I agree to an extent in that they're free to do whatever they want with the information you've given them, provided they don't break their own written policies or other contractual agreements that you might have made while signing up.
If their privacy policy states that they won't give your information out if you ask them not to, then you definitely have grounds for action if they've gone ahead and done so.
But if it doesn't, and there's nothing on the site that might imply that that is the case, then asking you what your preference is as far as marketing your personal information doesn't legally bind them to honoring that preference. It carries as much weight as a poll does.
I figure a projector against a spare wall would suffice as a good "wall display". The trick is getting data traditionally captured by your typical monitoring agent and getting it into a nice, *real time* image to project. That seems to be the elusive component.
(Apoligies for the off-topicness of this thread; I did attempt an Ask Slashdot submission instead, but it was rejected.:/)
The first question I'd ask is whether or not you need this solution to work over the Internet as a whole, or just within your organization. If you're OK with an intra-organization approach, simply get some group to take ownership of a private root certificate authority and pump out certificates as needed. Customized versions of software could be pre-configured to trust this organizational certificate, or instructions sent out that tell people how to get it trusted.
If you're looking for a solution that's cross-platform, there are options for most any OS for either a PGP-ish solution or a X.509-based solution (traditional Verisign-issued certificates), but as things are today, PGP-based solutions are generally easier for UNIX while X.509-based solutions are generally easier for Windows.
For Windows, a lot of the certificate stuff is built in, which makes it easy for applications to support it. There are PGP plug-ins, which, while not exactly polished, have worked for me in the past. (Function over form, if you ask me.)
For UNIX, you'll generally need OpenSSL-based software if you want to make use of X.509. For e-mail, mutt even has support for these certificates (which is how I'm starting to do things today, so that less savvy Windows users can get my signed messages without having to install extra PGP software).
If you ask me, the digital certificate approach seems to be winning out, for the usual Microsoft reasons. I personally like the way PGP-style authentication is done, where you explicitly trust your closest friends, and other peoples' keys can have trust inherited from that, etc. The way things are now, you kind of have to assume that the certificates you're given (bundled in your application) are really trustworthy. Given the volume of such certificates bundled in browsers today, it's only a matter of time before one of those barely-recognizable companies get their certificates compromised, at which point things are going to start sucking.
OT: Software for those wall-size displays?
on
The Root of All E-Mail
·
· Score: 3, Interesting
Out of curiosity, I've seen pictures of lots of NOCs that have similar setups as what's described in the article. What kind of software is usually used for putting real-time "war room" statistics up on NOC displays? Is it usually custom-written for each setup?
Though I think the original poster's numbers are questionable, the fact that the car itself is made of a lot of metal doesn't really factor into anything here, since the car's configuration doesn't change considerably. No matter where you are in the world, the same metal components are in the same place relative to the compass. The only time metal objects or other competing magnetic fields would mess things up is when they aren't constant (e.g. a car parked next to you that won't be there when you're elsewhere, etc.)
Why can't they just avoid this test with Domino?
on
ORBZ Shuts Down
·
· Score: 2
SMTP servers usually announce their name and version, right? These probes are relay probes checking for all of the various ways spammers can relay spam through a mail server, right? Why can't the probes simply skip this particular test, or use a slightly different relay test when it comes across an SMTP server carrying the Lotus signature? Sure, it means ORBZ is slightly less effective at identifying a potential SMTP relay, but it also doesn't DoS a buggy/misconfigured mail server and risk legal action.
It seems like this would be a better solution to the problem than simply throwing in the towel.
Sorry, I was making an assumption that in X years, security of hosts will reach a point where things like this can be done transparently and automatically. When you authenticate with a host (like your PC), you're authorizing the host to authenticate with your certificates on your behalf when you make use of network resources (e.g. e-mail) that you want to authenticate with.
I'm not going to try and solve the difficulties in making something like this happen today. Who knows, maybe by the time something like this happens we'll have private keys in physical cards or secured with biometric scanners. It doesn't seem out of the realm of possibility that these things will become more prevalent in the future and that it will make it easier for us to do just what I was describing.
I have a honeypot domain of sorts that I collect spam with. Not to analyze the spam, but to analyze how it got there. On a number of web sites I'm using a little CGI script that generates a dynamic e-mail address based on the IP of the visitor (and any forwarding-for information if it's a proxy) and the date/time. That way, when they spam the address, just by looking at the address I can tell how it was harvested and when.
I don't know if ISP's ever do anything with these types of complaints, though, so I don't know if this will ever be fruitful, but it's enough to satisfy curiosity..
