And just how do you go about giving a PHP script root access? That's the only reason I started moving to Perl. You cant' do anything truly administratively soely in PHP.
Well, Napster is clearly a software product that is used almost exclusively to pirate MP3s, it leeches up a lot of bandwidth, and has some pretty bad security holes that means that potentially the client can be forced to serve up any file to a malicious Napster server.
I don't ban it for that, I ban it because Napster wastes precious bandwidth for the company I work for and has nothing to do with solid state motor controls. There isn't another single application which wastes so much bandwidth on my networks. pr0n is bursty. FTP war3z I stop too but it's not quite so easy. Napster is an easy target and after nuking it I see an immediate increase in available bandwidth.
Just a quick question regarding the machines and the setting they're in:
A pair of identical (load balancing and transparent failover via BigIP) rackmount servers, each with a PIII 600 CPU, 256MB, 2940UW and 20Gb of disk. And let's not forget the triply-redundant T3's to threee distinct Tier-1 internet providers.
Nice setup. What do P3's get you that P2's or even celerons don't? The extra cache won't help a whole hell of a lot and the SIMD or KNI instructions don't do anything for you, either...
...Now I heard that somewhere there is a patch to the Linux kernel that uses MMX to help calculate the packet checksums faster but you said you don't use Linux.
I can't see the difference from losing one machine in a building due to fire/flood to losing 20 machines in a building for the same reason.
I was more thinking that a flooded room of 20 servers stands a better chance of (some) equipment surviving than a similar room with one piece of equipment. After thinking about this, however, I don't think it matters much.:-)
Maybe you mean "kludging together something with baling twine, duct tape, and spit, until I have enough time to rebuild it properly".
With a backup and a system to dump to, I can indeed have a system back up and running in under an hour. However to bring a entire system (or systems) back to what I'd consider "safe to release to the wild" I would take a few hours and test everything, so you're right, I do mean to get it back up so (hopefully) nobody saw that the site was down.:-)
But with multiple OSes running on multiple distinct and unconnected partitions, running completely independant, but on the same hardware, that's just ideal.
I dunno; I would still rather have them on seperate physical boxes. (I did mean seperate boxes in my original post, not all on one virtual box in the big S/390.) Perhaps it's the cool factor of walking into a room of machines instead of a room of machine. I see where there is very little difference when the big iron is completely redundant and hot-swappable, but something inside me says not to trust a single box.
Financially, I would very much like to see the math to see where the break even line is. I smell an "Ask Slashdot" question, can you?
There are better informed people than myself out there, but as I understand it Vmware will not cut the mustard in this instance.
Whoa there! I never said VMWare replaced this, but rather the idea of Linux running under a virtualized system was first (?) demonstrated under VMWare.
Want a new DNS, mail, web, FTP, or whatever server? Don't spend $[foo] for a shiny new PC - just fire up a partition for whatever server you want.
To paraphrase my reply to the previous comment to my original message: To not spend $[foo] for a shiny new PC, you must first have spent $[foo] * a a large number for the box which allows you to "just fire up a partition" to add a VM.:-)
Next time, read the article. Trust me, you will be a better person for it.
I assure you that I did read the article in its entirety(sp?) before responding. However now to your points:
It would be near perfection having a single piece of hardware, properly partitioned, to become your router, your DNS server, multiple and independant but linked web/ftp servers, file servers, X11 servers, print servers, and then having a couple partitions for actual user processes; all of which on a piece of hardware that is 100% hot swappable, and can have a partition rebuilt in less than a minute. And with the massive I/O of a mainframe, to boot.
Perhaps it would be ideal for some but personally I prefer seperate boxes for a lot of things. Catastrophic failures being one. What good is a hot swap box if the box is flooded (water) / destroyed by fire / millitant admin with an axe, etc. Before everyone screams "Backups" (and I agree with them) think of this: if your $Million machine is toast there's nowhere to put the tape and I would imagine delivery on a shiny new mainframe wouldn't be a next day thing. With commodity hardware I can (at worst) steal my home machine, buy a dozen more at your local outlet and be back up and running from backups in a matter of hours.
I also disagree with your "near idealism" about everything in one box. I would certainly not want my router / firewall / X term / webserver / database in one box. However the idea of the mainframe where every "sub box" is a totally seperate entity is a great idea. But for most cases, the sheer co$t of this compared to a standard cluster and frontend/backend solution must also be addressed. How many standard machines would you need to replace (taking into account the savings you made in configuring/adminning only one box) with an S/390 to make it profitable?
