Lack of fight or not, it looks like there's going to be a legal fight over the block, so he'll be effectively free to use it until that's over at least. And there's always the outside chance he'll bamboozle the judge and win the case, in which case it'll be party time in Spamland, and everyone's IP ranges will be at risk. But I suppose the one good thing if that happens -- you can be sure that all those companies the currently can't be bothered to move to IP6 will suddenly start seeing the benefits of it.
I haven't read it (YET!), but as legal issues mentioned on Slashdot tend to have a very US-centric perspective, and as I live outside the US, I'm curious as to how much of it will be applicable to me.
To be honest, I would say that all developers, even those who are firmly based in the US, need to be considering international law in this regard -- you may be based in the US, but your software will almost certainly end up all over the world.
When I was a kid, I got totally hooked on John Wyndham books -- "The Day Of The Triffids" is his most well known one, but he wrote quite a number of others.
Dunno if it'll help you in your quest, but he certainly inspired me when I was young.
So let me get this straight: Your competitors are making unfounded claims about the quality of the products you provide, in order to gain a competitive advantage against you?
I believe there are laws against that sort of thing.
Seriously, when I first saw EA and DICE, I thought EA bought a job search website. I never heard of DICE the game developer until now. Of course, I didn't read the article either.:)
And there was me thinking it was Dillon's Integrated C Environment they'd bought.....well, stranger things have happened.... haven't they?
To (mis)quote Morpheus, "It's a system, and like every system, it has rules. Some of those rules can be bent; others can be broken."
No matter how tight you try to make it, the malware writers will always find a way around it. They may use scripting systems (even this hypothetical closed system would need some sort of scripting capability), or they may find a way to circumvent the lockout mechanism, or any number of other unpredictable ways to get in.
But God help you if you mix them together in the same program.
I've met editors that put four spaces for the first indent, then a tab for the second (removing the previous four spaces in the process). It was fine when you viewed the code in that particular editor, but open the same code in another editor with different tab stops, and it became practically unreadable. If they'd stuck with just tabs or just spaces it would have been fine, but nooooo.... some bright spark had to mix 'em together. Grrrrrrr.
(For what it's worth, the editor in question was LSE, on a VMS system. I don't know to this day whether that was the default setting or a setup made by someone at the company, but it caused a nightmare when we ported the system to Windows)
Long answer: MS's terminal server licensing has become a bit of a rip-off - in the old days, when they charged for maximum concurrent users, it was okay (one user; one license), but now they'll want to charge you for every combination of client and server that you use, and it can get very expensive if your users switch PCs (one user, as many licenses as different PCs they use to log in).
Also, you'll possibly end up paying too much for other software too, as some products don't take TS environments into account, so you'll have to buy expensive server licences rather than user licenses.
And finally, although the simplicity does make things easier to manage, it is different to a normal windows environment, so there are training costs.
Sorry.... I may sound a bit jaded, but when my previous employer implemented TS, we had the same thoughts as you, and it just didn't work out the way we planned. But by the time we realised how expensive it was, it was too late to pull out.
It's possible things have changed in the year or so since I left there, but I wouldn't count on it.
The opt-out request instructs the spammer to download and *encrypted* list of member email addresses from Blue Security, which the spammer then uses to "wash" his spam list and rid it of member addresses. The spammer never sees any legitimate email addresses.
So what's stopping the spammer from washing his list, and then comparing the resulting list with his pre-wash backup? Seems like it would still give him a list of addresses to target, even if the encryption was watertight. Doesn't even need any hacking; just a diff program.
The thing is, if you're sending an opt-out message, you must presumably be telling them what email address you want opted out.... so why are we surprised that they know who to send these emails to?
On the other hand, if you've been sending opt-out messages with invalid return addresses, then that presumably breaks at least some of the various anti-spam rules, so yes - it would count as a vigilante action.
BUT... if all of their Linux cutomer losses went to the competition...!
It still wouldn't have any significant impact on them.
In fact, the immediate effect for them would probably be beneficial to them, financially, because it would mean they could stop spending money developing their Linux drivers at all.
In terms of return on investment, I'd be willing to bet that the even current minimal level of support they give Linux shows up as a loss on their balance sheet. If that's the case, they're doing us a huge favour already by providing the drivers we've got. We may not like what we've got, but these are corporate businesses we're talking about here - can you honestly see them going any further without a significant financial incentive?
