Excellent comment. I think the "Do we need..." phrase is heard far too often here. I fail to see why an end-user should dictate what projects are taken on by developers.
Having said that, I have a question. I thought Berlin was to remake the graphics system from scratch. So why do the widgets, borders, etc. look so similar to stuff in X? In particular, I'm horrified to see the checkbox in the first screenshot which looks pretty similar whether it's on and off. In general, the looks are similar to X, so I'm a bit surprised.
I think you mean similar to Motfif not X. X doesn't have any widgets. That's what the toolkits or windowmanagers are for. X is a display system and so is Berlin, they are both toolkit independant.
Well, I'm running portsentry to block all IPs that do a port scan. The reason I do this is that I'm running quite a few services on my box and I like to block off any crackers at the first opportunity, before they get a chance to try my active services. If you're afraid of false alerts you can set the number of connection attempts portsentry allows to a higher value. I have portsentry e-mail me whenever it blocks an IP listing the blocked IP, the remote hostname and the service that was scanned.
I'm using a cable-modem connection and I'm surprised at the number of probes I get (varies from 1-10 a week). Almost all of them come from the cable provider's network and almost all of them are looking for known vulnurabilities (RPC, SNMP, finger, shell, etc.). I should probably notify my provider but they're not so keen about users running their own servers so I'll just leave it at this.
All frogs must be green because all the frogs I have seen so far were green.
In any introductory philosophy course you will learn that there is at least something wrong with induction (read Hume). But somehow people who talk about the stock market seem absolutely confident that induction will work for them anyway.
Second, a malicious bash script can certainly run as root...if you're logged on as root. If you never read your mail as root (good for you!), then all the thing could do is send mail to everyone you've ever received mail from and trash your personal files...
So tell me which unix mail client runs shell/perl/whatever scripts without asking when you click on them... I thought so...
Unless you just copy it bit for bit, of course, which is what I think he was referring to.
Ok, this is getting a bit OT but as far as I know the recorder has no digital output. Even if it would, the digital out would carry the uncompressed signal (not the raw bits). Since this signal has already gone through the decompressor the quality loss is unavoidable. Copying raw bits would be cumbersome at least.
A 3rd generation copy will look as good as the first. A 478th generation copy will look as good as the first.
This is not true. MPEG2 is a lossy compression CODEC, just like MP3 for example. This means that quality is lost at every compression cycle. A 478th generation copy will probably look pretty horrible...
Well, there was a reply to the above post on ntbugtraq by Gerardo Richarte who says that there is a security hole in the dll. The exploit code is included in the post.
It always bothers me that people expect such human qualities from AI. I am an AI student myself and my benchmark is simply:
AI is achieved when a computer program/algorithm masters a task for which we think some form of intelligence is required.
Therefore I believe AI is achieved in a simple chess program, however simple its algorithms may be. I think a lot of effort in the field of AI is wasted on mimicking humans as closely as we can. If we want to create another human I think there are much easier ways to achieve that (take cloning for instance). The real usefulness of AI will present itself when we start exploring new ideas with it instead of trying to duplicate human behavior.
The "sweet spot", IMHO, for Oracle is a "standby" databse, or simply a raid box that is physically attached to two unix boxes, but only one mounts it at a given time.
It seems to me that there is a caching problem with this method. Since the base URL might change a lot this will result in the client browser not caching images etc.. This will result in much unnecessary traffic.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
2) These changes are made available to anyone who wants them, as required under GPL. Of course, nobody wants them. They patent the innovation, anyway.
AFAIK this is not possible because of the GPL under which Linux is released. You can't modify a piece of GPL'd software and then go patenting it. This would violate the GPL.
Hmmm, I like your suggestions except the browser spoof one. I agree that IE/NS only sites are bad but as a web developer I think it would be extremely frustrating if there was no way to reliably figure out what the client browser is.
I design sites for 'all' browsers (3.0 upward) but hide things like DHTML etc. from older browsers by checking their versions.
Well, I wonder if load balancing is not possible. With PHP session storage is file-based so you could share the same session directory between multiple servers.
Cookies lasting longer that sessions is Ok if you're the only one using the client computer but in settings like a public Internet facility you don't want that sort of stuff.