Let me perhaps modify my opinion a little: The S/390 port could be useful, but is definately of fringe usefulness when all factors are taken into account.
Cute article. But what's it say? It says that the mainframe hardware is capable of fooling the Linux kernel into thinking it's in charge. Hear of this anywhere else? Yup. VMWare.
Now before you fire up your flamethrowers, think about it... The S/390 hardware was designed to hide itself from whatever it was running, which is exactly why it works as well as it does. Hell Microsoft could port NT5/Win2k/whatever to this platform. So could Be. So could OS/2. (Does OS/2 have a port to the S/390 already?) Linux isn't doing anything new or special here, it's just another virtual OS to the hardware.
I'm a huge Linux advocate, but this little excursion into mainframe land by Linux proves very little. What is the point of running a hundred (or 41400 I think the number was) concurrent Linux sessions when Linux is already multuser and multitasking? Clustering? High availability? No, because you can get all that with the existing mainframe architecture. Running Linux apps on Big Iron? Perhaps, but wouldn't it be better to port Apache, etc. to the mainframe OS and run it on a system that perhaps knows a little bit more about the hardware?
I guess it'd be neat to run a bunch of linux sessions on a mainframe to test a new clustering architecture/algorithm but after the test, there's not much use for it, AFAICT. The Linux/390 project doesn't do much but add to the "cool" factor of Linux, which isn't really all that bad.:-)
The same is true of laptops, LCD screens consume lots of power. I don't have exact numbers, but I'd say the LCD takes over 50% of all the power consumed. Thus this isn't necessarily a big deal.
Untrue. Laptop LCDs have millions of transistors (800x600 is 1.4mil) and a hefty backlight to keep things visually pleasing. Your watch/cellphone/pager LCD runs FAR less power, on the order of milliwatts to even microwatts, and the elements are often multiplexed.
Each transformer has a unique resonant frequency - the one it transforms most efficiently at. This is also the least "noisy" frequency to convert at - the waveform makes it through without looking like a lawnmower went over it. If we can tune these things to 50 or 60hz that would be.. well.. awesome.
No, no no... Transformers are optimized for specific frequencies because there is no (known) way to have a given ferrite material and transformer construction work well at all frequencies. Big power transformers use laminated "sheets" of metal to store lots of flux and keep eddy currents down. Unfortunately to get any decent power out of these you need to make 'em big 'cause there's a WHACK of flux being shoved around at 50/60Hz and therefore a lot of steel required to store the flux.
Switchmode power supplies get bigger power ratings because they work at far higher frequencies (typically 100-300kHz). At these frequencies there isn't a lot of flux at any one time so you can get away with tiny transformers for the same power rating. (picture it as draining a pool with a 1000L bucket in a couple dozen passes (60Hz) as opposed to using a 355mL pop can a couple bazillion times in the same time period (300kHz). They both get the water out, but one does it more efficiently.) They also don't use laminated sheets of steel, but rather a pressed ferrite "dust" 'cause (IIRC) it's cheaper and lighter.
The reason a waveform looks "like a lawnmower went over it" when you put it through the wrong transformer is that you are most likely either driving it into saturation (the top-right and bottom-left-most parts of the B-H curve) or you're wayyyyyyy out of range on the frequency which causes tons of losses in the power transfer and thus your output waveform won't look much like the input.
Thus concluding the short lesson on transformers, if anyone has any questions, please feel free to email. Similarly if you feel the need to correct, by all means do so.:-)
Have you tried kernel > 2.3.30 ? And you're not getting APIC errors ??
I've been running a BP6 with 256MB RAM and dual 466 celerons with 2.2.13 in SMP mode with no APIC errors for months. To what specifically are you referring?
256 colour is more than enough for what I believe their intentions are. Hell 16 colour would have sufficed in my situation.
I use a Palm to store data, keep notes, etc. The colour can be used to highlight, annotate or otherwise bring attention to parts of the information contained without requiring mucking up the display by adding underlines or making the text bigger. Just change the colour to red and your eye instantly goes towards it first.
Want 24-bit colour with alpha, 3D accelleration, 3D surround sound and enough balls to play MP3s? Get a laptop. This isn't meant to replace them. It's meant to be portable and useful.
No, it's not running some idle-cycle program, it's processing mail, dynamic web, database and archiving a couple mailing lists. I'm not saying 68 days is a lot (this machine had 280+ days before the site generator took out the UPS), but at least it's doing something!
