Depending on the circumstances, the employer may or may not be legally entitled to use the code how they like. But there's enough discussions here on what constitutes development. But...
The developer may not have been legally entitled to collect a paycheck to work on GPL software on company time.
You hear horror stories all the time going everywhere from rent-a-coder to some utility bundled on the Microsoft CD, where the employer had the expectation that they owned the code, only to find out a developer cheated and used some GPL code.
Since the developer even said that there was no written of verbal agreement with the company, the default assumption would be that they are paying you to write code that they will own.
I don't want to get into legal quibbles here, but the developer has basically defrauded the company if he got paid to deliver code that they can't use because of the license.
Well you would have the administrator manually mount the encrypted db after a reboot and type the passphrase at that time, not hardcode it in the app. It doesn't help when someone cracks the running system. It does help when they steal the server or the database files. You pretty much get the same benefits as full drive encryption.
""" Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. """
So this doesn't apply to places like slashdot and facebook. Only places that should be securing your data in the first place.
Personally, I'd trigger it off of user-agent header. IE... Not a techie verifying functionality -> really submit info... Chrome/Firefox/search engine agents -> example page.
When Fedora first came out, I felt like Red Hat went out of their way to make fedora the "hobbiest" version, and RHEL the "corporate" version. Have they got more or less divergent as time has gone on? It's kind of nice to run the same version of the software at home and in the server room, where Ubuntu is Ubuntu is Ubuntu. One less thing to deal with. Just wondering if I should give Fedora another try...
Yeah, but if you've got some 'enterprise-level database' with those sort of transaction requirements, you can probably justify the purchase of SSDs. It's not exactly like you're building that system from craigslist parts...
(Maybe that'd be a good way for a newbie to start contributing. Adding documentation and updating manpages as they get to know the kernel, and scoring cred that way. Of course most developers hate writing docs.)
Slashdot was written in someone's spare time... All I'm saying is there were plenty of shiny new things back then in the ancient olden times before smart phones that were sexier than kernel hacking. A lot more shiny new things and opportunities between 1995 and 2000 than there are now. It's just silly to say that the dot-com-mania era didn't have anything more exciting to offer than today's smartphones.
Forgive me for asking, but what the hell is a binary sort? I thought I was just being dense, but none of the items on the first page of a "sort algorithm" search list a binary sort as a popular sorting algo. Do you mean binary search? (I'm hoping it's just a typo and I'm not that out of it...)
But the sad truth is that even if you take the trade-school approach, and just teach them java, most graduates still won't be able to produce usable product.
They won't be able to make a robust working app. Probably haven't written a web based app that had more than two concurrent users. Probably haven't written a desktop app that's been tested across a variety of platforms and configurations. Haven't written some server app that can go on for years at a time. They aren't familiar with all the intricacies of J2EE on a real clustered live environment. They aren't going to understand how to code with a team, maybe in theory, not in practice.
They still have to learn all that on the job anyway. People always say (half-joking) that they learned more their first week on the job than they ever did in college.
So how much does learning real-world skills over theory really help you? Not that much.
Low level kernel development will always be a bit of a niche thing. But...
You do realize that ten-to-fifteen years ago, there was this exciting new thing called the world-wide-web that provided a lot of opportunities. And many people were writing stuff for that in perl/php/java/whatever. Writing things like google and amazon and heck even imdb. There were a lot more opportunities to change the world and get rich than writing iBestSushiInAlberquerqie.app or for the iPhone or FreeCell10000 for Android.
You said EVERY TIME you go to a bar you get laid. I don't. Therefore, by your original statement, I should be. You're wrong.
Re:paradigm of having to restart the computer?
on
Ubuntu on a Dime
·
· Score: 1
But for most people the 'reboot' is still incidental. It's making sure you've saved all your working documents, closed stuff down, etc, that's annoying. Try hitting Ctrl-Alt-Backspace while you have some unsaved documents open. For practical purposes, you might as well have done a hard power down.
Which is why Ubuntu actually disabled Ctrl-Alt-Backspace by default. Too many users were getting screwed over.
The thing is, the requirements are extra-detailed and a little anal, which make them seem over-the-top, but they basically boil down to:
(1) Restrict internet usage to normal times so the kids don't stay up until three am on a school night. Reasonable.
(2) Revoke access as a punishment. Kids have been getting grounded for how long?
