His posts have absolutely no coherence with the posts he is responding to. He is throwing in keywords that he knows will get him attention here on/. and I think using a sock puppet with mod points to give himself that all-important first plus to get the plus five.
Seriously:
It's like structured code vs assembler.... you can do the same thing in either, in theory. Sounds smart until you read the gp. Just throwing in the name of a couple programming languages is not insightful.
written in Redmond or somewhere else The GP never made a comparison between any two methods. This is just pandering to the "well, I like to use the software best for the job, closed source or not" crowd.
I realized the difference is subtle, but it's very important. Again, there was no comparison made in the GP
This guy is trying to game the system. Don't let him get away with it.
How you phrase it is everything. "No" will never stick, especially if the customer can easily migrate elsewhere. As a computer guy/dept, management/the customer sees you as somebody who just makes the mysterious boxes do what they want, no matter how asinine you know that request to be. Once you start throwing barriers between the manager/customer and what he thinks he wants, you will soon be replaced by somebody who who doesn't.
The key is to try to steer the customer to another direction. Often they want silly things like this because they don't know the alternatives. Engage the customer and find out what they are doing, and toss out a better solution. In the end, you will both be happier.
If you do end up having to give them RO access, I would be sure to write some method into their user interface that restricts wildcards. You don't want somebody doing the oracle equivalent of
echo "select * from huge_table" | cat > querry.sql; mysql -u user -p huge_db < querry.sql | grep value
Sounds silly but I saw a colleague write a script that did something about like that.
I am going to hijack this thread because I have an eCommerce site hosted on Debian and this made me nervous.
According to the reps at Thawte, if you are using a third party ssl cert (thawte, verisign, etc), this does not affect you. According to them, this is only dangerous for people who have generated their own SSL certs for their sites from the ground up (probably a minority, I would guess). If anybody has any information to the contrary, please let me know.
This behavior is IMHO incredibly stupid. If you manage to steal such items, one would think that you also manage to sell them somewhere else than on Ebay. You would be surprised how easy and wide spread this is. I got out about a year and a half ago, but it was already pretty common. We had a guy in our commo unit who stole a projector and got caught because he sold it on Ebay. My battalion's head cook was selling MRE's on Ebay and got caught. Our sister unit had a First Sergeant whose wife (also an NCO) was mailing stolen equipment out of Iraq and got caught by selling it on Ebay. Of course, for everybody who gets caught, 10 get away with it. I once did a report of survey for a lost light amplifier (the sensitive piece of night vision goggles) and we wrote it off as a loss. It could have been the unit armorer or XO, it could have been the maintenance specialist, it could have been the maintenance NCO; there was just no way to tell. I heard through the grape vine a couple months later that CID had recovered it off of Ebay, but the original seller/thief was a mystery.
People like to use the US's phenomenal military budget as evidence of the country's militarism, but in my admittedly limited experience, it has more to do with massive lack of accountability on an institution-wide scale. Anybody I have ever spoken to who has been in military logistics for a long period of time can tell you about the time he watched a million dollars get wasted in a day.
They have no right to be on private property. I used to hunt a lot when I was a kid. In the woods, if private property is not posted or marked in any way, while you can't hunt, you can still walk across the land and the owner has to notify you personally or by certified mail to stay off his land before you are considered to be trespassing. The land in question here was not marked as private in any way, as I understand things. Now, these laws change a lot by location, and I imagine that the laws of city of Pittsburgh are a lot different than those of the rural Colorado I grew up in, but the issue is hardly as clear cut as you seem to want to make it.
Yeah, but children have different needs. They will etch their names in the case, drop it, routinely hold it by the lid, drop it, spill stuff on it, drop it, get that cookie-saliva goo mixture from their fingers on it, etc. For a child, a tough slow box is worth more than a fragile powerful machine.
Lawyers are not charged with enforcing the law. They are charged with bending it to their own purposes, should that be getting an innocent man out of jail or extorting money from large amounts of people. Bullshit. Lawyers are officers of the court. While they are not charged with enforcement per se, they are charged with presenting the law and interpreting it in good faith. There are sanctions for "bending" the law, up to and including prison.
Except for that the drivers appear to be broken on purpose. The installer checks to see if it is on Vista, and if so it turns off certain features or replaced working drivers with buggy ones. All he did was disable the checks and replace the Vista drivers with the XP ones. According to TFA, the company has said "that whether or not it cripples its Vista drivers is a 'business decision that only we have the right to make.'"
Looks to me like they are trying to cash in on the Wintel upgrade cycle for no good technical reason: "Oh, if you want to enable all of Vista's advanced features, you need to buy this card over here."
Bastards, but probably bastards who will make lots of money.
