It's funny that less than a month ago there was an article here on Slashdot, about some researches that showed that most facial recognition systems can be fooled using photographs. Also, I wonder how this works with twins:)
I've been using Joomla for many websites I've setup for myself and others for a few years now and I must admit that while it is easy to install, it is absolutely unusable by an untrained user. The way content sections and categories and modules and components are setup is completely unintuitive. It does make Joomla a very powerful CMS for a web administrator, but it fails completely when it comes to the primary task of CMS - making web content management easy for an average website publisher.
Telus and Shaw in Canada provide ADSL without the need for a phoneline. Telus only requires a phoneline if you sign up for their digital TV service (which does not make any sense at all) and Shaw requires you to have internet to get a VoIP phone (this one actually makes sense).
Bell Canada requires you to have TV to get broadband from them. Porkers!
Has the Storm trojan not demonstrate that targeting user stupidity can be quite successful? And not to generalize or anything, but I think anybody can agree that the majority of Apple userbase is a lot less technical and virus-aware (partially thanks to the "no viruses" myth maintained by the company) than PC userbase. Never underestimate the power of stupid people in large groups.
But, but I thought Apples had no viruses? Can it possibly be that every fanboy biggest argument is actually false? Is Apple's market share actually becoming significant enough for the bad guys to start bothering with exploits for it? Oh the humanity!
Sure, having a strict QC process might make lazy programmers less likely to want to work for your company, but with OS developers learning more and more from their mistakes, and making their products harder and harder to exploit - attacker interest is switching rapidly towards the client applications. Why try to break through the walls, if you can use a window, no pun intended, kindly created by a liberal coder? You have to keep in mind that cost of doing business may be high, but the cost of having a backdoor in your new release can be a lot higher. Because, lets be frank here, how many coders out there think about security at any point before finishing their quota?
Saving money on QC? - Good
Having programmers like you? - Lovely
Having an unsanitized input field in your code cause a leak of hundreds of thousands of PHI/PCI records and put you out of business? - Priceless
Like we don't have enough of those around. If I wanted a commercial enterprise database, I would pay for MS SQL. There is a reason people use mySQL, and bugs & bloating is not it.
Anybody working in the IT field will tell you that degrees don't necessary mean that the person is competent at their job. In fact, most of the time, people that flaunt their degrees and certifications, are those that can do the least when push comes to shove. So the only thing a piece of paper will help you do - is get your foot in the door at a place where you have no contacts... at the end, your papers don't say anything about how good of an employee you will be - I will take past experience and opinion of others before any certificates, when interviewing someone for a job. It always helps to have some business contacts to recommend you - I would recommend you start building your network at LinkedIn or some other professional networking site...
I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after:)
And your boss has a good reason to find someone who will do it, to replace you with... you know, with the current outsourcing trends in IT and all.
By the way in British Columbia, Canada IT workers were never legally entitled to overtime pay - most companies do it at their own discretion to raise employee satisfaction or offer days off as compensation for overtime worked. Well, welcome to the club, California!
Firefox's new implementation of handling malformed certificates is a new bold step towards eliminating the most ridiculous concept of our time - security through obscurity. If you are at all familiar with the man in the middle attacks and phishing, you should understand that "this certificate is invalid" warning is not just a way to annoy an end-user - it indicates that the certificate can, or may have already be spoofed, and that your "secure" connection may not be secure at all.
This is equivalent to Apple users believing that there are no viruses for Mac OS or Microsoft users thinking that Vista's security model is annoying. Without realising it, people like you are making hacker's jobs a lot easier with your whining about convenience. Is it not enough that IE users already have a habit of clicking "OK" just to make "annoying" messages go away, without giving a second thought as to what the consequences may be?
If anything - you should be promoting the concept of open source certificate authorities, not pushing one of the best browsers to ignore unsigned certificates... Firefox/Mozilla's new handling of SSL is a breakthrough and if you don't think so - be my guest, ignore the warning message if you get one next time you go to your online banking website.
I used to work for a large company that had a couple hundred servers in data centers all over north america, and I would like to recommend that you make sure that the naming convenion is directed at administrators, and not end-users. In our particular example, we would include a data center location, system type (OS, VM, etc.), general purpose abbreviation (usually to make the name unique and identify the main purpose) and the number (useful for clusters). So for example a SharePoint VM server running Windows 2003, located in Dallas data center would be named DALVM2K3SP01. This name can be almost immediately interpreted by a systems administrator looking through the logs, and if you still need something to make your users happy, you can always create a perdy CNAME along the lines of DALSharePoint for them to use. We started off with cute names, like LOTR characters or Transformer names, but they carried no informational or identifiable value and soon got very confusing and hard to come up with and remember for both sysops and users.
Slashdot Mirror
It's funny that less than a month ago there was an article here on Slashdot, about some researches that showed that most facial recognition systems can be fooled using photographs. Also, I wonder how this works with twins :)
I've been using Joomla for many websites I've setup for myself and others for a few years now and I must admit that while it is easy to install, it is absolutely unusable by an untrained user. The way content sections and categories and modules and components are setup is completely unintuitive. It does make Joomla a very powerful CMS for a web administrator, but it fails completely when it comes to the primary task of CMS - making web content management easy for an average website publisher.
Telus and Shaw in Canada provide ADSL without the need for a phoneline. Telus only requires a phoneline if you sign up for their digital TV service (which does not make any sense at all) and Shaw requires you to have internet to get a VoIP phone (this one actually makes sense).
