The one concrete example given is just a local privilege escalation, which is not really all that serious.
This one sentence makes clear your lack of experience. A "local" priv escalation makes ANY remote hole r00t explotable. It's serious, maybe more than most "remote" exploits!
As somebody who's spent days (hopefully) digging rootkits out of hacked systems, I can assure you that while remote holes are important, local priv exp holes are every bit as serious.
For example, a system I admin was exploited by a hole in ProFTPd. (Yeah, thought I was catching everything with yum, this one had been compiled in and forgotten about ages ago) But, since the system was otherwise well patched, (no other known local exploits) he/she/it never got any farther than the unpriviledged anonymous account. Once discovered, the hole was easily closed off.
Wow, the AMD fanboys are out in force tonight. From this source [computerworld.com.au], which is three months old and so relatively recent:
* AMD's new fab, Fab 36, supports 300mm wafers (like Intels have for some time).
* It uses a 90nm process (Intel and IBM have been on 65nm for some time).
* It will transition to 65nm by the end of 2006.
* It will use 45nm and 32nm processes by the end of the decade.
What I really just don't get is, how come the AMD chips, with this clearly antiquated technology, manage to handily outperform the newer, "high-tech" Intel chips, at better prices?
I just bought several nice, dual-proc opteron servers, and these puppies SCREAM!!!
I hope 20 or so of those hours are paid overtime. I can't stand seeing some of my friends (grad lawyers and engineers) doing unpaid overtime because it's 'standard' in the industry or necessary to 'get ahead'. I'm out of here the second the clock strikes five (actually, usually 5 to 5 to get the good bus:) unless there's a project that needs to be worked on to meet deadline and I've got some pre-approved paid overtime (or some agrreed time off in lieu). Happily this is the norm at my company and it is the first job I had out of Uni, and I know it's harder to quit such a job if the culture in your workplace is all about unpaid overtime, but once you start submitting to that bullshit you can wave bye to your life IMO. If I didn't have a good five hours after work to relax and do other things I think I'd go quite mad...
That all changes when you own part of the company you work with, and profit from its growth directly.
I have a career that I love. I work for people I love. The work I do (write niche software facilitating education) is a cause I love.
I get paid rather well, to do work I love, for people I like working with. It wasn't at all easy to get here but I persisted in doing what I love, and what I get passionate about.
And I love it.
Seriously, the only problems with doing what you love is
A) Figuring out how to make doing what you love create wealth desired by somebody else, and
B) Finding that somebody else.
People that are passionate about what they do are more productive than those who dread monday morning. So, it's easy to see why somebody, passionate about their work, following their dreams, can live without the political infrastructure of an existing company.
In short, if you really love what you do, do as Paul suggests and consider a startup! It's risky, and it's hard, HARD work. It requires that you give all you've got and then some, and you're more likely to blow it than not, sometimes in embarrassing ways. If it wasn't hard and risky, everybody else would do it, too!
I've been involved with 5 startups, 1 was barely break-even (actually, net loss unless my time was free) and 1 was profitable. The one that's profitable is the one I'm still with, that I love doing.
So ask yourself: how much do you value your own happiness and satisfaction? Be honest. If you don't much care about "putting in the time", then get up tomorrow morning at 7:30 AM, spend 20 minutes on the freeway, and make sure you get to your job 10 minutes early, so that the boss notices and gives you that $1.00/hr raise you're hoping for at the annual employee review next summer!
But, if you value your satisfaction, sense of accomplishment, and love of life, consider what you really like to do, what would bring satisfaction day in and day out, and what legacy you want to leave behind you. Decide who you want to be, and be that person.
And go for it!
My story? Well, I've always been at least peripherally involved with IT. I knew all about the 386DX vs the 386SX vs the 486DLC back in the day. I've nearly always had a computer of some type, and took some programming classes in college - but never found my passion.
In 1996 I started a computer store, with $2,000 and some card tables set up in a shop downtown. In a short while, working, hustling and selling, I had a decent business going. But it sucked. Windows driver conflicts were such a pain, customers returned computers when they visited porn sites and got a virus, you name it. I got sick of "wipe and reload". I hated it.
But I was making pretty good money! Not like, wealthy or anything, but considerably better than most jobs. During this time, I met a gentlemen who mentioned Linux for the first time. I did some searching. I bought "Red Hat Linux for Dummies" complete with a copy of Red Hat 5.1. I experimented with it, and discovered that I LIKED it. It blew me away when I hacked together a relational database with BASH! (simple/stupid, but it worked)
Very quickly, I wanted to do Linux and databases full time, and after alot of discussion, I got my wife to agree.