(3) Block access to some sites. Entirely reasonable if you're talking really bad sites or malware infected stuff. It doesn't necessarily equate to some active proxy reading their facebook posts. Besides, I'm sure the kids don't want to see goatse any more than you.
I'm sure plenty of good parents keep guns in a safe and liquor in a locked liquor cabinet. Obviously a gun or booze is more dangerous than the internet, I'm not trying to equate them, but there are advantages to a layered system of trust. Technology and good parenting aren't mutually exclusive.
Certain enough for Apple to ban an app or ask to see the source? Sure.
For popular commercial stuff like MonoTouch, they'd just need to come up with some sort of fingerprint or signature. Presumably they're all going to have some boilerplate library code in there, MonoTouch.init_gc() or whatever...
For homebrew stuff, they can probably still look for stuff that clearly isn't written by a human. Not sure how much a name mangling scheme would get exposed in Objective-C, but that'd be a good place to start.
(1) Brute forcing a single key doesn't equal 'breaking' an algorithm.
(2) I don't think they brute forced the keys.
All I was saying is that if you're going to attempt to do so, and do so on a single document, you could attack the potentially weaker session key, making the size of the RSA key irrelevant.
So don't just generate your 4096-bit RSA OpenPGP key, and say, "problem solved, no one can hack that." You'll also want to set your symmetric key prefs to use AES-256 or Twofish.
Most asymmetric encryption schemes use hybrid encryption. The RSA key encrypts the randomly generated session key. So if you're only trying to crack a single document, and not a person's actual key so you can access any document encrypted to that key, you can bypass the RSA key and brute force the session key. That could be something like 128 bit CAST5 or 3DES, which still shouldn't be easily crackable, but the complexity of that attack won't change no matter how big the RSA key is.
Slashdot Mirror
Depending on the circumstances, the employer may or may not be legally entitled to use the code how they like. But there's enough discussions here on what constitutes development. But...
The developer may not have been legally entitled to collect a paycheck to work on GPL software on company time.
You hear horror stories all the time going everywhere from rent-a-coder to some utility bundled on the Microsoft CD, where the employer had the expectation that they owned the code, only to find out a developer cheated and used some GPL code.
Since the developer even said that there was no written of verbal agreement with the company, the default assumption would be that they are paying you to write code that they will own.
I don't want to get into legal quibbles here, but the developer has basically defrauded the company if he got paid to deliver code that they can't use because of the license.
Well you would have the administrator manually mount the encrypted db after a reboot and type the passphrase at that time, not hardcode it in the app. It doesn't help when someone cracks the running system. It does help when they steal the server or the database files. You pretty much get the same benefits as full drive encryption.
"""
Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
"""
So this doesn't apply to places like slashdot and facebook. Only places that should be securing your data in the first place.
Why futureproof? Won't it be cheaper to buy the fifty dollar router now, and the gigabit one in two years when the price has come down?
Personally, I'd trigger it off of user-agent header. IE... Not a techie verifying functionality -> really submit info... Chrome/Firefox/search engine agents -> example page.
When Fedora first came out, I felt like Red Hat went out of their way to make fedora the "hobbiest" version, and RHEL the "corporate" version. Have they got more or less divergent as time has gone on? It's kind of nice to run the same version of the software at home and in the server room, where Ubuntu is Ubuntu is Ubuntu. One less thing to deal with. Just wondering if I should give Fedora another try...
Yeah, but if you've got some 'enterprise-level database' with those sort of transaction requirements, you can probably justify the purchase of SSDs. It's not exactly like you're building that system from craigslist parts...
A bicyclist running through a red light when I'm going 35 doesn't threaten me?
Uh, I'm just responding specifically to the claim that a bicylist breaking the law only endangers himself.
How does slamming on the breaks when a bicyclist runs a red light or darts out of a blind alley make me an unsafe driver?
Yeah, having to slam on my breaks with a semi behind me becuase of some jackass doesn't threaten me at all.
So did you write a new manpage for futex(2). ;-)
(Maybe that'd be a good way for a newbie to start contributing. Adding documentation and updating manpages as they get to know the kernel, and scoring cred that way. Of course most developers hate writing docs.)
Slashdot was written in someone's spare time... All I'm saying is there were plenty of shiny new things back then in the ancient olden times before smart phones that were sexier than kernel hacking. A lot more shiny new things and opportunities between 1995 and 2000 than there are now. It's just silly to say that the dot-com-mania era didn't have anything more exciting to offer than today's smartphones.
n/t
Forgive me for asking, but what the hell is a binary sort? I thought I was just being dense, but none of the items on the first page of a "sort algorithm" search list a binary sort as a popular sorting algo. Do you mean binary search? (I'm hoping it's just a typo and I'm not that out of it...)