Yeah, but having seen Comedy Central's other offerings (Colbert Report and the Daily Show), I am skeptical. Take two sites:
The Official Colbert Report site is slow, experiences frequent outages, has mediocre quality video, crashes several major browsers after 10-20 minutes of viewing, and shows you the same add every two and a half minutes. On the plus side, it looks pretty.
The pirate south park site is slow, experiences frequent outages and has mediocre quality video. However, the shows are easy to browse and the adds are limited to things outside of the viewer window (and are blockable).
From my perspective, the choice is clear here. I am sure that Comedy Central will do a worse job than the pirates did. It will be just like when they got Colbert off of YouTube and replaced it with something worse.
The media companies are really slow to learn: the Internet gives them a potential gold mine, they just have to come up with a way to deliver their wares that sucks less than what Joe up the street can do. So far, they fail, Comedy Central and Viacom included.
Even with acrobat pro, you can't do too much editing to existing to PDFs: change a little text here and there, add comments and that's about it.
I understood that this was because of the way that PDFs store information based on positioning, curves, gradients, etc, so I am skeptical about what this feature of OOo actually does, given that some very expensive commercial software does not even do this. If, however, OOo does allow users to really load and edit PDFs, this could be the break though that it has been waiting for.
Yes. You pass if the website renders correctly. You fail if the website owns your machine. Yet another "standards" test designed to make IE fail. This is just more proof that the W3 has it out for Microsoft.
True. Students usually have time on their hands, knowledge at their disposal and being young they still have an underdeveloped sense for the potential consequences of their actions. Oh, and T1 connections directly into the dorms. Just talk to somebody who administers a university network: trying to keep students from "playing" with the school infrastructure is a nightmare.
I would give my left nut for a mod point right now. That has to be one of the most interesting links I have seen on/. this month. I just bought the book on amazon.
Zone alarm (and all other software firewalls) are pretty much useless for blocking outbound traffic. Zone alarm is software running on your machine. If you run another piece of software, there is nothing that stops that piece of software from modifying ZA. That modification can change ZA to allow traffic from application X without notifying the user. Quicktime player, for example, does this with most firewalls. What's more, ZA runs on top of the Windows network stack, but it is not part of that network stack. So, a well written piece of code can simply go around ZA and access the network stack directly.
This is not to say that software firewalls are useless. They are necessary to block incoming traffic since Windows has so many open services. However, blocking outbound traffic is essentially a marketing gimmick. If you want to do that, you need a hardware firewall running on another machine entirely, but then of course you no longer have the ability to tell which application is sending the request/packet.
You know how opponents of gun laws say that if you outlaw guns, only criminals will have them? Well, for software firewalls blocking outbound traffic, this is actually true. These types of firewalls only block processes that are behaving, and misbehaving applications can just modify or go around them. Any successes that you get are just because the piece of malware that you are dealing with is poorly written.
Rather, you're much better off running a strong firewall that's not the same piece of software or hardware at the boundary of your network which will pick up on nasty things I am quite interested in learning what kind of hard firewall you have that is capable of distinguishing between a packet sent over port 80 originating in, say, Internet Explorer and any other piece of software. I am also interested in knowing what software firewall you have that can block applications from rewriting its rules to allow themselves access.
It's only 'easy' if your time has no value and you're competent to examine the source, which I would say the vast majority if not 99.9999% of people aren't...you can run a packet sniffer and keep an eye on what the software is sending across the network Um, IMHO, checking the source is way faster and takes way less skill than this easily subverted clusterf*ck that you are proposing. Besides, the very thing that makes a hardware firewall useless for cases like this also makes this approach unreliable.
which I would say the vast majority if not 99.9999% of people aren't. While we are in the realm of imaginary statistics, I would say that about 100 times as many people are competent to examine the source of a program than to decompile a program and read the resulting nasty, uncommented, tangled pile of commands that results from that. That makes it about 100 times as likely that somebody will find a back door like this in OSS code, doesn't it?
Oh, by the way, you realize that lots of people are paid to audit OSS code before they deploy it in their company, right? The ability to do this is actually a selling point for a lot of companies.
(and unless the software has got a built-in ansible, that should be good enough for almost all applications.) What are you talking about?
Seriously, though, this is why I use the greasemonkey extension for firefox to do things like this. It allows you to add your own javascript to certain web pages. For example, the better gmail set of scripts provides a variety of enhancements, and there is a tool that lets you add a bcc to every mail (which is how I back up my sent mail).
The best part is that all the scripts are javascript, so even if you have the most rudimentary understanding of just about any programming language, you can easily figure out what the scripts are doing. No decompiling or reverse engineering needed.
Although I risk sounding like an ideologue for saying this, this once again shows how open source programs are inherently more secure than closed source.
It's from Xiti... you just sign up and put a little script in your page that displays their marker. They have a free and a pay for version... I have the free version.
