Then what are the results of a survey? You understand that the scientific method allows for using surveys as data, correct?
This actually illustrates the point nicely. Surveys are NOT just a collection of anecdotes. Since each person who fills out the survey has to answer the same questions, you get (roughly) the same information from each person. In a collection of anecdotes, who knows what each person is choosing to include in his/her story and what the person is leaving out. By putting a carefully selected structure onto the information collection, you are making a "collection of anecdotes" into useful data that can be used for scientific reasoning.
I am not a lawyer. However, I am a graduate student at a major university. I went and asked the university's IP lawyer at the University that I work for about this issue.
He told me that for anything I produce as a student, including software, I retain copyright. My question was specifically in the context of software I produce as part of my dissertation. The university asks to be involved in any patents, but leaves copyright to the students / researchers involved. Technically, I'm told this is a legal grey area, so most universities explictly assign any copyright claims they have to students & professors.
However, if you were employed explicitly as a programmer -- i.e. it is part of your job description / job duties in the official call that you were hired under -- then the programming is work-for-hire, and the university owns copyright. This primarily applies to full-time programmers hired by the university, and part-time technical staff. My university gives permission for people to apply open-source BSD-like licences to software that is developed for hire, but the university retains the official copyright.
That said, I agree that you should ask a lawyer. However, you are probably able to ask one of the university's lawyers in this area, as it is his job to know such answers.
Total NASA budget, FY 2009 - $17.6 billion US federal budget, FY 2009 - $3.1 trillion NASA budget as a percentage of federal budget - 0.568%
Even if you completely scrapped NASA, you're not going to make any useful difference.
That's true. Let me give you one more number:
Total NSF budget, FY 2008 - $6.065 billion
If you cut back NASA's budget by ~1/3, you could DOUBLE the total federal spending on basic research in this country. 0.568% of the federal budget might not sound like much, but it really is.
2. I *want* developers "stealing" ideas from each other. If the Internet Explorer team comes up with a cool new idea, I want the Mozilla and Safari and Konqueror teams to implement it, too. Only ridiculous pride (or ridiculous patent law) would argue otherwise. Having different people competing and innovating is great--but it's only a big advantage for the end consumers if the best ideas are eventually incorporated in a single product.
Indeed! I'd even go so far to argue that Google is hoping for exactly this outcome with Chrome. Google makes complex web-based applications. They realize that current web browsers suck at running complex web-based applications. So they decided to make their own browser that works better. Their goal isn't to have Chrome take over the market -- that would suck because then they'd have to really support Chrome. No, their goal is to have all the good ideas in Chrome stolen and used in Firefox, IE, Safari, and Opera. That way all the major browsers will be able to run their complex web-based applications. If Microsoft and Apple didn't steal their ideas, Google would be pretty pissed off.
What are you looking for in a graduate program? If you are looking for a bunch of classes to teach you computer forensics, I'm not sure where to direct you. I think that's a little too specialized for most graduate programs to meet. If you are looking to conduct research into better ways of doing computer forensics, then I am willing to bet that most good computer security groups would love people working on that. You can look at schools with good computer security research groups like Berkeley, MIT, Cambridge, Princeton, Rice, UCSD, etc.
I think the reason for the exodus of computer science isn't as much to do with the money as it does the challenge of the work. Bright people like interesting work. Being a code monkey gets old real quick. And most of the computer science programs out there are focusing too much on being a code monkey (or at least that's what the students want out of those programs).
These bright people are realizing that computer science isn't the way to get into the interesting jobs. There were many really cool jobs out there during the dotcom boom. But people mistakenly thought that the cool jobs were had by the programmers. They didn't realize that the programmers were the factory workers of the current economy. The cool jobs were the people coming up with the new ideas, trying to make things work. Some of those people were programmers, but they didn't need to be and many weren't.
People are realizing that code monkey does not necessarily mean a cool job, and as such are trying to get into more interesting professions. Now, code monkeys are definately needed, but that's what offshoring is for. But there are many routes to take that can lead to cool dotcom-like fun jobs that aren't programming, and many programming jobs that aren't fun.