In the spring of 2000, I gave the shop to my manager for just $10,000. (basically, the money that I owed) I pursued a contract that would give some immediate money, and worked HARD on honing my skills. I read books, websites, etc. every chance I got. Work got hard to find, and things got very tight for a while. (You may recall a certain recession going on about 2002/03) I almost lost my house. Repeatedly. I worked long, 14-hour days, coaxing whatever money I could out of the meager contracts I managed to close.
Bills weren't getting paid, kids needed new clothes and shoes, and I was stressed to the max. I started having trouble with high blood sugars, and terrible insomnia - often several days without sleep.
But the turnaround was so sudden, it was very difficult to adjust to. In a single month, my income quintupled! And, not
Why does $a = $b; work even if $b doesn't exist yet
<? $a=$b; if (isset($a))
echo 'good'; ?>
PHP Notice: Undefined variable: b in/home/httpd/html/test.php on line 3
and at best displays a warning if you've enabled the corresponding non-default option?
This is default behavior that I see on my CentOS 4.2 linux server.
With such a huge standard library, where's some decent database abstraction?
Ever heard of PEAR?
Why the hell does the . operator go against so far against common usage and sanity to be concatenation?
As opposed to... eh, bash? (where the dot means "include file...") or perhaps perl regex, (where dot means "any character") or perhaps javascript (where dot means method of object nnn).
Just what IS the "common usage" for these dot things, anyway? Perhaps you meant "my preferred usage"?
(answer: bad design choices in the beginning, which has also spawned such ugly workarounds as the === operator)
Actually, I *LIKE* the "==" vs "===" thing. There are times when I don't mind a string "0" being considered equivalent to the integer 0. Other times, I do care. Most times I don't, so "==" works well. How is this a "bad design choice"?
As you said, it might have superficially seemed nicer than Pascal, but times have changed. It needs to die already.
And it's a good thing that PHP as a language doesn't depend on YOU. But, I'm curious, what do you think should replace it?
We're using sbl-xbl.spamhaus.org with good results, but have had serious issues getting much else to work consistently. It seems that the latest RBL comes and goes.
Are you just chasing them as they come and go, or do you have a few other favs I might consider?
I know PHP has matured as a technology when people feel it's painful to use.
Are you KIDDING?!?!?
15 years ago, I took some college classes on programming. Then, the "thing to do" for intro programming was Pascal - with all the super-strict data types, memory allocation, linked lists, and compiling crap. I hated it - somebody would type a number 3, I'd add 5 to it, and get 56. It was painful to get an input form that somebody could type some stuff in.
Yes, I know about the ASCII char table, and it seems just stupid to me that I, as the programmer, have to know this just to add 3+5=8.
When I discovered it 5 years ago, PHP had fixed all that. Its functions are generally self-descriptive, adding a "5" to any "3" results in an "8", there's no compiling or anything like that, the syntax error messages give a clear idea where the problem might be, and the php.net website is very well maintained. And, I don't have to worry (much) about memory management, either.
The lack of all these worries means I can just focus on the problem at hand. PHP has made me love programming!
You want globals? Set "php_value register_globals on" in your apache config or.htaccess. It's possible to write secure code with register_globals on, it's just more difficult. Far too many programming mistakes came from this.
Otherwise, just take pride in writing decent, secure code, and get on with it!
Between this and the insistence of people to teach ID as though it is a science, the future looks grim for US education. If I ever have kids, I can guarantee you that they won't go to school in the US. Because I refuse to sabotage their competitive future in the world just to satisfy some right-wing nutjobs who have no idea what real discrimination (or debate) is.
There are lots of us USians who would agree with that statement. That's why homeschooling is such a force here. I've homeschooled my 5 kids all the way thru - I have two 17 YO (yes, twins) now attending their 2nd year of college, getting ready for a career in genetic engineering.
There are lots of reasons why homeschooling your family is a good choice, but I wouldn't consider it if you (the parent(s)) aren't fairly well educated. (EG: college level education) Kids will generally model their peers, and as a homeschooled family, that means the parents, more so than children educated in public school.
As an adult, I've taught myself software programming, database design, and Linux system administration skills, so I've effectively homeschooled myself. I've got a lucrative career doing the above in numerous contexts despite having no college degree.
It's not been difficult to model this for my children!
Anyway, my answer to his problem is this: What about people who go into hypothermia in normal situations? Or people who are clinically dead but are then resuscitated?
Or how about this: If the soul goes to heaven immediately at the time of death, then what's the point of a Christian burial? Why don't we just cremate everybody and save valuable real estate for mad scientists and their ilk?
// OBLIGATORY SIMPSONS REFERENCE//
Milhouse: Will there be cavemen in heaven?
Sunday School Teacher: Certainly not!
Bart: Uh, ma'am? What if you're a really good person, you get into a really, really bad fight and your leg gets gangrene and it has to be amputated. Will it be waiting for you in heaven?
Sunday School Teacher: For the last time, Bart, yes!
PAUSE
Sunday School Teacher: Bart?
