Well, I'm always curious. So, I watched the video "Evolving your database schema without sweat". I watched for 10-15 minutes where the guy types furiously for 15 minutes to avoid typing "alter table add author varchar".
I guess I just don't get it. What's the excitement?
You can't abstract too far away from the database when you get into big, complex tables and want to keep performance up. I've seen a 30-second query reduced to 50 milliseconds merely by changing the order of join in a large, complex, 12-table join on PostgreSQL.
I don't mind SQL statements - prepared statements make it so much more manageable - but what about code changes dependent on changes to the database schema? That's something I might be interested in!
A random number of machines should also be checked against the ballots cast at them.
Multiple checks.
You got the right idea, but even with that, what's to ensure that you actually have all the paper ballots, or that the ballots haven't been swapped with a different box between the precinct and the county/parish elections office?
An idea I came up with is to use the "reproducible random" posited by Steven Wolfram in "A New kind of Science" using cellular automata.
This could be a ground for guaranteeing the proper generation of random, verifiable values that could be used to provide a high degree of confidence in the validity of an entire series of thousands of ballots. Simply give the voting machines a starting value in secret, undisclosed until the ballots are turned in, and let the automata function take it from there.
Like various cryptographic hash functions, it would ensure anonymity while still providing clear, verifiable evidence of the least bit of tampering.
Learn to praise the users' idiocy, they'll appreciate it.
OMFG! Somebody who gets it! One of the most valuable things to have around for software developers is a few clueless non-techies willing to tell you what they think when they look at your newly developed software. Kudos to them if they really will "give it to you straight" when it doesn't make sense to them. Most people are too set in the "be nice and encourage at any cost" mentality to be of any use.
Your software will have to make sense to these people, and it's incredible how much difference moving a button 1" to the left can make!
In my experience, those who who are most down on "lusers" are those with the least security and confidence in their own skill level. They are typically also the least worthwhile to employ.
I just can't understand why Congress has any say in what companies do with their own property. They're already providing for the "public need" and they should be free to supplement the "public need" for what other users are demanding/needing.
In a competitive marketplace, there's generally no need for Congress to get too involved with what companies do with their property, beyond various provisions to avoid fraud, theft, and people's safety.
Note the key words: "competitive marketplace". A monopoly is not a "competitive marketplace". A monopoly has immense power to screw people, and the economy. Thus, Congress gets involved, for the health and well-being of their nation.
As long as there's a telecommunications monopoly in *any* area, they must be held to strict standards to allow open communication. There's simply too much room for SBC to screw people, and the economy of the US to do otherwise. And, there's incredible financial incentive for them to do so.
However, most people aren't that honest - or that secure about themselves.
It takes *alot* of time and effort to get over things like that. One of the keys is to be able to communicate your feelings of insecurity to your partner, and have him/her reciprocate. What I think is notable is that, after revealing our deep, dark, scary secrets, insecurities, and fears to each other, those secrets didn't seem so dark after all. In fact, most of them were laughable, maybe even funny!
And, with those deep, dark secrets and insecurities out of the way, a whole new level of one-on-one intimacy has developed, that makes mere sex (though fun!) pale in comparison.
I wish you the best with your partner. Intimacy like this isn't for everybody. But, if you seek it, make sure you have a partner who matches in kind, or you'll both be forever miserable.
Anything, even the weirdest USB drives ever, could only improve on the sad, shallow life you now lead.
Uh, you're kidding, right?
I just enjoyed a wonderful evening with my lovely wife, now sleeping in bed. My youngest three children sleep upstairs, my two older teens are playing video games in their room. I'm relaxing to a glass of root beer and tequila, listening to Kitaro, sitting next to the 10 foot tall xmas tree I cut last weekend with my family, covered in multi-colored lights, tinsel, and lots of ornaments (about 1/3 home made!), and thoroughly enjoying myself.
Because said file has to be readable to user "nobody" in order to have an Apache child process read it. Because of that, ANY WEAKNESS in your scripting can result in a complete compromise of your data.
Here's the only method that I've found that offers ANY better for PHP:
1) Create a function that returns a database connection resource.
2) Within the function, include the login credentials.
Now, you've limited the damage of a compromise so that an attacker would have to trick the application into actually making the request directly thru the function, rather than allowing attacker to actually access the DB directly.
Since when did it become taboo to have sexual feelings?
I enjoy a very close, intimate relationship with my wife. She's very sexy to me, and she finds me sexy as well. And, we're both very comfortable with that.
But, we're both human! When we're in public, it's not uncommon for one of us to notice another member of the opposite sex. We frequently mention it privately to the other, as "Wow, he's hot!" or "Damn, she's got a nice butt!".
See, it's ok. We're all born with the urge to reproduce, and we all find other people attractive, and there's no wrong in that. It would only be wrong if I were to ACT on it with somebody other than my partner - get a phone number, go on a date, whatever.
