>> - What happens if fission powered rockets crash? >> Instant nuclear disaster, unless the containment >> vessel holds (and it might, but the public will not >> be convinced it would).
> Oh, you mean like Chernobyl? Not to make light of > 100 or so deaths, but there are worse things in the > world.
*sigh*... All I can say is that if you'd been in Europe in 1986 you'd have a slightly more realistic grasp of the effect of Chernobyl. There are some areas of the UK that are STILL banned from producing milk because the fallout that rained out > 15 years ago is still present in levels high enough to make it unfit for human consumption.
> Unfortunately, people are so freaked out about > anything with the word "nuclear" or "reaction" > attached to it the only way they would ever put a > dime in it is if it was called "The Wonder Drive" > or "Warp Drive"
Fiddlesticks. People's fears of nuclear power are - well OK most people's fears are pretty irrational, but then that's humans for you - but nuclear power IS phenomenally dangerous and Bad, as only a cursory examination by anyone not blinkered by obsessive techno-fetishism, or with a mind decomposed by reading too much crap SF would tell you.
I know this is a lame sorta thing to say but really, the Sloan DSS has been running for... what, 3? 4? years now? Interesting, I grant you, but hardly news.
What an excellent idea! Let's save the environment by using geostationary and low earth orbiting satellites, remote sensing, advanced remote sensing, GPS navigation, image analysts... or what about zillions of nanobots, hovering over the fields, acting as a distributed AI 'hive mind'...
Alternatively we could get a clue and start paying the farmers what the market will bear, instead of subsidising them to produce grossly-resource intensive crap that destroys our health, screws the environment, costs us billions in tax (for subsidies), whilst millions starve, and only agrichemical multinationals and food processors benefit.
My girlfriend grew up "the ghost state of former Yugoslavia" as someone put it. She says there were tons of good quality graphic novels/comics, they were widely read & not just by schoolchildren & morons, but the vast majority of those titles are unheard of outside Europe. As well as Jeremiah, she was a big fan of "Alan Ford", google for it, it's excellent.
Anyways, I was showing her the Net & demonstrating Google by looking for Jeremiah-related stuff; we found a preview announcement of the film. She read the synopsis / setup for the film & says this is (a) changed a lot, and (b) based on the first half of the first issue. So, original comic book much better than p8in-off TV show / movie... film at 11.
Anyone have news on the long-awaited Watchmen film? I'm just re-reading it, I always forget how excellent it is. Alan Moore knows the score...
Jack ("The VCR is to the American public as the Boston strangler to single women") Valenti of the MPAA wrote a depressing editorial at The Washington Post, calling for DRM-enabled OSes to be the (presumably, legally mandated) standard, in order to save Hollywood from the same terrible fate that befell the music industry while Napster was operating. Depressing because, although his case has more holes than Internet Explorer, it smells of a ploy to get more bad laws passed. Three guesses what would happen to non-compliant (read: Free) OSes once this terrible law goes through... The Register has a good scathing response.
When Free software is against the law, only outlaws will have Free software...
So the consensus on Slashdot and LinuxToday, to me at least, seemed pretty comprehensively to have ticked box marked "Miguel is smart but misguided,.NET is evil and you must never trust Microsoft." And there were many comments along the lines of "Sun will now have nothing to do with GNOME cos they will never have anything to do with.NET." Well I reckon Sun do better due diligence on such things than the average/. gasbag (like me =) so, whatever they think of.NET, they're not worrying about it affecting Gnome for at least the next couple of years.
Does this mean we get another couple of years of Slashdot flamage? Suits me, I like a good flame war;)
The most recent Need To Know has a good piece on Spam Assassin which uses a clever points-weighted rulebase and apparently has an excellent accuracy rate. What's more it comes with a ISP-friendly daemon mode. Presumably AOL would have some scalability issues, but I'm sure this is a fixable problem.
The other possibility is a net-block equivalent of ORBS. Some on the Sec-Focus Incidents list (and other fora, over the years) have bounced around the idea of blocking netoblocks who'#s POCs don't work, or who don't have or respond to mail to the RFC-mandated abuse@, security@, hostmaster@,.. standard mail accounts. I'm all in favour. Automate probes, the way ORBS did for anonymous relays. I think this would be a Good Thing. People do have a legitimate need to communicate between Asia, America and Europe: simply dropping everything from.kr is evil and wrong, IMHO.