It can be a bit light on certain key features, such as tracking user paths, but it is really good at producing quick, attractive, easy to read overview charts that you bring into meetings or post on/. Of course, you also have the disadvantage that you are running 3rd party scripts on your page.
As for browser usage, I think that my site probably represents a pretty accurate sample of the European market. We sell a product (language courses) that is decidedly non-technical, but still applies to technical people.
As for how to get people to upgrade... very few people will upgrade on their own. My father has been a software developer / project manager for nearly 40 years and he still has SP1 at home. We have to rely on the people who produce our software to write a good product that updates nearly automatically, like FF is and does. I have little faith in MS's ability/desire to do this, though (they update, but the quality part...).
From a designer's perspective, IE7 is a huge improvement over IE6. They fixed really a lot of the css problems, to the point that, if I am careful, I can write a site that is both css/xhtml valid and renders properly in IE7 (even with a css-only drop menu). No hacks or anything. The new version of Trident (IE's rendering engine) isn't perfect, but it's much better.
They also finally implemented png alpha channel, which lets us overlay images such as logos with nice, smooth, aliased edges. To get an idea of the difference this makes, compare these two logos:
Alpha channel support also allows people to do some other nice looking effects, such as drop shadows, with little fuss.
Unfortunately, the people who designed the IE7 UI appear to have been retarded monkeys. The result is that now, almost 2 years after its release, almost a third of my users are still on IE6. Personally, that is really frustrating.
I am not optimistic about MS's commitment to continue to improve standards compliance in IE8. It does not support svg, as somebody already pointed out, nor will it support E4X, which is going to hobble AJAX development.
Slashdot Mirror
Seriously: It's like structured code vs assembler.... you can do the same thing in either, in theory. Sounds smart until you read the gp. Just throwing in the name of a couple programming languages is not insightful. written in Redmond or somewhere else The GP never made a comparison between any two methods. This is just pandering to the "well, I like to use the software best for the job, closed source or not" crowd. I realized the difference is subtle, but it's very important. Again, there was no comparison made in the GP
This guy is trying to game the system. Don't let him get away with it.
How you phrase it is everything. "No" will never stick, especially if the customer can easily migrate elsewhere. As a computer guy/dept, management/the customer sees you as somebody who just makes the mysterious boxes do what they want, no matter how asinine you know that request to be. Once you start throwing barriers between the manager/customer and what he thinks he wants, you will soon be replaced by somebody who who doesn't.
The key is to try to steer the customer to another direction. Often they want silly things like this because they don't know the alternatives. Engage the customer and find out what they are doing, and toss out a better solution. In the end, you will both be happier.
If you do end up having to give them RO access, I would be sure to write some method into their user interface that restricts wildcards. You don't want somebody doing the oracle equivalent of
echo "select * from huge_table" | cat > querry.sql; mysql -u user -p huge_db < querry.sql | grep value
Sounds silly but I saw a colleague write a script that did something about like that.
I am going to hijack this thread because I have an eCommerce site hosted on Debian and this made me nervous.
According to the reps at Thawte, if you are using a third party ssl cert (thawte, verisign, etc), this does not affect you. According to them, this is only dangerous for people who have generated their own SSL certs for their sites from the ground up (probably a minority, I would guess). If anybody has any information to the contrary, please let me know.
People like to use the US's phenomenal military budget as evidence of the country's militarism, but in my admittedly limited experience, it has more to do with massive lack of accountability on an institution-wide scale. Anybody I have ever spoken to who has been in military logistics for a long period of time can tell you about the time he watched a million dollars get wasted in a day.
Yeah, but children have different needs. They will etch their names in the case, drop it, routinely hold it by the lid, drop it, spill stuff on it, drop it, get that cookie-saliva goo mixture from their fingers on it, etc. For a child, a tough slow box is worth more than a fragile powerful machine.
6.0 is released, but it's pretty beta. You can download it here. It has a lot of changes. You can read about some of the important changes here.
Except for that the drivers appear to be broken on purpose. The installer checks to see if it is on Vista, and if so it turns off certain features or replaced working drivers with buggy ones. All he did was disable the checks and replace the Vista drivers with the XP ones. According to TFA, the company has said "that whether or not it cripples its Vista drivers is a 'business decision that only we have the right to make.'"
Looks to me like they are trying to cash in on the Wintel upgrade cycle for no good technical reason: "Oh, if you want to enable all of Vista's advanced features, you need to buy this card over here."
Bastards, but probably bastards who will make lots of money.
This is going to sound really strange, but I always found that licking the connectors solved most of my problems.
-
The Official Colbert Report site is slow, experiences frequent outages, has mediocre quality video, crashes several major browsers after 10-20 minutes of viewing, and shows you the same add every two and a half minutes. On the plus side, it looks pretty.