...hates people who try to advocate linux by claiming uptimes for computers that do nothing. Hell, NT can do that too!
Re:Do you mean cable tester or continuity tester?
on
Cheap Gigabit Ether
·
· Score: 2
I work at major manufacturer of microprocessors. When we ask, "Is this cable bad?" we DON'T hook it up to a continuity tester, we hook it up to a test rig that measures impedance at the operating frequency in question (1 to 2.5 gigabits). At these frequencies, its feakin' voodoo trying to keep the signal from radiating off the wire like an antenna.
Gigibit ethernet is a trick, you're right, but in 99% of cases it is not connector problem, it's usually the cable itself went bad for one of several reasons. If you're using good grade cable and your crimper and ends are of good quality, your cable will be fine.
You can't stop the cable from radiating by crimping any better (unless you really blow at making cables). The cable will radiate more than spec allows if you've got sharp bends, mismatches pairs or poor twist. Your fancy-schmanzy cable tester doesn't test for one of the biggest causes of cable failure: stress. Binding cables with tie-wraps too tightly or bending them too sharply often gives you the problems at gigabit speeds that you refer to. Note that fiber has the same "bend radius" problems that copper has, but for different reasons.
From a techical standpoint, there is only so much to go wrong with a cable connection. As long as you're crimping right you'll be mostly safe. Far greater problems come from the way the wire is treated when installed, as mentioned above.
As far as searching all weekend for a bad cable: how the hell are you doing your installs? Computer A can talk but computer B is flaky. Well it sure ain't the backbone connections, check the connection from the switch to the computer in question. Use a network analyzer. It's not difficult..
Gigabit ethernet will give the average-joe cable maker headaches beyond his wildest dreams if he doesn't learn why it's different.
Can someone do me something like a cron job that sends me an e-mail every time anyone logs into our (Red Hat) Linux box?
The way I checked for > x users was just parsing the output of 'w' in a cron script. For your needs I would perhaps replace the login program with a wrapper which emails.
So have you configured your box to tell you when you're being scanned? You'll be surprised how often it happens. Next, check your system to see if you've already been broken into. Please.
Actually yes I do... I run a modified version of iplog (check freshmeat) and my system logs get simulcast to another server with no other functions save for sending email out. I imagine I could make it even more secure by sending the logs to it via a serial port (entry in my knowledgebase about this) or using a 2nd network card in the server but this suffices for now and allows me to have several servers send logs to the same log box.
Every night I have a cron which greps the shit out of the log and what's left is anything unusual. (90000+ lines in 24-hour period usually drops to about 150 lines when I'm done grepping the normal stuff out) I review that every day. I also have other cron jobs which page me if my 5min load is over 5, my disk space gets too low or if there are more than 6 people logged in.
I also am working with a friend on a modified patch to Bash (the original is on the same page as iplog) which drops the connection if it's being executed as root and the terminal is not a (v)tty. Hoping to add functionality where it also sets up a -j DROP in ipmasq and mails me on it too.
Finally, there are other security measures in place like md5summing critical parts of the system before the backup, not allowing telnet or root/empty password ssh and such and so forth.
Paranoid? Yes. But then again that's what I'm paid to be.
FreeBSD also has two special kernel options -- ICMP bandwidth limiting and TCP/IP RST restriction -- which can help with some DoS attacks. (No OS can do anything about a swamped pipe, of course, but if it knows how to throw away bogus packets and does not fall into the trap of trying to respond to them all, it'll be in much better shape. And, of course, it should never crash.)
Do you have more information on this? Linux kernels have options to not repsond to ICMP echo broadcasts (or any ICMP echos at all) and also have the rp_filter which drops packets originating on an ip that the interface is not part of, but these other methods you mention are intriguing.
ISO-9K is a great way to turn any company into a shithole.
Hmmm... I tend to disagree. ISO-900x is just a means of proving you have documented all your processes. All it really does is show that the company is a shithole earlier on by pointing out through documentation where they are headed.
Six sigma... now <b>there</B> is a tedious thing to go through.:-) ISO-900x just guarantees you have documented everything you do; six sigma is the practicality of ISO -- six failures in every million.
The engineering circle has had years to do something about this crap. They didn't. Browser makers could have shipping their browsers with all client-side execution "features" disabled by default, all along. They didn't. They could have put up a warning popup that tries to scare the user whenever they turn on this stuff. They didn't. Who are you calling irresponsible?