On the Sci-fi channel, it's typical to see an intelligent, forceful guy as captain, a few, strong, sexy females (in leather!) and a few nerdly guys running around, with a scantily clad warrior, armed with a 6 foot sword.
It's interesting. It's a little exotic. It has a little of something for everyone. And, it's mildly erotic.
People like money. People like travelling. People like sex. Why is it ok to have shows and/or video games with money, or travelling, but not portray a little sexiness? I don't want to stare up poontang, wondering where the cervix is, but, as mouse said, "to deny our basic urges is to deny what makes us human!".
And before you mention "think of the children!", I say this as a father of 5, 3 of whom are teens...
Use physical keys (possible also with a password). If SecurID is too expensive (it's a bit pricey for small companies) it's not hard to chuck something together with a U3 key or even a simple USB key.
And, I might ask: how are you going to get your server-based, PHP script to use SecurID? Oh, you didn't RTFA? But you're willing to give an answer to a question you haven't even bothered to listen to?
Why should I listen to your idiotic solution to the wrong problem? It's generally best to know what people are talking about before interjecting...
PS: Why do so many IT ideas come with stupid names that are nothing more than English words mis-spelled?
OK, I'll patent this instead... your one has flaws;) SELECT name, address, count(*) FROM patents HAVING count(*) > 1000 GROUP BY name, address;
But wait! Yours has flaws too!
SELECT applicant.name, applicant.address, count(*) AS count FROM patents, applicant, applicantmap WHERE patent.id=applicantmap.patent_id AND applicantmap.applicant_id=applicant.id GROUP BY applicant.name, applicant.address ORDER BY count(*) DESC LIMIT 10;
How many patents are going to have just ONE name on them? Most have several, and the name of the applicant really should be properly normalized, and since we really don't know how many people are going to be on a patent application, we really should create a many to many mapping...
I just had a thought - the FDA's approval process is a means by which feedback is obtained on the effectiveness of a drug prior to release. Blogging is another way to get feedback.
So, let's just kick out the drugs as cheaply as is possible, and let idiots try them to see if they work! Legally disclaim all liability and wait for comments to roll in...
"Hey man, I tried that sh!t, and man, it's like the Cat's meow, you know?"
"Three hours after taking the first pill, I began to heave violently. This continued for 3 more days, and now it turns out that I have pancreatic cancer. I don't recommend taking these pills!"
"I took this woodie medicine - and it worked! I tickled the old lady all night long. And then the next day, and the next night... now the doctor says that this will be my last woodie ever, if/when it ever actually does go flat..."
Yeah, it's a weird idea. But, given the efficacy of the "alternative" herb vendors, it just might work...
I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.
Really? The underlying POINT at this poing in the thread is that there's not enough differentiation. And, truthfully, I've seen an incredible amount of shoddy, negative-worth work done by highly credentialled, CS/CE developers!
Somebody with a CS/CE degree is going to do better at developing software than the average joe, I'll grant that easily. And, I'd grant that it's probably more likely that somebody with the CS/CE is going to do a better job than somebody that's self taught. But, there's certainly no assurance that it will be any better at all.
Combine the Better Business Bureau, the Bar, and the Association of Realtors, and you have pretty much captured my idea...
The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.
Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorneys. As with Real Estate, being a "Realtor" is a priviledged term.
If done right, it would be AWESOME to mention on a resume, and would likely become something like the Underwriter's Laboratories - a private entity, but one that's almost required by law simply because it's a reasonable assurance of safety.
There are a number of VENDOR certifications (EG: CCNE, RHCE, and the laughable MCSE, etc) but is there any platform-neutral, "This guy knows how to validate input and write qualifiable code" organization?
It's become a custom of late to bash Sun. And, given the neurotic, manic image that they've been projecting, It's not hard to see why... One minute they're holding their cards close to their chest, the next moment, they throw their hand out on the table and say "whattaya thinka that?"
Even though Sun has a wonderful history of sharing their sources in many things, including many of the foundations on which Linux is built, it's really hard to give them full credit because their message is so... mixed.
Well, it may be the Sun is finally making a comeback. I came very, very close to buying a Sun last week. The deal-breaker was that I could not buy one with 2x 300 GB SCSI drives, in a 1U config, with 4 front-mount drive bays. These guys could, and did so at a price that rocked, and the server itself is just quality hardware.
I wish Sun well - there's plenty about them we can use! (EG: OpenOffice)
I'll bet that most of us posting to this thread are doing so from single cubicles or (if we're lucky) offices. How many of us would do so from a shared cubicle?
<GLOAT> I write this from my living room. I'm 'working' on my laptop, my son is playing Risk at my feet. </GLOAT>
You can't legally import a CD for resale in the U.S. if the exclusive U.S. distribution rights to that CD have been purchased by/granted to a company.
That's correct - except that AllofMP3 isn't importing anything. They're exporting from Russia. Importing anything into the USA requires a legal entity here, in the States!