Bart: What about a robot with a human brain?
Sunday School Teacher: [at the breaking point] I don't know! All these questions! Is a little blind faith too much to ask!?!
There's a formula you can use to help you figure this out.
A) Take the amount of money you're getting IN SALES of older product. Pull a number out your arse to represent the goodwill you get by supporting older products, and add it in.
B) Take the amount of money you're spending TOTAL to support older product. Include salaries, time estimates, etc. Add in the costs of anticipated sales you'd get by people upgrading to the newer version.
Profits=$A-$B;
when Profit is close to or less than zero, you need to drop it.
For some of my specially-crafted, workflow applications, I actually require end users to use Mozilla or Firefox in certain places. In this case, the margins on the sales are high, the number of people using it is fairly limited, and the code being displayed is rather complex, so the cost of getting all the required features working in the legacy IE5/6 browsers was large, while the benefit of supporting doing so was minimal. I don't get asked about supporting IE, but I do get asked lots about Mac.
You want feature N? Get Mozilla. Free download! Works on Windows, Linux, and Mac!
But here's what's interesting - because the antivirus email was SO effective, I never even knew it to be a problem! How long before the majority of the traffic online is malicious, but it doesn't matter because it's filtered?
I'm upgrading my personal mailserver from RedHat 7.2 (now no longer supported by Progeny, alas) tonight to CentOS 4.2. For about 1/2 hour, my new mail server's antivirus wasn't set up, even though email service was on.
I was SHOCKED at how many viruses came in - like 40, more than 1 per minute! That means that this mail server was getting some 1,500 crap emails for me every day.
Unbelievable...
I've just gotten used to never seeing viruses in my email - it's an incredible crapflood of this stuff out there.
Why not set up a website so that people can register their complaints? I'd suggest that we should have a registering service where SBC/Bell South customers could register their BellSouth address and must be confirmed by clicking on a link in a confirmation email we'd send.
I will provide hosting, and PHP scripting to do the above, if somebody here can produce some HTML that doesn't look like a dog's back end.
I did. I also made sure to inform them that I wanted ESPN/360, filling out the little form, and included the (unused) email address provided to me by SBC. Go ahead, let's apply the screws the OTHER way, eh?
Just checked my new, freshly installed, CentOS 4.2 X86/64 Opteron server to see what flavor of PERL it's running - and....
perl 5.8.
Come on now, how long as Perl 6 been in beta? According to this page, it's been an ongoing effort for at least 3 years, and the oldest link on that page talks about how long it's been since a Perl 6 update!
It's like waiting for the next release of Debian - don't hold your breath, don't delay your shower. Check back when your grandson has his first kid.
For years, I've kept my own NTP server. It has references to like a dozen other NTP servers, and then all my other servers reference my own NTP server. I'm not as interested in having time 100% spot perfect, as in having all the servers together, so that cross-examining log files is possible. (BTW, setting up an NTP server takes all of about 10 minutes, with basically zero administration, other than making sure that NTPd is running)
I don't do any address restriction on the NTP server. Anybody doing a UDP sweep could find this time server easily. Is this a "Public" NTP server?
Now, at the moment, this particular time server sits on a DSL line, (NTP is pretty lightweight) so I don't go publishing it, but what constitutes a "public" NTP server - the DNS name, or its inclusion on a particular published list?
People in the 1950's were told that washing machines, vaccuum cleaners etc would allow housewifes/etc to get the jobs done so quickly they'd have more time for leisure, but repeated surveys of housewife's/etc show no increase in happiness.
If you give a generally unhappy person $1,000,000, they'll be happy for a brief time, and then blow it somehow, and won't end up any happier than before.
People's happiness isn't guaged by an absolute definition of wealth except at the starvation/no place to sleep point. Once you reach a minimum level of wealth, happiness becomes an individual thing, and one's perspective of well being is based on the well being of those around you.
In short, a Pygmy with a beautiful, feathered gown probably feels about as happy and well off as a Los Angelean with a BMW, as long as they are both basically fed and sheltered.
So, if high tech doesn't make you happier, what does it give you? Well:
1) Long life - people today live longer than ever before in recorded history.
2) Enough to eat, consistently. Even in the impoverished areas, the count of average calorie consumption is and has been consistently on the rise,
3) Low pollution - yes, you read that right. Once people achieve a certain level of wealth, they have the time and energy to figure out how to clean things up so that their skies are blue and their waters fresh. Compare the various ecological measures in the first world, and compare them to, say, Rwanda. You'll get the idea pretty quick...
If you pay close attention to what I wrote, you'd find that it describes cyclic activity. Furthermore, a "standing wave" isn't constant - it's just a wave that regularly appears at known points.
Ok, so using ultrasonics, they're able to create momentary "pops" that produce a heat flash in a special mix of deuterium. Cool. What about applying technologies such as those that product so-called 'standing waves' or accoustic levitation?
