To me the whole leveling idea is just a brute force solution to the problem of how do we reward people for spending a LOT Of time in the game grinding away. Which makes sense if you're charging them 20-30$ a month to level up and want to keep them paying. But as an occasional game player (occasional due to a lack of interesting games to play) I really wish they would a) take more of a skills based approach (which is still leveling, but in a more discreet fashion) and b) have more open ended game play so that those skills could be used cleverly, i.e. setting traps, using illusions, using spells in interesting ways and so on (basically all the stuff that makes tabletop D&D fun). In other words take out the suck and replace it with some fun.
My solution to this desire to game but lack of fun computer games has been simple: I bought myself some games like Risk and invite friends over to play and drink and eat every once in a while. Personally I've pretty much given up on computer games (even my Nintendo Wii sits unused), there's a real lack of open ended games (which is understandable since that type of problem is surprisingly difficult to program for).
Maybe it knows your email won't be that interesting to other people =). That's the next evolution I want to see, start blocking useless email (like chain letter jokes, etc.).
Ack I must have been thinking of mod_security, my bad. OTOH you can limit stuff by file/etc to a pretty good degree using site security policy and achieve pretty much the same aims.
No, just block the common ones (googlebot and yahoo slurp are the majority of it). If you're actually trying to protect this content then you need to password protect/etc. it, robots.txt is not the way to prevent exposure. As well you could also use the meta tag in HTML documents:
meta name="robots" content="noindex"
But I agree, robots.txt is far less painful and much quicker. Thing to remember as well when robots.txt was invented the web was a much simpler place and everyone online was pretty much skilled in the art by definition.
You could simply use.htaccess and restrict based on user agent. Ugly, lots of over head (request = hit.htaccess), but it would work (at least for polite robots, but this is also true of robots.txt).
Don't let other people serve content via your site.
Problem is that security flaws such as cross-site scripting (XSS) allow exactly this (insert arbitrary HTML/JavaScript into the page which is then rendered by the client browser.
It doesn't quite work that way, it's much more fine grained, i.e. as a site owner I can say something like:
allow/foo/bar.cgi?weird looking strings and block anything else
so if an attacker finds a cross-site scripting flaw in say "/login.php" the client won't accept it, protecting my client, and protecting the site owner as well (bad guys aren't harvesting credentials from users, etc.).
Shameless self plug: I wrote about this in my column: Web security - Protecting your site and your clients in September of 2008 and I'm VERY glad to see this is moving forwards as it means I (as a site owner) can actually do something to protect my site and my users against flaws in my site that is relatively easy and non-intrusive (that's the key!). The thing I really love about this is if your clients don't support site security policy, things still work, and if your browser supports it but the remote web site doesn't, things still work, but if both ends support it you get a nice added layer of protection. What would be really wild is if Microsoft added support for it, although "not invented here" they have been making efforts to protect users from XSS attacks in IE8 with mixed success, so who knows. You can do similar things with mod_security potentially and outgoing filters but it is nowhere near as simple as site security policy should be to deploy (hopefully).
Is going to happen sometime in the future regardless of what we do (baring some major advances in geological technology and the ability to control earth quakes which from a geek perspective would be pretty damn cool, but I'm not holding my breath).
The problem is, my accounting software is propriatary and does not run on Linux - Windows Only (and I've tried WINE, no dice on this one).
One word: Citrix.
TPS reports. Dilbert. Office Space. Need I say more? There is nothing wrong with being a small company. But it depends, do you want the perceived "safety" and "stability" of being a part of a large company (which in actuality probably isn't as stable or safe as you think it is) or do you want to be in control of things?
Having a high volume of programmers won't necessarily result in a good product (or indeed any product at all). This isn't like building the 3 Gorges dam where you can overcome poor engineering and construction practices by simply using way more concrete.
Desktop sales are down, laptop sales are up, most companies I know issue a laptop as the desktop machine (because then you can work pretty much anywhere).
You're thinking of Stanley Milgrams experiment. The Stanford prison experiment was something entirely different (group setting, ran several days, etc.).
Yeah but you don't have to service the entire country, just the busy corridors, and I'd still rather get on a cross country train that takes a day (24 hours times 250 kmh - across the US no problem) if it went city center to city center (airports usually drop you at the outskirts and you need to drive in, plus security, plus the hassle) and was as comfortable as a German or French train (nice overnight compartments, decent food, good beer, cell and wifi service, beats the heck out of a plane any day).
And these tokens are generated how? Oh yeah. by Google's search engine. Whoops. If you want someone to extract information from data they will be definition be able to extract some amount of information from the data, even you have everything encrypted/etc. they could do frequency counts of the tokens and convert them to words, traffic analysis (can't encrypt the from/to). etc.