I can legally buy something from a mail-order catalog from Brazil and have them ship it directly to my house, if I desire it, for personal use. They aren't breaking any laws, and neither am I.
So, AllofMP3 isn't importing anything at all, they're selling items over the Internet to whomever wants to buy it under Russian law, apparently in full compliance with the letter of Russian law. What's more, US copyright law specifically allows imports of copyrighted materials from oversees when purchased for personal use, when such materials are sold in compliance with the foreign jurisdiction, even when foreign laws conflict with US law!
IANAL, but it seems pretty bullet-resistant to me. And, it's damned convenient...
The ability to exercise my free will as mentioned above would be rendered impossible were the government able to watch my every move, convict me of my every 'crime.' In short, I have no fear of being called a terrorist.. at worst I could be labeled a drug addict, unfortunately that would be enough to land me in jail (no voting rights, no freedom).
I notice in this thread that everybody supporting privacy mentions doing so because of petty crimes they commit.
What's important to understand is *why* the concept of privacy is so classically important. Originally, we weren't a nation of laws, at all. Crimes were "against the people" and it was up to a jury of one's peers to decide if a crime had been committed, and if so, of what nature, and what the punishment should be.
Privacy was assumed, because you didn't commit a crime unless you injured somebody else in some way - either personally, or their property. Are you going to go to a jury and try to get them to arrest you for smoking a bit o' weed? Popping pills? Beating your horse? Where's the crime, if nobody gets hurt?
This all changed just after the Civil War, where the jury system fell flat on its face due to widespread racism, mostly in the south. How would a black fella get a fair trial in a matter involving a dispute with a white folk? Either 1) Jurors are white, in which case he'd hang for blowing snot on the boss' hankie, or 2) Jurors are black, so he gets off scott-free.
So, offenses and penalties were codified, and state constitutions all over the place were altered, introducing this new "Penal Code" that everybody was suppposed ta follow.
In this Penal Code, crimes were ratified as laws of the state, and had clear, definite actions to commit that were considered crimes, and penalties were clearly and definitely stated.
This is perhaps one of the biggest expansions of US Govt powers in its history - far, far greater than the DMCA, and the PATRIOT acts put together! It has resulted in a burgeoning swarm of laws, rules, regulations, and silly exceptions, as well as an entire horde of busy lawyers and paralegals.
Now, people worry about committing crimes without any directly hurt party, and a state busy executing its rights to your health. Introduce socialized health-care and/or health insurance, and suddenly, smoking clove ciggies costs other insured parties quite a bit of money. Now, hurting yourself DOES hurt somebody else, and there are numerous state/federal laws above and beyond the obvious.
Once laws are codified, they don't go away. It's rare that a govornment willfully reduces the laws on the books!
Not only is the job of security invisible, it's effective to the degree that it's invisible! Thus, the better job IT security does, the less likely that they'll get future funding!
... Otherwise, you will face the horrible fate of making billions upon billions of dollars and running more than 90 percent of the world's computers.
Don't confuse a technical problem with a problem in profitability. When I consider the problems of Windows on a technical front, I'm not doing so on the basis of profit, I'm doing so on the basis of what the product actually is.
There are many cases in history where a technically inferior product beats something else in the marketplace due to other forces. (Eg; marketing, inertia, etc) As a simple example, the x86 computer you are most likely sitting in front of. It's prevalent because it was initially backed by IBM, and was later more open than other platforms. That doesn't mean that it's free of some very serious technical issues - the amount of money spent to keep x86 relevant in the face of technically superior products (EG: MIPS, RISC, Power, etc) is incredible. Intel waited too long to fix things, and thus we have the ill-fated itanium.
x86 is now a marketforce all on its own irrespective of its numerous and rather serious design flaws, and the cost of switching now is simply greater than the cost of sticking with it. (Witness AMD's x86/64 vs Intel/Itanium today!)
Had they spent some time making a properly extensible register set, say, with the 80286 or 80386, back when market forces hadn't coalesced as they have since, things might be very, very different today.
But, they didn't, and we live with ungodly hacks like offset memory addressing, and pathetically small register sizes. One problem with standards is that, once set, they are damn near impossible to change.
Another example: witness HDTV in the US! How many mandates have come down from the FCC to switch? How many times has this deadline passed? Yet, the 1 year-old TV I bought for my bedroom uses NTSC, is not HDTV capable, and I use standard coax cable to wire it to my 6 month-old dish DVR.
Just realize that, once set, many decisions are not easily changed, no matter how stupid.
From the description it sounds complicated as all get out. Doing dependency checks in real time while the system is running, unlinking in-use libraries, etc.
This is the result of a (now decades old) decision waaaayyy back in the DOS days. DOS, as you may well know, was originally very much a single-user, single-tasking O/S. Many have said that it doesn't even qualify as an "Operating System" and was really little more than an interrupt handler. Whatever. Call it whatever you will, A rose by any other name is still a turd. (ahem)
Anyhow, they ran into a problem when introducing DOS to network situations. What happens when you have two people trying to edit the same file? What do you do to keep things in a consistent state?