In sort, it may be possible, using a careful design of sonic generators, and specially designed chambers, to create a single, constant, "fusion point" in a sonic chamber. Furthermore, I believe it would be possible to tune the sonic chamber so that the vibrations from the release of energy from the fusion reaction create the sonic conditions necessary to repeat the process - at this point, it's not only self-sustaining, but self-regulating, since increasing the energy release from a reaction changes the sonic conditions, making the next reaction sub-optimum, reducing the reaction to something closer to tolerances.
Easy? No. There's plenty of work to be done to make it happen. But, I'll bet it's possible.
Now that I've posted these ideas on slashdot, I have one year to submit a provisioenal patent request to the USPO if I want to patent this idea. (It'd only cost me about $500 to do this, since I can do almost all the work myself!)
Dunno about you, but it looks to me like what we really have here is a glorified, low-level battery. The key is that one pole is aluminum, the other is copper. If they are both the same metal, then you have something.
The energy is coming from the interaction of a mildly acidic tree against the metal in the poles, and over time, the poles will corrode. It will take more energy to keep the poles uncorroded than will be generated by the "tree battery".
In short, a Jr. High School project can do better with a plate of copper, a plate of aluminum, and some paper soaked in lemon juice!
I wonder sometimes if AMD's lead over Intel over the past couple years has had any effect on Dell, considering the brand awareness of Intel, very cheap low-end computers by Dell, and inherent conservative-ness of major corporations (read: customers).
I'm by no means a "big fish", but in the past 6 months, I've been part of 6 migrations on 6 new servers. ALL the new servers were opteron-based, 1U rack mounted systems ranging in price from $1,500 to $4,800. We looked closely at Dell's Xeon-based servers.
The deal breaker? If we needed to, we could take systems built on the Opteron and load them on an Athlon/64 from a local L33T gamerz computer store; the same could not be said for Xeons, which have no equivalent, consumer-grade processor.
Oh, and the Opteron systems are just simply AWESOME. A dual-proc Opteron 2 Ghz will load a Postgres database of a few hundred megabytes in 30 seconds. An older P4 2.5 Ghz system takes over 5 minutes. This while under production load, mid-day.
Most programmes written in C and C++ crash due to buffer overflows, which frequently lead to running unsigned code./JOKE
Well, I'm glad I use PHP so that I don't have any of those nasty, security problems!/SERIOUSLY
It's kinda funny - things like buffer overflows just don't really happen in PHP (at least, in the PHP code, a few have been found in the C code in which PHP itself is written) but there are still a slew of security issues. A few I end up thinking about most:
1) SQL-Injection. This can be handled by exclusive use of prepared statements. 2) Shell injection. This is best handled by a shell command wrapper, with arguments passed in via an array. 3) Cross-site scripting, HTML injection attacks. I don't yet have a good way to handle this, other than manual calls to strip_tags(); I wish there was a way to shotgun fix this problem. 4) Uninitalized variables - this is a matter of structuring the code right, so that they just don't happen. It'd be nice if there was an "init" function that, when not used, would at least trigger a warning error if you accessed a variable that was previously unitialized. EG: init($var, array());
Give me a clear, predefined spec, and I'll meet it. I'll guarantee bug fixes,too.
But that's not how software evolves.
Despite careful attention, despite voluminous meetings, emails, and specifications, I never get a clear idea what the client needs me to develop until AFTER a prototype has been built.
In fact, I'd wage that there's a quasi-quantum principle at work: You can either work towards the customer's actual needs, or the predefined, agreed upon specification/costs/specifications. Answering either means ignoring the other.
Consider this the Heisenberg Uncertainty principle. The software is half-dead, half-alive. Either it meets the needs of the customer (and associated scope creep, bugs, ets) or the originally defined specification. Releasing the software defines whether the cat is dead or alive.
It seems that:
1) People will commit, in aggressive fashion, that they need something until they get it, at which point, they'll angrily point out all the flaws in it.
2) People don't actually know what they need until they see that what they have isn't it.
3) When you take anything produced because of (1), and then compare that to the feedback produced by (2), you end up with cases where the code is producing a result unexpected in the original design.
These are called bugs.
4) The only intelligent way to proceed with (1) and (2) is to consider software an iterative process, where (1) and (2) combine with (3) and lots of debugging to result in a usable product.
There are errors in XP that were unfixed errors in 98. I've seen 2 errors in XP that were identical to ones in 3.1. That is a lack of attention to detail.
You say this like it was a problem. But what were the errors?
Things like: "boot disk failure" probably wouldn't change much from DOS 1.0 to WinXP....
Slashdot Mirror
The one concrete example given is just a local privilege escalation, which is not really all that serious.