Since spammers by their very nature do what they can to hide in anonymity (both to make it hard to filter repeat offenders and hard to track them down to "cancel" them), it makes me wonder if a push to fully authenticated e-mail might solve this.
I'd hate to label every piece of e-mail with a valid certificate (forcibly associating someone's words with their identity), though, but given the way things are moving, I can foresee this in the next 10-20 years.
Everybody will have a digital certificate, and every e-mail will be transparently and automatically signed with this certificate. People on the receiving end will know who's sending the message not by looking at the From: header but by examining the identity of the certificate, and users will be given the option to reject or accept messages that aren't signed (meaning the identity of the person can't be trusted). Since a high and growing percentage of this anonymous mail will be spam, eventually more and more people will start rejecting it, and spam will neatly kill itself off (at the same time killing off the ability for people to send e-mail anonymously).
It's a sad state of affairs, but it's going to be impossible in the near future to differentiate between e-mail sent from someone you don't know, and mass e-mail sent from a spammer.
The only relay tests I've seen tend to flag a relay as open only when the message is delivered. To flag a relay as "open" once it accepts a message would give you a lot of false positives, because the MTA is always free to bounce the message later. The only way you can tell if it's relaying mail is when you get a relayed piece of mail.
The network-aware Tierra was supposed to do a lot of this type of thing. You'd network a bunch of Tierra systems together, and the organisms could call a certain function to cause them to migrate to other systems on the network.
Unfortunately, like most other University-spawned projects, this project looks like it died as soon as the thesis was written.
I've tried implementing some stuff like this on my own, though, but I never seem to have enough spare time to finish it. A flexible engine with a published API and code, and sufficient opcodes for the organisms to actually do interesting stuff is what we need...
This is one of my long-standing rants: the need for America to constantly cater to the stupid and incompetant. Our judicial system has a very low definition of "common sense", which is what allows us to sue over hot coffee that we bought, sue because we decide to play vibration-enhanced games for 50% of our waking day and our hands start to go numb, etc. It's totally ridiculous. I think it's retarded that everywhere I look there are 50 stupid stickers and warning labels telling me not to ingest plastic bags, avoid sticking metal things into electrical outlets, not to drink household cleaners, etc.
If you ask me, a gene pool is improved by allowing people to do the things only they are stupid enough to do. We definitely need to jack up the definition of "common sense" in our legal system to something a bit more common sense.
They've already started. I wouldn't go so far as to say my network has been attacked from airport users, but I've had some "nuisances" doing their deeds from airports before.
I think the abuse issue is very serious. All you need is a script kiddie field trip to an airport for a bit and you have almost no accountability. How many airports would dispatch security guards with detection equipment to isolate an offender? How fast would that ever happen? Scary.
I agree.. if you are connecting a system to the Internet, there is a certain expectation that that system will be on the receiving end of Internet traffic, be it ICMP echo requests, or whatever.
If you don't like it, use packet filtering or authentication at the application level to keep the general public out. Attempts to circumvent that are a crime and should be pursued.
No offense, but there's no reason to disbelieve him here. Most real attacks and scans come from systems that have been compromised. He needs to be slapped around for not being more responsible with how he maintains his system, but he could be just as much a victim here as you are.
Of course, he could be lying, and might actually be the offender, but in my experience, this is rarely the case nowadays.
The IP's of the root servers are usually only "hard-coded" as "hints" for the resolver. All it needs is 1 hit on any of those hints and it will be able to obtain an "authoritative" list of those servers responsible for the root zone. Generally, those hints are then updated with that information. So unless all of the root servers get renumbered in a short period of time, there isn't much to worry about here.
You have some valid points, but renumbering a root server isn't so bad. You just don't want to do it too often.
CS: This is a degree for people who want to program
I agree 100%. It's the short track to becoming a programmer, especially if you have little actual background coding.
Computer Engineering: This is a degree for hardware people. This is a degree for serious geeks who like math and logic, but don't want to become programmers.
I disagree. This degree is for people that wish to fully understand how a computer does its job. The key difference between the CE degree at some (most?) universities and a CS degree is that the CE degree is out of the college of Engineering. Being full of engineering courses means you learn "Engineering Problem Solving", which in my opinion, makes you infinitely more able for programming and debugging issues spanning multiple platforms and applications.
