Okay, seriously, did GEMS get thrown together in someone's basement, or was it built as an academic exercise, or what?
Maybe they outsourced it to a country that doesn't hold elections.
At any rate, the people in charge of selling this steaming pile of Access to various state and local governments should at least be charged with fraud. Ideally they would be charged with sedition, but that's probably harder to prove.
Nah, f**k it. Microsoft doesn't deserve another cent of my hard-earned money until they re-write their TOS and apologize to anyone who was banned.
And for those who say "think of the children," this is a teachable moment: people have sexual orientations, it's part of their identity as HUMANS. Asking gamers to never mention their orientation or their partners or anything related to sex is just not going to fly. Better to turn off the profiles altogether if you want us all to be cartoons, eh?
Also, my avatar is anatomically correct. Deal with it.
Which is a lot more hassle than the update mechanisms offered by pretty much every other vendor.
Exactly. Cisco needs to get their heads out of the 90s and make it easy for their customers to keep their gear patched against critical bugs like this.
I don't care if they want to restrict feature enhancements and non-critical bug fixes for contract purchasers. But when a router is vulnerable to a simple validation error, they need to give *everyone* with that hardware the ability to fix it, regardless of whether are paying for support or not.
Cisco sold a buggy product. Then they made it difficult if not impossible for some purchasers to get a working version. In my opinion, that makes Cisco responsible for the outages, no matter what their business model and lawyers have to say about it. Grow up and release your patches already.
Actually, no. The problem is that you need to pay big bucks to have access to IOS updates, and too many people just buy the router, whatever IOS comes with it, and NEVER want to hear from Cisco's overpriced services ever again.
Wait, you're saying that a leading provider of internet infrastructure charges for bugfix updates or security patches? That's completely irresponsible, and recklessly greedy.
If that's true, then Cisco is one internet-breaking bug away from enforced product recalls (like the auto industry has). I would also question their eligibility as a vendor for future government-sponsored infrastructure projects.
I think the point is that if the Ma.gnolia source code was open, then users could take advantage of all the great features or whatever that made it so popular, but on their own servers with their own backup solutions.
It might even have occurred to someone to write a patch that enabled import/export from one Ma.gnolia server to another.
These things would have kept his project, his brand, and his good name alive, even though the database crashed, because people who relied on the software would have only themselves to blame if they didn't have a backup.
Tell all the lawyers: proprietary cloud services make your company responsible for your customers' data in ways that expose you to great risk. When people can run your software in their own cloud, the responsibility for their data is theirs.
1 Availability of Service 2 Data Lock-In 3 Data Conïdentiality and Auditability 4 Data Transfer Bottlenecks 5 Performance Unpredictability 6 Scalable Storage 7 Bugs in Large Distributed Systems 8 Scaling Quickly 9 Reputation Fate Sharing 10 Software Licensing
I'm surprised they don't mention my biggest pet peeve with cloud services: lack of operational transparency. You don't know who the admins are, what their policies are, and what code they are using to operate the system.
It's a big black box and you're just supposed to trust that Amazon (or whoever) has sound policies, peer-reviewed code, and a reasonable level of accountability built-in. That's a bit like trusting your bank to only make good loans.
I actually want to know who the admins are. I want to see the code. I want to read the policies. Is that so wrong?
I think for a lot of my "friends", 25 Things was the first participatory internet meme they have been exposed to, at least on that kind of scale. (Aside from the Facebook meta-meme, of course.) I get the impression that many non-geek Facebook members haven't really been part of an online community in any meaningful way before (I'm 38, so this is a Gen-X thing.)
I certainly hope that they aren't quite so susceptible to the next meme that comes along, although I think some of them genuinely enjoyed it.
0) Use a version control system 1) Validate input, escape output 2) Turn off unused services 3) Regular, automatic backups to another location
Ok, the OWASP list is more comprehensive, but these four things are fundamental to preventing, and recovering from, security breaches.
In particular, #1 means make sure that for any input your program receives (even HTTP vars like REQUEST_URI) the input is generally what you were expecting -- size, variable type, no unprintable characters.