This one sentence makes clear your lack of experience. A "local" priv escalation makes ANY remote hole r00t explotable. It's serious, maybe more than most "remote" exploits!
As somebody who's spent days (hopefully) digging rootkits out of hacked systems, I can assure you that while remote holes are important, local priv exp holes are every bit as serious.
For example, a system I admin was exploited by a hole in ProFTPd. (Yeah, thought I was catching everything with yum, this one had been compiled in and forgotten about ages ago) But, since the system was otherwise well patched, (no other known local exploits) he/she/it never got any farther than the unpriviledged anonymous account. Once discovered, the hole was easily closed off.
Wow, the AMD fanboys are out in force tonight. From this source [computerworld.com.au], which is three months old and so relatively recent:
* AMD's new fab, Fab 36, supports 300mm wafers (like Intels have for some time).
* It uses a 90nm process (Intel and IBM have been on 65nm for some time).
* It will transition to 65nm by the end of 2006.
* It will use 45nm and 32nm processes by the end of the decade.
What I really just don't get is, how come the AMD chips, with this clearly antiquated technology, manage to handily outperform the newer, "high-tech" Intel chips, at better prices?
I just bought several nice, dual-proc opteron servers, and these puppies SCREAM!!!
I hope 20 or so of those hours are paid overtime. I can't stand seeing some of my friends (grad lawyers and engineers) doing unpaid overtime because it's 'standard' in the industry or necessary to 'get ahead'. I'm out of here the second the clock strikes five (actually, usually 5 to 5 to get the good bus:) unless there's a project that needs to be worked on to meet deadline and I've got some pre-approved paid overtime (or some agrreed time off in lieu). Happily this is the norm at my company and it is the first job I had out of Uni, and I know it's harder to quit such a job if the culture in your workplace is all about unpaid overtime, but once you start submitting to that bullshit you can wave bye to your life IMO. If I didn't have a good five hours after work to relax and do other things I think I'd go quite mad...
That all changes when you own part of the company you work with, and profit from its growth directly.
I have a career that I love. I work for people I love. The work I do (write niche software facilitating education) is a cause I love.
I get paid rather well, to do work I love, for people I like working with. It wasn't at all easy to get here but I persisted in doing what I love, and what I get passionate about.
And I love it.
Seriously, the only problems with doing what you love is
A) Figuring out how to make doing what you love create wealth desired by somebody else, and
B) Finding that somebody else.
People that are passionate about what they do are more productive than those who dread monday morning. So, it's easy to see why somebody, passionate about their work, following their dreams, can live without the political infrastructure of an existing company.
In short, if you really love what you do, do as Paul suggests and consider a startup! It's risky, and it's hard, HARD work. It requires that you give all you've got and then some, and you're more likely to blow it than not, sometimes in embarrassing ways. If it wasn't hard and risky, everybody else would do it, too!
I've been involved with 5 startups, 1 was barely break-even (actually, net loss unless my time was free) and 1 was profitable. The one that's profitable is the one I'm still with, that I love doing.
So ask yourself: how much do you value your own happiness and satisfaction? Be honest. If you don't much care about "putting in the time", then get up tomorrow morning at 7:30 AM, spend 20 minutes on the freeway, and make sure you get to your job 10 minutes early, so that the boss notices and gives you that $1.00/hr raise you're hoping for at the annual employee review next summer!
But, if you value your satisfaction, sense of accomplishment, and love of life, consider what you really like to do, what would bring satisfaction day in and day out, and what legacy you want to leave behind you. Decide who you want to be, and be that person.
And go for it!
My story? Well, I've always been at least peripherally involved with IT. I knew all about the 386DX vs the 386SX vs the 486DLC back in the day. I've nearly always had a computer of some type, and took some programming classes in college - but never found my passion.
In 1996 I started a computer store, with $2,000 and some card tables set up in a shop downtown. In a short while, working, hustling and selling, I had a decent business going. But it sucked. Windows driver conflicts were such a pain, customers returned computers when they visited porn sites and got a virus, you name it. I got sick of "wipe and reload". I hated it.
But I was making pretty good money! Not like, wealthy or anything, but considerably better than most jobs. During this time, I met a gentlemen who mentioned Linux for the first time. I did some searching. I bought "Red Hat Linux for Dummies" complete with a copy of Red Hat 5.1. I experimented with it, and discovered that I LIKED it. It blew me away when I hacked together a relational database with BASH! (simple/stupid, but it worked)
Very quickly, I wanted to do Linux and databases full time, and after alot of discussion, I got my wife to agree.
In the spring of 2000, I gave the shop to my manager for just $10,000. (basically, the money that I owed) I pursued a contract that would give some immediate money, and worked HARD on honing my skills. I read books, websites, etc. every chance I got. Work got hard to find, and things got very tight for a while. (You may recall a certain recession going on about 2002/03) I almost lost my house. Repeatedly. I worked long, 14-hour days, coaxing whatever money I could out of the meager contracts I managed to close.
