As long as we continue to view this industry as being one that changes so rapidly that everything learned last week is obsolete, we will continue to make the same mistakes and reinvent the same flawed wheels.
I've now been in the field for 11 years. Some things have changed; now I write in PHP/javascript, most of my programming now is event driven, nearly all with prototype, etc.
But lots hasn't changed one iota. Arrays are still arrays, strings are still strings, and security holes are still security holes. Values are still passed by reference or by value, input needs to be validated, algorithms are largely the same regardless of the language, namespaces are still namespaces, etc.
I think that one of the biggest mistakes made in this industry is to think that everything does change. It doesn't. Even when the acronyms change, the basics are still the basics and probably always will be.
This post is some half day old and nobody here's actually posted about smart host in Sendmail? Guys, you are losing your edge!
It's made for exactly this situation and is jaw-droppingly simple, little more than edit a config file and restart sendmail and away you go. Other mail server softwares should offer similar functionality.
This solves OP's problem completely, is invisible, and makes the mail delivery problem the ISP's problem. (which, presumably, they've worked out since you're paying them to)
How can you claim to be a population of techies and not know this?
I spent a long time opposed to DRM because of the lock in effect. Except that reality has pretty much rendered DRM as obsolete.
DRM does not and has not protected video game publishers.
DRM does not and has not prevented every significant song, movie, or other work from being easily, readily, and widely available on torrents.
DRM does not and has not generally resulted in an improved customer experience.
In a very real sense, it is frequently easier to use the pirate version of a game than the normal one. I love the GTA series on PC, and every single game I ever purchased I almost immediately installed the No-CD cracks. Yes, that's right. I bought all the games of GTA I ever played, and I cracked all of them just so I didn't have to dicker with the stupid DRM.
So, other than annoy the end users, what purpose does DRM serve?
And this is why you are likely unemployed. If not, you probably should be. As an employer, if I found out you made a comment like this recently anywhere during the due diligence that is our hiring process, your application would immediately be round-filed.
As a technology consultant myself, I frequently review articles detailing forensics behind a hack, to try to identify ways that our internal security and technologies can be improved. Reading the above article, I did find one thing in their long chain of failures that we could be doing that we aren't already. We're not hack-proof, we're just applying security best practices as best we can.
You aren't *owed* your job. If you want job security, start your own company and you'll quickly see how a truly secure job is just a fiction. Companies often have to make hard choices that result in discomfort. Get over it.
Curiosity got me in reading this. I've just never noticed much, so I tried OO.o on my Fedora Core 14 laptop, and it took 2.5 seconds. To be fair, this is not a "lightweight" laptop - A Dell Precision M4500, with 4-core i7 and 8 GB of RAM.
For the record, pilots don't end transmissions with 'over'. Doing so would be startlingly unprofessional, something akin to a lawyer wearing a clown suit to trial.
Aviation speak is extremely regimented and uniform. Once you get the hang of it, you know what to expect and when, so the need for artificial "I'm done" words is pretty much nil.
Okay... Leaving browser exploits out of it for the moment, though, isn't cookie access restricted to the domain that set it?
Yes. But it's easy to circumvent by websites referencing a common 3rd party url for an image. (EG: a banner ad)
Referencing a 3rd party URL in an image allows cookies to be set for that domain regardless of what URL you typed in and gives that 3rd party knowledge of the website the request originated from. (EG: what URL you typed in)
Re:Symbian is good enough for lots of people...
on
Why Nokia Is Toast
·
· Score: 1
Zemran, it's good that you've found a suitably minimal phone for your needs, but it's not until you have a smartphone that the reality of it sets in.
It's wickedly intoxicating to have access to virtually anything you want to know in 10 seconds, at your hip!
It's not a phone, it's a phone that always has a current phone book built in.
It's not a camera, it's a camera that you can send pics around in near-real time, from SMS, to Facebook to Email, to instantly converting to PDF and import as documentation in under 30 seconds for a manual.