As advice for others trying to think of what degree they want: it doesn't really matter from an employer perspective as much as practical experience. But don't just think, "Well if it doesn't matter, I'll just go for a busines degree," because that's stupid. Choose a degree that gives you the background you want to get out of a university. If you're strong in front-end coding but have a lot of difficulty understanding how things work on the back-end, go with a degree plan (or a bunch of electives) that gives you that background (like CE!), which will suddenly cause a bunch of front-end stuff to suddenly make sense and make you realize there are 3 other ways you could approach the problem that are more efficient. If you have difficulty understanding and choosing good algorithms, go with a CS degree. If you're going to be doing less coding than project planning, a business degree might just be what you need.
It all really revolves around what you want out of the degree. But don't short-change yourself by picking a degree where you aren't going to learn anything. Remember that you usually have plenty of time to change degrees (usually into your second or even third year without losing much, if any ground). So if you wanted to start hard and then fall back to something easier if you have difficulty, you can do that.
My thoughts were the same as yours until I read that there was no wiretap order granted here. Granted, a "similar" court order would still be needed to set this up (I would hope?), but I just wonder if that order is sufficient to justify this sort of surveillance. I think it's sufficiently similar to a wiretap to require the same type of court order... but is it?
The court has said that when you mail, you have a duty to figure out in advance what state the mailbox you're mailing to is in, and then find out the e-mail laws of that state and obey them.
I agree that this does sound like an unusual burdon to place on just any Joe User wanting to send e-mail to someone else over the Internet. However, the decision makes strong reference to the fact that this legislation only covers e-mail sent by way of systems physically located in California. If you own or operate equipment in a certain state, you should be aware of the laws governing the use of that equipment, and be prepared for situations like this. In this case, the judge seemed to acknowledge the fact that it's unreasonable to require every e-mail recipient to be checked for state of residency before e-mailing them. If your equipment (or equipment you're using as an MTA) is located within CA, it's subject to this legislation, and looking up this information is far easier.
There are also a couple of weaker arguments for why I think this is an acceptable burdon in this case:
1. If you're collecting e-mail addresses in a non-malicious fashion, you probably also have the opportunity to ask for the state the submitter lives in. If you collect your e-mail addresses properly, you should be able to figure out what state they're in and whether you should change your approach when spamming them. The majority of e-mail collection though is via harvesting or other nasty collection methods. I have no problem making it harder for those types of people to spam me.
2. If a company in the spamming business doesn't want to spend the time and money tracking down locality information for its "subscriber" list, all it has to do is make a careful study of the laws that could apply and make a reasonable effort to go with a lowest-common denominator. I mean really, is it really that bad to force yourself not to use misleading or falsified information in your advertising for everyone instead of just those people that live in a state where it's required? Even in cases where two states have conflicting laws (e.g. what to put in the subject line to identify your message as an advertisement), so long as you're making an honest effort to easily label your spam as such, I can't imagine you would ever be prosecuted in one state for not following the law to the letter when the intent of the law has been satisfied in good faith.
So basically, you're using e-mail for mass commercial advertising, not e-mail's intended purpose, so you need to be better prepared for legal issues than any Joe User needs to be for his personal or business correspondence. I think this is generally OK today, but I still agree with and will be keeping my eye on how OK things are as more states approach these issues in their own fashion.
you are letting all states put whatever rules they care to pass on E-mail, and putting a duty on everybody to know all the laws and know the state they are mailing.
I agree that this is a dangerous slope..
This is also compelled speech and apparently the defendant didn't even bring that issue up.
I disagree.. I could look at this from a couple of different angles..
1. The label is *operational* in nature, akin to a new SMTP header requirement without actually making changes to the Internet protocols (which, arguably, might be a better approach in the long run).
2. The label can be seen to be akin to content labels placed on music and television programs.
Is it compelled speech to require an advertiser to give *valid* information in his advertisements, and to provide sufficient contact information for the recipient to ask to be removed? Is that bad?
I agree though that this legislation makes you wonder what the future of e-mail will be if everyone and anyone ends up subjected to various laws and regulations that the average person cannot possibly keep track of.
Fortunately, for the general case of me e-mailing my friend Joe in California, no amount of law or regulation is really going to affect what I say to him or how I say it.
It's mighty presumptious to assume that because something seems to be working for you that it is representitive of what the rest of the world needs.
I didn't mean to imply that it's working "for me". I don't consider myself a programmer (though I made a very good start as one). I'm talking about an IT staff of developers numbering in the hundreds. Granted, my polling is not necessarily scientific, but of the 12-20 developers that stand out as being exceptional in their work, 0% have CS degrees. But all of them have degrees in other (usually related) fields.
...what you learn getting a CS degree is not all that important
I can see how you might want to interpret this and my previous comments as saying "CS degrees don't make a bit of difference." Despite these numbers, I DO believe they help. I've never stated otherwise.
