True and if I knew enough to help out I would....which is why I use Python rather than Java. But if I was going to learn/use Java it would be with Jython.
I have this feeling that Scott McNealy isn't sitting there thinking "Damn, I guess if we totally cede control over this language, all those Unix nerds who hate Java anyway are going to drop their copies of Python and come rushing to embrace us!"...no, but if Jython were more feature complete.:)
Needs the money? Take a look at their latest 10Q available at:
http://biz.yahoo.com/e/040205/sunw10-q.html
Scroll down about half way to the section titled "LIQUIDITY, CAPITAL RESOURCES AND FINANCIAL CONDITION" (it will be in bold). They have just over 5.7 BILLION dollars in various securities and are close to breaking even.
A far cry from needing cash so quickly that they would need to divest of Java.
Why not just digitally sign all messages leaving an organization? Then you can check the digital signature at the receiving end. This doesn't prevent the spam from being sent, but it does provide some accountability.
Doing this at the MTA level prevents the end user from knowing about any of it. Certs can be obtained from CACert if you don't want to support any of the existing CA monopolies.
As more people start to use certs to sign the messages create a white list where you only accept messages that are signed. Messages that are not signed could be rejected or have their subject altered, similar to how some programs place {Virus?} in the subject when a virus has been removed.
They do have these, it is just REALLY expensive and is not reusable. It is a small scale EMP under the car. The device that comes from under the police car is basically a remote controlled car that self-destructs during the EMP discharge.
I like AUPs because it establishes what the rules are; without those rules what do we enforce?
While it would be nice to live in a fairly tale world where everyone plays nicely with each other, it's just not going to happen any time soon. When one person has a complaint with another person, who do you think they are going to go to if it is a serious issue?
There are "AUPs" for phones; try dialing the White House or 911 and then hanging up. Or call a bomb threat and see how many people think it is funny.
These do not require the active monitoring of each call, but it does require that the calls be traceable and logged. Which is one of the big reasons for having a home user route their traffic throug an ISP proxy; accountability.
Totally different; I am not talking about limiting what people talk about.
By having the individual's email pass upstream through a proxy maintained by the ISP it does not imply that the ISP will be monitoring the traffic. If they want to encrypt their data, fine.
What this would allow is for the ISP to block things that are known to be malicous or account for the use of the network. If an individual wanted to be personally liable for the use of their system and keeping it secure, then I would be all for having it directly on the Internet.
But if they are not willing to be personally liable, which I think the ISPs should be held to as well, then they should be behind someone that is.
The problem, IMO, with letting most people directly on the Internet is that they are clueless about security. I don't mean installing a firewall, anti-virus and/or IDS; I mean using and configuring a system so that you actually know what is suspicious behavior and when it happens.
As to wether I like ISPs policing and enforcing AUPs...ABSOLUTELY!!!! I actively work with law enforcement on computer crime investigations and unless you want the police to be actively policing the networks (think Carnivore) then the ISPs are going to have to do something.
I think the difference in view is largely based on how we view the nodes on the Internet. I do not view them as part of a "TV station," I view them as a potential weapon.
If I were an ISP I would not allow someone to run their own mail server directly on the Internet. Either their mail gets filtered through my system, or it does not get out.
This way the ISP can ensure the mail complies with the AUP and attacks against the mail server are filtered. I do not trust a home user with a DSL modem, even a technical one, to keep their system patched or configured securely.
IP spoofing could easily be stopped, if ISPs cared to do so. All they would have to do is check the IP addresses on the inside of their network against the ranges that are supposed to be used. Ingres and egress filtering is already supported in probably all routers and firewalls to do this.
While this recommendation does have it's problems, I see no one suggesting a better alternative. Yet. Hopefully someone will. This is similar to a solution a friend and I zeroed in on, except we thought to keep smtp, with user and/or server PK signatures automagically added along the way. Initially, clients could be configured by users to reject message that don't have the credentials the recipient requires, but eventually the server would reject unsigned messages, and signed messages that did not come from the server that supposedly signed them.
I've had the same idea, even going so far as to tinker with code to insert a SHA1 hash into the headers of the message. This way the systems that do not know what to do can ignore it and those that are interested can check the DS.
The problem of distributing keys is troublesome. But, there are many smart people reading and/or thinking about this. If instead of throwing our hands up and saying there is no solution, and more people thought about it, maybe something could be done.
The key could always be attached to the message you send. Granted this would increase the size of the message, but it would not be any worse than people always sending their vCard. Perhaps the system would only send the signature the first time you sent an email to a person.
The problem with most 'security solutions' is that people are always reacting to the latest threat. In this case the spammer.
If you have a public key of the people you trust, then only allow mail from them to appear in your inbox. All other mail goes to a pending folder, if you want to allow the sender's mail to arrive in your inbox you accept their key.
If a sender on your approved list starts spamming, remove them from the list. Now you no longer have to worry about the spammer, but you do have to initially build your list of trusted email addresses.
How about a program like LaBrea, where the connection is held open.
This way it is not just preventing them when the message is first received, but keeps the connection open for a period of time. 30 minutes per message?