It's not a map, it's a map that knows what the movie times are and even suggests the best movies to watch based on estimated travel time, or knows places nearby in a strange town that can develop your pictures for your grandma.
And on, and on, and on.
Mobile computing is definitely here, it's mainstream, and even in my world, it's quickly replacing desktop computing for many, many people.
Strangely, it's rather unlikely that the drives would be erased by even a large magnet powerful enough to pick up a car! It's just not a dense enough magnetic field to do any particular damage to the media.
The problem isn't the "amount" of magnetism, the problem is that the density of the magnetic field flowing through the disk surface is orders of magnitude less dense than the neodymium electro-magnet floating 1/20th the thickness of a human hair away from the HDD surface. HDD information density is unbelievable, and to achieve these densities, they've had to do some remarkable things with magnets!
Standard magnets will erase "soft" media, like floppies. But for HDDs, the amount of bit rot due to magnetic fields is going to be minimal in all but extreme cases.
Unlike the iPhone / proprietary equivalents, it will mostly be a non-issue to upgrade older hardware to the new stuff. Thus we'll see android acting as an insurance against near future obsolescence!!
If I can feed you your IP address and DNS results and your data passes through my network - then I own you.
Not really. Combining DNS-Sec and HTTPS/SSL pretty much take care of all of it. I don't care what bits you see; they aren't much good to anybody who isn't a legitimate endpoint!
Witness what has happened with even fairly simply systems such as SMTP. The world is inundated with SPAM because the system in inherently decentralized and it is impossible to verify where email is coming from.
*cough* SPF *cough* Greylisting for the scragglers who don't have SPF records...
My only beef here is that even relatively security-conscious sites haven't enabled or have even disabled HTTPS connections.
For example, Slashdot. Even when you TRY to use HTTPS, you are forwarded to the HTTP equivalent. There isn't even a security warning, so they did go through the hassle of buying an SSL certificate, just to forward you to the insecured version of the site.
WTF?!?!? Are you listening Slashdot? Why don't you support HTTPS connections?
... It just requires a little thoughtful design...
... and a shit-ton of cash
Amazon has rendered itself demonstrably ddos-proof. Google and Mircosoft are likewise near impossible to take down.
... by being bigger than the DDOS networks trying to take them down. Proof that you can prevent resource starvation by simply throwing metric crap-tons of resources at it.
If Cicso were to implement the proper tools, we could all have an automated way to stop a ddos within minutes of its start.
Perhaps you could enlighten all of us with your profound insight and describe what those tools might be? Because if you were to develop them, perhaps patent them, and sell them, you would have a metric-ton of cash in your bank account.
At the hard of the DDOS problem is a basic definitional problem: when you connect to a web server, it allocates resources to respond to your request. This is OK, normal, and expected. And there's no effective way to discern between a legitimate request (a program making a request on behalf of an end user) and an illegitimate one. (a malicious program making a request on behalf of an attacker)
An unintentional DDOS attack has been joked about for years around here: the "slashdot-effect" which is well known enough that it has its own Wikipedia entry.
1) Establish that you look more like your mother/father.
2) Establish that children look like their parents, have them identify whether or not they look more like their mother/father.
3) Establish what it is that you found attractive in your spouse/partner.
4) Ask them what they see in each other.
5) Ask them if they'd be equally likely to date/marry/reproduce with somebody they didn't find attractive, or even found unattractive.
They've just agreed to nearly every salient point in evolution:
1) That children look much like their parents, but not exactly.
2) That children's appearances and attributes drift over time.
3) That selective pressure can alter the likelyhood of certain attributes being passed on.
The only thing they haven't really agreed to is speciation - that changes can build up over time until derivative children can no longer reproduce with each other.
Trying to say that Anonymous is a group is like saying that drug dealers are a group.