Agreed, but it's still nice to be able to practice, and for that you need multiple machines (e.g. variable network latency vs.s. VMware running many images with no jitter in communications, etc. transient failure conditions, you name it.).
Or to put it simply: pulling a "finished" object from memcached will almost always be faster then having a machine create/render/whatever you do to create the object. If you want to pull large amounts of data from RAM buy a 1U server that takes 64 gigabytes of ram for $5000 (so about $78 per gig of ram, and much faster than a compact flash card in a super cheap laptop). Or buy solid state disks/PCIe RAM cards. Now if we're talking about building a render farm for whatever (frames, objects in database, etc.) simply run the numbers, how many objects/sec/dollar do you get with different solutions and how important is latency.
What interests me is the ease of building a many node cluster and learning how to administer and write software for something with 20+ nodes.
Of course you could just buy computer time from amazon.com EC2 for $0.10 per hour per node and practice there ($2 an hour for 20 systems running. not bad).
It wasn't meant to be snide. I was more trying to point out that not all of us need seismically tested/milspec/whatever gear. A shipping container sitting in the midwest is probably not going to experience an earthquake (now what they do to it during shipping is another story and I suspect you'd want something pretty robust for that). The other aspect of my comment was that while Sun is out making a lot of noise Google is quietly doing it, which is probably going to lead to success more than making PR type noise.
Sun, like HP, used to be a company of engineers run for other engineers, which worked pretty darn good back in the day, but now this stuff is becoming commoditized, and the time cycles have been crunched ridiculously that by the time Sun is done engineering this they may be out of the game (has Sun actually sold any of these? Heck, are they even for sale yet?).
I think Sun is jealous, they have been pushing grid computing for ages and it's been a flop for them. Google is most likely going succeed here, especially with a "good enough" solution which no doubt pisses of Sun/Sun employees (who have a tendency to go for the engineering "ideal" solution which often results in a very nice and extremely pricey product). Witness the container computing stuff, Sun is making a big deal about seismic tests, and Google is quietly deploying hundreds of these things in their data centers.
Sun seismic test vs. Google data center tour.
I bet for most of us Google's Java AppEngine implementation will be "good enough".
Slashdot Mirror
To me the whole leveling idea is just a brute force solution to the problem of how do we reward people for spending a LOT Of time in the game grinding away. Which makes sense if you're charging them 20-30$ a month to level up and want to keep them paying. But as an occasional game player (occasional due to a lack of interesting games to play) I really wish they would a) take more of a skills based approach (which is still leveling, but in a more discreet fashion) and b) have more open ended game play so that those skills could be used cleverly, i.e. setting traps, using illusions, using spells in interesting ways and so on (basically all the stuff that makes tabletop D&D fun). In other words take out the suck and replace it with some fun. My solution to this desire to game but lack of fun computer games has been simple: I bought myself some games like Risk and invite friends over to play and drink and eat every once in a while. Personally I've pretty much given up on computer games (even my Nintendo Wii sits unused), there's a real lack of open ended games (which is understandable since that type of problem is surprisingly difficult to program for).
Maybe it knows your email won't be that interesting to other people =). That's the next evolution I want to see, start blocking useless email (like chain letter jokes, etc.).
Ack I must have been thinking of mod_security, my bad. OTOH you can limit stuff by file/etc to a pretty good degree using site security policy and achieve pretty much the same aims.
No, just block the common ones (googlebot and yahoo slurp are the majority of it). If you're actually trying to protect this content then you need to password protect/etc. it, robots.txt is not the way to prevent exposure. As well you could also use the meta tag in HTML documents:
meta name="robots" content="noindex"
But I agree, robots.txt is far less painful and much quicker. Thing to remember as well when robots.txt was invented the web was a much simpler place and everyone online was pretty much skilled in the art by definition.
You could simply use .htaccess and restrict based on user agent. Ugly, lots of over head (request = hit .htaccess), but it would work (at least for polite robots, but this is also true of robots.txt).
Don't let other people serve content via your site.
Problem is that security flaws such as cross-site scripting (XSS) allow exactly this (insert arbitrary HTML/JavaScript into the page which is then rendered by the client browser.
I think you replied to the wrong posting.
It doesn't quite work that way, it's much more fine grained, i.e. as a site owner I can say something like:
allow /foo/bar.cgi?weird looking strings and block anything else
so if an attacker finds a cross-site scripting flaw in say "/login.php" the client won't accept it, protecting my client, and protecting the site owner as well (bad guys aren't harvesting credentials from users, etc.).
