i was the first eng. at a web-dev shop in san francisco, papermedia. after 6 months of working there and growing about 3x the original size yet still not doing anything interesting - I started looking. I found a company that looked awesome, Collab.net, so i dropped my resume to them and only them. I even felt like a bit of a traitor for doing it. I had a phone interview with them soon after and was very impressed with them and scheduled an in-person interview.
I was nearly burnt out at the job i was still at, doing all the sysadmin work - some tech support - and doing a lot of the programming, and told the company I was taking my first 2 days off. On the evening of my first day off (a thursday) one of the two owners said there was an all-hands meeting the next morning and i had to come in for about 30 mins at 9 am i think. Well at 10am was my in person interview with collabnet. So I got there at 9am with no worries since both places were close from where i live in downtown.
well they laid off about 15 people myself included. after their lil spiel about how sad they were and how this wasnt personal in any way but a financial neccesity they asked if anyone had any questions. I asked what time it was, and when they told me and asked why, I replied, "I'm in a hurry because in 30 minutes a have my second interview with a much better company."
I filled out a few small papers, got a shitload of severence and left.
I'm now *extremely* happilly employed @collabnet.
Who's stabbin who?!!
if you have these stupid lil needs then extend String and add a print() method.
public class MyStupidString extends java.lang.String
public void print(String message)
{
they don't allow ports with any type of security problem into their/usr/ports.
that's why you see less in openBSD then in freeBSD or netBSD. they simply have different standards
Hello my name is Chris Dibona, I fool with linux and misinterpret stupid things Microsoft does to make them look worse. Btw, heres my homepage it has a picture of my car.
INETF does NOT change ascii folks. It is a way microsoft uses to send text+proprietary attachments. The attachments part quoted from MS states
"A TNEF-encoded message contains a plain text version of the message, and a binary attachment that "packages" various other parts of the original message. In most cases, the binary attachment will be named Winmail.dat,
and may include:
The formatted text version of the message (font information, colors, and such)
OLE objects (embedded pictures, embedded Office documents, and such)
Special Outlook features (custom forms, voting buttons, meeting requests, and such)
Regular file attachments that were added to the original message"
I hardly see the problem with "plain text version" unless that part is not ascii or something readable ie:unicode. But the site doesnt say that is the case at all.
The only thing I can imagine being mad about having these messagess floating around the internet is if someone actually wanted those prettied up attachments that you may lose.
Microsoft would not create a format people without ol2000 couldnt read mail from ol2000 users. not by default, not by force. "Oh no, my outlook express can't read my bosses email, better upgrade"
nope that doesn't happen. Try actually something the software industry has had forever mr.dibona, TESTING.
I can't imagine how so many people continously are living with a herd-mentality yet believing they aren't simply for reading this website.
and btw. LAST POST
I would have to say the scariest thing coming out of the article on MSNBC is the quote "MSNBC.com learned of the flaw June 11, but agreed not to publish the information until Microsoft had a chance to supply a fix." Which has some interesting implications i think. For companys like Microsoft to be able to cover up important press releases is one thing, and for the security crowd im sure you've all heard the term "security by obscurity". It never works. This event makes me wonder what things a company like AOL, who owns too much (MONOPOLY), can cover up at will. If AOL had a security flaw I wonder how much press it would get. I have less faith in AOL software in terms of security then Microsofts but when was the last time there has been a public release of them doing anything wrong? The media sucks is my point.
i hope so. heres why. First off emulation of consoles isnt nesecarily illegal but playing a rom you dont own on cart certainly is. Meaning these companies that disown roms would have to take them and use them. I doubt on nintendo.com you are going to see anytime soon.nes files for your fav nes-8bit carts, though good luck buying them at anywhere but a thrift store or ebay. Not only would ms microsoft have to play nice with companies like nintendo who i doubt it has ties with which would be lame, but it would take off the flash of newness that the x-console would have. If people start using it for nesticle wouldnt people ( hopfully) find out that its free and with enough crawling the net you can GET THOSE ROMS FREE anyways.