For example, much of the "IRL" activity of Anonymous is organized in a loose, laissez faire at Why We Protest which has a rapidly oscillating readership. Originally behind the Anonymous/Scientology protests, it's now a springboard for (among other things) operations in regards Iran, Tunisia, Wikileaks, Free Bradley Manning, and many other causes that most slashbots would easily rally behind.
Some people who identify with Anonymous did some illegal stuff. Isn't that true with virtually any group of people, such as Muslims, Christians, and police officers?
Even so, just adding another foot or two on each side would make a *lot* of difference in stability. As it is, the width/height ratio is vanishingly small, and at the speeds involved, this just looks like a thrilling way to die!
I was about to come in here and say pretty much what you said, but you'd already said it, and Slashdot doesn't let you moderate in any forum that you've replied into.
I've long wondered why they don't run pipes through "must be clear" cement (think: International airport) and then pump water through the pipes. The water would come from the water table 25' down, where it's always around 60' year 'round, and so shouldn't cost terribly much.
IMHO, as an armchair engineer lacking credentials for much more than software...
why does it seem as if everybody wants to make us dependent on a 24/7 connection to the web
How else do I say it: Because it's *easier*! Rumors that desktop application development is "well understood", well documented, and highly developed, are incorrect.
I'm an application developer, supporting both client-side and web-based models, and it's much, much easier to support a web-based model than a client-side model. With a web-based model, you can almost always replicate bugs reported by end users without much fuss. You hold the cards, so you can recreate problem scenarios and not have to bother the client with all that.
But, with client-side development, you run into situations where (I shit you not!) a combination of an antivirus package and MS Office (no, I'm NOT KIDDING) causes your application to mysteriously stop working. You can't recreate it, despite having a test machine with the same version of windows, similar hardware, etc. The only way to reproduce the problem is on the client's computer, and they are behind a firewall that prevents any remote desktop software from working.
Have you ever travelled 600 miles in order to discover that the problem was their antivirus in combination with a dumb file association with MS Office?
But when it's web-based, the problem is significantly easier to manage. Browsers are much more standardized than desktops. Javascript runs pretty much the same on 32 bit systems as 64 bit systems, PPC, ARM, or i386, Windows, Macintosh, Linux, or iOS, regardless of firewalls, antivirus, or whatever.
And to be truthful, end users are often unable to grasp basic things like saving files, let alone backing them up. But when it's web-based, I can provide a very, VERY strong assurance that backups have occurred within the last 24 hours, 365 days per year!
Wireless carriers are in a wonderful position: they can paint the picture of the moon, contract a high-flying jet plane, and deliver a toy balloon, because "everybody knows" that no matter the network, there's always things like interference and "dead zones" no matter how well provisioned the network!
Aren't getting that 10 Mbit download speed that was processed? Probably you are in a dead zone, or your neighbor's microwave is generating interference, or etc. etc.
But since the wireless service actually works, even if a bit slowly, nobody says too horribly much. Over promise and under deliver isn't just done, it's par for the course!
My problem with Verizon Wireless isn't their network, it's not the phones, it's not even their customer service. It's their billing. Try running a "family plan" with Verizon Wireless with more than 2 or 3 phones, and mysterious charges start appearing on your bill. Charges so numerous they can actually double the amount you "owe". Charges that, when you call their (friendly!) customer service department, they can't justify or support them, and they'll have them waived. (only to see another round the next month)
So, I switched my entire family from Verizon Wireless to MetroPCS (7 mobile phones!) because Verizon Wireless couldn't actually bill me what they promised I'd pay.
Slashdot Mirror
As long as we continue to view this industry as being one that changes so rapidly that everything learned last week is obsolete, we will continue to make the same mistakes and reinvent the same flawed wheels.
I've now been in the field for 11 years. Some things have changed; now I write in PHP/javascript, most of my programming now is event driven, nearly all with prototype, etc.