Don't use phpbb, vbulletin or whichever other forum software everyone uses
Much as I hate to agree with that, he speaks the truth -- the bots are written to target specific forum packages, and they almost always go after the popular ones. phpBB has taken a lot of stick for one or two security problems that came up, but in truth it's as good, if not better than its competition; the reason it gets hit so badly is simply because it's so popular.
So if you can use a less-well-known package, that will keep you away from the prying eyes of most of the bots.
Alternatively, you could mod one of the well known packages, so that the bots no longer work with it. That could be something as simple as changing the fieldnames on the registration form, or changing the URL of the registration page. If you know enough PHP/ASP/whatever to make the necessary changes, that would be a good solution; you'd still have the features of your favourite package, but not the bots.
While you're modding the forum, it would also be a good idea to add a block to prevent new members from posting links. (if you're really lucky, your forum packages may include this feature already). Spambots aren't any use if they can't post spam, and spam requires a link, so kill off the links, and you'll kill off the bots. Members should only be able to post links after they've proved themselves trustworthy.
CAPTCHA is a great idea, but if you're using a common one (ie the one included in your forum package), the odds are that the spammers have cracked it already. But again, the bots are likely to be programmed with the specific CAPTCHA-cracker for their forum, so if you can replace it with a less-common method, that will also bamboozle the bots.
If you are still using a well-known forum package after all that, you should also consider modifying the page template to remove references to the software name and version. Some bots look for specific versions of a forum to attack a known weakness, so stripping out the identifying marks will make it harder for them.
Security by obscurity is a much hated phrase around here, and with good reason. It is highly effective against the blind automated attacks of your average spam-bot, but whatever you do, even if it seems to be working, don't take your security for granted. Never let your guard down.
We've tested IE7 with our Ajax apps, and they worked perfectly without any extra work. We did have some stylesheet issues, but no problems at all with Ajax.
IE7 replicates the XMLHTTPRequest functionality already found in other browsers, so if your Ajax library tries to use that as it's default, then it'll all work perfectly. On the other hand, if your libary tries to do browser detection before deciding which method to use, then you may need to update it. (Thus demonstating very nicely the reason why one should write feature detection code rather than browser detection)
Given the past history of Mars exporation, I'd say it's probably the best thing they could do -- as least if you're planning to crash into the planet, you won't be too upset when it happens.
The only sites that all windows machines access on a regular basis are Microsoft's.
Has anyone thought to check old versions of the MS site (at somewhere like Archive.org?) to find out whether there actually have been any rouge WMF files floating around on the site? Proving that they've actively been using it would go a long way toward proving it was intentional.
Please tell me you're not taking anything in Digital Fortress seriously? Gad. That was the worst book I've ever read. He clearly did just enough research to make it sound to the layman like he thought he knew what he was talking about. There are gaping holes in every aspect of the story that can be spotted from miles away by anyone with even a vague understanding of the things he's talking about.
The only had one "casting call" episode, and yes, it was entertaining. They also didn't tell the applicants what they were applying for until the end of the selection process, so these people were doing all sorts of wacky things without any clue as to why.
I agree with you that it's a horribly cruel trick to be playing. But it does make for cringeingly funny viewing.
On the other hand, as long as they don't work out the ruse, the participants will be awarded with a trip to the real Russian space training centre, and an experience of weightlessness in the vomit comet, so if they can stay stupid for another five days, they'll at least get the chance to do some of it for real.
One thing I will place a bet on is that this show will be very quick to make the jump over the Atlantic.;-)
One final note -- there are some rumours flying around that all the contestants are actually actors, and that the whole thing is actually a hoax on the viewers. But frankly, the viewing is entertaining enough that it doesn't matter to me one way or the other. hehehe.
Slashdot Mirror
Watch out calling yourself an "engineer" in Canada -- there are legal restrictions in that country as to who may call themselves engineers.
"Lisp with syntax problems" ???
Man, there's a whole raft of jokes just waiting to come out of that statement.
But I'll refrain -- I don't want to offend anyone with a thpeech impedimenth.
Lack of fight or not, it looks like there's going to be a legal fight over the block, so he'll be effectively free to use it until that's over at least. And there's always the outside chance he'll bamboozle the judge and win the case, in which case it'll be party time in Spamland, and everyone's IP ranges will be at risk. But I suppose the one good thing if that happens -- you can be sure that all those companies the currently can't be bothered to move to IP6 will suddenly start seeing the benefits of it.