-
The pirate south park site is slow, experiences frequent outages and has mediocre quality video. However, the shows are easy to browse and the adds are limited to things outside of the viewer window (and are blockable).
From my perspective, the choice is clear here. I am sure that Comedy Central will do a worse job than the pirates did. It will be just like when they got Colbert off of YouTube and replaced it with something worse.The media companies are really slow to learn: the Internet gives them a potential gold mine, they just have to come up with a way to deliver their wares that sucks less than what Joe up the street can do. So far, they fail, Comedy Central and Viacom included.
Even with acrobat pro, you can't do too much editing to existing to PDFs: change a little text here and there, add comments and that's about it.
I understood that this was because of the way that PDFs store information based on positioning, curves, gradients, etc, so I am skeptical about what this feature of OOo actually does, given that some very expensive commercial software does not even do this. If, however, OOo does allow users to really load and edit PDFs, this could be the break though that it has been waiting for.
We could ride there in paper airplanes... seriously, the Japanese are already testing the concept!
True. Students usually have time on their hands, knowledge at their disposal and being young they still have an underdeveloped sense for the potential consequences of their actions. Oh, and T1 connections directly into the dorms. Just talk to somebody who administers a university network: trying to keep students from "playing" with the school infrastructure is a nightmare.
No, they basically paid for the license that they should have bought in the first place.
I would give my left nut for a mod point right now. That has to be one of the most interesting links I have seen on /. this month. I just bought the book on amazon.
Seriously, mods, click the link.
Zone alarm (and all other software firewalls) are pretty much useless for blocking outbound traffic. Zone alarm is software running on your machine. If you run another piece of software, there is nothing that stops that piece of software from modifying ZA. That modification can change ZA to allow traffic from application X without notifying the user. Quicktime player, for example, does this with most firewalls. What's more, ZA runs on top of the Windows network stack, but it is not part of that network stack. So, a well written piece of code can simply go around ZA and access the network stack directly.
This is not to say that software firewalls are useless. They are necessary to block incoming traffic since Windows has so many open services. However, blocking outbound traffic is essentially a marketing gimmick. If you want to do that, you need a hardware firewall running on another machine entirely, but then of course you no longer have the ability to tell which application is sending the request/packet.
You know how opponents of gun laws say that if you outlaw guns, only criminals will have them? Well, for software firewalls blocking outbound traffic, this is actually true. These types of firewalls only block processes that are behaving, and misbehaving applications can just modify or go around them. Any successes that you get are just because the piece of malware that you are dealing with is poorly written.
Oh, by the way, you realize that lots of people are paid to audit OSS code before they deploy it in their company, right? The ability to do this is actually a selling point for a lot of companies. (and unless the software has got a built-in ansible, that should be good enough for almost all applications.) What are you talking about?
Seriously, though, this is why I use the greasemonkey extension for firefox to do things like this. It allows you to add your own javascript to certain web pages. For example, the better gmail set of scripts provides a variety of enhancements, and there is a tool that lets you add a bcc to every mail (which is how I back up my sent mail).
The best part is that all the scripts are javascript, so even if you have the most rudimentary understanding of just about any programming language, you can easily figure out what the scripts are doing. No decompiling or reverse engineering needed.
Although I risk sounding like an ideologue for saying this, this once again shows how open source programs are inherently more secure than closed source.
It's from Xiti... you just sign up and put a little script in your page that displays their marker. They have a free and a pay for version... I have the free version.
/. Of course, you also have the disadvantage that you are running 3rd party scripts on your page.
It can be a bit light on certain key features, such as tracking user paths, but it is really good at producing quick, attractive, easy to read overview charts that you bring into meetings or post on
As for browser usage, I think that my site probably represents a pretty accurate sample of the European market. We sell a product (language courses) that is decidedly non-technical, but still applies to technical people.
As for how to get people to upgrade... very few people will upgrade on their own. My father has been a software developer / project manager for nearly 40 years and he still has SP1 at home. We have to rely on the people who produce our software to write a good product that updates nearly automatically, like FF is and does. I have little faith in MS's ability/desire to do this, though (they update, but the quality part...).
What ever you do, don't file a bug report. I filed one years ago to fix a spelling mistake, and its still there.
They also finally implemented png alpha channel, which lets us overlay images such as logos with nice, smooth, aliased edges. To get an idea of the difference this makes, compare these two logos:
- png
- gif
Alpha channel support also allows people to do some other nice looking effects, such as drop shadows, with little fuss.Unfortunately, the people who designed the IE7 UI appear to have been retarded monkeys. The result is that now, almost 2 years after its release, almost a third of my users are still on IE6. Personally, that is really frustrating.
I am not optimistic about MS's commitment to continue to improve standards compliance in IE8. It does not support svg, as somebody already pointed out, nor will it support E4X, which is going to hobble AJAX development.