Obviously you're going to have an easier time developing software with a CS degree than a metereology degree. My point was that there are other degrees (or series of classes for that matter) that teach skills that can take you much closer to your goal of being a competant (and exceptional) software "engineer" than a simple CS degree. But keep in mind that this depends entirely on the nature of the person. If they don't know squat about programming, they probably need a CS degree. If they have a firm grasp of programming concepts early, they might get more out of an electrical engineering degree instead. (I'm being overly general here and ignoring the fact that there are some dual-track majors and even dual-majors where you can get all of the skills of one degree and many of another.)
When I look through resumes, and see a candidate with a CS degree and a handful of development projects, odds are they're a competant programmer. When I see someone with a wider range of skills that can demonstrate good problem solving abilities, I know they will be an exceptional programmer, not just because they can design algorithms and lay out an application, but because they can identify the best tools for the job, evaluate their code's place in the greater whole and readily identify issues with related systems. My main point is that a CS degree doesn't readily prepare someone with those skills.
I think it would be enough, actually, for CS majors to go heavy in engineering electives, if that's possible. I know the university I went to actually had a hybrid of computer science and electrical engineering that seemed ideal for this sort of thing. You learn engineering skills in the context of computers, instead of something you'll probably never use. It's a harder degree, but I think most would get more out of it.
But anyways, it sounds like we might actually be trying to say much of the same thing, though we disagree in the details.
By definition, the place where I work is in the real world. I'm totally willing to admit that it may not be representative of every place a programmer is needed (and I believe I did in fact admit this in the last line of my original post). My experiences here are echoed in my prior jobs and through friends in related fields. I guess it's possible that I'm totally off-base here, but I don't think it's likely.
And I kind of resent the "bunch of fancy buttons for updating a database" comment. Do you really think that's all of the programming that's needed at a telecommunications company? I can give you a few pages of examples here, but if you can't come up with any on your own, I don't think it'll do any good.
I also never said anything about syntax or coding style. I believe I was trying to stress the need for people to have the skills in applying their knowledge to practical problems, and in problem solving skills to identify performance or other problems in complex applications that may have several diverse components in any number of technologies and languages. Note that I never said a degree (CS or otherwise) was a bad thing. My exact words were, "You need to know a lot more than this." And you do.
What was it about my post that ticked you off so much?
I have a Toshiba 40H80 with a high-definition DirecTV receiver. Normal satellite TV tends to have noticable MPEG artifacts (made a little more obvious by the high-quality display), but the high-definition programming is flawless. I'm sure if I got up right next to the screen and hunted for artifacts I might see some, but seriously, who does that?
I routinely watch many (most?) of my prime-time programs in clear high-definition format, and those movie channels available in high-definition are much more enjoyable. Most of my DVD's are afforded an automatic boost in quality simply by being on a 16:9 monitor (most wide-screen programs are recorded in their native format, and players connected to 4:3 monitors add the black bars so that the aspect ratio is fixed; this results in a loss of image data), and progressive scan brings them in much clearer and sharper than what I'd get with a normal TV. It's not high-definition, but visitors are still wowed nonetheless.
Standards may appear in a state of flux, and heck, they might change in a few years, but for today, the standards are set and deployed. I would not hesitate to recommend the purchase of a high-definition set and/or receiver for those that can afford it.
Obviously, HDTV is not ready for the big mass conversion yet, mainly due to the cost, but for those that are willing to pay a bit more for home entertainment, I personally think it's worth it. I know I get depressed when I go over to someone else's place and watch a TV or a movie.
In my experience, CS degrees don't always result in someone that can efficiently program practical applications. I work in the IT "online" department of a major telecommunications company. We have a fairly large staff of developers programming in a variety of languages, and while most (if not nearly all) have degrees, most of those degrees are not in computer science.
In fact, our most prominent developers and those in the higher architectural positions either have engineering degrees or some of the more difficult science degrees like physics.
CS, as a science degree, teaches you the science behind computing, as you state. It shows you different algorithms for solving problems, but is largely theoretical in nature and heavy in math. In the real world, you need to know a lot more than this to apply your work efficiently to real-world applications, and I find that engineering degrees tend to breed people that are better at applying what they've learned to build something efficient and robust than scientists do.
The bottom line: Knowing the science behind programming is not enough. You need to be strong in areas that promote efficiency and application in order to use what you know. Otherwise you will forever be a programmer at the bottom of the corporate food chain.