Cryptography is the key. and of course key signing protocols bettter then verisigns lame "im verisign because i say i am" method. then https can be nice. and of course if the nsa stopped being lame it wouldnt hurt.
THIS MEANS NOTHING and let me tell you why. These "smartest programmers" were coding because a manager told them to make something. look at wslt and tell me that ppp-encapsulation over wireless is secure. Until cryptography is done on the device, and strong. count me out of the wireless e-commerce movement. because it is STUPID.
what a waste of space . I though perl programmers knew when to condense? you have added for the runtime interpreter an extra 50 opcodes to process. CONGRATULATIONS on worthless code:P just in case you need to know.. perl -e 'print "this is how you do it...."'
A question i have not been able to fully answer is about how apple is planning on selling the new darwin based mac osx. If they are allowing people to add code to make the os work I find it appalling that they are then going to turn around and try to sell the comnpleted version to these developers. People who made it possible for this product to succeed are going to have to buy the workable part of the os, I think its obvious that macos doesnt work without its plaything of a gui. Part of my question is, when does this apple thingy stop being a mac and become a real unix machine anyways? And why not make the carbon what-not (obviously i dont use, or ever want to use a mac) ported to all linux's unix's etc.. ? Because to me that's what mac is. a GUI.
First and foremost you want intelligent administrators at your colo. Ones with a structured regiment for backups and preventive maintenance. A very important thing you will see really quick is that you also must require good customer care. For some people 24 hour respond time is okay, for some you need it at that exact second. If the second is what you require i dont recommend colo at all of course. Basically it comes down to service.
With a simple cronjob and Perl's wonderfulLWP module package, not to mention the other implemtations of tracking web-pages, any relativly smart administrator should already be doing this. It comes down to this, programmers are lazy and that is good, but is this just too lazy? phooey. Maybe this should be done as an apache module.. hrmm... maybe i should write that one.. mod_url_validator <Location/> Add-handler Check-Links </Location> or something like that... no i dont like it. too much overhead. well at least my first offer works, because i use it.
i dont know what the big fuss is anyways.. because StarOffice 5.1 DOES decode.doc files. I dont know how, and i dont care. All i know is i can read my pesky marketing peoples files in Linux. boind...goinbb.. pavementrocks.
I recommend the very standard Applied Cryptography by Bruce Schneider. It tells you why protocols are good and bad and it tells you why encryption algorithms are strong or weak. By the way, people dont just choose encryption schemes because they are popular, unless they are fools. They are chosen for protocol strength and the difficulty in cryptanalysis of CIPHER-text. or in laymans terms: "how much it doesnt suck".
The sftp protocol from ssh.com is nice, but not free. If you have people on your staff who have a brain and you dont mind telling them what an ftp tunneled connection is then I recommend using that. Does anyone know of a gui interpretation that competes in the commercial ssh realm that supports ssh2 client? BTW, you can allow users access only by their DSA keys, its the RequirePassword line, put that to no and make darn sure you generated your DSA keys correctly, longer the better! If you are looking for a VPN solution, I don tknow how this stands though, I dont see a good reason why it cant, and blowfish is fast as heck for that matter. One last note, ftp tunnels and the commercial sftp protocol dont encrypt the files themselves, just the password transmission stage. Then they watch the connections for hijacks. whoop
On the part that "It's just *one* person eho has to pay his rent!" this is very true. As a friend of Paul Nolan I know firsthand he is not wealthy. He is simply a very intelligent, friendly, cool hacker. Of course it would be cool to have the src for this app, but if that happened Paul would either be forced to work at some lame company to pay rent and devel more on Photogenics, or someone generous who has one of these jobs would need to donate a significant amount of money to the project. everyone has to eat.. so any of you post-ipo people out there who like Photogenics Im sure Paul wouldnt mind a nice contribution. Heck why not call him now! pick up the phone and dial. xxx-xxxx yeah whatever, shutup(\$me);
I emailed the legal consort for mattel about the cphack legal debate today. This is the entire message I composed after doing some reading of his dealings with this case before emailing him to avoid looking like a complete fool, and maybe partly from my ph43r of him hax0ring m3!!(jk) well here it is in its entirety