As an engineer I can say that this isn't always the case. You work to see most of the gotchas of doing something a certain way and even <i>with</i> peer review and countless trials, you can't forsee every consequence.
Turning everything off by default makes your product harder to use, so you lose customers and therefore sales. (with browsers being free this blurs the line but the effect is the same)
Making screens popup all the time is annoying to the customer. There are lines to be drawn all over the place. Often they get drawn wrong, but that's often the fault of management, not the guys who actually do it. He who writes your paycheck gets final say. Not everyone is fortunate (or wealthy) enough to walk whenever they can't agree with management on all issues.
Slashdot Mirror
Yeah, so? You'd be amazed with what can be done when you underclock!
... not to mention the fact that the processor makes extensive use of sub-cycle instruction times.
For the humour impaired, it *is* a joke...
Does that not lose just about every benefit of having the PHP interpreter resident as part of Apache?
Does the game run as root? How does it manage to lock the system up hard if not? Perhaps the 3d libs are buggy?
And just how do you go about giving a PHP script root access? That's the only reason I started moving to Perl. You cant' do anything truly administratively soely in PHP.
I don't ban it for that, I ban it because Napster wastes precious bandwidth for the company I work for and has nothing to do with solid state motor controls. There isn't another single application which wastes so much bandwidth on my networks. pr0n is bursty. FTP war3z I stop too but it's not quite so easy. Napster is an easy target and after nuking it I see an immediate increase in available bandwidth.
Just a quick question regarding the machines and the setting they're in:
A pair of identical (load balancing and transparent failover via BigIP) rackmount servers, each with a PIII 600 CPU, 256MB, 2940UW and 20Gb of disk. And let's not forget the triply-redundant T3's to threee distinct Tier-1 internet providers.Nice setup. What do P3's get you that P2's or even celerons don't? The extra cache won't help a whole hell of a lot and the SIMD or KNI instructions don't do anything for you, either...
...Now I heard that somewhere there is a patch to the Linux kernel that uses MMX to help calculate the packet checksums faster but you said you don't use Linux.
I was more thinking that a flooded room of 20 servers stands a better chance of (some) equipment surviving than a similar room with one piece of equipment. After thinking about this, however, I don't think it matters much. :-)
Maybe you mean "kludging together something with baling twine, duct tape, and spit, until I have enough time to rebuild it properly".With a backup and a system to dump to, I can indeed have a system back up and running in under an hour. However to bring a entire system (or systems) back to what I'd consider "safe to release to the wild" I would take a few hours and test everything, so you're right, I do mean to get it back up so (hopefully) nobody saw that the site was down. :-)
But with multiple OSes running on multiple distinct and unconnected partitions, running completely independant, but on the same hardware, that's just ideal.I dunno; I would still rather have them on seperate physical boxes. (I did mean seperate boxes in my original post, not all on one virtual box in the big S/390.) Perhaps it's the cool factor of walking into a room of machines instead of a room of machine. I see where there is very little difference when the big iron is completely redundant and hot-swappable, but something inside me says not to trust a single box.
Financially, I would very much like to see the math to see where the break even line is. I smell an "Ask Slashdot" question, can you?Me too. Rob?
Whoa there! I never said VMWare replaced this, but rather the idea of Linux running under a virtualized system was first (?) demonstrated under VMWare.
To paraphrase my reply to the previous comment to my original message: To not spend $[foo] for a shiny new PC, you must first have spent $[foo] * a a large number for the box which allows you to "just fire up a partition" to add a VM. :-)
I assure you that I did read the article in its entirety(sp?) before responding. However now to your points:
It would be near perfection having a single piece of hardware, properly partitioned, to become your router, your DNS server, multiple and independant but linked web/ftp servers, file servers, X11 servers, print servers, and then having a couple partitions for actual user processes; all of which on a piece of hardware that is 100% hot swappable, and can have a partition rebuilt in less than a minute. And with the massive I/O of a mainframe, to boot.Perhaps it would be ideal for some but personally I prefer seperate boxes for a lot of things. Catastrophic failures being one. What good is a hot swap box if the box is flooded (water) / destroyed by fire / millitant admin with an axe, etc. Before everyone screams "Backups" (and I agree with them) think of this: if your $Million machine is toast there's nowhere to put the tape and I would imagine delivery on a shiny new mainframe wouldn't be a next day thing. With commodity hardware I can (at worst) steal my home machine, buy a dozen more at your local outlet and be back up and running from backups in a matter of hours.