When I need to transfer large amounts of data, I use rsync where possible. This allows for updates of the data without transfering all of the data, unless everything changes in the current update.
I haven't tried all of those, but I have had problems accessing Intuit's web applications using anything other than MSIE. The programs I tried were the small business programs, IIRC they used ActiveX.
I use their service, but have no other ties to them. I have never had a problem with them and they have an option for unlimited bandwidth and unlimited disk space. The bandwidth is throttled after a certain point but keeps going.
When I download software for eval it depends on the amount of information collected. If I have to give much more than my name, company name and email I don't download it. I figure that if I purchase the software then I'll give more detailed information at that time.
But on an advertisement free magazine if you look at it multiple times it's only your time that's is being used up. On a web site if you look at it multiple times there are still bandwidth and processing being used up to serve you that data.
The short version is that I would recommend Python. The long version...
intuitive and easy to use IDE
There are several IDEs for Python, the one I typically use the most is BlackAdder. This has a Qt form designer in it for GUI applications. There are some quirks, but it shows a lot of promise.
simplified GUI design and event handling
For Windows development I typically use Qt, I haven't had any problems with it yet; besides the poor documentation. Unless you know C/C++ to read that documentation.
You can access Swing from Python, or use Jython which has the same basic syntax but allows you to access anything in Java. This way once your developers know the language they can either write native code or write Java based applications.
advanced error handling
Can you define "advanced"...seriously. I've never seen an error I couldn't catch although I don't always try.
advanced object oriented design including multiple inheritance
Python has this.
abstract classes
Python doesn't have abstract classes, at least not that I have ever (heard of||needed||read), rather it uses Mixins and polymorphism.
garbage collection
Yep, we have that too...
full support for operator and function overloading
...and that.
portable (at compile-time) across various platforms
I believe the Python interpreter will compile on just about anything with a C compiler. If you want to "compile" your Python code into a standalone program then you can use Gordon McMillian's excellent Installer program. It works on Windows and Linux.
...drop by comp.lang.python sometime or email me and I'll do what I can to answer any questions you may have.
I would love to get a book that goes into Jython for Python programmers. Something that doesn't presume you already know Java; I know enough to get by but don't work with it every day.
I also like Ruby, if there was a book that took over where the pick ax book left off. Basicallly after the basic/intermediate level.
I have a program that connects to my web site and downloads a file when it is online. The file has commands to run on the local comptuer, usually this is just "pass" to do nothing.
Using GPG I make sure the digital signature of the file matches before running the commands. This way I can remotely update the file and it can execute anything I can program in Python.
Slashdot Mirror
True and if I knew enough to help out I would....which is why I use Python rather than Java. But if I was going to learn/use Java it would be with Jython.
Wayne
I have this feeling that Scott McNealy isn't sitting there thinking "Damn, I guess if we totally cede control over this language, all those Unix nerds who hate Java anyway are going to drop their copies of Python and come rushing to embrace us!" ...no, but if Jython were more feature complete. :)
Wayne
Needs the money? Take a look at their latest 10Q available at:
http://biz.yahoo.com/e/040205/sunw10-q.html
Scroll down about half way to the section titled "LIQUIDITY, CAPITAL RESOURCES AND FINANCIAL CONDITION" (it will be in bold). They have just over 5.7 BILLION dollars in various securities and are close to breaking even.
A far cry from needing cash so quickly that they would need to divest of Java.
Wayne
...just go to http://www.usmc.mil and ask for information. :)
Semper Fi.
7 years for most crimes.
Why not just digitally sign all messages leaving an organization? Then you can check the digital signature at the receiving end. This doesn't prevent the spam from being sent, but it does provide some accountability.
Doing this at the MTA level prevents the end user from knowing about any of it. Certs can be obtained from CACert if you don't want to support any of the existing CA monopolies.
As more people start to use certs to sign the messages create a white list where you only accept messages that are signed. Messages that are not signed could be rejected or have their subject altered, similar to how some programs place {Virus?} in the subject when a virus has been removed.
Problem solved. (As long as you trust the cert.)
P-
This does not require that they use Open Source, only that they give consideration to it.
They do have these, it is just REALLY expensive and is not reusable. It is a small scale EMP under the car. The device that comes from under the police car is basically a remote controlled car that self-destructs during the EMP discharge.
I like AUPs because it establishes what the rules are; without those rules what do we enforce?
While it would be nice to live in a fairly tale world where everyone plays nicely with each other, it's just not going to happen any time soon. When one person has a complaint with another person, who do you think they are going to go to if it is a serious issue?
There are "AUPs" for phones; try dialing the White House or 911 and then hanging up. Or call a bomb threat and see how many people think it is funny.
These do not require the active monitoring of each call, but it does require that the calls be traceable and logged. Which is one of the big reasons for having a home user route their traffic throug an ISP proxy; accountability.
Totally different; I am not talking about limiting what people talk about.
By having the individual's email pass upstream through a proxy maintained by the ISP it does not imply that the ISP will be monitoring the traffic. If they want to encrypt their data, fine.