Mr.Schwartz subject:cphack? Hello Mr.Scwartz, I do not in any way enjoy the company of software piraters and i know from experience what it is like to literally survive from the sales of software I have written, it isnt easy.Just to make this clear up front, but keep reading, I dont want to write all this for nothing of course, =). But then again I am a large user and coder of open source, free software. Simply put without people like us you would not even receive this email, or any other. You wouldnt even be able browse 65% of the internet, case in point www.apache.org and www.sendmail.org. Thoughts should in only the most grave instances be censored, when someone finds a way to break software what the really smart people do is acknowledge the hole in structure exists and then fixes it. Where companies who are in chaos from trying to write software in corporate dungeons go wrong is they try to convince themselves that if they sue someone they will make the problem go away. Personally I wonder how difficult it would be to have the programmers of the software effected by cphack (i simply dont care to find out its name even) would have spent less time changing their encryption algorithm than the company has spent on going through legal proceedings. This is how technology advances, legal proceedings such as this just spread wanton fear "They should be afraid of being hauled into court on contempt proceedings," Schwartz told the judge. http://www.wired.com/news/politics/0,1283,35216,00 .html I personally do not enjoy being afraid, do you? I assume not. Also since I do not assume you have personal knowledge of computer engineering, as you probably assume I do not have personal real knowledge of legal proceedings to clarify things such as I read in your subpoena email, which is posted on http://www.politechbot.com/cyberpatrol/schwartz-03 2000.txt "Accordingly, I have included a subpoena to you that requires you to disclose the log of persons who downloaded either "CP4break.zip" and/or "cphack.exe". The problem with this logic is there is simply no way for you to get these logs from a person who does not wish them to you. More exact there is no guarentee any log is kept, no way to check without gaining superuser access to these computers and more importantly I believe there is no guarantee these files are what you assume them to be. And since there is no explicit discrimination between the information stored in them it is impossible to claim these people can be criminals. I can open up any text editor and save files named "CP4break.zip" in about 10 seconds, then make an html document that links to my in reality text file. Is that considered breaking the law? obviously not. So what would my simple recommendation be for companies like the ones you may work for? Instead of using old tactics that dictate legal proceedings to cover up a job not well done (ie. an encryption algorithm that was cracked) why not try to follow the lead of open source projects and the things that will be gained in the least would be 1) faster development of software 2) higher quality of this software 3) a faster turn-around from bug-find to bug-fix 4) higher user satisfaction. If that doesnt sound good to you then I must be a moron. Please note that the next sentence is not assuming knowledge of your persona, morals, ethics or any of the such because I simply do not know you but here it is. When you do your job as a lawyer in this nearly-free country please do so with a conciense and realize we are all people, and many of these people we have interaction with are evil people and with motives of injust cause. So on that note.! thanks for reading..and remember judges are just men in robes, when in reality we are all able to as thinking humans to make our own justice and use our own grace in making decisions. have a great day, week,month, whatever.... ms
A very important point to this subject is you must understand its not really politicians who rule this school (usa) but the corporations who pull their strings. So to say that techonologists dont have a say in things is partly true but not in the ways most people say it. The companies you work for have tons of say in matters. People who work for intel or microsoft for example work for companies who control things more than most senators. But the problem is who runs these companies, its not the technologists, its the marketers and business types (suits). So its basiclly the same personality type who runs for office who runs your company. No win situation. Whats the solution? who know... ms
First off what I would love to see is a law firm that specializes in high-tech cases, and I dont just mean some losers who act like touch shit. I want lawyers who are coders in their spare time. If this is too impossible a thought then im going to law school. What I dont think we need is dumbass running for office with the fake persona of a tech wizard turned peoples hero, as in "In the 80's I was a computer scientist for apple computers, elect me." Screw that. There is a gap for people in the political reign who understand this technology, as it is now no one seems to with any rank. Thank god this is america and politicians dont really mean jack, they are just puppets to the corporations that make the technology . w00T! ms
Slashdot Mirror
i was the first eng. at a web-dev shop in san francisco, papermedia. after 6 months of working there and growing about 3x the original size yet still not doing anything interesting - I started looking. I found a company that looked awesome, Collab.net, so i dropped my resume to them and only them. I even felt like a bit of a traitor for doing it. I had a phone interview with them soon after and was very impressed with them and scheduled an in-person interview.