I also disagree with your "near idealism" about everything in one box. I would certainly not want my router / firewall / X term / webserver / database in one box. However the idea of the mainframe where every "sub box" is a totally seperate entity is a great idea. But for most cases, the sheer co$t of this compared to a standard cluster and frontend/backend solution must also be addressed. How many standard machines would you need to replace (taking into account the savings you made in configuring/adminning only one box) with an S/390 to make it profitable?
Let me perhaps modify my opinion a little: The S/390 port could be useful, but is definately of fringe usefulness when all factors are taken into account.
Cute article. But what's it say? It says that the mainframe hardware is capable of fooling the Linux kernel into thinking it's in charge. Hear of this anywhere else? Yup. VMWare.
Now before you fire up your flamethrowers, think about it... The S/390 hardware was designed to hide itself from whatever it was running, which is exactly why it works as well as it does. Hell Microsoft could port NT5/Win2k/whatever to this platform. So could Be. So could OS/2. (Does OS/2 have a port to the S/390 already?) Linux isn't doing anything new or special here, it's just another virtual OS to the hardware.
I'm a huge Linux advocate, but this little excursion into mainframe land by Linux proves very little. What is the point of running a hundred (or 41400 I think the number was) concurrent Linux sessions when Linux is already multuser and multitasking? Clustering? High availability? No, because you can get all that with the existing mainframe architecture. Running Linux apps on Big Iron? Perhaps, but wouldn't it be better to port Apache, etc. to the mainframe OS and run it on a system that perhaps knows a little bit more about the hardware?
I guess it'd be neat to run a bunch of linux sessions on a mainframe to test a new clustering architecture/algorithm but after the test, there's not much use for it, AFAICT. The Linux/390 project doesn't do much but add to the "cool" factor of Linux, which isn't really all that bad. :-)
:-)
Untrue. Laptop LCDs have millions of transistors (800x600 is 1.4mil) and a hefty backlight to keep things visually pleasing. Your watch/cellphone/pager LCD runs FAR less power, on the order of milliwatts to even microwatts, and the elements are often multiplexed.
No, no no... Transformers are optimized for specific frequencies because there is no (known) way to have a given ferrite material and transformer construction work well at all frequencies. Big power transformers use laminated "sheets" of metal to store lots of flux and keep eddy currents down. Unfortunately to get any decent power out of these you need to make 'em big 'cause there's a WHACK of flux being shoved around at 50/60Hz and therefore a lot of steel required to store the flux.
Switchmode power supplies get bigger power ratings because they work at far higher frequencies (typically 100-300kHz). At these frequencies there isn't a lot of flux at any one time so you can get away with tiny transformers for the same power rating. (picture it as draining a pool with a 1000L bucket in a couple dozen passes (60Hz) as opposed to using a 355mL pop can a couple bazillion times in the same time period (300kHz). They both get the water out, but one does it more efficiently.) They also don't use laminated sheets of steel, but rather a pressed ferrite "dust" 'cause (IIRC) it's cheaper and lighter.
The reason a waveform looks "like a lawnmower went over it" when you put it through the wrong transformer is that you are most likely either driving it into saturation (the top-right and bottom-left-most parts of the B-H curve) or you're wayyyyyyy out of range on the frequency which causes tons of losses in the power transfer and thus your output waveform won't look much like the input.
Thus concluding the short lesson on transformers, if anyone has any questions, please feel free to email. Similarly if you feel the need to correct, by all means do so. :-)
Have you tried kernel > 2.3.30 ? And you're not getting APIC errors ??
I've been running a BP6 with 256MB RAM and dual 466 celerons with 2.2.13 in SMP mode with no APIC errors for months. To what specifically are you referring?
I don't think you understand their reasoning.
256 colour is more than enough for what I believe their intentions are. Hell 16 colour would have sufficed in my situation.
I use a Palm to store data, keep notes, etc. The colour can be used to highlight, annotate or otherwise bring attention to parts of the information contained without requiring mucking up the display by adding underlines or making the text bigger. Just change the colour to red and your eye instantly goes towards it first.
Want 24-bit colour with alpha, 3D accelleration, 3D surround sound and enough balls to play MP3s? Get a laptop. This isn't meant to replace them. It's meant to be portable and useful.
Try using your computer:
waterloo:~$ uptime12:57pm up 68 days, 2:47, 2 users, load average: 1.75, 0.98, 0.84
No, it's not running some idle-cycle program, it's processing mail, dynamic web, database and archiving a couple mailing lists. I'm not saying 68 days is a lot (this machine had 280+ days before the site generator took out the UPS), but at least it's doing something!