Having said that, I feel into the same trap. That's why now I'm currently in a CS PhD program, doing interesting work because I decided that being a code monkey would be boring in the long run.
http://www.eecs.umich.edu/~tloder/one_pager.html That site has a shorter and easier to read description of the ideas presented in the paper. The paper is really a technical economics paper, not a mass-market thing. The one-pager is much easier to read, and its the same people.
In the 80's, Robert T Morris accidentally released a worm that exploited problems in sendmail and other common internet daemons that took down most of what was the internet at that time. This was expecially bad since about half of it was military.
Egress filtering just doesn't work against DDoS attacks. As such, they are a bad idea.
Here is a problem. I have a connection to the rest of the internet. It is only so wide. Almost everyone I know could use greater bandwidth. What do egress filters do? They limit the bandwitdth to even less than we currently have. So, if I have a T1 to the internet, with egress filters I can now only use half of that bandwidth. This really annoys users. Cutting down their bandwidth for arbitrary reasons doesn't help much.
But, if they are effective, it might be worth it. But they are not. Egress filters work by filtering the data coming from a source down from the full bandwidth availble to some less amount of bandwidth. So, if I have a T1, I can now only use half of it to flood a victim. But chances are I am sharing this T1 with other people and I won't be able to use the full thing anyhow. But the DDoS doesn't care about this. It takes a little bandwith from you, a little bandwidth from your neighbor, and after enough people are added together, you have a rather large stream of data flooding the victim.
DDoS attacks do not work if all the "zombies" are all on the same network. Then they are limited by the one connection that network has to the victim (usually on a totally different area of the internet). So the DDoS comes from many many different places on the internet, from different backbone carriers and different ISP's. This is the only way for a DDoS to be effective.
So limiting one person's bandwidth does not hurt the DDoS, but it does hurt the person whose bandwidth that they paid for you are taking away. Most DDoS attacks use so much bandwidth that cutting it down by a factor of 2 will not stop anything. They usually have orders of magnitude more data than they need because much of it is already filtered by the bandwidth limitations of the "zombies".
The reason DDoS attacks are difficult to prevent is because they were specifically designed into the system. Yahoo was DDoS'ed. How can Yahoo tell the difference between a DDoS attack and all of the sudden millions of users flocking to use Yahoo? When it is users, it is called the Slashdot Effect. When it is zombies, it is called a DDoS. It is the same thing, and anything that prevents one will prevent the other.
I am President of my University's Linux User Group. A good place to look is on various Linux User's Group's websites. I know my group gives a weekly talk on various topics related to Linux, Unix, etc. and we try to post the slides, etc. of all of our talks on our website. Check out http://cwrulug.cwru.edu/talks/
I also know of one or two other Linux Users Groups that do a similar thing. This is a wealth of information.
Javascript is a strong scripting language. It has support for dynamic objects, associative arrays, regular expressions, OOP, and other nice programming features. It also has dynamic function definitions. As a scripting language, Javascript can hold its own pretty well. I have recently written some stand-alone stuff in Javascript, and javascript is a very good scripting language to do it in. This means that is also functions well as a server-side scripting language.
As far as Javascript in Browsers go, agree with the other posts that say javascript should be avoided in internet web pages. Using javascript in internet web pages limits the potential audience. Javascript can be used well in company intranets, though. (Where everything is fairly standardized so everyone is using the same browser with the same security settings). Javascript can make intranet sites become very useful to a company.
Be careful to seperate javascript as a language from any implementation of it. Just because IE's implementation of it produces staticly-sized text boxes does not mean that it is a bad language. That is just one way of using the language. The language itself has evolved to be a very powerful scripting language (not far behind perl in my opinion). The most common use of it just happens to be client-side web scripting. Try using javascript as a normal scripting language and the good design of the language will come through. Do not limit javascript to a client-side scripting language when it is so much better in other places. Rick Wash
Windows NT has had the ability to do virtual desktops built in since NT4 (and it will continue in NT5 and beyond). This means that there are API calls that create desktops, change desktops, etc. Microsoft just has not written much (anything I have used) that actually uses this functionality. This means that writing a virtual desktop shell is significantly easier than first believed, it still does not mean that Virtual Desktops exist on it. (since nothing uses them).