And for every value your program sends out, whether to the server as an html response or to the database as an sql query or to the shell as a command line argument, use the proper means of escaping it so that special characters can't cause unintended consequences.
Why does an organization or enterprise need to be all one OS or another? Do you really want to be responsible for the fate of an entire university's computing infrastructure?
The "transition" to open source at your institution is already happening. Get in touch with faculty and grad students using open source tools. Encourage them to request open source software and services from the University. Work with anyone and everyone you can to make sure that the websites and application they are responsible for work with Firefox and WebKit.
Use open source tools in your office, and document how you made it work with the University's services. Work with the IT folks when you can (cooperation is your friend!) but when you can't, or they are dragging their feet, quietly find some other way to do it.
Unless you have a mandate from administration and funding for your own shop, you can't actually force any kind of transition. Bide your time, keep in touch with other users, and use your expertise to help out where you can.
If you want to propose something to the administration, providing professional and secure PHP and Ruby-on-Rails services to students and faculty will do more for open source adoption than just about anything else I can think of.
Sorry, but multicast is the best way to scale video feeds to an unlimited number of viewers.
P2p is only marginally better at scaling because you can decentralize the connections. There is still a 1-to-1 relationship between the number of viewers and the number of data streams on the wire.
P2p gives you the same amount of traffic, in other words, just not all coming from one source. It's easy to imagine how that would be less efficient, since you're setting up many more connections per stream in order to discover peers and pull in all the bits.
Multicast provides real scalability by ensuring that there is only ever one stream of data per router, no matter how many viewers are watching it downstream.
Typical of MS offerings, it took a while to chase the links down to find out what the hell Sandbox actually is/does. See http://websandbox.livelabs.com/
Seems to be similar to Caja, allowing you to include third-party scripts or content in your pages without worrying that they will muck things up or steal your cookies.
Has anyone (shudder) actually used it for anything? I'm afraid if they want my attention I need to see some simple, obvious examples.
Personally, I am sick of spammers attempting to add comment spam to sites that I run, signing up for bogus accounts, sending massive amounts of spam, continuously trying ssh connections, running exploits etc the list goes on.
Interesting. It occurs to me that one could build a botnet that relies on stitching together snippets of base64-encoded payload collected from a distributed set of innocuous-looking comment spams.
A little aG9wZSBhbmQgY2hhbmdl here, some cGFyYW5vaWEgYW5kIGRlbHVzaW9u there, and before you know it, the bot has the commands needed to shut down the stock market.
It wouldn't be the most responsive command-and-control structure, but it would certainly be difficult to shut down.
Just look at the stack that 80% of those lesser-used OSes run. Sure, they have different kernels and somewhat different filesystem layouts. But they've all got the standard set of unix tools, along with big, evolving, modular binaries like perl, apache, mysql, postfix...
If there's an exploit hidden away in tar or cpio or something then Linux, OSX, and the BSDs are all vulnerable until patched. That includes your desktop, your netbook, your phone, your camera, your wi-fi router, your pvr, and anything else you've got that talks to the net.
How many people even know that their wireless access point is a computer, and vulnerable to malware?
Slashdot Mirror
Everything was better in the 80's.
Music, TV, Films.
Either you're joking, and I don't get it, or you weren't actually alive during the 80s. The *only* thing better was the missiles.
Perhaps you thought their intended use was to blow up?
Hmmm. In that case, they could just make the missiles out of cardboard and felt (like the Clangers) and nobody would be any the wiser.
19th Century technology, that.
Behold the Quaker Gun which fooled the entire Army of the Potomac for a few crucial months at the start of the US Civil War.
This would be fine if we could vote for the executives and the board of directors. I don't think they want to go quite that far, though.
Yeah, you'd think they wouldn't bother going after Craigslist after the failure of their earlier lawsuit against street corners.
Thank you for that!
Okay, seriously, did GEMS get thrown together in someone's basement, or was it built as an academic exercise, or what?
Maybe they outsourced it to a country that doesn't hold elections.
At any rate, the people in charge of selling this steaming pile of Access to various state and local governments should at least be charged with fraud. Ideally they would be charged with sedition, but that's probably harder to prove.