The *nix way is to allow it, and fork the file writes. Thus, a file remains in its original form as long as a program is accessing it, and if the file is overwritten by another process, there are two copies of the same file. This lets you do an update on a busy, heavily loaded system with dozens of users without interrupting things. Users still using the old copy of the program will continue using the old program until the process quits, and users newly accessing the program get the new one.
But Microsoft's solution was to lock the file, so that if user A was accessing the file, and user B tried to access it, they were given a low-level permission denied error. This decision was most likely made because it was a quick hack, and easily written.
When DOS went "multi-user" with Windows, for retro-compatability, the same behavior was used for interprocess file accesses. And, when the NT codebase was brought in, for retro-compatability with Windows, and all of its applications, as well as DOS, the same behavior was followed.
So today, we have an Operating System vendor trying to market their product as "Enterprise Ready" that's severely hampered by a quick hack and a poor design decision made some 20 years earlier.
Think about the incredible contortions Microsoft has to go through in order to introduce this feature of being able to restart services and DLLs because of this stupid decision made back in the early 1980s! Just unimaginable complexity so that perhaps a hundred man-hours of programmer time could be saved back in 1983! And that cost rises exponentially every year, now probably costing Microsoft in the tens of thousands of man-hours today. The cost of "fixing" this would be incredible - it's now pretty much a permenant fixture...
Really, I think this is a very interesting perspective on the often permanent nature of decisions... they often last WAAAYYY longer than you ever think, and certainly well past the original scope of the decision! Keep this in mind next time you get started on a project!
I take from this two lessons:
1) Try, very, very hard, when a project is young, to consider the ramifications of decisions, and try to anticipate where the project will likely go in the future when it "grows up".
2) As soon as you realized that you've made a mistake, as soon as you've realized that you've mistakenly built in an inherent limitation, don't hesitate to go thru the pain it takes to make it right. No matter how expensive it might be today, it will be far, far more expensive to fix it in the future, and will cost you in reduced performance and suitability every single day.
How much of the anti-MS sentiment so prevalent today among the tech community would be here if MS had just eaten the pain, and paid the price it takes to make a truly high-quality product early on?
I think what you are trying to say is that "A rose, by any other name, is still a rose" (which implies beauty, wonder, as in its original use by Shakespeare) or maybe, "A turd, by any other name, is still a turd". (which certainly has a different connotation)
Used this way, your metaphor actually argues that Gator (the turd) changed its name, and became a beautiful rose...
Insightful? The parent comment really has no idea what a firewall is or what it's used for, nor how many different application ports are actually allocated and used in/etc/services.
Really should get to work, but can't pass this up..
Sometime in 2002, I found a security hole in the implementation of a particular Credit Card processing company's online processing software while implementing an interface between it and an application I was tending to.
It was the very worst type of security hole - one that would let me order whatever I like from any of their customers without paying a thin dime, without doing anything exotic at all. (EG: File->Save Page; Edit the html file, use it to submit a post with altered values)
I sent in a simple summary of the security issue found, and included sample code and explicit instructions for what to do and when to recreate the issue, in its entirety. And, I sent it to every email address I could find or think up for this company, along with my contact information and expressed my desire and willingness to assist their engineers. I even detailed a way to completely close the security hole with a minimum of fuss.
Nothing happened for some 6 months. (!)
Then, I got a phone call, from somebody who didn't identify himself. He identified me, in a most nervous and rattling fashion. He went on and on about how it "wasn't a security hole", and "nobody works likee that", and how "nobody would exploit it" and even told me what I might be thinking! I said nothing - this guy scared the hell out of me, even though I made perfectly clear my intentions. He went on and on, for perhaps 10-15 minutes, and I was silent the whole time. He never once asked me a question, other than to identify me!
Finally, he hung up, and that was it. I've never heard or seen anything since, and I've had the same email addresses and contact info. I have never publicly revealed the company involved, and don't intend to. If they get screwed by the security hole, they clearly deserve it.
But I sure as hell refuse to do business with them!
Slashdot Mirror
Well, I'm always curious. So, I watched the video "Evolving your database schema without sweat". I watched for 10-15 minutes where the guy types furiously for 15 minutes to avoid typing "alter table add author varchar".
I guess I just don't get it. What's the excitement?
You can't abstract too far away from the database when you get into big, complex tables and want to keep performance up. I've seen a 30-second query reduced to 50 milliseconds merely by changing the order of join in a large, complex, 12-table join on PostgreSQL.
Yet, it seems that Ruby on Rails goes to great lengths to avoid (gasp!) SQL. See Joel's great article on leaky abstractions.
I don't mind SQL statements - prepared statements make it so much more manageable - but what about code changes dependent on changes to the database schema? That's something I might be interested in!