Finally - y'all know that anonymous HTTP proxies are just as bad, if not worse, than traditional open mail relays? Just testing;)
The AP is reporting that there is spyware within Windows Media Player 8(which ships with XP)
Actually this was discovered by Richard M. Smith, who has a good record of finding bugs-by-design, security holes and privacy breaches in MS software. Here's his page on the topic, on the topic, and here's Microsoft's response - which is all in the first sentence, really, "we do not believe [this] represents a user privacy concern." All this was in my submission of the story, last night - heh, it's the first time I've submitted a story and someone else's post got there first. Or better.
In reply to those people saying "this is just the same as CDDB, what's the big deal?": this IS a bad thing, for the following reasons:
As with most of the rest of XP's phone home functionality, there's nothing to tell the end user what's happening here. As with previous incidents of unexpected traffic seen from XP machines, Smith had to break out a packet sniffer to discover what the traffic was and where it was going.
You trust Microsoft NOT to start correlating this info to make some use of it further down the line? You trust them NOT to sell it to the MPAA so help them track evil pirates playing non-MPAA titles? As they don't even tell you they're doing it, there's no privacy policy involved - they give no categorical assurance that they won't give the info the CIA or the BSA, for that matter.
Why the hell should Microsoft get to run CDDB as well as everything else? It's just another example of their greed and desire to own all your media.
Think about it: Passport, web services, yuor company's servers, your corporate desktop, your own home PC, all your apps, your phone, set-top box, Palm ripoff, Psion rip-off... apart from washing machines and guided missiles, I can't think of anywhere that software runs which Microsoft doesn't aspire to own. Actually, come to think of it, NT4 at least can allegedly operate as a router; they've been trying to make headway in the embedded market for years, and I fear that "version 3 syndrome" will kick in on their efforts there soon... sheesh, they're even selling firewalls now. When the great day comes that Microsoft own all mass markets for software, they'll buy out some major consulting/services firm and start trying to put independent developers out of business, too. Pray that day never comes...
Microsoft have yet to learn that in privacy and security matters, the correct default is to trsut no-one and nothing. If you prove to your customers or users that you're worthy of trust, you'll get it. Take it for granted, and assume that the user won't MIND if your software starts sending your personal data back to the vendor (or a thrid party) without telling you, and you start getting into people's shitlists. When you're Microsoft, you have to bend over backwards to ensure that not only are you doing the right thing, but that you're SEEN to be doing the right thing. If you give a flying one, that is; if you really are Microsoft, then you couldn't care less, because your Windows monopoly means 99% of users and customers haven't got any choice in the matter.
And what if you're a network security person and spot unauthorised traffic (which is what this is) on your network? You could spend a lot of time & energy investigating. For all I know, this could be a DDoS agent that some kiddie's planted on a cracked XP box, and is now starting to flood windowsmedia.com.
If you really think this is "just like CDDB", ask yourself: why are Microsoft going to the trouble and expense of providing this "service" - given that they don't even tell people they're doing it? What do they hope to gain from it? How does this increase their marketshare or mindshare? Follow the money...
A tasteful end? How you have a 'tasteful' end to that sack of shit? Good riddance to it. I'm anti- anything that helps feed the level of general public superstition, belief in pseudo science, Atlantis, ESP, ghosts, Carlos Casta-frigging-neda, flying saucers and all the rest of it. Why not a drama series dealing with the real-life government conspiracy with megacorps to sell us back our own culture and generally rule our lives for the good of their bank balances? Nah, they'd never sell the advertising, right? [ END misanthropic_rant ]
I think your view of.NET is a little clouded by the fact that Microsoft is involved. Sure Microsoft has demonstrated monopolistic practises, but when is the last time they released a standard to ECMA [www.ecma.ch] and then purposely broke it?
That would be the ECMA standard for the Windows operating system. As someone pointed out on
Linux Today during the deIcaza/.NET furore the other week, this ECMA standard didn't help the Wine developers much.
Is this really a surprise? God forbid Microsoft ever tried to make medical equipment.