Bills weren't getting paid, kids needed new clothes and shoes, and I was stressed to the max. I started having trouble with high blood sugars, and terrible insomnia - often several days without sleep.
But the turnaround was so sudden, it was very difficult to adjust to. In a single month, my income quintupled! And, not
Why does $a = $b; work even if $b doesn't exist yet
/home/httpd/html/test.php on line 3
<?
$a=$b;
if (isset($a))
echo 'good';
?>
PHP Notice: Undefined variable: b in
and at best displays a warning if you've enabled the corresponding non-default option?
This is default behavior that I see on my CentOS 4.2 linux server.
With such a huge standard library, where's some decent database abstraction?
Ever heard of PEAR?
Why the hell does the . operator go against so far against common usage and sanity to be concatenation?
As opposed to... eh, bash? (where the dot means "include file...") or perhaps perl regex, (where dot means "any character") or perhaps javascript (where dot means method of object nnn).
Just what IS the "common usage" for these dot things, anyway? Perhaps you meant "my preferred usage"?
(answer: bad design choices in the beginning, which has also spawned such ugly workarounds as the === operator)
Actually, I *LIKE* the "==" vs "===" thing. There are times when I don't mind a string "0" being considered equivalent to the integer 0. Other times, I do care. Most times I don't, so "==" works well. How is this a "bad design choice"?
As you said, it might have superficially seemed nicer than Pascal, but times have changed. It needs to die already.
And it's a good thing that PHP as a language doesn't depend on YOU. But, I'm curious, what do you think should replace it?
We're using sbl-xbl.spamhaus.org with good results, but have had serious issues getting much else to work consistently. It seems that the latest RBL comes and goes.
Are you just chasing them as they come and go, or do you have a few other favs I might consider?
I know PHP has matured as a technology when people feel it's painful to use.
.htaccess. It's possible to write secure code with register_globals on, it's just more difficult. Far too many programming mistakes came from this.
Are you KIDDING?!?!?
15 years ago, I took some college classes on programming. Then, the "thing to do" for intro programming was Pascal - with all the super-strict data types, memory allocation, linked lists, and compiling crap. I hated it - somebody would type a number 3, I'd add 5 to it, and get 56. It was painful to get an input form that somebody could type some stuff in.
Yes, I know about the ASCII char table, and it seems just stupid to me that I, as the programmer, have to know this just to add 3+5=8.
When I discovered it 5 years ago, PHP had fixed all that. Its functions are generally self-descriptive, adding a "5" to any "3" results in an "8", there's no compiling or anything like that, the syntax error messages give a clear idea where the problem might be, and the php.net website is very well maintained. And, I don't have to worry (much) about memory management, either.
The lack of all these worries means I can just focus on the problem at hand. PHP has made me love programming!
You want globals? Set "php_value register_globals on" in your apache config or
Otherwise, just take pride in writing decent, secure code, and get on with it!
Between this and the insistence of people to teach ID as though it is a science, the future looks grim for US education. If I ever have kids, I can guarantee you that they won't go to school in the US. Because I refuse to sabotage their competitive future in the world just to satisfy some right-wing nutjobs who have no idea what real discrimination (or debate) is.
There are lots of us USians who would agree with that statement. That's why homeschooling is such a force here. I've homeschooled my 5 kids all the way thru - I have two 17 YO (yes, twins) now attending their 2nd year of college, getting ready for a career in genetic engineering.
There are lots of reasons why homeschooling your family is a good choice, but I wouldn't consider it if you (the parent(s)) aren't fairly well educated. (EG: college level education) Kids will generally model their peers, and as a homeschooled family, that means the parents, more so than children educated in public school.
As an adult, I've taught myself software programming, database design, and Linux system administration skills, so I've effectively homeschooled myself. I've got a lucrative career doing the above in numerous contexts despite having no college degree.
It's not been difficult to model this for my children!
Or people who are clinically dead but are then resuscitated?
Or how about this: If the soul goes to heaven immediately at the time of death, then what's the point of a Christian burial? Why don't we just cremate everybody and save valuable real estate for mad scientists and their ilk?
// OBLIGATORY SIMPSONS REFERENCE //
Milhouse: Will there be cavemen in heaven?
Sunday School Teacher: Certainly not!
Bart: Uh, ma'am? What if you're a really good person, you get into a really, really bad fight and your leg gets gangrene and it has to be amputated. Will it be waiting for you in heaven?
Sunday School Teacher: For the last time, Bart, yes!
PAUSE
Sunday School Teacher: Bart?
Bart: What about a robot with a human brain?
Sunday School Teacher: [at the breaking point] I don't know! All these questions!
Is a little blind faith too much to ask!?!
There's a formula you can use to help you figure this out.