A random number of machines should also be checked against the ballots cast at them.
Multiple checks.
You got the right idea, but even with that, what's to ensure that you actually have all the paper ballots, or that the ballots haven't been swapped with a different box between the precinct and the county/parish elections office?
An idea I came up with is to use the "reproducible random" posited by Steven Wolfram in "A New kind of Science" using cellular automata.
This could be a ground for guaranteeing the proper generation of random, verifiable values that could be used to provide a high degree of confidence in the validity of an entire series of thousands of ballots. Simply give the voting machines a starting value in secret, undisclosed until the ballots are turned in, and let the automata function take it from there.
Like various cryptographic hash functions, it would ensure anonymity while still providing clear, verifiable evidence of the least bit of tampering.
Learn to praise the users' idiocy, they'll appreciate it.
OMFG! Somebody who gets it! One of the most valuable things to have around for software developers is a few clueless non-techies willing to tell you what they think when they look at your newly developed software. Kudos to them if they really will "give it to you straight" when it doesn't make sense to them. Most people are too set in the "be nice and encourage at any cost" mentality to be of any use.
Your software will have to make sense to these people, and it's incredible how much difference moving a button 1" to the left can make!
In my experience, those who who are most down on "lusers" are those with the least security and confidence in their own skill level. They are typically also the least worthwhile to employ.
I just can't understand why Congress has any say in what companies do with their own property. They're already providing for the "public need" and they should be free to supplement the "public need" for what other users are demanding/needing.
In a competitive marketplace, there's generally no need for Congress to get too involved with what companies do with their property, beyond various provisions to avoid fraud, theft, and people's safety.
Note the key words: "competitive marketplace". A monopoly is not a "competitive marketplace". A monopoly has immense power to screw people, and the economy. Thus, Congress gets involved, for the health and well-being of their nation.
As long as there's a telecommunications monopoly in *any* area, they must be held to strict standards to allow open communication. There's simply too much room for SBC to screw people, and the economy of the US to do otherwise. And, there's incredible financial incentive for them to do so.
However, most people aren't that honest - or that secure about themselves.
It takes *alot* of time and effort to get over things like that. One of the keys is to be able to communicate your feelings of insecurity to your partner, and have him/her reciprocate. What I think is notable is that, after revealing our deep, dark, scary secrets, insecurities, and fears to each other, those secrets didn't seem so dark after all. In fact, most of them were laughable, maybe even funny!
And, with those deep, dark secrets and insecurities out of the way, a whole new level of one-on-one intimacy has developed, that makes mere sex (though fun!) pale in comparison.
I wish you the best with your partner. Intimacy like this isn't for everybody. But, if you seek it, make sure you have a partner who matches in kind, or you'll both be forever miserable.
remember it's friday night and you're reading /.
Anything, even the weirdest USB drives ever, could only improve on the sad, shallow life you now lead.
Uh, you're kidding, right?
I just enjoyed a wonderful evening with my lovely wife, now sleeping in bed. My youngest three children sleep upstairs, my two older teens are playing video games in their room. I'm relaxing to a glass of root beer and tequila, listening to Kitaro, sitting next to the 10 foot tall xmas tree I cut last weekend with my family, covered in multi-colored lights, tinsel, and lots of ornaments (about 1/3 home made!), and thoroughly enjoying myself.
This is sad and shallow?
Why is this excessively insecure?
Because said file has to be readable to user "nobody" in order to have an Apache child process read it. Because of that, ANY WEAKNESS in your scripting can result in a complete compromise of your data.
Here's the only method that I've found that offers ANY better for PHP:
1) Create a function that returns a database connection resource.
2) Within the function, include the login credentials.
3) Encrypt said file with with a "source protector", like IonCube Encoder or the Zend Encoder.
Now, you've limited the damage of a compromise so that an attacker would have to trick the application into actually making the request directly thru the function, rather than allowing attacker to actually access the DB directly.
It's not much - but can you do better?
Since when did it become taboo to have sexual feelings?
I enjoy a very close, intimate relationship with my wife. She's very sexy to me, and she finds me sexy as well. And, we're both very comfortable with that.
But, we're both human! When we're in public, it's not uncommon for one of us to notice another member of the opposite sex. We frequently mention it privately to the other, as "Wow, he's hot!" or "Damn, she's got a nice butt!".
See, it's ok. We're all born with the urge to reproduce, and we all find other people attractive, and there's no wrong in that. It would only be wrong if I were to ACT on it with somebody other than my partner - get a phone number, go on a date, whatever.
On the Sci-fi channel, it's typical to see an intelligent, forceful guy as captain, a few, strong, sexy females (in leather!) and a few nerdly guys running around, with a scantily clad warrior, armed with a 6 foot sword.
It's interesting. It's a little exotic. It has a little of something for everyone. And, it's mildly erotic.