Storing only the username in a cookie is VERY dangerous! This way an attacker could forge a cookie with only a username and gain access.
I've never heard of any web development guides which recommend against using session variables. Please point me to them, I'm very interested.
In any way, I think storing the username/password combination in a cookie is probably the worst thing you can do security wise...
This is why any serious web application should use serverside scripting like PHP or Perl and not client side scripting, which is unreliable and inconsistent and buggy in implementation (don't even get me started on M$ JScript, %^&$#@$).
There is no need to store the password in cookies. When I build a website (in PHP) I always keep sensitive information in session variables at the server. The only thing stored in a cookie is the session ID.
One could even argue with that because I've heard of bad proxies caching cookies:-(. Anyway, if slashdot would use sessions there would be no need to store passwords in cookies. Also, the way it is now, the password is sent across the wire (in CLEAR text) at every page request. This is very bad.
To see a real nice solution to this check out PHPLIB. It uses a challenge/response type authentication and sessions. The challenge/response requires Javascript (:-) to generate the MD5 hash of the password together with the challenge so it is never transmitted across the wire in cleartext.
I have noticed the last few days that some weird moderation is going on at/. I don't see why the above post qualifies as flamebait and there are a few other examples of bad moderation on this comments page.
Most of you probably consider me stupid by now because I'm not posting as an AC. But I don't care for Karma and I have been the subject of some 'nice' moderation in the past. Hit me again baby!:)
So, I have seen postings with mail-addresses to be flamed and telephone numbers to be wardialed. Don't you think that there is a slight possibility that this is all an elaborate prank pulled by some MIT-guys? Don't you think we should verify this all before we start flaming the french? Maybe it is for real and I'm just being naive but this just seems a little over the top for me. Even in our current corporation-controlled society I find something like this pretty unlikely to happen.
Slashdot Mirror
Blah
[ Reply to This | Parent ]
Excellent comment. I think the "Do we need..." phrase is heard far too often here. I fail to see why an end-user should dictate what projects are taken on by developers.
Having said that, I have a question. I thought Berlin was to remake the graphics system from scratch. So why do the widgets, borders, etc. look so similar to stuff in X? In particular, I'm horrified to see the checkbox in the first screenshot which looks pretty similar whether it's on and off. In general, the looks are similar to X, so I'm a bit surprised.
I think you mean similar to Motfif not X. X doesn't have any widgets. That's what the toolkits or windowmanagers are for. X is a display system and so is Berlin, they are both toolkit independant.
Well, I'm running portsentry to block all IPs that do a port scan. The reason I do this is that I'm running quite a few services on my box and I like to block off any crackers at the first opportunity, before they get a chance to try my active services. If you're afraid of false alerts you can set the number of connection attempts portsentry allows to a higher value. I have portsentry e-mail me whenever it blocks an IP listing the blocked IP, the remote hostname and the service that was scanned.
I'm using a cable-modem connection and I'm surprised at the number of probes I get (varies from 1-10 a week). Almost all of them come from the cable provider's network and almost all of them are looking for known vulnurabilities (RPC, SNMP, finger, shell, etc.). I should probably notify my provider but they're not so keen about users running their own servers so I'll just leave it at this.
Ah, the sweet smell of unsound induction:
All frogs must be green because all the frogs I have seen so far were green.
In any introductory philosophy course you will learn that there is at least something wrong with induction (read Hume). But somehow people who talk about the stock market seem absolutely confident that induction will work for them anyway.
You're obviously smoking crack...
Second, a malicious bash script can certainly run as root...if you're logged on as root. If you never read your mail as root (good for you!), then all the thing could do is send mail to everyone you've ever received mail from and trash your personal files...
So tell me which unix mail client runs shell/perl/whatever scripts without asking when you click on them... I thought so...
Unless you just copy it bit for bit, of course, which is what I think he was referring to.
Ok, this is getting a bit OT but as far as I know the recorder has no digital output. Even if it would, the digital out would carry the uncompressed signal (not the raw bits). Since this signal has already gone through the decompressor the quality loss is unavoidable. Copying raw bits would be cumbersome at least.