According to RISKS Digest, someone went along to watch a friend getting laser eye surgery & noticed (a) the technician was blindly hitting RETURN to clear pesky annoying error messages, and (b) the machine was running Win95. Oh, and this machine was taking the details of the subject's eye geometry, & controlling the laser that was about to shave a thing slice off the front of the eyeball to correct some minor astigmatism (IIRC; don't have the url to hand, anyone? )
I wouldn't have believed it possible a year ago, but I've been out of work since my last employer went bust in August 2001. OK, I'm not a hardcore CS-grad C programmer - I'm mostly a Perl programmer, with a minor in "anything-todo-with-security", and basic (NT, Linux, BSD) sys-admin skills. I'm not asking an insane salary. I've never been unemployed since starting in IT professionally in 1995, and this is now the longest I've/ever/ been unemployed. It's pretty fsckin' crappy, I can tell you. The only bright spot is having plenty of spare time for reading (Slashdot, Bugtraq, Incidents, Vuln-Watch, ISN, nanog,...), and finally getting round to writing some actual releasable-quality Free software - which is tons o' fun. Otherwise, frankly, it's damn depressing. And reading posts here saying "anyone who can't get work must be a loser or a prima-donna or a MCSE-mill twit" doesn't help!;p
> Third, Win32 APIs are NOT largely published. The good ones - the ones that MS has used to beat down competitors in the so-called "middleware" market have been secret/obscificute. The.NET Framework APIs are open, and submitted to the ECMA.
As someone pointed out in the Linux Today discussion, there's an ECMA
standard for/Windows/. (The original poster had a ref. number,
approx. ECMA360 or thereabouts.) That doesn't seem to have helped
WINE much.
I think the invisble-looming-patent-bitchslap argument has some
merit. Look at it this way: why are Microsoft doing this? Follow the
money. What do they set to gain from it? As many have pointed out, as
a profit-driven company, and by virtue of their record, we know that
there's always a Grand Plan for Microsoft. They must believe that
they'll get more benefit if they do the standards thing, than if they
keep it as a traditional, closed, Microsoft-only technology. They
obviously know of Mono, et al, and they are happy for those projects
to exist. Where, and how, do they gain in this scenario?
I also notice that everyone who says they've used it, loves it
(including people with plenty of experience developing in the Unix
world.) Has anyone who's used it got a bad thing to say about it?
/Does/ it provide a big productivity gain? Is that just due to the
Microsoft implementations and tools, or are those benefits really
available to Free software users?
...the International Space Station drifts helplessly, out of communication with the ground, with power draining away - because the computers crashed. Some so-called 'desktop' uses really are mission critical.
At university I read Regional Analysis (economic geography), plus a combined social sciences foundation course, followed by social psychology. After leaving I worked as a security guard for six months, then as a tape copier/runner for a music publisher with a couple of recording studios, whilst I tried to get into A&R (aka 'scouting'.) That went tits up due to office politics, and I realised that having borderline social phobia was not good for a job where schmooozing and socialising is pretty much essential. (Also I realised that the commercial music industry STINKS; and it took me three or four years of listening to pretty much nothing but jazz, classical and flamenco music (and some personal faves such as the Manic Street Preachers, and 70os prog, that I was already into) before I could listen to any vaguely contemporary music.
In 1995, I got a couple of temp jobs for a lousy wage (five quid an hour) doing basic data entry stuff. One job entailed moving Lotus 123 files into Excel: they turned out to contain macros, so I taught myself VBA from the manual and help files. Already knew about Linux and the Net from a kernel-compiling friend, and realised HTML was too simple to make a career out of; did some digging, and picked perl to learn over Java and tcl (which looked like the best bets for future net programming languages.) After a couple of years I'd tripled my salary and was learning as much as possible about networking and security - I thought the Net boom would bust fairly soon, and reckoned those would be good (and more importantly, interesting) areas to get into.
Alas I timed things wrong: employer went bust last summer leaving me stranded on the dole. I'm in the classic "can't get the fist info-sec job without prior experience" Catch-22.
Of course, five years of practice & experimentation on my home network, plus
getting as involved as possible in sec issues everywhere I worked, obsessively
reading Bugtraq, Incidents, SANS, CERT, nanog etc lists, Northcutt/Novak, Garfinkel/Simson, Cryptome, yadda yadda, doesn't count for much when their are MSc - qualified people with 5 years solid security work and a CISSP out there looking as well. [ Ob Begging: Gissa job, anyone? (London, UK.) ]
>The point is that running SOAP over SMTP or NNTP >does not make a lot of sense
A free clue:
$ cat/etc/services
No one is (seriously) suggesting running SOAP over FTP or NNTP. The point is that one of the fundamental features of the IP suite is that unique services should run over unique ports. This has a wide variety of benefits, one of which is that you can SHUT IT DOWN AT THE FIREWALL (or border router or whatever) when someone blurts their new exploit all over Bugtraq without bothering to inform the vendor. As it stands, when this scenario comes to pass (or the first.NET worm breaks out, or whatever) the network admin will have to make a choice between killing all web traffic as well as the (completely unrelated) SOAP services,or leaving them open and taking a chanceon not getting hit. [Or running an application-layer proxy, with the concomittant issues of security, resources, latency etc etc.) And when the MD or CEO calls up asking why he can't get to CNN.com, what's he going to say? Running SOAP over port 80 is a really dumb idea.