A) Take the amount of money you're getting IN SALES of older product. Pull a number out your arse to represent the goodwill you get by supporting older products, and add it in.
B) Take the amount of money you're spending TOTAL to support older product. Include salaries, time estimates, etc. Add in the costs of anticipated sales you'd get by people upgrading to the newer version.
Profits=$A-$B;
when Profit is close to or less than zero, you need to drop it.
For some of my specially-crafted, workflow applications, I actually require end users to use Mozilla or Firefox in certain places. In this case, the margins on the sales are high, the number of people using it is fairly limited, and the code being displayed is rather complex, so the cost of getting all the required features working in the legacy IE5/6 browsers was large, while the benefit of supporting doing so was minimal. I don't get asked about supporting IE, but I do get asked lots about Mac.
You want feature N? Get Mozilla. Free download! Works on Windows, Linux, and Mac!
But here's what's interesting - because the antivirus email was SO effective, I never even knew it to be a problem! How long before the majority of the traffic online is malicious, but it doesn't matter because it's filtered?
Talk about the wild, wild west...
I'm upgrading my personal mailserver from RedHat 7.2 (now no longer supported by Progeny, alas) tonight to CentOS 4.2. For about 1/2 hour, my new mail server's antivirus wasn't set up, even though email service was on.
I was SHOCKED at how many viruses came in - like 40, more than 1 per minute! That means that this mail server was getting some 1,500 crap emails for me every day.
Unbelievable...
I've just gotten used to never seeing viruses in my email - it's an incredible crapflood of this stuff out there.
The domain name "wesaidno.com" is not taken.
Why not set up a website so that people can register their complaints? I'd suggest that we should have a registering service where SBC/Bell South customers could register their BellSouth address and must be confirmed by clicking on a link in a confirmation email we'd send.
I will provide hosting, and PHP scripting to do the above, if somebody here can produce some HTML that doesn't look like a dog's back end.
ANY TAKERS?
Go check out espn360.com.
I did. I also made sure to inform them that I wanted ESPN/360, filling out the little form, and included the (unused) email address provided to me by SBC. Go ahead, let's apply the screws the OTHER way, eh?
Just checked my new, freshly installed, CentOS 4.2 X86/64 Opteron server to see what flavor of PERL it's running - and....
perl 5.8.
Come on now, how long as Perl 6 been in beta? According to this page, it's been an ongoing effort for at least 3 years, and the oldest link on that page talks about how long it's been since a Perl 6 update!
It's like waiting for the next release of Debian - don't hold your breath, don't delay your shower. Check back when your grandson has his first kid.
Didn't we recently conclude that dark matter didn't really need to exist at all?
For years, I've kept my own NTP server. It has references to like a dozen other NTP servers, and then all my other servers reference my own NTP server. I'm not as interested in having time 100% spot perfect, as in having all the servers together, so that cross-examining log files is possible. (BTW, setting up an NTP server takes all of about 10 minutes, with basically zero administration, other than making sure that NTPd is running)
I don't do any address restriction on the NTP server. Anybody doing a UDP sweep could find this time server easily. Is this a "Public" NTP server?
Now, at the moment, this particular time server sits on a DSL line, (NTP is pretty lightweight) so I don't go publishing it, but what constitutes a "public" NTP server - the DNS name, or its inclusion on a particular published list?
People in the 1950's were told that washing machines, vaccuum cleaners etc would allow housewifes/etc to get the jobs done so quickly they'd have more time for leisure, but repeated surveys of housewife's/etc show no increase in happiness.
Leisure != happiness. Also, happiness != well-being.
If you give a generally unhappy person $1,000,000, they'll be happy for a brief time, and then blow it somehow, and won't end up any happier than before.
People's happiness isn't guaged by an absolute definition of wealth except at the starvation/no place to sleep point. Once you reach a minimum level of wealth, happiness becomes an individual thing, and one's perspective of well being is based on the well being of those around you.
In short, a Pygmy with a beautiful, feathered gown probably feels about as happy and well off as a Los Angelean with a BMW, as long as they are both basically fed and sheltered.
So, if high tech doesn't make you happier, what does it give you? Well:
1) Long life - people today live longer than ever before in recorded history.
2) Enough to eat, consistently. Even in the impoverished areas, the count of average calorie consumption is and has been consistently on the rise,
3) Low pollution - yes, you read that right. Once people achieve a certain level of wealth, they have the time and energy to figure out how to clean things up so that their skies are blue and their waters fresh. Compare the various ecological measures in the first world, and compare them to, say, Rwanda. You'll get the idea pretty quick...
If you pay close attention to what I wrote, you'd find that it describes cyclic activity. Furthermore, a "standing wave" isn't constant - it's just a wave that regularly appears at known points.