Slashdot Mirror
I agree to an extent in that they're free to do whatever they want with the information you've given them, provided they don't break their own written policies or other contractual agreements that you might have made while signing up.
If their privacy policy states that they won't give your information out if you ask them not to, then you definitely have grounds for action if they've gone ahead and done so.
But if it doesn't, and there's nothing on the site that might imply that that is the case, then asking you what your preference is as far as marketing your personal information doesn't legally bind them to honoring that preference. It carries as much weight as a poll does.
(Though I am not a lawyer.)
I figure a projector against a spare wall would suffice as a good "wall display". The trick is getting data traditionally captured by your typical monitoring agent and getting it into a nice, *real time* image to project. That seems to be the elusive component.
:/)
(Apoligies for the off-topicness of this thread; I did attempt an Ask Slashdot submission instead, but it was rejected.
The first question I'd ask is whether or not you need this solution to work over the Internet as a whole, or just within your organization. If you're OK with an intra-organization approach, simply get some group to take ownership of a private root certificate authority and pump out certificates as needed. Customized versions of software could be pre-configured to trust this organizational certificate, or instructions sent out that tell people how to get it trusted.
If you're looking for a solution that's cross-platform, there are options for most any OS for either a PGP-ish solution or a X.509-based solution (traditional Verisign-issued certificates), but as things are today, PGP-based solutions are generally easier for UNIX while X.509-based solutions are generally easier for Windows.
For Windows, a lot of the certificate stuff is built in, which makes it easy for applications to support it. There are PGP plug-ins, which, while not exactly polished, have worked for me in the past. (Function over form, if you ask me.)
For UNIX, you'll generally need OpenSSL-based software if you want to make use of X.509. For e-mail, mutt even has support for these certificates (which is how I'm starting to do things today, so that less savvy Windows users can get my signed messages without having to install extra PGP software).
If you ask me, the digital certificate approach seems to be winning out, for the usual Microsoft reasons. I personally like the way PGP-style authentication is done, where you explicitly trust your closest friends, and other peoples' keys can have trust inherited from that, etc. The way things are now, you kind of have to assume that the certificates you're given (bundled in your application) are really trustworthy. Given the volume of such certificates bundled in browsers today, it's only a matter of time before one of those barely-recognizable companies get their certificates compromised, at which point things are going to start sucking.
Out of curiosity, I've seen pictures of lots of NOCs that have similar setups as what's described in the article. What kind of software is usually used for putting real-time "war room" statistics up on NOC displays? Is it usually custom-written for each setup?
It does, actually, just insignificantly.
Though I think the original poster's numbers are questionable, the fact that the car itself is made of a lot of metal doesn't really factor into anything here, since the car's configuration doesn't change considerably. No matter where you are in the world, the same metal components are in the same place relative to the compass. The only time metal objects or other competing magnetic fields would mess things up is when they aren't constant (e.g. a car parked next to you that won't be there when you're elsewhere, etc.)
SMTP servers usually announce their name and version, right? These probes are relay probes checking for all of the various ways spammers can relay spam through a mail server, right? Why can't the probes simply skip this particular test, or use a slightly different relay test when it comes across an SMTP server carrying the Lotus signature? Sure, it means ORBZ is slightly less effective at identifying a potential SMTP relay, but it also doesn't DoS a buggy/misconfigured mail server and risk legal action.
It seems like this would be a better solution to the problem than simply throwing in the towel.
We could have a cntral database where everybody applies for a unique, easy to remember coputer name.
Something like DNS?
Sorry, I was making an assumption that in X years, security of hosts will reach a point where things like this can be done transparently and automatically. When you authenticate with a host (like your PC), you're authorizing the host to authenticate with your certificates on your behalf when you make use of network resources (e.g. e-mail) that you want to authenticate with.
I'm not going to try and solve the difficulties in making something like this happen today. Who knows, maybe by the time something like this happens we'll have private keys in physical cards or secured with biometric scanners. It doesn't seem out of the realm of possibility that these things will become more prevalent in the future and that it will make it easier for us to do just what I was describing.
I have a honeypot domain of sorts that I collect spam with. Not to analyze the spam, but to analyze how it got there. On a number of web sites I'm using a little CGI script that generates a dynamic e-mail address based on the IP of the visitor (and any forwarding-for information if it's a proxy) and the date/time. That way, when they spam the address, just by looking at the address I can tell how it was harvested and when.
I don't know if ISP's ever do anything with these types of complaints, though, so I don't know if this will ever be fruitful, but it's enough to satisfy curiosity..