Incidentally when I said this here, a few months back, I got the most severe flaming I've ever had on Slashdot... nice to see that everyone's nodding sagely and saying "yes, of course, how true" now that Bruce Schneier says so, too. Apologies accepted =)
> FTP is actually built on Telnet and there are good
> reasons not to use SSL with Telnet which is why SSH
> is no longer based on SSL.
I have no idea what are you talking about here. ftp is "built on telnet"?
And FYI, SSH - OpenSSH at any rate - still had OpenSSL as a dependency
last time I compiled it (a couple of months back.)
I don't see anyone else saying this: I think we shuold all say a big THANK YOU and WELL DONE to the friend who resigned his job over this - especially in today's economic climate. This sort of courage, to put one's own neck on the line over a principle, is sadly lacking amongst most of us. Well done, and best of luck finding another job with an more ethical employer.
Kudos for the apache team on 2.0 but until it's as easy to configure and add onto as IIS it will continue to be a battle with Microsoft.
Easy to configure?? Your'e kidding, right?
I first played with Apache (on NT4 in fact) at about the same time as I was given my first real live webserver to handle - which was IIS3, and soon afer, 4. Configuration of IIS is a nightmare compared to Apache. There are tons of things wher eyou have to painstakingly click up and down a complicated tree hierarchy with obscure generalist names like "web site" "host" "pubHTML" (IIRC, this was a few years ago now) and change them at multiple levels. This was especially true for getting CGI to run properly instead of sending back the source as text, or 500-ing, or whatever. Not at all intuitive. With Apache, there were IIRC a total of three things to type into a config file - plaintext, well commented, and pretty obvious what they should be. It took less an hour to get running even the first time I used it; and I wasn't at all used to editing text config files at the time.
From then on, as I used IIS to run Perl CGIs I'd mostly written & debugged at home on Apache, I grew more and more impressed with Apache. It's fast, flexible, incredibly stable (it's never ONCE crashed on me in production), secure (it was such fun tail -f ing the access log during CodeRed and nimda...) and adding modules, of which there are tens of very powerful ones from HTTP proxies to authentication via databases, encryption, URL correction, you name it ) is usually just a matter of reading the docs for 10 mins, running configure, make, make install and adding a couple of lines to (the same) config file. Cos it's plain text I can do it in any editor I liked; when I started I was using Notepad and Programmers File Editor on Windows; now I use emacs , on Linux AND NT, but I could use Vi, or Microsoft Word, or whatever the hell else I wanted to .
Eventually I was fired for using Perl and Apache in production, instead of IIS. My successor was the guy who'd been doing the HTML and graphics for the content - a good chap and certainly capable of picking up at least as good Perl as I'd written (not very, at the time. But it worked, dammit!:) . He complained to me a few months later that after several very expensive courses, and a load of bloated expensive slow Visual InterDev / Vusal Studio guff installed on his machine, he'd started converting my Perl to ASP. IIS crashed all the time, not only on his dev machine but on the production server. He was secretly reading the Gecko on his own time and playing with a sly Apache install...:)
I wonder if any of the commenters in favour of IIS actually moved FROM apache to it. IN my experience the traffic is all one-way...
You have to admit that both IIS and Apache are both good webservers, its just that IIS gets a lot of flak for having holes in it that admins were not quick to patch,
Well, quite!;)
I just happened to have spent the last couple of hours compiling Apache 1.3.22 with mod_perl under Cygwin on NT4. Rather a perverse thing to spend time doing, I know, but great fun and useful... I think that the act of compiling software is underestimated as a way of guaranteeing that the user / admin understands it, what it's doing and so on. When bugs appear, as-they-inevitably-do-in-any-software , the admin who's had to read INSTALL or README, read the output of make and configure to see what's going on and fix or tackle problems, will always end up with a more secure machine. (And of course as we all know, Apache has had far, far fewer security issues than IIS.) `Release often' also makes a big difference. If you install NT43 today, you then have to spend the best part of a day just installing hotfixes and rebooting. Same with IIS.MS never recalls the code for OSes or apps, even when they're known to be so riddled with holes that a default install connected to the net will likely be compromised within hours; yes folks, they're still shipping XP CDs with that UPnP hole in, and will continue to do so for the entire life of the product in all likelyhood. How many normal end-users would expect that to be the case? Apache OTOH always has the latest & best stable code up as the default install. yet another factor in it's allround wonderfulness.