If the Kindle interface becomes obsolete, port the information onto another medium and recycle the device.
Assuming Jeff Bezos doesn't take the master Kindle DRM key to the grave, yes.
Nah, f**k it. Microsoft doesn't deserve another cent of my hard-earned money until they re-write their TOS and apologize to anyone who was banned.
And for those who say "think of the children," this is a teachable moment: people have sexual orientations, it's part of their identity as HUMANS. Asking gamers to never mention their orientation or their partners or anything related to sex is just not going to fly. Better to turn off the profiles altogether if you want us all to be cartoons, eh?
Also, my avatar is anatomically correct. Deal with it.
You forgot to add a Google Ad Sense float to the Squirrelmail templates... or were you trying to avoid violating a patent?
Which is a lot more hassle than the update mechanisms offered by pretty much every other vendor.
Exactly. Cisco needs to get their heads out of the 90s and make it easy for their customers to keep their gear patched against critical bugs like this.
I don't care if they want to restrict feature enhancements and non-critical bug fixes for contract purchasers. But when a router is vulnerable to a simple validation error, they need to give *everyone* with that hardware the ability to fix it, regardless of whether are paying for support or not.
Cisco sold a buggy product. Then they made it difficult if not impossible for some purchasers to get a working version. In my opinion, that makes Cisco responsible for the outages, no matter what their business model and lawyers have to say about it. Grow up and release your patches already.
Actually, no. The problem is that you need to pay big bucks to have access to IOS updates, and too many people just buy the router, whatever IOS comes with it, and NEVER want to hear from Cisco's overpriced services ever again.
Wait, you're saying that a leading provider of internet infrastructure charges for bugfix updates or security patches? That's completely irresponsible, and recklessly greedy.
If that's true, then Cisco is one internet-breaking bug away from enforced product recalls (like the auto industry has). I would also question their eligibility as a vendor for future government-sponsored infrastructure projects.
I think the point is that if the Ma.gnolia source code was open, then users could take advantage of all the great features or whatever that made it so popular, but on their own servers with their own backup solutions.
It might even have occurred to someone to write a patch that enabled import/export from one Ma.gnolia server to another.
These things would have kept his project, his brand, and his good name alive, even though the database crashed, because people who relied on the software would have only themselves to blame if they didn't have a backup.
Tell all the lawyers: proprietary cloud services make your company responsible for your customers' data in ways that expose you to great risk. When people can run your software in their own cloud, the responsibility for their data is theirs.
An IT wonk who doesn't know that port 25 is likely to be blocked or redirected by a home ISP deserves a little abuse.
I'm all for the pitchforks, though.
The list:
1 Availability of Service
2 Data Lock-In
3 Data Conïdentiality and Auditability
4 Data Transfer Bottlenecks
5 Performance Unpredictability
6 Scalable Storage
7 Bugs in Large Distributed Systems
8 Scaling Quickly
9 Reputation Fate Sharing
10 Software Licensing
I'm surprised they don't mention my biggest pet peeve with cloud services: lack of operational transparency. You don't know who the admins are, what their policies are, and what code they are using to operate the system.
It's a big black box and you're just supposed to trust that Amazon (or whoever) has sound policies, peer-reviewed code, and a reasonable level of accountability built-in. That's a bit like trusting your bank to only make good loans.
I actually want to know who the admins are. I want to see the code. I want to read the policies. Is that so wrong?
I think for a lot of my "friends", 25 Things was the first participatory internet meme they have been exposed to, at least on that kind of scale. (Aside from the Facebook meta-meme, of course.) I get the impression that many non-geek Facebook members haven't really been part of an online community in any meaningful way before (I'm 38, so this is a Gen-X thing.)
I certainly hope that they aren't quite so susceptible to the next meme that comes along, although I think some of them genuinely enjoyed it.
Malcom Gladwell is a meme.
There, you've been inoculated. Live long and prosper.
0) Use a version control system
1) Validate input, escape output
2) Turn off unused services
3) Regular, automatic backups to another location
Ok, the OWASP list is more comprehensive, but these four things are fundamental to preventing, and recovering from, security breaches.