On of the main problems I have with this system is how the system handles threads. I view the comments in threads (as do most I would guess. It is the default if I remember correctly). Unfortunately, really good posts are sometimes the result of replying to other posts. In threaded mode, the threads are sorted by the first post in the thread. If a higher scored post ends up as a reply to a post, it will not be viewed high on the list when I sort by score.
I hope that I will be able to see all of the high scoring posts at the top of my comments list, and not have to scour the threaded comments below for high scoring posts. I understand, though, that this is a fairly large and not-so-easy change.
I agree on all of this. But,the systems are all managed by outside people, it is often difficult to enforce a security policy without making a lot of people upset. I believe that education is the best policy when it comes to helping secure the network. Most people who are willing to use Linux (or some other *nix) are willing to learn more about their systems. Holding a free seminar that would educate users about the perils of having an insecure system and would help users to make their systems more secure would encourage normal users to secure their systems (and reduce the amount of work by the network staff) and also educate the masses (which is also a good thing.)
The Old (1.0) Microsoft keyboards are my personal favorite. They work extremely well. The new ones (1.1, elite) keyboards are smaller, but they also work well to eleviate strain when typing. The placement of the arrow keys and the insert/delete/etc. keys really bugs me when I use them, but others say that they are easy to get used to. BTW, Microsoft does not do any hardware work in their company. They just contract it out and put their name on it. This allows me to trust Microsoft hardware a little more.
Slashdot Mirror
"the plural of anecdote is not data"
Then what are the results of a survey? You understand that the scientific method allows for using surveys as data, correct?
This actually illustrates the point nicely. Surveys are NOT just a collection of anecdotes. Since each person who fills out the survey has to answer the same questions, you get (roughly) the same information from each person. In a collection of anecdotes, who knows what each person is choosing to include in his/her story and what the person is leaving out. By putting a carefully selected structure onto the information collection, you are making a "collection of anecdotes" into useful data that can be used for scientific reasoning.
I am not a lawyer. However, I am a graduate student at a major university. I went and asked the university's IP lawyer at the University that I work for about this issue.
He told me that for anything I produce as a student, including software, I retain copyright. My question was specifically in the context of software I produce as part of my dissertation. The university asks to be involved in any patents, but leaves copyright to the students / researchers involved. Technically, I'm told this is a legal grey area, so most universities explictly assign any copyright claims they have to students & professors.
However, if you were employed explicitly as a programmer -- i.e. it is part of your job description / job duties in the official call that you were hired under -- then the programming is work-for-hire, and the university owns copyright. This primarily applies to full-time programmers hired by the university, and part-time technical staff. My university gives permission for people to apply open-source BSD-like licences to software that is developed for hire, but the university retains the official copyright.
That said, I agree that you should ask a lawyer. However, you are probably able to ask one of the university's lawyers in this area, as it is his job to know such answers.
Total NASA budget, FY 2009 - $17.6 billion
US federal budget, FY 2009 - $3.1 trillion
NASA budget as a percentage of federal budget - 0.568%
Even if you completely scrapped NASA, you're not going to make any useful difference.
That's true. Let me give you one more number:
Total NSF budget, FY 2008 - $6.065 billion
If you cut back NASA's budget by ~1/3, you could DOUBLE the total federal spending on basic research in this country. 0.568% of the federal budget might not sound like much, but it really is.
2. I *want* developers "stealing" ideas from each other. If the Internet Explorer team comes up with a cool new idea, I want the Mozilla and Safari and Konqueror teams to implement it, too. Only ridiculous pride (or ridiculous patent law) would argue otherwise. Having different people competing and innovating is great--but it's only a big advantage for the end consumers if the best ideas are eventually incorporated in a single product.