But the sad truth is that even if you take the trade-school approach, and just teach them java, most graduates still won't be able to produce usable product.
They won't be able to make a robust working app. Probably haven't written a web based app that had more than two concurrent users. Probably haven't written a desktop app that's been tested across a variety of platforms and configurations. Haven't written some server app that can go on for years at a time. They aren't familiar with all the intricacies of J2EE on a real clustered live environment. They aren't going to understand how to code with a team, maybe in theory, not in practice.
They still have to learn all that on the job anyway. People always say (half-joking) that they learned more their first week on the job than they ever did in college.
So how much does learning real-world skills over theory really help you? Not that much.
Low level kernel development will always be a bit of a niche thing. But...
You do realize that ten-to-fifteen years ago, there was this exciting new thing called the world-wide-web that provided a lot of opportunities. And many people were writing stuff for that in perl/php/java/whatever. Writing things like google and amazon and heck even imdb. There were a lot more opportunities to change the world and get rich than writing iBestSushiInAlberquerqie.app or for the iPhone or FreeCell10000 for Android.
That's a pretty bad logical inference...
You said EVERY TIME you go to a bar you get laid. I don't. Therefore, by your original statement, I should be. You're wrong.
But for most people the 'reboot' is still incidental. It's making sure you've saved all your working documents, closed stuff down, etc, that's annoying. Try hitting Ctrl-Alt-Backspace while you have some unsaved documents open. For practical purposes, you might as well have done a hard power down.
Which is why Ubuntu actually disabled Ctrl-Alt-Backspace by default. Too many users were getting screwed over.
The thing is, the requirements are extra-detailed and a little anal, which make them seem over-the-top, but they basically boil down to:
(1) Restrict internet usage to normal times so the kids don't stay up until three am on a school night. Reasonable.
(2) Revoke access as a punishment. Kids have been getting grounded for how long?
(3) Block access to some sites. Entirely reasonable if you're talking really bad sites or malware infected stuff. It doesn't necessarily equate to some active proxy reading their facebook posts. Besides, I'm sure the kids don't want to see goatse any more than you.
I'm sure plenty of good parents keep guns in a safe and liquor in a locked liquor cabinet. Obviously a gun or booze is more dangerous than the internet, I'm not trying to equate them, but there are advantages to a layered system of trust. Technology and good parenting aren't mutually exclusive.
When my kids are grounded, they go in the cage...
The faraday cage...
To 100% certainty, no...
Certain enough for Apple to ban an app or ask to see the source? Sure.
For popular commercial stuff like MonoTouch, they'd just need to come up with some sort of fingerprint or signature. Presumably they're all going to have some boilerplate library code in there, MonoTouch.init_gc() or whatever...
For homebrew stuff, they can probably still look for stuff that clearly isn't written by a human. Not sure how much a name mangling scheme would get exposed in Objective-C, but that'd be a good place to start.
I'm hunting right now. The best case of this by far is:
Visual Studio .NET 2008 - 5 years experience
(1) DO THE MATH! (At least when people were asking for ten years of web development experience in 1995, the web wasn't called WWW-90)
(2) WHAT THE HELL IS VISUAL STUDIO EXPERIENCE?
Am I missing something in your argument?
He said that teaching anyone under 16 about condoms is legally contributing to the delinquency of a minor.
Showing a fifteen year old how to use a condom does not equal having sex with a person under twelve.
(1) Brute forcing a single key doesn't equal 'breaking' an algorithm.
(2) I don't think they brute forced the keys.
All I was saying is that if you're going to attempt to do so, and do so on a single document, you could attack the potentially weaker session key, making the size of the RSA key irrelevant.
So don't just generate your 4096-bit RSA OpenPGP key, and say, "problem solved, no one can hack that." You'll also want to set your symmetric key prefs to use AES-256 or Twofish.
Most asymmetric encryption schemes use hybrid encryption. The RSA key encrypts the randomly generated session key. So if you're only trying to crack a single document, and not a person's actual key so you can access any document encrypted to that key, you can bypass the RSA key and brute force the session key. That could be something like 128 bit CAST5 or 3DES, which still shouldn't be easily crackable, but the complexity of that attack won't change no matter how big the RSA key is.