Since spammers by their very nature do what they can to hide in anonymity (both to make it hard to filter repeat offenders and hard to track them down to "cancel" them), it makes me wonder if a push to fully authenticated e-mail might solve this.
I'd hate to label every piece of e-mail with a valid certificate (forcibly associating someone's words with their identity), though, but given the way things are moving, I can foresee this in the next 10-20 years.
Everybody will have a digital certificate, and every e-mail will be transparently and automatically signed with this certificate. People on the receiving end will know who's sending the message not by looking at the From: header but by examining the identity of the certificate, and users will be given the option to reject or accept messages that aren't signed (meaning the identity of the person can't be trusted). Since a high and growing percentage of this anonymous mail will be spam, eventually more and more people will start rejecting it, and spam will neatly kill itself off (at the same time killing off the ability for people to send e-mail anonymously).
It's a sad state of affairs, but it's going to be impossible in the near future to differentiate between e-mail sent from someone you don't know, and mass e-mail sent from a spammer.
The only relay tests I've seen tend to flag a relay as open only when the message is delivered. To flag a relay as "open" once it accepts a message would give you a lot of false positives, because the MTA is always free to bounce the message later. The only way you can tell if it's relaying mail is when you get a relayed piece of mail.
The network-aware Tierra was supposed to do a lot of this type of thing. You'd network a bunch of Tierra systems together, and the organisms could call a certain function to cause them to migrate to other systems on the network.
Unfortunately, like most other University-spawned projects, this project looks like it died as soon as the thesis was written.
I've tried implementing some stuff like this on my own, though, but I never seem to have enough spare time to finish it. A flexible engine with a published API and code, and sufficient opcodes for the organisms to actually do interesting stuff is what we need...
This is one of my long-standing rants: the need for America to constantly cater to the stupid and incompetant. Our judicial system has a very low definition of "common sense", which is what allows us to sue over hot coffee that we bought, sue because we decide to play vibration-enhanced games for 50% of our waking day and our hands start to go numb, etc. It's totally ridiculous. I think it's retarded that everywhere I look there are 50 stupid stickers and warning labels telling me not to ingest plastic bags, avoid sticking metal things into electrical outlets, not to drink household cleaners, etc.
If you ask me, a gene pool is improved by allowing people to do the things only they are stupid enough to do. We definitely need to jack up the definition of "common sense" in our legal system to something a bit more common sense.
They've already started. I wouldn't go so far as to say my network has been attacked from airport users, but I've had some "nuisances" doing their deeds from airports before.
I think the abuse issue is very serious. All you need is a script kiddie field trip to an airport for a bit and you have almost no accountability. How many airports would dispatch security guards with detection equipment to isolate an offender? How fast would that ever happen? Scary.
I agree.. if you are connecting a system to the Internet, there is a certain expectation that that system will be on the receiving end of Internet traffic, be it ICMP echo requests, or whatever.
If you don't like it, use packet filtering or authentication at the application level to keep the general public out. Attempts to circumvent that are a crime and should be pursued.
No offense, but there's no reason to disbelieve him here. Most real attacks and scans come from systems that have been compromised. He needs to be slapped around for not being more responsible with how he maintains his system, but he could be just as much a victim here as you are.
Of course, he could be lying, and might actually be the offender, but in my experience, this is rarely the case nowadays.
The IP's of the root servers are usually only "hard-coded" as "hints" for the resolver. All it needs is 1 hit on any of those hints and it will be able to obtain an "authoritative" list of those servers responsible for the root zone. Generally, those hints are then updated with that information. So unless all of the root servers get renumbered in a short period of time, there isn't much to worry about here.
You have some valid points, but renumbering a root server isn't so bad. You just don't want to do it too often.
CS: This is a degree for people who want to program
I agree 100%. It's the short track to becoming a programmer, especially if you have little actual background coding.
Computer Engineering: This is a degree for hardware people. This is a degree for serious geeks who like math and logic, but don't want to become programmers.
I disagree. This degree is for people that wish to fully understand how a computer does its job. The key difference between the CE degree at some (most?) universities and a CS degree is that the CE degree is out of the college of Engineering. Being full of engineering courses means you learn "Engineering Problem Solving", which in my opinion, makes you infinitely more able for programming and debugging issues spanning multiple platforms and applications.