Shameless self plug: I wrote about this in my column: Web security - Protecting your site and your clients in September of 2008 and I'm VERY glad to see this is moving forwards as it means I (as a site owner) can actually do something to protect my site and my users against flaws in my site that is relatively easy and non-intrusive (that's the key!). The thing I really love about this is if your clients don't support site security policy, things still work, and if your browser supports it but the remote web site doesn't, things still work, but if both ends support it you get a nice added layer of protection. What would be really wild is if Microsoft added support for it, although "not invented here" they have been making efforts to protect users from XSS attacks in IE8 with mixed success, so who knows. You can do similar things with mod_security potentially and outgoing filters but it is nowhere near as simple as site security policy should be to deploy (hopefully).
Is going to happen sometime in the future regardless of what we do (baring some major advances in geological technology and the ability to control earth quakes which from a geek perspective would be pretty damn cool, but I'm not holding my breath).
That too.
Money can't buy good taste.
The problem is, my accounting software is propriatary and does not run on Linux - Windows Only (and I've tried WINE, no dice on this one). One word: Citrix.
Vote up. First poster should have read his history
TPS reports. Dilbert. Office Space. Need I say more? There is nothing wrong with being a small company. But it depends, do you want the perceived "safety" and "stability" of being a part of a large company (which in actuality probably isn't as stable or safe as you think it is) or do you want to be in control of things?
Having a high volume of programmers won't necessarily result in a good product (or indeed any product at all). This isn't like building the 3 Gorges dam where you can overcome poor engineering and construction practices by simply using way more concrete.
Desktop sales are down, laptop sales are up, most companies I know issue a laptop as the desktop machine (because then you can work pretty much anywhere).
You're thinking of Stanley Milgrams experiment. The Stanford prison experiment was something entirely different (group setting, ran several days, etc.).
Milgram experiment
Stanford prison experiment
Yeah but you don't have to service the entire country, just the busy corridors, and I'd still rather get on a cross country train that takes a day (24 hours times 250 kmh - across the US no problem) if it went city center to city center (airports usually drop you at the outskirts and you need to drive in, plus security, plus the hassle) and was as comfortable as a German or French train (nice overnight compartments, decent food, good beer, cell and wifi service, beats the heck out of a plane any day).
And these tokens are generated how? Oh yeah. by Google's search engine. Whoops. If you want someone to extract information from data they will be definition be able to extract some amount of information from the data, even you have everything encrypted/etc. they could do frequency counts of the tokens and convert them to words, traffic analysis (can't encrypt the from/to). etc.
You forgot the 4gig compact flash card in each machine.
Agreed, but it's still nice to be able to practice, and for that you need multiple machines (e.g. variable network latency vs.s. VMware running many images with no jitter in communications, etc. transient failure conditions, you name it.).
Or to put it simply: pulling a "finished" object from memcached will almost always be faster then having a machine create/render/whatever you do to create the object. If you want to pull large amounts of data from RAM buy a 1U server that takes 64 gigabytes of ram for $5000 (so about $78 per gig of ram, and much faster than a compact flash card in a super cheap laptop). Or buy solid state disks/PCIe RAM cards. Now if we're talking about building a render farm for whatever (frames, objects in database, etc.) simply run the numbers, how many objects/sec/dollar do you get with different solutions and how important is latency.
What interests me is the ease of building a many node cluster and learning how to administer and write software for something with 20+ nodes.
Of course you could just buy computer time from amazon.com EC2 for $0.10 per hour per node and practice there ($2 an hour for 20 systems running. not bad).
It wasn't meant to be snide. I was more trying to point out that not all of us need seismically tested/milspec/whatever gear. A shipping container sitting in the midwest is probably not going to experience an earthquake (now what they do to it during shipping is another story and I suspect you'd want something pretty robust for that). The other aspect of my comment was that while Sun is out making a lot of noise Google is quietly doing it, which is probably going to lead to success more than making PR type noise. Sun, like HP, used to be a company of engineers run for other engineers, which worked pretty darn good back in the day, but now this stuff is becoming commoditized, and the time cycles have been crunched ridiculously that by the time Sun is done engineering this they may be out of the game (has Sun actually sold any of these? Heck, are they even for sale yet?).
I think Sun is jealous, they have been pushing grid computing for ages and it's been a flop for them. Google is most likely going succeed here, especially with a "good enough" solution which no doubt pisses of Sun/Sun employees (who have a tendency to go for the engineering "ideal" solution which often results in a very nice and extremely pricey product). Witness the container computing stuff, Sun is making a big deal about seismic tests, and Google is quietly deploying hundreds of these things in their data centers. Sun seismic test vs. Google data center tour. I bet for most of us Google's Java AppEngine implementation will be "good enough".