Bell Canada requires you to have TV to get broadband from them. Porkers!
I posted it first, over an hour earlier: http://slashdot.org/firehose.pl?op=view&id=2125979
Research shows that 75% of all statistics are made up. Including this one.
Has the Storm trojan not demonstrate that targeting user stupidity can be quite successful? And not to generalize or anything, but I think anybody can agree that the majority of Apple userbase is a lot less technical and virus-aware (partially thanks to the "no viruses" myth maintained by the company) than PC userbase. Never underestimate the power of stupid people in large groups.
Interesting theory, especially in the light of the fact that Microsoft has just announced that their AV solution will be free for all.
Where did you get that statistic, Apple website? Or are you just simply confused about the defenition of "the wild"?
http://www.symantec.com/security_response/writeup.jsp?docid=2006-063013-2645-99
http://www.symantec.com/security_response/writeup.jsp?docid=2001-060806-1018-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-060110-4631-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021715-3051-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-031413-1704-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-062513-3120-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-111315-1230-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-110217-1331-99
http://www.symantec.com/security_response/writeup.jsp?docid=2007-110101-2320-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-062404-1222-99
But, but I thought Apples had no viruses? Can it possibly be that every fanboy biggest argument is actually false? Is Apple's market share actually becoming significant enough for the bad guys to start bothering with exploits for it? Oh the humanity!
Sure, having a strict QC process might make lazy programmers less likely to want to work for your company, but with OS developers learning more and more from their mistakes, and making their products harder and harder to exploit - attacker interest is switching rapidly towards the client applications. Why try to break through the walls, if you can use a window, no pun intended, kindly created by a liberal coder? You have to keep in mind that cost of doing business may be high, but the cost of having a backdoor in your new release can be a lot higher. Because, lets be frank here, how many coders out there think about security at any point before finishing their quota?
Saving money on QC? - Good
Having programmers like you? - Lovely
Having an unsanitized input field in your code cause a leak of hundreds of thousands of PHI/PCI records and put you out of business? - Priceless
Like we don't have enough of those around. If I wanted a commercial enterprise database, I would pay for MS SQL. There is a reason people use mySQL, and bugs & bloating is not it.
Anybody working in the IT field will tell you that degrees don't necessary mean that the person is competent at their job. In fact, most of the time, people that flaunt their degrees and certifications, are those that can do the least when push comes to shove. So the only thing a piece of paper will help you do - is get your foot in the door at a place where you have no contacts... at the end, your papers don't say anything about how good of an employee you will be - I will take past experience and opinion of others before any certificates, when interviewing someone for a job. It always helps to have some business contacts to recommend you - I would recommend you start building your network at LinkedIn or some other professional networking site...
IMHO next target should be spoke.com
I recall that last year SolarWinds' community website (Thwack) launch email was sent to all interested customers, also in the To: field. Some great email addresses those were - NASA, IEEE, California OES, Alabama, Washington, you name it - total of about 100 people... you should have seen those replies! SolarWinds gave everybody a shirt after :)
And your boss has a good reason to find someone who will do it, to replace you with... you know, with the current outsourcing trends in IT and all. By the way in British Columbia, Canada IT workers were never legally entitled to overtime pay - most companies do it at their own discretion to raise employee satisfaction or offer days off as compensation for overtime worked. Well, welcome to the club, California!
So, does this mean that CentOS is also affected?
Coming soon - iPhone Shuffle, no screen, one button, calls a random number from your preloaded phonebook?
"...no metal snaps, zippers or buckles and no pockets" so... it's a binder? I hope they don't start applying the same policy to pants.
Firefox's new implementation of handling malformed certificates is a new bold step towards eliminating the most ridiculous concept of our time - security through obscurity. If you are at all familiar with the man in the middle attacks and phishing, you should understand that "this certificate is invalid" warning is not just a way to annoy an end-user - it indicates that the certificate can, or may have already be spoofed, and that your "secure" connection may not be secure at all.
This is equivalent to Apple users believing that there are no viruses for Mac OS or Microsoft users thinking that Vista's security model is annoying. Without realising it, people like you are making hacker's jobs a lot easier with your whining about convenience. Is it not enough that IE users already have a habit of clicking "OK" just to make "annoying" messages go away, without giving a second thought as to what the consequences may be?
If anything - you should be promoting the concept of open source certificate authorities, not pushing one of the best browsers to ignore unsigned certificates... Firefox/Mozilla's new handling of SSL is a breakthrough and if you don't think so - be my guest, ignore the warning message if you get one next time you go to your online banking website.
I used to work for a large company that had a couple hundred servers in data centers all over north america, and I would like to recommend that you make sure that the naming convenion is directed at administrators, and not end-users. In our particular example, we would include a data center location, system type (OS, VM, etc.), general purpose abbreviation (usually to make the name unique and identify the main purpose) and the number (useful for clusters). So for example a SharePoint VM server running Windows 2003, located in Dallas data center would be named DALVM2K3SP01. This name can be almost immediately interpreted by a systems administrator looking through the logs, and if you still need something to make your users happy, you can always create a perdy CNAME along the lines of DALSharePoint for them to use. We started off with cute names, like LOTR characters or Transformer names, but they carried no informational or identifiable value and soon got very confusing and hard to come up with and remember for both sysops and users.
Try these http://www.securityfocus.com/bid/27246/exploit