I haven't read it (YET!), but as legal issues mentioned on Slashdot tend to have a very US-centric perspective, and as I live outside the US, I'm curious as to how much of it will be applicable to me.
To be honest, I would say that all developers, even those who are firmly based in the US, need to be considering international law in this regard -- you may be based in the US, but your software will almost certainly end up all over the world.
When I was a kid, I got totally hooked on John Wyndham books -- "The Day Of The Triffids" is his most well known one, but he wrote quite a number of others.
Dunno if it'll help you in your quest, but he certainly inspired me when I was young.
Okay... who's the philistine who referred to Guinness as "beer"??? ;-)
So let me get this straight: Your competitors are making unfounded claims about the quality of the products you provide, in order to gain a competitive advantage against you?
I believe there are laws against that sort of thing.
Seriously, when I first saw EA and DICE, I thought EA bought a job search website. I never heard of DICE the game developer until now. Of course, I didn't read the article either. :)
....well, stranger things have happened.... haven't they?
And there was me thinking it was Dillon's Integrated C Environment they'd bought.
There will always be loopholes in every system.
To (mis)quote Morpheus, "It's a system, and like every system, it has rules. Some of those rules can be bent; others can be broken."
No matter how tight you try to make it, the malware writers will always find a way around it. They may use scripting systems (even this hypothetical closed system would need some sort of scripting capability), or they may find a way to circumvent the lockout mechanism, or any number of other unpredictable ways to get in.
Complete security is a fallacy.
I don't mind tabs. I don't mind spaces.
But God help you if you mix them together in the same program.
I've met editors that put four spaces for the first indent, then a tab for the second (removing the previous four spaces in the process). It was fine when you viewed the code in that particular editor, but open the same code in another editor with different tab stops, and it became practically unreadable. If they'd stuck with just tabs or just spaces it would have been fine, but nooooo.... some bright spark had to mix 'em together. Grrrrrrr.
(For what it's worth, the editor in question was LSE, on a VMS system. I don't know to this day whether that was the default setting or a setup made by someone at the company, but it caused a nightmare when we ported the system to Windows)
Did the cost savings materialize as expected?
Short answer: Not really, no.
Long answer: MS's terminal server licensing has become a bit of a rip-off - in the old days, when they charged for maximum concurrent users, it was okay (one user; one license), but now they'll want to charge you for every combination of client and server that you use, and it can get very expensive if your users switch PCs (one user, as many licenses as different PCs they use to log in).
Also, you'll possibly end up paying too much for other software too, as some products don't take TS environments into account, so you'll have to buy expensive server licences rather than user licenses.
And finally, although the simplicity does make things easier to manage, it is different to a normal windows environment, so there are training costs.
Sorry.... I may sound a bit jaded, but when my previous employer implemented TS, we had the same thoughts as you, and it just didn't work out the way we planned. But by the time we realised how expensive it was, it was too late to pull out.
It's possible things have changed in the year or so since I left there, but I wouldn't count on it.
Hope that helps.
The opt-out request instructs the spammer to download and *encrypted* list of member email addresses from Blue Security, which the spammer then uses to "wash" his spam list and rid it of member addresses. The spammer never sees any legitimate email addresses.
So what's stopping the spammer from washing his list, and then comparing the resulting list with his pre-wash backup? Seems like it would still give him a list of addresses to target, even if the encryption was watertight. Doesn't even need any hacking; just a diff program.
The thing is, if you're sending an opt-out message, you must presumably be telling them what email address you want opted out.... so why are we surprised that they know who to send these emails to?
On the other hand, if you've been sending opt-out messages with invalid return addresses, then that presumably breaks at least some of the various anti-spam rules, so yes - it would count as a vigilante action.
BUT... if all of their Linux cutomer losses went to the competition...!
It still wouldn't have any significant impact on them.
In fact, the immediate effect for them would probably be beneficial to them, financially, because it would mean they could stop spending money developing their Linux drivers at all.
In terms of return on investment, I'd be willing to bet that the even current minimal level of support they give Linux shows up as a loss on their balance sheet. If that's the case, they're doing us a huge favour already by providing the drivers we've got. We may not like what we've got, but these are corporate businesses we're talking about here - can you honestly see them going any further without a significant financial incentive?