I'm very happy to be seeing this banner, can you tell?:)
00:53:53:/usr/local/src/screen/screen-3.9.10
andrew@INEGO% telnet 192.168.0.1 80
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Sun, 13 Jan 2002 00:54:10 GMT
Server: Apache/1.3.22 (Cygwin) mod_perl/1.26
Last-Modified: Sun, 25 Nov 2001 04:29:35 GMT
ETag: "16078f-bd8-3c0073af"
Accept-Ranges: bytes
Content-Length: 3032
Connection: close
Content-Type: text/html
.
.
.
*Yawn*. The Netcraft survey is pretty meaningless, as it excludes SSL servers - ie every real ecommerce site extant. Take a look at the SSL numbers and surprise!! Microsoft have twice as much market share as Apache.
I'd wager a great deal more than 5% is inaccessible if you count all the home sites locked away behind nat firewalls.
Jesus, no-one else has picked up on this. This is a dangerous myth. NAT IS NOT A FIREWALL. NAT IS NOT A SECURITY DEVICE. NAT'd MACHINES CAN STILL BE CRACKED FROM THE PUBLIC NET.
If you think I'm wrong, I suggest you dig out some networking docs and look for proof that I'm wrong....
I reckon the government read Slashdot, and they've come up with the idea of trolling the general population to help them spot the tin-foil beanie brigade. Short of announcing that the US military will now supply unmarked black helicopters to the UN for homeland security, can you imagine anything more likely to freak out the these-are-the-last-days, the antichrist is coming, blah blah wibble wibble types?
Slashdot Mirror
>> Instant nuclear disaster, unless the containment
>> vessel holds (and it might, but the public will not >> be convinced it would).
> Oh, you mean like Chernobyl? Not to make light of
> 100 or so deaths, but there are worse things in the
> world.
*sigh*... All I can say is that if you'd been in Europe in 1986 you'd have a slightly more realistic grasp of the effect of Chernobyl. There are some areas of the UK that are STILL banned from producing milk because the fallout that rained out > 15 years ago is still present in levels high enough to make it unfit for human consumption.
BTW, there's only one "F" in afraid
> Unfortunately, people are so freaked out about
> anything with the word "nuclear" or "reaction"
> attached to it the only way they would ever put a
> dime in it is if it was called "The Wonder Drive"
> or "Warp Drive"
Fiddlesticks. People's fears of nuclear power are - well OK most people's fears are pretty irrational, but then that's humans for you - but nuclear power IS phenomenally dangerous and Bad, as only a cursory examination by anyone not blinkered by obsessive techno-fetishism, or with a mind decomposed by reading too much crap SF would tell you.
My home boxen are: orac, slave and zen. Of course this doesn't scale at all beyond three boxes...
Now the 2df galaxy cluster mapping project which are giving us maps of our galaxy's position out to about 1B light-years -- /that's/ interesting AND news. hell,
Alternatively we could get a clue and start paying the farmers what the market will bear, instead of subsidising them to produce grossly-resource intensive crap that destroys our health, screws the environment, costs us billions in tax (for subsidies), whilst millions starve, and only agrichemical multinationals and food processors benefit.
some , further reading...
Anyways, I was showing her the Net & demonstrating Google by looking for Jeremiah-related stuff; we found a preview announcement of the film. She read the synopsis / setup for the film & says this is (a) changed a lot, and (b) based on the first half of the first issue. So, original comic book much better than p8in-off TV show / movie... film at 11.
Anyone have news on the long-awaited Watchmen film? I'm just re-reading it, I always forget how excellent it is. Alan Moore knows the score...
the Boston strangler to single women") Valenti of the MPAA wrote a depressing editorial at The Washington Post, calling for DRM-enabled OSes to be the (presumably, legally mandated) standard, in order to save Hollywood from the same
terrible fate that befell the music industry while Napster was operating. Depressing because, although his case has more holes than Internet Explorer, it smells of a ploy to get more bad laws passed. Three guesses what would happen to non-compliant (read: Free) OSes once this terrible law goes through...