People like money. People like travelling. People like sex. Why is it ok to have shows and/or video games with money, or travelling, but not portray a little sexiness? I don't want to stare up poontang, wondering where the cervix is, but, as mouse said, "to deny our basic urges is to deny what makes us human!".
And before you mention "think of the children!", I say this as a father of 5, 3 of whom are teens...
Use physical keys (possible also with a password). If SecurID is too expensive (it's a bit pricey for small companies) it's not hard to chuck something together with a U3 key or even a simple USB key.
And, I might ask: how are you going to get your server-based, PHP script to use SecurID? Oh, you didn't RTFA? But you're willing to give an answer to a question you haven't even bothered to listen to?
Why should I listen to your idiotic solution to the wrong problem? It's generally best to know what people are talking about before interjecting...
PS: Why do so many IT ideas come with stupid names that are nothing more than English words mis-spelled?
What decade was this article written in? Who the hell 'hard codes' a user id and password into web based applications?
And, if they don't, what the hell do they do instead, that's any more secure?
OK, I'll patent this instead... your one has flaws ;)
SELECT name, address, count(*) FROM patents HAVING count(*) > 1000 GROUP BY name, address;
But wait! Yours has flaws too!
SELECT applicant.name, applicant.address, count(*) AS count
FROM patents, applicant, applicantmap
WHERE patent.id=applicantmap.patent_id
AND applicantmap.applicant_id=applicant.id
GROUP BY applicant.name, applicant.address
ORDER BY count(*) DESC LIMIT 10;
How many patents are going to have just ONE name on them? Most have several, and the name of the applicant really should be properly normalized, and since we really don't know how many people are going to be on a patent application, we really should create a many to many mapping...
I just had a thought - the FDA's approval process is a means by which feedback is obtained on the effectiveness of a drug prior to release. Blogging is another way to get feedback.
So, let's just kick out the drugs as cheaply as is possible, and let idiots try them to see if they work! Legally disclaim all liability and wait for comments to roll in...
"Hey man, I tried that sh!t, and man, it's like the Cat's meow, you know?"
"Three hours after taking the first pill, I began to heave violently. This continued for 3 more days, and now it turns out that I have pancreatic cancer. I don't recommend taking these pills!"
"I took this woodie medicine - and it worked! I tickled the old lady all night long. And then the next day, and the next night... now the doctor says that this will be my last woodie ever, if/when it ever actually does go flat..."
Yeah, it's a weird idea. But, given the efficacy of the "alternative" herb vendors, it just might work...
I did spend time getting degrees in CS and CE, and it would be nice to seperate myself from those who simply have MSP on their resume. But wait - that's right - I DO seperate myself, by putting my CS and CE degrees on my resume.
Really? The underlying POINT at this poing in the thread is that there's not enough differentiation. And, truthfully, I've seen an incredible amount of shoddy, negative-worth work done by highly credentialled, CS/CE developers!
Somebody with a CS/CE degree is going to do better at developing software than the average joe, I'll grant that easily. And, I'd grant that it's probably more likely that somebody with the CS/CE is going to do a better job than somebody that's self taught. But, there's certainly no assurance that it will be any better at all.
Combine the Better Business Bureau, the Bar, and the Association of Realtors, and you have pretty much captured my idea...
The term "Engineer" is, in most contexts, a priviledged term. Not just anybody can be labelled an "Engineer" until they've gone through some rigor.
Why not apply this idea to software? If there was a coalition or Union of workers, with a commonly agreed-upon set of requirements and certifications, with annual fees and a good reason to require a decent demonstration of competence? Something with real teeth, and ongoing certification requirements. Think, the Bar, only for software engineers instead of Attorneys. As with Real Estate, being a "Realtor" is a priviledged term.
If done right, it would be AWESOME to mention on a resume, and would likely become something like the Underwriter's Laboratories - a private entity, but one that's almost required by law simply because it's a reasonable assurance of safety.
There are a number of VENDOR certifications (EG: CCNE, RHCE, and the laughable MCSE, etc) but is there any platform-neutral, "This guy knows how to validate input and write qualifiable code" organization?
It's become a custom of late to bash Sun. And, given the neurotic, manic image that they've been projecting, It's not hard to see why... One minute they're holding their cards close to their chest, the next moment, they throw their hand out on the table and say "whattaya thinka that?"
Even though Sun has a wonderful history of sharing their sources in many things, including many of the foundations on which Linux is built, it's really hard to give them full credit because their message is so... mixed.
Well, it may be the Sun is finally making a comeback. I came very, very close to buying a Sun last week. The deal-breaker was that I could not buy one with 2x 300 GB SCSI drives, in a 1U config, with 4 front-mount drive bays. These guys could, and did so at a price that rocked, and the server itself is just quality hardware.
I wish Sun well - there's plenty about them we can use! (EG: OpenOffice)
I'll bet that most of us posting to this thread are doing so from single cubicles or (if we're lucky) offices. How many of us would do so from a shared cubicle?