But lots hasn't changed one iota. Arrays are still arrays, strings are still strings, and security holes are still security holes. Values are still passed by reference or by value, input needs to be validated, algorithms are largely the same regardless of the language, namespaces are still namespaces, etc.
I think that one of the biggest mistakes made in this industry is to think that everything does change. It doesn't. Even when the acronyms change, the basics are still the basics and probably always will be.
This post is some half day old and nobody here's actually posted about smart host in Sendmail? Guys, you are losing your edge!
It's made for exactly this situation and is jaw-droppingly simple, little more than edit a config file and restart sendmail and away you go. Other mail server softwares should offer similar functionality.
This solves OP's problem completely, is invisible, and makes the mail delivery problem the ISP's problem. (which, presumably, they've worked out since you're paying them to)
How can you claim to be a population of techies and not know this?
I spent a long time opposed to DRM because of the lock in effect. Except that reality has pretty much rendered DRM as obsolete.
DRM does not and has not protected video game publishers.
DRM does not and has not prevented every significant song, movie, or other work from being easily, readily, and widely available on torrents.
DRM does not and has not generally resulted in an improved customer experience.
In a very real sense, it is frequently easier to use the pirate version of a game than the normal one. I love the GTA series on PC, and every single game I ever purchased I almost immediately installed the No-CD cracks. Yes, that's right. I bought all the games of GTA I ever played, and I cracked all of them just so I didn't have to dicker with the stupid DRM.
So, other than annoy the end users, what purpose does DRM serve?
I'm guessing that Squid would be a must-have on the interplanetary web!
And this is why you are likely unemployed. If not, you probably should be. As an employer, if I found out you made a comment like this recently anywhere during the due diligence that is our hiring process, your application would immediately be round-filed.
The *only* thing you really have is your honor, because when that's gone, you're toast. Ask security consultant firm HBGary Federal how they're doing now that their lax security has been exposed.
As a technology consultant myself, I frequently review articles detailing forensics behind a hack, to try to identify ways that our internal security and technologies can be improved. Reading the above article, I did find one thing in their long chain of failures that we could be doing that we aren't already. We're not hack-proof, we're just applying security best practices as best we can.
You aren't *owed* your job. If you want job security, start your own company and you'll quickly see how a truly secure job is just a fiction. Companies often have to make hard choices that result in discomfort. Get over it.
Curiosity got me in reading this. I've just never noticed much, so I tried OO.o on my Fedora Core 14 laptop, and it took 2.5 seconds. To be fair, this is not a "lightweight" laptop - A Dell Precision M4500, with 4-core i7 and 8 GB of RAM.
Still, 2.5 seconds is by no means slow.
For the record, pilots don't end transmissions with 'over'. Doing so would be startlingly unprofessional, something akin to a lawyer wearing a clown suit to trial.
Aviation speak is extremely regimented and uniform. Once you get the hang of it, you know what to expect and when, so the need for artificial "I'm done" words is pretty much nil.
.. and has the last 5 letters of "China" ?
Okay... Leaving browser exploits out of it for the moment, though, isn't cookie access restricted to the domain that set it?
Yes. But it's easy to circumvent by websites referencing a common 3rd party url for an image. (EG: a banner ad)
Referencing a 3rd party URL in an image allows cookies to be set for that domain regardless of what URL you typed in and gives that 3rd party knowledge of the website the request originated from. (EG: what URL you typed in)
Zemran, it's good that you've found a suitably minimal phone for your needs, but it's not until you have a smartphone that the reality of it sets in.
It's wickedly intoxicating to have access to virtually anything you want to know in 10 seconds, at your hip!
It's not a phone, it's a phone that always has a current phone book built in.
It's not a camera, it's a camera that you can send pics around in near-real time, from SMS, to Facebook to Email, to instantly converting to PDF and import as documentation in under 30 seconds for a manual.
