was going to announce something about discovering something, but they were wrong. Instead, NASA was going to announce that they were getting out of the space business, and starting up a touring musical group to put on Cats. However, NASA officials were abducted by actual aliens at the actual press conference.
As far as slashdot has actually linked to things, my story is just as plausible as yours. Strictly speaking, we don't even know even know it's after 2pm on Thursday yet!