I was nearly burnt out at the job i was still at, doing all the sysadmin work - some tech support - and doing a lot of the programming, and told the company I was taking my first 2 days off. On the evening of my first day off (a thursday) one of the two owners said there was an all-hands meeting the next morning and i had to come in for about 30 mins at 9 am i think. Well at 10am was my in person interview with collabnet. So I got there at 9am with no worries since both places were close from where i live in downtown.
well they laid off about 15 people myself included. after their lil spiel about how sad they were and how this wasnt personal in any way but a financial neccesity they asked if anyone had any questions. I asked what time it was, and when they told me and asked why, I replied, "I'm in a hurry because in 30 minutes a have my second interview with a much better company."
I filled out a few small papers, got a shitload of severence and left.
I'm now *extremely* happilly employed @collabnet.
Who's stabbin who?!!
public class MyStupidString extends java.lang.String
public void print(String message)
{
}
they don't allow ports with any type of security problem into their /usr/ports.
that's why you see less in openBSD then in freeBSD or netBSD. they simply have different standards
Hello my name is Chris Dibona, I fool with linux and misinterpret stupid things Microsoft does to make them look worse. Btw, heres my homepage it has a picture of my car.
INETF does NOT change ascii folks. It is a way microsoft uses to send text+proprietary attachments. The attachments part quoted from MS states
"A TNEF-encoded message contains a plain text version of the message, and a binary attachment that "packages" various other parts of the original message. In most cases, the binary attachment will be named Winmail.dat, and may include: The formatted text version of the message (font information, colors, and such) OLE objects (embedded pictures, embedded Office documents, and such) Special Outlook features (custom forms, voting buttons, meeting requests, and such) Regular file attachments that were added to the original message"
I hardly see the problem with "plain text version" unless that part is not ascii or something readable ie:unicode. But the site doesnt say that is the case at all. The only thing I can imagine being mad about having these messagess floating around the internet is if someone actually wanted those prettied up attachments that you may lose. Microsoft would not create a format people without ol2000 couldnt read mail from ol2000 users. not by default, not by force. "Oh no, my outlook express can't read my bosses email, better upgrade" nope that doesn't happen. Try actually something the software industry has had forever mr.dibona, TESTING. I can't imagine how so many people continously are living with a herd-mentality yet believing they aren't simply for reading this website. and btw. LAST POST
I would have to say the scariest thing coming out of the article on MSNBC is the quote "MSNBC.com learned of the flaw June 11, but agreed not to publish the information until Microsoft had a chance to supply a fix."
Which has some interesting implications i think. For companys like Microsoft to be able to cover up important press releases is one thing, and for the security crowd im sure you've all heard the term "security by obscurity". It never works.
This event makes me wonder what things a company like AOL, who owns too much (MONOPOLY), can cover up at will. If AOL had a security flaw I wonder how much press it would get. I have less faith in AOL software in terms of security then Microsofts but when was the last time there has been a public release of them doing anything wrong?
The media sucks is my point.
i hope so. heres why. .nes files for your fav nes-8bit carts, though good luck buying them at anywhere but a thrift store or ebay.
First off emulation of consoles isnt nesecarily illegal but playing a rom you dont own on cart certainly is. Meaning these companies that disown roms would have to take them and use them. I doubt on nintendo.com you are going to see anytime soon
Not only would ms microsoft have to play nice with companies like nintendo who i doubt it has ties with which would be lame, but it would take off the flash of newness that the x-console would have. If people start using it for nesticle wouldnt people ( hopfully) find out that its free and with enough crawling the net you can GET THOSE ROMS FREE anyways.
Cryptography is the key. and of course key signing protocols bettter then verisigns lame "im verisign because i say i am" method. then https can be nice. and of course if the nsa stopped being lame it wouldnt hurt.