As advice for others trying to think of what degree they want: it doesn't really matter from an employer perspective as much as practical experience. But don't just think, "Well if it doesn't matter, I'll just go for a busines degree," because that's stupid. Choose a degree that gives you the background you want to get out of a university. If you're strong in front-end coding but have a lot of difficulty understanding how things work on the back-end, go with a degree plan (or a bunch of electives) that gives you that background (like CE!), which will suddenly cause a bunch of front-end stuff to suddenly make sense and make you realize there are 3 other ways you could approach the problem that are more efficient. If you have difficulty understanding and choosing good algorithms, go with a CS degree. If you're going to be doing less coding than project planning, a business degree might just be what you need.
It all really revolves around what you want out of the degree. But don't short-change yourself by picking a degree where you aren't going to learn anything. Remember that you usually have plenty of time to change degrees (usually into your second or even third year without losing much, if any ground). So if you wanted to start hard and then fall back to something easier if you have difficulty, you can do that.
My thoughts were the same as yours until I read that there was no wiretap order granted here. Granted, a "similar" court order would still be needed to set this up (I would hope?), but I just wonder if that order is sufficient to justify this sort of surveillance. I think it's sufficiently similar to a wiretap to require the same type of court order... but is it?
The court has said that when you mail, you have a duty to figure out in advance what state the mailbox you're mailing to is in, and then find out the e-mail laws of that state and obey them.
I agree that this does sound like an unusual burdon to place on just any Joe User wanting to send e-mail to someone else over the Internet. However, the decision makes strong reference to the fact that this legislation only covers e-mail sent by way of systems physically located in California. If you own or operate equipment in a certain state, you should be aware of the laws governing the use of that equipment, and be prepared for situations like this. In this case, the judge seemed to acknowledge the fact that it's unreasonable to require every e-mail recipient to be checked for state of residency before e-mailing them. If your equipment (or equipment you're using as an MTA) is located within CA, it's subject to this legislation, and looking up this information is far easier.
There are also a couple of weaker arguments for why I think this is an acceptable burdon in this case:
1. If you're collecting e-mail addresses in a non-malicious fashion, you probably also have the opportunity to ask for the state the submitter lives in. If you collect your e-mail addresses properly, you should be able to figure out what state they're in and whether you should change your approach when spamming them. The majority of e-mail collection though is via harvesting or other nasty collection methods. I have no problem making it harder for those types of people to spam me.
2. If a company in the spamming business doesn't want to spend the time and money tracking down locality information for its "subscriber" list, all it has to do is make a careful study of the laws that could apply and make a reasonable effort to go with a lowest-common denominator. I mean really, is it really that bad to force yourself not to use misleading or falsified information in your advertising for everyone instead of just those people that live in a state where it's required? Even in cases where two states have conflicting laws (e.g. what to put in the subject line to identify your message as an advertisement), so long as you're making an honest effort to easily label your spam as such, I can't imagine you would ever be prosecuted in one state for not following the law to the letter when the intent of the law has been satisfied in good faith.
So basically, you're using e-mail for mass commercial advertising, not e-mail's intended purpose, so you need to be better prepared for legal issues than any Joe User needs to be for his personal or business correspondence. I think this is generally OK today, but I still agree with and will be keeping my eye on how OK things are as more states approach these issues in their own fashion.
you are letting all states put whatever rules they care to pass on E-mail, and putting a duty on everybody to know all the laws and know the state they are mailing.
I agree that this is a dangerous slope..
This is also compelled speech and apparently the defendant didn't even bring that issue up.
I disagree.. I could look at this from a couple of different angles..
1. The label is *operational* in nature, akin to a new SMTP header requirement without actually making changes to the Internet protocols (which, arguably, might be a better approach in the long run).
2. The label can be seen to be akin to content labels placed on music and television programs.
Is it compelled speech to require an advertiser to give *valid* information in his advertisements, and to provide sufficient contact information for the recipient to ask to be removed? Is that bad?
I agree though that this legislation makes you wonder what the future of e-mail will be if everyone and anyone ends up subjected to various laws and regulations that the average person cannot possibly keep track of.
Fortunately, for the general case of me e-mailing my friend Joe in California, no amount of law or regulation is really going to affect what I say to him or how I say it.
It's mighty presumptious to assume that because something seems to be working for you that it is representitive of what the rest of the world needs.
...what you learn getting a CS degree is not all that important
I didn't mean to imply that it's working "for me". I don't consider myself a programmer (though I made a very good start as one). I'm talking about an IT staff of developers numbering in the hundreds. Granted, my polling is not necessarily scientific, but of the 12-20 developers that stand out as being exceptional in their work, 0% have CS degrees. But all of them have degrees in other (usually related) fields.
I can see how you might want to interpret this and my previous comments as saying "CS degrees don't make a bit of difference." Despite these numbers, I DO believe they help. I've never stated otherwise.