Don't use phpbb, vbulletin or whichever other forum software everyone uses
Much as I hate to agree with that, he speaks the truth -- the bots are written to target specific forum packages, and they almost always go after the popular ones. phpBB has taken a lot of stick for one or two security problems that came up, but in truth it's as good, if not better than its competition; the reason it gets hit so badly is simply because it's so popular.
So if you can use a less-well-known package, that will keep you away from the prying eyes of most of the bots.
Alternatively, you could mod one of the well known packages, so that the bots no longer work with it. That could be something as simple as changing the fieldnames on the registration form, or changing the URL of the registration page. If you know enough PHP/ASP/whatever to make the necessary changes, that would be a good solution; you'd still have the features of your favourite package, but not the bots.
While you're modding the forum, it would also be a good idea to add a block to prevent new members from posting links. (if you're really lucky, your forum packages may include this feature already). Spambots aren't any use if they can't post spam, and spam requires a link, so kill off the links, and you'll kill off the bots. Members should only be able to post links after they've proved themselves trustworthy.
CAPTCHA is a great idea, but if you're using a common one (ie the one included in your forum package), the odds are that the spammers have cracked it already. But again, the bots are likely to be programmed with the specific CAPTCHA-cracker for their forum, so if you can replace it with a less-common method, that will also bamboozle the bots.
If you are still using a well-known forum package after all that, you should also consider modifying the page template to remove references to the software name and version. Some bots look for specific versions of a forum to attack a known weakness, so stripping out the identifying marks will make it harder for them.
Security by obscurity is a much hated phrase around here, and with good reason. It is highly effective against the blind automated attacks of your average spam-bot, but whatever you do, even if it seems to be working, don't take your security for granted. Never let your guard down.
Since nothing else really interesting is happening...
:-D
That's because all the interesting news happened yesterday.
We've tested IE7 with our Ajax apps, and they worked perfectly without any extra work. We did have some stylesheet issues, but no problems at all with Ajax.
IE7 replicates the XMLHTTPRequest functionality already found in other browsers, so if your Ajax library tries to use that as it's default, then it'll all work perfectly. On the other hand, if your libary tries to do browser detection before deciding which method to use, then you may need to update it. (Thus demonstating very nicely the reason why one should write feature detection code rather than browser detection)
Given the past history of Mars exporation, I'd say it's probably the best thing they could do -- as least if you're planning to crash into the planet, you won't be too upset when it happens.
The only sites that all windows machines access on a regular basis are Microsoft's.
Has anyone thought to check old versions of the MS site (at somewhere like Archive.org?) to find out whether there actually have been any rouge WMF files floating around on the site? Proving that they've actively been using it would go a long way toward proving it was intentional.
Please tell me you're not taking anything in Digital Fortress seriously? Gad. That was the worst book I've ever read. He clearly did just enough research to make it sound to the layman like he thought he knew what he was talking about. There are gaping holes in every aspect of the story that can be spotted from miles away by anyone with even a vague understanding of the things he's talking about.
Well of course it won't be direct to jail...
No... but you still won't get your $200 for passing Go.
Old programmers never die, they just don't C so good any more.
Old programmers never die, they just run out of memory.
Old assembly programmers never die, they just branch to a new address.
yeah, the list is endless. hehehe.
The only had one "casting call" episode, and yes, it was entertaining. They also didn't tell the applicants what they were applying for until the end of the selection process, so these people were doing all sorts of wacky things without any clue as to why.
;-)
I agree with you that it's a horribly cruel trick to be playing. But it does make for cringeingly funny viewing.
On the other hand, as long as they don't work out the ruse, the participants will be awarded with a trip to the real Russian space training centre, and an experience of weightlessness in the vomit comet, so if they can stay stupid for another five days, they'll at least get the chance to do some of it for real.
One thing I will place a bet on is that this show will be very quick to make the jump over the Atlantic.
One final note -- there are some rumours flying around that all the contestants are actually actors, and that the whole thing is actually a hoax on the viewers. But frankly, the viewing is entertaining enough that it doesn't matter to me one way or the other. hehehe.
By the way, does anyone else think it's ironic that the advert showing on this article is for light sabres? :-D
Feel the force, Luke! ... and the tension, and the contact, ....