It's not a map, it's a map that knows what the movie times are and even suggests the best movies to watch based on estimated travel time, or knows places nearby in a strange town that can develop your pictures for your grandma.
And on, and on, and on.
Mobile computing is definitely here, it's mainstream, and even in my world, it's quickly replacing desktop computing for many, many people.
I have a Droid 2, wife has a LG Optimus. Both are Android, both are divine.
Seriously, what's the downside?
Strangely, it's rather unlikely that the drives would be erased by even a large magnet powerful enough to pick up a car! It's just not a dense enough magnetic field to do any particular damage to the media.
The problem isn't the "amount" of magnetism, the problem is that the density of the magnetic field flowing through the disk surface is orders of magnitude less dense than the neodymium electro-magnet floating 1/20th the thickness of a human hair away from the HDD surface. HDD information density is unbelievable, and to achieve these densities, they've had to do some remarkable things with magnets!
Standard magnets will erase "soft" media, like floppies. But for HDDs, the amount of bit rot due to magnetic fields is going to be minimal in all but extreme cases.
C:> debug :g=c800:5
Sad that I can STILL REMEMBER THE BIOS ADDRESS after all these years?
Unlike the iPhone / proprietary equivalents, it will mostly be a non-issue to upgrade older hardware to the new stuff. Thus we'll see android acting as an insurance against near future obsolescence!!
If I can feed you your IP address and DNS results and your data passes through my network - then I own you.
Not really. Combining DNS-Sec and HTTPS/SSL pretty much take care of all of it. I don't care what bits you see; they aren't much good to anybody who isn't a legitimate endpoint!
Witness what has happened with even fairly simply systems such as SMTP. The world is inundated with SPAM because the system in inherently decentralized and it is impossible to verify where email is coming from.
*cough* SPF *cough* Greylisting for the scragglers who don't have SPF records...
My only beef here is that even relatively security-conscious sites haven't enabled or have even disabled HTTPS connections.
For example, Slashdot. Even when you TRY to use HTTPS, you are forwarded to the HTTP equivalent. There isn't even a security warning, so they did go through the hassle of buying an SSL certificate, just to forward you to the insecured version of the site.
WTF?!?!? Are you listening Slashdot? Why don't you support HTTPS connections?
... It just requires a little thoughtful design...
... and a shit-ton of cash
Amazon has rendered itself demonstrably ddos-proof. Google and Mircosoft are likewise near impossible to take down.
... by being bigger than the DDOS networks trying to take them down. Proof that you can prevent resource starvation by simply throwing metric crap-tons of resources at it.
If Cicso were to implement the proper tools, we could all have an automated way to stop a ddos within minutes of its start.
Perhaps you could enlighten all of us with your profound insight and describe what those tools might be? Because if you were to develop them, perhaps patent them, and sell them, you would have a metric-ton of cash in your bank account.
At the hard of the DDOS problem is a basic definitional problem: when you connect to a web server, it allocates resources to respond to your request. This is OK, normal, and expected. And there's no effective way to discern between a legitimate request (a program making a request on behalf of an end user) and an illegitimate one. (a malicious program making a request on behalf of an attacker)
An unintentional DDOS attack has been joked about for years around here: the "slashdot-effect" which is well known enough that it has its own Wikipedia entry.
God, how I HATE the new layout! Underlines, italics are gone.
Quotes look lame.
pre doesn't look any different. Bold is here, at least. but it's little consolation...
This is best done in front of his/her partner.
1) Establish that you look more like your mother/father.
2) Establish that children look like their parents, have them identify whether or not they look more like their mother/father.
3) Establish what it is that you found attractive in your spouse/partner.
4) Ask them what they see in each other.
5) Ask them if they'd be equally likely to date/marry/reproduce with somebody they didn't find attractive, or even found unattractive.
They've just agreed to nearly every salient point in evolution:
1) That children look much like their parents, but not exactly.
2) That children's appearances and attributes drift over time.