THIS MEANS NOTHING
and let me tell you why. These "smartest programmers" were coding because a manager told them to make something. look at wslt and tell me that ppp-encapsulation over wireless is secure. Until cryptography is done on the device, and strong. count me out of the wireless e-commerce movement. because it is STUPID.
what a waste of space . I though perl programmers knew when to condense? you have added for the runtime interpreter an extra 50 opcodes to process. CONGRATULATIONS on worthless code :P
just in case you need to know.. perl -e 'print "this is how you do it...."'
A question i have not been able to fully answer is about how apple is planning on selling the new darwin based mac osx.
If they are allowing people to add code to make the os work I find it appalling that they are then going to turn around and try to sell the comnpleted version to these developers. People who made it possible for this product to succeed are going to have to buy the workable part of the os, I think its obvious that macos doesnt work without its plaything of a gui.
Part of my question is, when does this apple thingy stop being a mac and become a real unix machine anyways? And why not make the carbon what-not (obviously i dont use, or ever want to use a mac) ported to all linux's unix's etc.. ? Because to me that's what mac is. a GUI.
First and foremost you want intelligent administrators at your colo. Ones with a structured regiment for backups and preventive maintenance. A very important thing you will see really quick is that you also must require good customer care. For some people 24 hour respond time is okay, for some you need it at that exact second. If the second is what you require i dont recommend colo at all of course. Basically it comes down to service.
With a simple cronjob and Perl's wonderfulLWP module package, not to mention the other implemtations of tracking web-pages, any relativly smart administrator should already be doing this. It comes down to this, programmers are lazy and that is good, but is this just too lazy? phooey. Maybe this should be done as an apache module .. hrmm... maybe i should write that one.. mod_url_validator />
<Location
Add-handler Check-Links
</Location>
or something like that... no i dont like it. too much overhead. well at least my first offer works, because i use it.
i dont know what the big fuss is anyways.. because StarOffice 5.1 DOES decode .doc files. I dont know how, and i dont care. All i know is i can read my pesky marketing peoples files in Linux. boind...goinbb..
pavementrocks.
I recommend the very standard Applied Cryptography by Bruce Schneider. It tells you why protocols are good and bad and it tells you why encryption algorithms are strong or weak. By the way, people dont just choose encryption schemes because they are popular, unless they are fools. They are chosen for protocol strength and the difficulty in cryptanalysis of CIPHER-text. or in laymans terms: "how much it doesnt suck".
The sftp protocol from ssh.com is nice, but not free. If you have people on your staff who have a brain and you dont mind telling them what an ftp tunneled connection is then I recommend using that. Does anyone know of a gui interpretation that competes in the commercial ssh realm that supports ssh2 client? BTW, you can allow users access only by their DSA keys, its the RequirePassword line, put that to no and make darn sure you generated your DSA keys correctly, longer the better! If you are looking for a VPN solution, I don tknow how this stands though, I dont see a good reason why it cant, and blowfish is fast as heck for that matter. One last note, ftp tunnels and the commercial sftp protocol dont encrypt the files themselves, just the password transmission stage. Then they watch the connections for hijacks. whoop
can anyone understand a word this fool says? maybe its that double-bass drum, or the hockey. "must be the colors, and the kids" - cat power
On the part that "It's just *one* person eho has to pay his rent!" this is very true. As a friend of Paul Nolan I know firsthand he is not wealthy. He is simply a very intelligent, friendly, cool hacker. Of course it would be cool to have the src for this app, but if that happened Paul would either be forced to work at some lame company to pay rent and devel more on Photogenics, or someone generous who has one of these jobs would need to donate a significant amount of money to the project. everyone has to eat.. so any of you post-ipo people out there who like Photogenics Im sure Paul wouldnt mind a nice contribution. Heck why not call him now! pick up the phone and dial. xxx-xxxx yeah whatever, shutup(\$me);
I emailed the legal consort for mattel about the cphack legal debate today. This is the entire message I composed after doing some reading of his dealings with this case before emailing him to avoid looking like a complete fool, and maybe partly from my ph43r of him hax0ring m3!!(jk) well here it is in its entirety