Obviously you're going to have an easier time developing software with a CS degree than a metereology degree. My point was that there are other degrees (or series of classes for that matter) that teach skills that can take you much closer to your goal of being a competant (and exceptional) software "engineer" than a simple CS degree. But keep in mind that this depends entirely on the nature of the person. If they don't know squat about programming, they probably need a CS degree. If they have a firm grasp of programming concepts early, they might get more out of an electrical engineering degree instead. (I'm being overly general here and ignoring the fact that there are some dual-track majors and even dual-majors where you can get all of the skills of one degree and many of another.)
When I look through resumes, and see a candidate with a CS degree and a handful of development projects, odds are they're a competant programmer. When I see someone with a wider range of skills that can demonstrate good problem solving abilities, I know they will be an exceptional programmer, not just because they can design algorithms and lay out an application, but because they can identify the best tools for the job, evaluate their code's place in the greater whole and readily identify issues with related systems. My main point is that a CS degree doesn't readily prepare someone with those skills.
I think it would be enough, actually, for CS majors to go heavy in engineering electives, if that's possible. I know the university I went to actually had a hybrid of computer science and electrical engineering that seemed ideal for this sort of thing. You learn engineering skills in the context of computers, instead of something you'll probably never use. It's a harder degree, but I think most would get more out of it.
But anyways, it sounds like we might actually be trying to say much of the same thing, though we disagree in the details.
Why the hostility?
By definition, the place where I work is in the real world. I'm totally willing to admit that it may not be representative of every place a programmer is needed (and I believe I did in fact admit this in the last line of my original post). My experiences here are echoed in my prior jobs and through friends in related fields. I guess it's possible that I'm totally off-base here, but I don't think it's likely.
And I kind of resent the "bunch of fancy buttons for updating a database" comment. Do you really think that's all of the programming that's needed at a telecommunications company? I can give you a few pages of examples here, but if you can't come up with any on your own, I don't think it'll do any good.
I also never said anything about syntax or coding style. I believe I was trying to stress the need for people to have the skills in applying their knowledge to practical problems, and in problem solving skills to identify performance or other problems in complex applications that may have several diverse components in any number of technologies and languages. Note that I never said a degree (CS or otherwise) was a bad thing. My exact words were, "You need to know a lot more than this." And you do.
What was it about my post that ticked you off so much?
I have a Toshiba 40H80 with a high-definition DirecTV receiver. Normal satellite TV tends to have noticable MPEG artifacts (made a little more obvious by the high-quality display), but the high-definition programming is flawless. I'm sure if I got up right next to the screen and hunted for artifacts I might see some, but seriously, who does that?
I routinely watch many (most?) of my prime-time programs in clear high-definition format, and those movie channels available in high-definition are much more enjoyable. Most of my DVD's are afforded an automatic boost in quality simply by being on a 16:9 monitor (most wide-screen programs are recorded in their native format, and players connected to 4:3 monitors add the black bars so that the aspect ratio is fixed; this results in a loss of image data), and progressive scan brings them in much clearer and sharper than what I'd get with a normal TV. It's not high-definition, but visitors are still wowed nonetheless.
Standards may appear in a state of flux, and heck, they might change in a few years, but for today, the standards are set and deployed. I would not hesitate to recommend the purchase of a high-definition set and/or receiver for those that can afford it.
Obviously, HDTV is not ready for the big mass conversion yet, mainly due to the cost, but for those that are willing to pay a bit more for home entertainment, I personally think it's worth it. I know I get depressed when I go over to someone else's place and watch a TV or a movie.
In my experience, CS degrees don't always result in someone that can efficiently program practical applications. I work in the IT "online" department of a major telecommunications company. We have a fairly large staff of developers programming in a variety of languages, and while most (if not nearly all) have degrees, most of those degrees are not in computer science.
In fact, our most prominent developers and those in the higher architectural positions either have engineering degrees or some of the more difficult science degrees like physics.
CS, as a science degree, teaches you the science behind computing, as you state. It shows you different algorithms for solving problems, but is largely theoretical in nature and heavy in math. In the real world, you need to know a lot more than this to apply your work efficiently to real-world applications, and I find that engineering degrees tend to breed people that are better at applying what they've learned to build something efficient and robust than scientists do.
The bottom line: Knowing the science behind programming is not enough. You need to be strong in areas that promote efficiency and application in order to use what you know. Otherwise you will forever be a programmer at the bottom of the corporate food chain.
My two cents, anyway. Your experiences may vary.