The Register
has a good scathing response.
When Free software is against the law, only outlaws will have Free software...
Does this mean we get another couple of years of Slashdot flamage? Suits me, I like a good flame war ;)
The other possibility is a net-block equivalent of ORBS. Some on the Sec-Focus Incidents list (and other fora, over the years) have bounced around the idea of blocking netoblocks who'#s POCs don't work, or who don't have or respond to mail to the RFC-mandated abuse@, security@, hostmaster@,.. standard mail accounts. I'm all in favour. Automate probes, the way ORBS did for anonymous relays. I think this would be a Good Thing. People do have a legitimate need to communicate between Asia, America and Europe: simply dropping everything from .kr is evil and wrong, IMHO.
Finally - y'all know that anonymous HTTP proxies are just as bad, if not worse, than traditional open mail relays? Just testing ;)
Curse this Moz build... damn testing only binaries... :)
The links:
Here's his page on the topic;
Bugtraq post
Microsoft's response.
Actually this was discovered by Richard M. Smith, who has a good record of finding bugs-by-design, security holes and privacy breaches in MS software. Here's his page on the topic, on the topic, and here's Microsoft's response - which is all in the first sentence, really, "we do not believe [this] represents a user privacy concern." All this was in my submission of the story, last night - heh, it's the first time I've submitted a story and someone else's post got there first. Or better.
In reply to those people saying "this is just the same as CDDB, what's the big deal?": this IS a bad thing, for the following reasons:
Think about it: Passport, web services, yuor company's servers, your corporate desktop, your own home PC, all your apps, your phone, set-top box, Palm ripoff, Psion rip-off... apart from washing machines and guided missiles, I can't think of anywhere that software runs which Microsoft doesn't aspire to own. Actually, come to think of it, NT4 at least can allegedly operate as a router; they've been trying to make headway in the embedded market for years, and I fear that "version 3 syndrome" will kick in on their efforts there soon... sheesh, they're even selling firewalls now. When the great day comes that Microsoft own all mass markets for software, they'll buy out some major consulting/services firm and start trying to put independent developers out of business, too. Pray that day never comes...
Microsoft have yet to learn that in privacy and security matters, the correct default is to trsut no-one and nothing. If you prove to your customers or users that you're worthy of trust, you'll get it. Take it for granted, and assume that the user won't MIND if your software starts sending your personal data back to the vendor (or a thrid party) without telling you, and you start getting into people's shitlists. When you're Microsoft, you have to bend over backwards to ensure that not only are you doing the right thing, but that you're SEEN to be doing the right thing. If you give a flying one, that is; if you really are Microsoft, then you couldn't care less, because your Windows monopoly means 99% of users and customers haven't got any choice in the matter.
And what if you're a network security person and spot unauthorised traffic (which is what this is) on your network? You could spend a lot of time & energy investigating. For all I know, this could be a DDoS agent that some kiddie's planted on a cracked XP box, and is now starting to flood windowsmedia.com .
If you really think this is "just like CDDB", ask yourself: why are Microsoft going to the trouble and expense of providing this "service" - given that they don't even tell people they're doing it? What do they hope to gain from it? How does this increase their marketshare or mindshare? Follow the money...
A tasteful end? How you have a 'tasteful' end to that sack of shit? Good riddance to it. I'm anti- anything that helps feed the level of general public superstition, belief in pseudo science, Atlantis, ESP, ghosts, Carlos Casta-frigging-neda, flying saucers and all the rest of it. Why not a drama series dealing with the real-life government conspiracy with megacorps to sell us back our own culture and generally rule our lives for the good of their bank balances? Nah, they'd never sell the advertising, right?
[ END misanthropic_rant ]
That would be the ECMA standard for the Windows operating system. As someone pointed out on
Linux Today during the deIcaza/.NET furore the other week, this ECMA standard didn't help the Wine developers much.
According to RISKS Digest, someone went along to watch a friend getting laser eye surgery & noticed (a) the technician was blindly hitting RETURN to clear pesky annoying error messages, and (b) the machine was running Win95. Oh, and this machine was taking the details of the subject's eye geometry, & controlling the laser that was about to shave a thing slice off the front of the eyeball to correct some minor astigmatism (IIRC; don't have the url to hand, anyone? )
I'm in London, UK.