A 3rd generation copy will look as good as the first. A 478th generation copy will look as good as the first.
This is not true. MPEG2 is a lossy compression CODEC, just like MP3 for example. This means that quality is lost at every compression cycle. A 478th generation copy will probably look pretty horrible...
Well, there was a reply to the above post on ntbugtraq by Gerardo Richarte who says that there is a security hole in the dll. The exploit code is included in the post.
It always bothers me that people expect such human qualities from AI. I am an AI student myself and my benchmark is simply:
AI is achieved when a computer program/algorithm masters a task for which we think some form of intelligence is required.
Therefore I believe AI is achieved in a simple chess program, however simple its algorithms may be. I think a lot of effort in the field of AI is wasted on mimicking humans as closely as we can. If we want to create another human I think there are much easier ways to achieve that (take cloning for instance). The real usefulness of AI will present itself when we start exploring new ideas with it instead of trying to duplicate human behavior.
I wonder if there is a single line of (non trivial) code from 0.01 that still exists in 2.4... probably not :-)
The "sweet spot", IMHO, for Oracle is a "standby" databse, or simply a raid box that is physically attached to two unix boxes, but only one mounts it at a given time.
So what do you do when the RAID unit fails?
Any pointers to there work?
It seems to me that there is a caching problem with this method. Since the base URL might change a lot this will result in the client browser not caching images etc.. This will result in much unnecessary traffic.
From the GPL licence article 6:
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
2) These changes are made available to anyone who wants them, as required under GPL. Of course, nobody wants them. They patent the innovation, anyway.
AFAIK this is not possible because of the GPL under which Linux is released. You can't modify a piece of GPL'd software and then go patenting it. This would violate the GPL.
Hmmm, I like your suggestions except the browser spoof one. I agree that IE/NS only sites are bad but as a web developer I think it would be extremely frustrating if there was no way to reliably figure out what the client browser is.
I design sites for 'all' browsers (3.0 upward) but hide things like DHTML etc. from older browsers by checking their versions.
Well, I wonder if load balancing is not possible. With PHP session storage is file-based so you could share the same session directory between multiple servers.
Cookies lasting longer that sessions is Ok if you're the only one using the client computer but in settings like a public Internet facility you don't want that sort of stuff.
Storing only the username in a cookie is VERY dangerous! This way an attacker could forge a cookie with only a username and gain access.
I've never heard of any web development guides which recommend against using session variables. Please point me to them, I'm very interested.
In any way, I think storing the username/password combination in a cookie is probably the worst thing you can do security wise...
This is why any serious web application should use serverside scripting like PHP or Perl and not client side scripting, which is unreliable and inconsistent and buggy in implementation (don't even get me started on M$ JScript, %^&$#@$).
There is no need to store the password in cookies. When I build a website (in PHP) I always keep sensitive information in session variables at the server. The only thing stored in a cookie is the session ID.
:-(. Anyway, if slashdot would use sessions there would be no need to store passwords in cookies. Also, the way it is now, the password is sent across the wire (in CLEAR text) at every page request. This is very bad.
One could even argue with that because I've heard of bad proxies caching cookies
To see a real nice solution to this check out PHPLIB. It uses a challenge/response type authentication and sessions. The challenge/response requires Javascript (:-) to generate the MD5 hash of the password together with the challenge so it is never transmitted across the wire in cleartext.
I have noticed the last few days that some weird moderation is going on at /.
:)
I don't see why the above post qualifies as flamebait and there are a few
other examples of bad moderation on this comments page.
Most of you probably consider me stupid by now because I'm not posting as
an AC. But I don't care for Karma and I have been the subject of some 'nice'
moderation in the past. Hit me again baby!
Why the fuck was I moderated down for this?
At the time I posted this there were no replies
which mentioned the correct URL.
Thanks alot...
The correct Link
So, I have seen postings with mail-addresses to be flamed and telephone numbers to be wardialed. Don't you think that there is a slight possibility that this is all an elaborate prank pulled by some MIT-guys? Don't you think we should verify this all before we start flaming the french?
Maybe it is for real and I'm just being naive but this just seems a little over the top for me. Even in our current corporation-controlled society I find something like this pretty unlikely to happen.