Indeed! I'd even go so far to argue that Google is hoping for exactly this outcome with Chrome. Google makes complex web-based applications. They realize that current web browsers suck at running complex web-based applications. So they decided to make their own browser that works better. Their goal isn't to have Chrome take over the market -- that would suck because then they'd have to really support Chrome. No, their goal is to have all the good ideas in Chrome stolen and used in Firefox, IE, Safari, and Opera. That way all the major browsers will be able to run their complex web-based applications. If Microsoft and Apple didn't steal their ideas, Google would be pretty pissed off.
What are you looking for in a graduate program? If you are looking for a bunch of classes to teach you computer forensics, I'm not sure where to direct you. I think that's a little too specialized for most graduate programs to meet. If you are looking to conduct research into better ways of doing computer forensics, then I am willing to bet that most good computer security groups would love people working on that. You can look at schools with good computer security research groups like Berkeley, MIT, Cambridge, Princeton, Rice, UCSD, etc.
I think the reason for the exodus of computer science isn't as much to do with the money as it does the challenge of the work. Bright people like interesting work. Being a code monkey gets old real quick. And most of the computer science programs out there are focusing too much on being a code monkey (or at least that's what the students want out of those programs).
These bright people are realizing that computer science isn't the way to get into the interesting jobs. There were many really cool jobs out there during the dotcom boom. But people mistakenly thought that the cool jobs were had by the programmers. They didn't realize that the programmers were the factory workers of the current economy. The cool jobs were the people coming up with the new ideas, trying to make things work. Some of those people were programmers, but they didn't need to be and many weren't.
People are realizing that code monkey does not necessarily mean a cool job, and as such are trying to get into more interesting professions. Now, code monkeys are definately needed, but that's what offshoring is for. But there are many routes to take that can lead to cool dotcom-like fun jobs that aren't programming, and many programming jobs that aren't fun.
Having said that, I feel into the same trap. That's why now I'm currently in a CS PhD program, doing interesting work because I decided that being a code monkey would be boring in the long run.
http://www.eecs.umich.edu/~tloder/one_pager.html
That site has a shorter and easier to read description of the ideas presented in the paper. The paper is really a technical economics paper, not a mass-market thing. The one-pager is much easier to read, and its the same people.
The book on the history of cryptography is David Kahn's The Codebreakers. If you haven't read it, you should.
You can't forget Bamford's first book, Puzzle Palace either. The earlier history of the NSA.
In the 80's, Robert T Morris accidentally released a worm that exploited problems in sendmail and other common internet daemons that took down most of what was the internet at that time. This was expecially bad since about half of it was military.
http://www.openssh.org/usage/index.html
The OpenSSH team has put together a great page with a number of different usage statistics for SSH.
Egress filtering just doesn't work against DDoS attacks. As such, they are a bad idea.
Here is a problem. I have a connection to the rest of the internet. It is only so wide. Almost everyone I know could use greater bandwidth. What do egress filters do? They limit the bandwitdth to even less than we currently have. So, if I have a T1 to the internet, with egress filters I can now only use half of that bandwidth. This really annoys users. Cutting down their bandwidth for arbitrary reasons doesn't help much.
But, if they are effective, it might be worth it. But they are not. Egress filters work by filtering the data coming from a source down from the full bandwidth availble to some less amount of bandwidth. So, if I have a T1, I can now only use half of it to flood a victim. But chances are I am sharing this T1 with other people and I won't be able to use the full thing anyhow. But the DDoS doesn't care about this. It takes a little bandwith from you, a little bandwidth from your neighbor, and after enough people are added together, you have a rather large stream of data flooding the victim.
DDoS attacks do not work if all the "zombies" are all on the same network. Then they are limited by the one connection that network has to the victim (usually on a totally different area of the internet). So the DDoS comes from many many different places on the internet, from different backbone carriers and different ISP's. This is the only way for a DDoS to be effective.
So limiting one person's bandwidth does not hurt the DDoS, but it does hurt the person whose bandwidth that they paid for you are taking away. Most DDoS attacks use so much bandwidth that cutting it down by a factor of 2 will not stop anything. They usually have orders of magnitude more data than they need because much of it is already filtered by the bandwidth limitations of the "zombies".