/ever/ been unemployed. It's pretty fsckin' crappy, I can tell you. The only bright spot is having plenty of spare time for reading (Slashdot, Bugtraq, Incidents, Vuln-Watch, ISN, nanog,...), and finally getting round to writing some actual releasable-quality Free software - which is tons o' fun. Otherwise, frankly, it's damn depressing. And reading posts here saying "anyone who can't get work must be a loser or a prima-donna or a MCSE-mill twit" doesn't help! ;p
I wouldn't have believed it possible a year ago, but I've been out of work since my last employer went bust in August 2001. OK, I'm not a hardcore CS-grad C programmer - I'm mostly a Perl programmer, with a minor in "anything-todo-with-security", and basic (NT, Linux, BSD) sys-admin skills. I'm not asking an insane salary. I've never been unemployed since starting in IT professionally in 1995, and this is now the longest I've
As someone pointed out in the Linux Today discussion, there's an ECMA
standard for
approx. ECMA360 or thereabouts.) That doesn't seem to have helped
WINE much.
I think the invisble-looming-patent-bitchslap argument has some
merit. Look at it this way: why are Microsoft doing this? Follow the
money. What do they set to gain from it? As many have pointed out, as
a profit-driven company, and by virtue of their record, we know that
there's always a Grand Plan for Microsoft. They must believe that
they'll get more benefit if they do the standards thing, than if they
keep it as a traditional, closed, Microsoft-only technology. They
obviously know of Mono, et al, and they are happy for those projects
to exist. Where, and how, do they gain in this scenario?
I also notice that everyone who says they've used it, loves it
(including people with plenty of experience developing in the Unix
world.) Has anyone who's used it got a bad thing to say about it?
/Does/ it provide a big productivity gain? Is that just due to the
Microsoft implementations and tools, or are those benefits really
available to Free software users?
...the International Space Station drifts helplessly, out of communication with the ground, with power draining away - because the computers crashed. Some so-called 'desktop' uses really are mission critical.
In 1995, I got a couple of temp jobs for a lousy wage (five quid an hour) doing basic data entry stuff. One job entailed moving Lotus 123 files into Excel: they turned out to contain macros, so I taught myself VBA from the manual and help files. Already knew about Linux and the Net from a kernel-compiling friend, and realised HTML was too simple to make a career out of; did some digging, and picked perl to learn over Java and tcl (which looked like the best bets for future net programming languages.) After a couple of years I'd tripled my salary and was learning as much as possible about networking and security - I thought the Net boom would bust fairly soon, and reckoned those would be good (and more importantly, interesting) areas to get into.
Alas I timed things wrong: employer went bust last summer leaving me stranded on the dole. I'm in the classic "can't get the fist info-sec job without prior experience" Catch-22.
Of course, five years of practice & experimentation on my home network, plus
getting as involved as possible in sec issues everywhere I worked, obsessively
reading Bugtraq, Incidents, SANS, CERT, nanog etc lists, Northcutt/Novak, Garfinkel/Simson, Cryptome, yadda yadda, doesn't count for much when their are MSc - qualified people with 5 years solid security work and a CISSP out there looking as well. [ Ob Begging: Gissa job, anyone? (London, UK.) ]
A free clue:
$ cat
No one is (seriously) suggesting running SOAP over FTP or NNTP. The point is that one of the fundamental features of the IP suite is that unique services should run over unique ports. This has a wide variety of benefits, one of which is that you can SHUT IT DOWN AT THE FIREWALL (or border router or whatever) when someone blurts their new exploit all over Bugtraq without bothering to inform the vendor. As it stands, when this scenario comes to pass (or the first
Incidentally when I said this here, a few months back, I got the most severe flaming I've ever had on Slashdot... nice to see that everyone's nodding sagely and saying "yes, of course, how true" now that Bruce Schneier says so, too. Apologies accepted =)
I have no idea what are you talking about here. ftp is "built on telnet"?
And FYI, SSH - OpenSSH at any rate - still had OpenSSL as a dependency
last time I compiled it (a couple of months back.)
I don't see anyone else saying this: I think we shuold all say a big THANK YOU and WELL DONE to the friend who resigned his job over this - especially in today's economic climate. This sort of courage, to put one's own neck on the line over a principle, is sadly lacking amongst most of us. Well done, and best of luck finding another job with an more ethical employer.
Easy to configure?? Your'e kidding, right?