3) That selective pressure can alter the likelyhood of certain attributes being passed on.
The only thing they haven't really agreed to is speciation - that changes can build up over time until derivative children can no longer reproduce with each other.
Trying to say that Anonymous is a group is like saying that drug dealers are a group.
For example, much of the "IRL" activity of Anonymous is organized in a loose, laissez faire at Why We Protest which has a rapidly oscillating readership. Originally behind the Anonymous/Scientology protests, it's now a springboard for (among other things) operations in regards Iran, Tunisia, Wikileaks, Free Bradley Manning, and many other causes that most slashbots would easily rally behind.
Some people who identify with Anonymous did some illegal stuff. Isn't that true with virtually any group of people, such as Muslims, Christians, and police officers?
Over 10 years, and still not king of the hill?
Even so, just adding another foot or two on each side would make a *lot* of difference in stability. As it is, the width/height ratio is vanishingly small, and at the speeds involved, this just looks like a thrilling way to die!
I was about to come in here and say pretty much what you said, but you'd already said it, and Slashdot doesn't let you moderate in any forum that you've replied into.
So... well said!
I've long wondered why they don't run pipes through "must be clear" cement (think: International airport) and then pump water through the pipes. The water would come from the water table 25' down, where it's always around 60' year 'round, and so shouldn't cost terribly much.
IMHO, as an armchair engineer lacking credentials for much more than software...
why does it seem as if everybody wants to make us dependent on a 24/7 connection to the web
How else do I say it: Because it's *easier*! Rumors that desktop application development is "well understood", well documented, and highly developed, are incorrect.
I'm an application developer, supporting both client-side and web-based models, and it's much, much easier to support a web-based model than a client-side model. With a web-based model, you can almost always replicate bugs reported by end users without much fuss. You hold the cards, so you can recreate problem scenarios and not have to bother the client with all that.
But, with client-side development, you run into situations where (I shit you not!) a combination of an antivirus package and MS Office (no, I'm NOT KIDDING) causes your application to mysteriously stop working. You can't recreate it, despite having a test machine with the same version of windows, similar hardware, etc. The only way to reproduce the problem is on the client's computer, and they are behind a firewall that prevents any remote desktop software from working.
Have you ever travelled 600 miles in order to discover that the problem was their antivirus in combination with a dumb file association with MS Office?
But when it's web-based, the problem is significantly easier to manage. Browsers are much more standardized than desktops. Javascript runs pretty much the same on 32 bit systems as 64 bit systems, PPC, ARM, or i386, Windows, Macintosh, Linux, or iOS, regardless of firewalls, antivirus, or whatever.
And to be truthful, end users are often unable to grasp basic things like saving files, let alone backing them up. But when it's web-based, I can provide a very, VERY strong assurance that backups have occurred within the last 24 hours, 365 days per year!
See the difference yet?
Wireless carriers are in a wonderful position: they can paint the picture of the moon, contract a high-flying jet plane, and deliver a toy balloon, because "everybody knows" that no matter the network, there's always things like interference and "dead zones" no matter how well provisioned the network!
Aren't getting that 10 Mbit download speed that was processed? Probably you are in a dead zone, or your neighbor's microwave is generating interference, or etc. etc.
But since the wireless service actually works, even if a bit slowly, nobody says too horribly much. Over promise and under deliver isn't just done, it's par for the course!
My problem with Verizon Wireless isn't their network, it's not the phones, it's not even their customer service. It's their billing. Try running a "family plan" with Verizon Wireless with more than 2 or 3 phones, and mysterious charges start appearing on your bill. Charges so numerous they can actually double the amount you "owe". Charges that, when you call their (friendly!) customer service department, they can't justify or support them, and they'll have them waived. (only to see another round the next month)
So, I switched my entire family from Verizon Wireless to MetroPCS (7 mobile phones!) because Verizon Wireless couldn't actually bill me what they promised I'd pay.