<GLOAT>
I write this from my living room. I'm 'working' on my laptop, my son is playing Risk at my feet.
</GLOAT>
You can't legally import a CD for resale in the U.S. if the exclusive U.S. distribution rights to that CD have been purchased by/granted to a company.
That's correct - except that AllofMP3 isn't importing anything. They're exporting from Russia. Importing anything into the USA requires a legal entity here, in the States!
I can legally buy something from a mail-order catalog from Brazil and have them ship it directly to my house, if I desire it, for personal use. They aren't breaking any laws, and neither am I.
So, AllofMP3 isn't importing anything at all, they're selling items over the Internet to whomever wants to buy it under Russian law, apparently in full compliance with the letter of Russian law. What's more, US copyright law specifically allows imports of copyrighted materials from oversees when purchased for personal use, when such materials are sold in compliance with the foreign jurisdiction, even when foreign laws conflict with US law!
IANAL, but it seems pretty bullet-resistant to me. And, it's damned convenient...
The ability to exercise my free will as mentioned above would be rendered impossible were the government able to watch my every move, convict me of my every 'crime.' In short, I have no fear of being called a terrorist.. at worst I could be labeled a drug addict, unfortunately that would be enough to land me in jail (no voting rights, no freedom).
I notice in this thread that everybody supporting privacy mentions doing so because of petty crimes they commit.
What's important to understand is *why* the concept of privacy is so classically important. Originally, we weren't a nation of laws, at all. Crimes were "against the people" and it was up to a jury of one's peers to decide if a crime had been committed, and if so, of what nature, and what the punishment should be.
Privacy was assumed, because you didn't commit a crime unless you injured somebody else in some way - either personally, or their property. Are you going to go to a jury and try to get them to arrest you for smoking a bit o' weed? Popping pills? Beating your horse? Where's the crime, if nobody gets hurt?
This all changed just after the Civil War, where the jury system fell flat on its face due to widespread racism, mostly in the south. How would a black fella get a fair trial in a matter involving a dispute with a white folk? Either 1) Jurors are white, in which case he'd hang for blowing snot on the boss' hankie, or 2) Jurors are black, so he gets off scott-free.
So, offenses and penalties were codified, and state constitutions all over the place were altered, introducing this new "Penal Code" that everybody was suppposed ta follow.
In this Penal Code, crimes were ratified as laws of the state, and had clear, definite actions to commit that were considered crimes, and penalties were clearly and definitely stated.
This is perhaps one of the biggest expansions of US Govt powers in its history - far, far greater than the DMCA, and the PATRIOT acts put together! It has resulted in a burgeoning swarm of laws, rules, regulations, and silly exceptions, as well as an entire horde of busy lawyers and paralegals.
Now, people worry about committing crimes without any directly hurt party, and a state busy executing its rights to your health. Introduce socialized health-care and/or health insurance, and suddenly, smoking clove ciggies costs other insured parties quite a bit of money. Now, hurting yourself DOES hurt somebody else, and there are numerous state/federal laws above and beyond the obvious.
Once laws are codified, they don't go away. It's rare that a govornment willfully reduces the laws on the books!
Ah the glory of an invisible job.
Not only is the job of security invisible, it's effective to the degree that it's invisible! Thus, the better job IT security does, the less likely that they'll get future funding!
Talk about working yourself out of a job....
... Otherwise, you will face the horrible fate of making billions upon billions of dollars and running more than 90 percent of the world's computers.
Don't confuse a technical problem with a problem in profitability. When I consider the problems of Windows on a technical front, I'm not doing so on the basis of profit, I'm doing so on the basis of what the product actually is.
There are many cases in history where a technically inferior product beats something else in the marketplace due to other forces. (Eg; marketing, inertia, etc) As a simple example, the x86 computer you are most likely sitting in front of. It's prevalent because it was initially backed by IBM, and was later more open than other platforms. That doesn't mean that it's free of some very serious technical issues - the amount of money spent to keep x86 relevant in the face of technically superior products (EG: MIPS, RISC, Power, etc) is incredible. Intel waited too long to fix things, and thus we have the ill-fated itanium.
x86 is now a marketforce all on its own irrespective of its numerous and rather serious design flaws, and the cost of switching now is simply greater than the cost of sticking with it. (Witness AMD's x86/64 vs Intel/Itanium today!)
Had they spent some time making a properly extensible register set, say, with the 80286 or 80386, back when market forces hadn't coalesced as they have since, things might be very, very different today.
But, they didn't, and we live with ungodly hacks like offset memory addressing, and pathetically small register sizes. One problem with standards is that, once set, they are damn near impossible to change.
Another example: witness HDTV in the US! How many mandates have come down from the FCC to switch? How many times has this deadline passed? Yet, the 1 year-old TV I bought for my bedroom uses NTSC, is not HDTV capable, and I use standard coax cable to wire it to my 6 month-old dish DVR.
Just realize that, once set, many decisions are not easily changed, no matter how stupid.