What this would allow is for the ISP to block things that are known to be malicous or account for the use of the network. If an individual wanted to be personally liable for the use of their system and keeping it secure, then I would be all for having it directly on the Internet.
But if they are not willing to be personally liable, which I think the ISPs should be held to as well, then they should be behind someone that is.
The problem, IMO, with letting most people directly on the Internet is that they are clueless about security. I don't mean installing a firewall, anti-virus and/or IDS; I mean using and configuring a system so that you actually know what is suspicious behavior and when it happens.
As to wether I like ISPs policing and enforcing AUPs...ABSOLUTELY!!!! I actively work with law enforcement on computer crime investigations and unless you want the police to be actively policing the networks (think Carnivore) then the ISPs are going to have to do something.
I think the difference in view is largely based on how we view the nodes on the Internet. I do not view them as part of a "TV station," I view them as a potential weapon.
I know, but it would work (I think). Then once you have people using signatures, other things could be added. Such as encryption of all messages.
If I were an ISP I would not allow someone to run their own mail server directly on the Internet. Either their mail gets filtered through my system, or it does not get out.
This way the ISP can ensure the mail complies with the AUP and attacks against the mail server are filtered. I do not trust a home user with a DSL modem, even a technical one, to keep their system patched or configured securely.
IP spoofing could easily be stopped, if ISPs cared to do so. All they would have to do is check the IP addresses on the inside of their network against the ranges that are supposed to be used. Ingres and egress filtering is already supported in probably all routers and firewalls to do this.
http://www.sans.org/rr/sysadmin/egress.php
I've had the same idea, even going so far as to tinker with code to insert a SHA1 hash into the headers of the message. This way the systems that do not know what to do can ignore it and those that are interested can check the DS.
The problem of distributing keys is troublesome. But, there are many smart people reading and/or thinking about this. If instead of throwing our hands up and saying there is no solution, and more people thought about it, maybe something could be done.
The key could always be attached to the message you send. Granted this would increase the size of the message, but it would not be any worse than people always sending their vCard. Perhaps the system would only send the signature the first time you sent an email to a person.
Then change how you use the identities.
The problem with most 'security solutions' is that people are always reacting to the latest threat. In this case the spammer.
If you have a public key of the people you trust, then only allow mail from them to appear in your inbox. All other mail goes to a pending folder, if you want to allow the sender's mail to arrive in your inbox you accept their key.
If a sender on your approved list starts spamming, remove them from the list. Now you no longer have to worry about the spammer, but you do have to initially build your list of trusted email addresses.
How about a program like LaBrea, where the connection is held open.
This way it is not just preventing them when the message is first received, but keeps the connection open for a period of time. 30 minutes per message?
When I need to transfer large amounts of data, I use rsync where possible. This allows for updates of the data without transfering all of the data, unless everything changes in the current update.
I haven't tried all of those, but I have had problems accessing Intuit's web applications using anything other than MSIE. The programs I tried were the small business programs, IIRC they used ActiveX.
http://www.featureprice.com
I use their service, but have no other ties to them. I have never had a problem with them and they have an option for unlimited bandwidth and unlimited disk space. The bandwidth is throttled after a certain point but keeps going.
-M
Anyone know the cost for a bilboard or magazine add?
When I download software for eval it depends on the amount of information collected. If I have to give much more than my name, company name and email I don't download it. I figure that if I purchase the software then I'll give more detailed information at that time.
/me
But on an advertisement free magazine if you look at it multiple times it's only your time that's is being used up. On a web site if you look at it multiple times there are still bandwidth and processing being used up to serve you that data.
intuitive and easy to use IDE
There are several IDEs for Python, the one I typically use the most is BlackAdder. This has a Qt form designer in it for GUI applications. There are some quirks, but it shows a lot of promise.
simplified GUI design and event handling
For Windows development I typically use Qt, I haven't had any problems with it yet; besides the poor documentation. Unless you know C/C++ to read that documentation.
You can access Swing from Python, or use Jython which has the same basic syntax but allows you to access anything in Java. This way once your developers know the language they can either write native code or write Java based applications.
advanced error handling
Can you define "advanced"...seriously. I've never seen an error I couldn't catch although I don't always try.
advanced object oriented design including multiple inheritance
Python has this.
abstract classes
Python doesn't have abstract classes, at least not that I have ever (heard of||needed||read), rather it uses Mixins and polymorphism.
garbage collection
Yep, we have that too...
full support for operator and function overloading
portable (at compile-time) across various platforms
I believe the Python interpreter will compile on just about anything with a C compiler. If you want to "compile" your Python code into a standalone program then you can use Gordon McMillian's excellent Installer program. It works on Windows and Linux.
I would love to get a book that goes into Jython for Python programmers. Something that doesn't presume you already know Java; I know enough to get by but don't work with it every day.
I also like Ruby, if there was a book that took over where the pick ax book left off. Basicallly after the basic/intermediate level.
I have a program that connects to my web site and downloads a file when it is online. The file has commands to run on the local comptuer, usually this is just "pass" to do nothing.
Using GPG I make sure the digital signature of the file matches before running the commands. This way I can remotely update the file and it can execute anything I can program in Python.
Never had to use it yet though.