The reason DDoS attacks are difficult to prevent is because they were specifically designed into the system. Yahoo was DDoS'ed. How can Yahoo tell the difference between a DDoS attack and all of the sudden millions of users flocking to use Yahoo? When it is users, it is called the Slashdot Effect. When it is zombies, it is called a DDoS. It is the same thing, and anything that prevents one will prevent the other.
Rick Wash
P.S. I have done some work with DDoS clients. See http://biocserver.cwru.edu/~jose/shaft_analysis/no de-analysis.txt
I am President of my University's Linux User Group. A good place to look is on various Linux User's Group's websites. I know my group gives a weekly talk on various topics related to Linux, Unix, etc. and we try to post the slides, etc. of all of our talks on our website. Check out http://cwrulug.cwru.edu/talks/
I also know of one or two other Linux Users Groups that do a similar thing. This is a wealth of information.
Javascript is a strong scripting language. It has support for dynamic objects, associative arrays, regular expressions, OOP, and other nice programming features. It also has dynamic function definitions. As a scripting language, Javascript can hold its own pretty well. I have recently written some stand-alone stuff in Javascript, and javascript is a very good scripting language to do it in. This means that is also functions well as a server-side scripting language.
As far as Javascript in Browsers go, agree with the other posts that say javascript should be avoided in internet web pages. Using javascript in internet web pages limits the potential audience. Javascript can be used well in company intranets, though. (Where everything is fairly standardized so everyone is using the same browser with the same security settings). Javascript can make intranet sites become very useful to a company.
Be careful to seperate javascript as a language from any implementation of it. Just because IE's implementation of it produces staticly-sized text boxes does not mean that it is a bad language. That is just one way of using the language. The language itself has evolved to be a very powerful scripting language (not far behind perl in my opinion). The most common use of it just happens to be client-side web scripting. Try using javascript as a normal scripting language and the good design of the language will come through. Do not limit javascript to a client-side scripting language when it is so much better in other places.
Rick Wash
Windows NT has had the ability to do virtual desktops built in since NT4 (and it will continue in NT5 and beyond). This means that there are API calls that create desktops, change desktops, etc. Microsoft just has not written much (anything I have used) that actually uses this functionality. This means that writing a virtual desktop shell is significantly easier than first believed, it still does not mean that Virtual Desktops exist on it. (since nothing uses them).
Rick Wash
On of the main problems I have with this system is how the system handles threads. I view the comments in threads (as do most I would guess. It is the default if I remember correctly). Unfortunately, really good posts are sometimes the result of replying to other posts. In threaded mode, the threads are sorted by the first post in the thread. If a higher scored post ends up as a reply to a post, it will not be viewed high on the list when I sort by score.
I hope that I will be able to see all of the high scoring posts at the top of my comments list, and not have to scour the threaded comments below for high scoring posts. I understand, though, that this is a fairly large and not-so-easy change.
Rick Wash
rlw6@po.cwru.edu
I agree on all of this. But,the systems are all managed by outside people, it is often difficult to enforce a security policy without making a lot of people upset. I believe that education is the best policy when it comes to helping secure the network. Most people who are willing to use Linux (or some other *nix) are willing to learn more about their systems. Holding a free seminar that would educate users about the perils of having an insecure system and would help users to make their systems more secure would encourage normal users to secure their systems (and reduce the amount of work by the network staff) and also educate the masses (which is also a good thing.)
Rick Wash
rlw6@po.cwru.edu
The Old (1.0) Microsoft keyboards are my personal favorite. They work extremely well. The new ones (1.1, elite) keyboards are smaller, but they also work well to eleviate strain when typing. The placement of the arrow keys and the insert/delete/etc. keys really bugs me when I use them, but others say that they are easy to get used to.
BTW, Microsoft does not do any hardware work in their company. They just contract it out and put their name on it. This allows me to trust Microsoft hardware a little more.