0 .html I personally do not enjoy being afraid, do you? I assume not. Also since I do not assume you have personal knowledge of computer engineering, as you probably assume I do not have personal real knowledge of legal proceedings to clarify things such as I read in your subpoena email, which is posted on http://www.politechbot.com/cyberpatrol/schwartz-03 2000.txt "Accordingly, I have included a subpoena to you that requires you to disclose the log of persons who downloaded either "CP4break.zip" and/or "cphack.exe". The problem with this logic is there is simply no way for you to get these logs from a person who does not wish them to you. More exact there is no guarentee any log is kept, no way to check without gaining superuser access to these computers and more importantly I believe there is no guarantee these files are what you assume them to be. And since there is no explicit discrimination between the information stored in them it is impossible to claim these people can be criminals. I can open up any text editor and save files named "CP4break.zip" in about 10 seconds, then make an html document that links to my in reality text file. Is that considered breaking the law? obviously not. So what would my simple recommendation be for companies like the ones you may work for? Instead of using old tactics that dictate legal proceedings to cover up a job not well done (ie. an encryption algorithm that was cracked) why not try to follow the lead of open source projects and the things that will be gained in the least would be 1) faster development of software 2) higher quality of this software 3) a faster turn-around from bug-find to bug-fix 4) higher user satisfaction. If that doesnt sound good to you then I must be a moron. Please note that the next sentence is not assuming knowledge of your persona, morals, ethics or any of the such because I simply do not know you but here it is. When you do your job as a lawyer in this nearly-free country please do so with a conciense and realize we are all people, and many of these people we have interaction with are evil people and with motives of injust cause. So on that note.! thanks for reading..and remember judges are just men in robes, when in reality we are all able to as thinking humans to make our own justice and use our own grace in making decisions. have a great day, week,month, whatever.... ms
Mr.Schwartz subject:cphack? Hello Mr.Scwartz, I do not in any way enjoy the company of software piraters and i know from experience what it is like to literally survive from the sales of software I have written, it isnt easy.Just to make this clear up front, but keep reading, I dont want to write all this for nothing of course, =). But then again I am a large user and coder of open source, free software. Simply put without people like us you would not even receive this email, or any other. You wouldnt even be able browse 65% of the internet, case in point www.apache.org and www.sendmail.org. Thoughts should in only the most grave instances be censored, when someone finds a way to break software what the really smart people do is acknowledge the hole in structure exists and then fixes it. Where companies who are in chaos from trying to write software in corporate dungeons go wrong is they try to convince themselves that if they sue someone they will make the problem go away. Personally I wonder how difficult it would be to have the programmers of the software effected by cphack (i simply dont care to find out its name even) would have spent less time changing their encryption algorithm than the company has spent on going through legal proceedings. This is how technology advances, legal proceedings such as this just spread wanton fear "They should be afraid of being hauled into court on contempt proceedings," Schwartz told the judge. http://www.wired.com/news/politics/0,1283,35216,0
A very important point to this subject is you must understand its not really politicians who rule this school (usa) but the corporations who pull their strings. So to say that techonologists dont have a say in things is partly true but not in the ways most people say it. The companies you work for have tons of say in matters. People who work for intel or microsoft for example work for companies who control things more than most senators. But the problem is who runs these companies, its not the technologists, its the marketers and business types (suits). So its basiclly the same personality type who runs for office who runs your company. No win situation. Whats the solution? who know... ms
First off what I would love to see is a law firm that specializes in high-tech cases, and I dont just mean some losers who act like touch shit. I want lawyers who are coders in their spare time. If this is too impossible a thought then im going to law school. What I dont think we need is dumbass running for office with the fake persona of a tech wizard turned peoples hero, as in "In the 80's I was a computer scientist for apple computers, elect me." Screw that.
There is a gap for people in the political reign who understand this technology, as it is now no one seems to with any rank. Thank god this is america and politicians dont really mean jack, they are just puppets to the corporations that make the technology . w00T!
ms