From the description it sounds complicated as all get out. Doing dependency checks in real time while the system is running, unlinking in-use libraries, etc.
This is the result of a (now decades old) decision waaaayyy back in the DOS days. DOS, as you may well know, was originally very much a single-user, single-tasking O/S. Many have said that it doesn't even qualify as an "Operating System" and was really little more than an interrupt handler. Whatever. Call it whatever you will, A rose by any other name is still a turd. (ahem)
Anyhow, they ran into a problem when introducing DOS to network situations. What happens when you have two people trying to edit the same file? What do you do to keep things in a consistent state?
The *nix way is to allow it, and fork the file writes. Thus, a file remains in its original form as long as a program is accessing it, and if the file is overwritten by another process, there are two copies of the same file. This lets you do an update on a busy, heavily loaded system with dozens of users without interrupting things. Users still using the old copy of the program will continue using the old program until the process quits, and users newly accessing the program get the new one.
But Microsoft's solution was to lock the file, so that if user A was accessing the file, and user B tried to access it, they were given a low-level permission denied error. This decision was most likely made because it was a quick hack, and easily written.
When DOS went "multi-user" with Windows, for retro-compatability, the same behavior was used for interprocess file accesses. And, when the NT codebase was brought in, for retro-compatability with Windows, and all of its applications, as well as DOS, the same behavior was followed.
So today, we have an Operating System vendor trying to market their product as "Enterprise Ready" that's severely hampered by a quick hack and a poor design decision made some 20 years earlier.
Think about the incredible contortions Microsoft has to go through in order to introduce this feature of being able to restart services and DLLs because of this stupid decision made back in the early 1980s! Just unimaginable complexity so that perhaps a hundred man-hours of programmer time could be saved back in 1983! And that cost rises exponentially every year, now probably costing Microsoft in the tens of thousands of man-hours today. The cost of "fixing" this would be incredible - it's now pretty much a permenant fixture...
Really, I think this is a very interesting perspective on the often permanent nature of decisions... they often last WAAAYYY longer than you ever think, and certainly well past the original scope of the decision! Keep this in mind next time you get started on a project!
I take from this two lessons:
1) Try, very, very hard, when a project is young, to consider the ramifications of decisions, and try to anticipate where the project will likely go in the future when it "grows up".
2) As soon as you realized that you've made a mistake, as soon as you've realized that you've mistakenly built in an inherent limitation, don't hesitate to go thru the pain it takes to make it right. No matter how expensive it might be today, it will be far, far more expensive to fix it in the future, and will cost you in reduced performance and suitability every single day.
How much of the anti-MS sentiment so prevalent today among the tech community would be here if MS had just eaten the pain, and paid the price it takes to make a truly high-quality product early on?
"We in the FBI do not have a sense of humor that we are aware of."
A Rose of a Different Name ... is still a turd
So, what you are saying, then, is that this beautiful flower
is still a turd???
Boy, I sure prefer to smell one over the other!
I think what you are trying to say is that "A rose, by any other name, is still a rose" (which implies beauty, wonder, as in its original use by Shakespeare) or maybe, "A turd, by any other name, is still a turd". (which certainly has a different connotation)
Used this way, your metaphor actually argues that Gator (the turd) changed its name, and became a beautiful rose...
Insightful? The parent comment really has no idea what a firewall is or what it's used for, nor how many different application ports are actually allocated and used in /etc/services.
/etc/services /etc/services
Really?
[php@jane ~]$ wc -l
580
Wouldn't that would be, uh, 580?
Really should get to work, but can't pass this up..
Sometime in 2002, I found a security hole in the implementation of a particular Credit Card processing company's online processing software while implementing an interface between it and an application I was tending to.
It was the very worst type of security hole - one that would let me order whatever I like from any of their customers without paying a thin dime, without doing anything exotic at all. (EG: File->Save Page; Edit the html file, use it to submit a post with altered values)
I sent in a simple summary of the security issue found, and included sample code and explicit instructions for what to do and when to recreate the issue, in its entirety. And, I sent it to every email address I could find or think up for this company, along with my contact information and expressed my desire and willingness to assist their engineers. I even detailed a way to completely close the security hole with a minimum of fuss.
Nothing happened for some 6 months. (!)
Then, I got a phone call, from somebody who didn't identify himself. He identified me, in a most nervous and rattling fashion. He went on and on about how it "wasn't a security hole", and "nobody works likee that", and how "nobody would exploit it" and even told me what I might be thinking! I said nothing - this guy scared the hell out of me, even though I made perfectly clear my intentions. He went on and on, for perhaps 10-15 minutes, and I was silent the whole time. He never once asked me a question, other than to identify me!
Finally, he hung up, and that was it. I've never heard or seen anything since, and I've had the same email addresses and contact info. I have never publicly revealed the company involved, and don't intend to. If they get screwed by the security hole, they clearly deserve it.
But I sure as hell refuse to do business with them!