In particular, #1 means make sure that for any input your program receives (even HTTP vars like REQUEST_URI) the input is generally what you were expecting -- size, variable type, no unprintable characters.
And for every value your program sends out, whether to the server as an html response or to the database as an sql query or to the shell as a command line argument, use the proper means of escaping it so that special characters can't cause unintended consequences.
0) Use a version control system
1) Validate input, escape output
2) Turn off unused services
3) Regular, automatic backups to another location
Ok, the OWASP list is more comprehensive, but these four things are fundamental to preventing, and recovering from, security breaches.
Also, remember that rdesktop is an excellent compatibility layer for those times when only Windows will do.
Why does an organization or enterprise need to be all one OS or another? Do you really want to be responsible for the fate of an entire university's computing infrastructure?
The "transition" to open source at your institution is already happening. Get in touch with faculty and grad students using open source tools. Encourage them to request open source software and services from the University. Work with anyone and everyone you can to make sure that the websites and application they are responsible for work with Firefox and WebKit.
Use open source tools in your office, and document how you made it work with the University's services. Work with the IT folks when you can (cooperation is your friend!) but when you can't, or they are dragging their feet, quietly find some other way to do it.
Unless you have a mandate from administration and funding for your own shop, you can't actually force any kind of transition. Bide your time, keep in touch with other users, and use your expertise to help out where you can.
If you want to propose something to the administration, providing professional and secure PHP and Ruby-on-Rails services to students and faculty will do more for open source adoption than just about anything else I can think of.
Sorry, but multicast is the best way to scale video feeds to an unlimited number of viewers.
P2p is only marginally better at scaling because you can decentralize the connections. There is still a 1-to-1 relationship between the number of viewers and the number of data streams on the wire.
P2p gives you the same amount of traffic, in other words, just not all coming from one source. It's easy to imagine how that would be less efficient, since you're setting up many more connections per stream in order to discover peers and pull in all the bits.
Multicast provides real scalability by ensuring that there is only ever one stream of data per router, no matter how many viewers are watching it downstream.
This is why I try to wear green in public and avoid wearing purple at all costs.
I don't want anyone to put a cap my ass before they remember that they aren't playing a videogame.
Typical of MS offerings, it took a while to chase the links down to find out what the hell Sandbox actually is/does. See http://websandbox.livelabs.com/
Seems to be similar to Caja, allowing you to include third-party scripts or content in your pages without worrying that they will muck things up or steal your cookies.
Has anyone (shudder) actually used it for anything? I'm afraid if they want my attention I need to see some simple, obvious examples.
Personally, I am sick of spammers attempting to add comment spam to sites that I run,
signing up for bogus accounts, sending massive amounts of spam, continuously trying
ssh connections, running exploits etc the list goes on.
Interesting. It occurs to me that one could build a botnet that relies on stitching together snippets of base64-encoded payload collected from a distributed set of innocuous-looking comment spams.
A little aG9wZSBhbmQgY2hhbmdl here, some cGFyYW5vaWEgYW5kIGRlbHVzaW9u there, and before you know it, the bot has the commands needed to shut down the stock market.
It wouldn't be the most responsive command-and-control structure, but it would certainly be difficult to shut down.
You could start with making a Qt version of The GIMP.
Or better yet, a Qt version of Photoshop 7.
If you're going to re-engineer an image manipulation interface, why start with one that gives graphic designers hives?
I like The Gimp, except for the horrible type engine, but I'd still rather use a pre-CS version of Photoshop.
Just look at the stack that 80% of those lesser-used OSes run. Sure, they have different kernels and somewhat different filesystem layouts. But they've all got the standard set of unix tools, along with big, evolving, modular binaries like perl, apache, mysql, postfix...
If there's an exploit hidden away in tar or cpio or something then Linux, OSX, and the BSDs are all vulnerable until patched. That includes your desktop, your netbook, your phone, your camera, your wi-fi router, your pvr, and anything else you've got that talks to the net.
How many people even know that their wireless access point is a computer, and vulnerable to malware?