Ok, so using ultrasonics, they're able to create momentary "pops" that produce a heat flash in a special mix of deuterium. Cool. What about applying technologies such as those that product so-called 'standing waves' or accoustic levitation?
In sort, it may be possible, using a careful design of sonic generators, and specially designed chambers, to create a single, constant, "fusion point" in a sonic chamber. Furthermore, I believe it would be possible to tune the sonic chamber so that the vibrations from the release of energy from the fusion reaction create the sonic conditions necessary to repeat the process - at this point, it's not only self-sustaining, but self-regulating, since increasing the energy release from a reaction changes the sonic conditions, making the next reaction sub-optimum, reducing the reaction to something closer to tolerances.
Easy? No. There's plenty of work to be done to make it happen. But, I'll bet it's possible.
Now that I've posted these ideas on slashdot, I have one year to submit a provisioenal patent request to the USPO if I want to patent this idea. (It'd only cost me about $500 to do this, since I can do almost all the work myself!)
Dunno about you, but it looks to me like what we really have here is a glorified, low-level battery. The key is that one pole is aluminum, the other is copper. If they are both the same metal, then you have something.
The energy is coming from the interaction of a mildly acidic tree against the metal in the poles, and over time, the poles will corrode. It will take more energy to keep the poles uncorroded than will be generated by the "tree battery".
In short, a Jr. High School project can do better with a plate of copper, a plate of aluminum, and some paper soaked in lemon juice!
I wonder sometimes if AMD's lead over Intel over the past couple years has had any effect on Dell, considering the brand awareness of Intel, very cheap low-end computers by Dell, and inherent conservative-ness of major corporations (read: customers).
I'm by no means a "big fish", but in the past 6 months, I've been part of 6 migrations on 6 new servers. ALL the new servers were opteron-based, 1U rack mounted systems ranging in price from $1,500 to $4,800. We looked closely at Dell's Xeon-based servers.
The deal breaker? If we needed to, we could take systems built on the Opteron and load them on an Athlon/64 from a local L33T gamerz computer store; the same could not be said for Xeons, which have no equivalent, consumer-grade processor.
Oh, and the Opteron systems are just simply AWESOME. A dual-proc Opteron 2 Ghz will load a Postgres database of a few hundred megabytes in 30 seconds. An older P4 2.5 Ghz system takes over 5 minutes. This while under production load, mid-day.
Hot damn!
Most programmes written in C and C++ crash due to buffer overflows, which frequently lead to running unsigned code. /JOKE
/SERIOUSLY
Well, I'm glad I use PHP so that I don't have any of those nasty, security problems!
It's kinda funny - things like buffer overflows just don't really happen in PHP (at least, in the PHP code, a few have been found in the C code in which PHP itself is written) but there are still a slew of security issues. A few I end up thinking about most:
1) SQL-Injection. This can be handled by exclusive use of prepared statements.
2) Shell injection. This is best handled by a shell command wrapper, with arguments passed in via an array.
3) Cross-site scripting, HTML injection attacks. I don't yet have a good way to handle this, other than manual calls to strip_tags(); I wish there was a way to shotgun fix this problem.
4) Uninitalized variables - this is a matter of structuring the code right, so that they just don't happen. It'd be nice if there was an "init" function that, when not used, would at least trigger a warning error if you accessed a variable that was previously unitialized. EG: init($var, array());
Anybody else care to comment?
Screw funding. It's irrelevant.
Screw specifications. Nobody has them anyways.
Give me a clear, predefined spec, and I'll meet it. I'll guarantee bug fixes,too.
But that's not how software evolves.
Despite careful attention, despite voluminous meetings, emails, and specifications, I never get a clear idea what the client needs me to develop until AFTER a prototype has been built.
In fact, I'd wage that there's a quasi-quantum principle at work: You can either work towards the customer's actual needs, or the predefined, agreed upon specification/costs/specifications. Answering either means ignoring the other.
Consider this the Heisenberg Uncertainty principle. The software is half-dead, half-alive. Either it meets the needs of the customer (and associated scope creep, bugs, ets) or the originally defined specification. Releasing the software defines whether the cat is dead or alive.
It seems that:
1) People will commit, in aggressive fashion, that they need something until they get it, at which point, they'll angrily point out all the flaws in it.
2) People don't actually know what they need until they see that what they have isn't it.
3) When you take anything produced because of (1), and then compare that to the feedback produced by (2), you end up with cases where the code is producing a result unexpected in the original design.
These are called bugs.
4) The only intelligent way to proceed with (1) and (2) is to consider software an iterative process, where (1) and (2) combine with (3) and lots of debugging to result in a usable product.
There are errors in XP that were unfixed errors in 98. I've seen 2 errors in XP that were identical to ones in 3.1. That is a lack of attention to detail.
You say this like it was a problem. But what were the errors?
Things like: "boot disk failure" probably wouldn't change much from DOS 1.0 to WinXP....