I first played with Apache (on NT4 in fact) at about the same time as I was given my first real live webserver to handle - which was IIS3, and soon afer, 4. Configuration of IIS is a nightmare compared to Apache. There are tons of things wher eyou have to painstakingly click up and down a complicated tree hierarchy with obscure generalist names like "web site" "host" "pubHTML" (IIRC, this was a few years ago now) and change them at multiple levels. This was especially true for getting CGI to run properly instead of sending back the source as text, or 500-ing, or whatever. Not at all intuitive. With Apache, there were IIRC a total of three things to type into a config file - plaintext, well commented, and pretty obvious what they should be. It took less an hour to get running even the first time I used it; and I wasn't at all used to editing text config files at the time.
From then on, as I used IIS to run Perl CGIs I'd mostly written & debugged at home on Apache, I grew more and more impressed with Apache. It's fast, flexible, incredibly stable (it's never ONCE crashed on me in production), secure (it was such fun tail -f ing the access log during CodeRed and nimda ...) and adding modules, of which there are tens of very powerful ones from HTTP proxies to authentication via databases, encryption, URL correction, you name it ) is usually just a matter of reading the docs for 10 mins, running configure, make, make install and adding a couple of lines to (the same) config file. Cos it's plain text I can do it in any editor I liked; when I started I was using Notepad and Programmers File Editor on Windows; now I use emacs , on Linux AND NT, but I could use Vi, or Microsoft Word, or whatever the hell else I wanted to .
Eventually I was fired for using Perl and Apache in production, instead of IIS. My successor was the guy who'd been doing the HTML and graphics for the content - a good chap and certainly capable of picking up at least as good Perl as I'd written (not very, at the time. But it worked, dammit! :) . He complained to me a few months later that after several very expensive courses, and a load of bloated expensive slow Visual InterDev / Vusal Studio guff installed on his machine, he'd started converting my Perl to ASP. IIS crashed all the time, not only on his dev machine but on the production server. He was secretly reading the Gecko on his own time and playing with a sly Apache install... :)
I wonder if any of the commenters in favour of IIS actually moved FROM apache to it. IN my experience the traffic is all one-way...
Well, quite!
I just happened to have spent the last couple of hours compiling Apache 1.3.22 with mod_perl under Cygwin on NT4. Rather a perverse thing to spend time doing, I know, but great fun and useful... I think that the act of compiling software is underestimated as a way of guaranteeing that the user / admin understands it, what it's doing and so on. When bugs appear, as-they-inevitably-do-in-any-software , the admin who's had to read INSTALL or README, read the output of make and configure to see what's going on and fix or tackle problems, will always end up with a more secure machine. (And of course as we all know, Apache has had far, far fewer security issues than IIS.) `Release often' also makes a big difference. If you install NT43 today, you then have to spend the best part of a day just installing hotfixes and rebooting. Same with IIS.MS never recalls the code for OSes or apps, even when they're known to be so riddled with holes that a default install connected to the net will likely be compromised within hours; yes folks, they're still shipping XP CDs with that UPnP hole in, and will continue to do so for the entire life of the product in all likelyhood. How many normal end-users would expect that to be the case? Apache OTOH always has the latest & best stable code up as the default install. yet another factor in it's allround wonderfulness.
I'm very happy to be seeing this banner, can you tell? :)
00:53:53:/usr/local/src/screen/screen-3.9.10
andrew@INEGO% telnet 192.168.0.1 80
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Sun, 13 Jan 2002 00:54:10 GMT
Server: Apache/1.3.22 (Cygwin) mod_perl/1.26
Last-Modified: Sun, 25 Nov 2001 04:29:35 GMT
ETag: "16078f-bd8-3c0073af"
Accept-Ranges: bytes
Content-Length: 3032
Connection: close
Content-Type: text/html
.
.
.
*Yawn*. The Netcraft survey is pretty meaningless, as it excludes SSL servers - ie every real ecommerce site extant. Take a look at the SSL numbers and surprise!! Microsoft have twice as much market share as Apache.
Jesus, no-one else has picked up on this. This is a dangerous myth. NAT IS NOT A FIREWALL. NAT IS NOT A SECURITY DEVICE. NAT'd MACHINES CAN STILL BE CRACKED FROM THE PUBLIC NET.
If you think I'm wrong, I suggest you dig out some networking docs and look for proof that I'm wrong....
I reckon the government read Slashdot, and they've come up with the idea of trolling the general population to help them spot the tin-foil beanie brigade. Short of announcing that the US military will now supply unmarked black helicopters to the UN for homeland security, can you imagine anything more likely to freak out the these-are-the-last-days, the antichrist is coming, blah blah wibble wibble types?