...hates people who try to advocate linux by claiming uptimes for computers that do nothing. Hell, NT can do that too!
Gigibit ethernet is a trick, you're right, but in 99% of cases it is not connector problem, it's usually the cable itself went bad for one of several reasons. If you're using good grade cable and your crimper and ends are of good quality, your cable will be fine.
You can't stop the cable from radiating by crimping any better (unless you really blow at making cables). The cable will radiate more than spec allows if you've got sharp bends, mismatches pairs or poor twist. Your fancy-schmanzy cable tester doesn't test for one of the biggest causes of cable failure: stress. Binding cables with tie-wraps too tightly or bending them too sharply often gives you the problems at gigabit speeds that you refer to. Note that fiber has the same "bend radius" problems that copper has, but for different reasons.
From a techical standpoint, there is only so much to go wrong with a cable connection. As long as you're crimping right you'll be mostly safe. Far greater problems come from the way the wire is treated when installed, as mentioned above.
As far as searching all weekend for a bad cable: how the hell are you doing your installs? Computer A can talk but computer B is flaky. Well it sure ain't the backbone connections, check the connection from the switch to the computer in question. Use a network analyzer. It's not difficult..
Gigabit ethernet will give the average-joe cable maker headaches beyond his wildest dreams if he doesn't learn why it's different.
Time to update your crash course. Gigabit Ethernet uses all 8 wires and a form of encoding/compression to achieve its speed.
you are, however, correct in terms of 10bT and 100bT networks. :-)
No, gigabit (and 100b, 10b...) ethernet refers to the raw number of bits you can spew over the wire. It includes all preamble and postamble.
The way I checked for > x users was just parsing the output of 'w' in a cron script. For your needs I would perhaps replace the login program with a wrapper which emails.
Actually yes I do... I run a modified version of iplog (check freshmeat) and my system logs get simulcast to another server with no other functions save for sending email out. I imagine I could make it even more secure by sending the logs to it via a serial port (entry in my knowledgebase about this) or using a 2nd network card in the server but this suffices for now and allows me to have several servers send logs to the same log box.
Every night I have a cron which greps the shit out of the log and what's left is anything unusual. (90000+ lines in 24-hour period usually drops to about 150 lines when I'm done grepping the normal stuff out) I review that every day. I also have other cron jobs which page me if my 5min load is over 5, my disk space gets too low or if there are more than 6 people logged in.
I also am working with a friend on a modified patch to Bash (the original is on the same page as iplog) which drops the connection if it's being executed as root and the terminal is not a (v)tty. Hoping to add functionality where it also sets up a -j DROP in ipmasq and mails me on it too.
Finally, there are other security measures in place like md5summing critical parts of the system before the backup, not allowing telnet or root/empty password ssh and such and so forth.
Paranoid? Yes. But then again that's what I'm paid to be.
Do you have more information on this? Linux kernels have options to not repsond to ICMP echo broadcasts (or any ICMP echos at all) and also have the rp_filter which drops packets originating on an ip that the interface is not part of, but these other methods you mention are intriguing.
ISO-9K is a great way to turn any company into a shithole.
:-) ISO-900x just guarantees you have documented everything you do; six sigma is the practicality of ISO -- six failures in every million.
Hmmm... I tend to disagree. ISO-900x is just a means of proving you have documented all your processes. All it really does is show that the company is a shithole earlier on by pointing out through documentation where they are headed.
Six sigma... now <b>there</B> is a tedious thing to go through.
The engineering circle has had years to do something about this crap. They didn't. Browser makers could have shipping their browsers with all client-side execution "features" disabled by default, all along. They didn't. They could have put up a warning popup that tries to scare the user whenever they turn on this stuff. They didn't. Who are you calling irresponsible?
As an engineer I can say that this isn't always the case. You work to see most of the gotchas of doing something a certain way and even <i>with</i> peer review and countless trials, you can't forsee every consequence.
Turning everything off by default makes your product harder to use, so you lose customers and therefore sales. (with browsers being free this blurs the line but the effect is the same)
Making screens popup all the time is annoying to the customer. There are lines to be drawn all over the place. Often they get drawn wrong, but that's often the fault of management, not the guys who actually do it. He who writes your paycheck gets final say. Not everyone is fortunate (or wealthy) enough to walk whenever they can't agree with management on all issues.