There was exactly 1 really clever worm of this nature.
The internet worm created by Robert Morris Jr. 21 years ago.
And perhaps the first worm in a PHP/CGI app which was not this one.
The rest have just been copycats, non-original.
And the payload isn't even clever.
Yes, CS programs don't prove your ability to develop good software. But most do assure students have the ability to develop software, because programming, and submitting completed programs is an element of CS programs.
But Electrician licensing programs don't test actual electrician skills, either, they are WRITTEN tests not practical tests, and they test knowledge of the field, and knowledge of the electrical code, they are not practical skills tests. There are plenty of licensed electricians out there that you wouldn't want to hire.
Just like Software Engineering degree programs create and test knowledge, not skills.
In fact, skills are pretty hard to accurately test.
Familiarity with a programming language isn't all that important. A CS person should be able to learn any of the common programming languages in a week or two, maximum.
Familiarity with APIs and data formats takes a lot longer, and is of more importance.
A C++ programmer on your project is going to have a bit of a hard time, even if they've been coding 15 years using various frameworks, if they never used the STL, and the STL is standard for your project.
Their course selection is sparse with only 9 courses available, and the subject of all their courses appears to be non-technical, elementary, and uninteresting (to me at least).
It would be interesting if they were offering advanced courses in various disciplines as well. E.g. senior-level classes in political science, philosophy, CS courses like advanced C# programming, etc.
The biological, physical, and behavioral sciences are under-represented in their course catalog, they don't even have a history course. And mathematics is represented at a poor level; most science majors at a uni would be taking calculus in their first Freshman semester, not "Precalculus".
It would be a waste of your time if you had already taken some college classes, so it's not as if students may defect to a service like this as some sort of replacement for their UNI.
So you pay $99/month and get access to maybe at most 10 courses, but most of them have implicit pre-requisites, eg.. it would be unusual to take English Composition I and II simultaneously; 5 courses fall into that category.
So you would be taking at most 5 courses at a time. By the end of 2nd semester, there'd be no courses on this site left for you to take; I seriously doubt they can add many courses at a quick rate, it's costly to develop.
Their service is no replacement for going to an institution, which has to accept you anyways for you to obtain credit, and even if you were to take all of the courses they offer and get credit for all of them, you won't be close to a degree.
So this could very well be an upsell to the universities who will give credit for some of their courses.
They can use this to get more students who would otherwise be going to different schools.
And Gnash claims to support most SWF v7 and v8 features.
There is also an open-source Action script compiler called MTASC
If we have open source tools to actually generate the bytecode... is it not a reasonable thought that tools could have been developed to actually run that bytecode?
Some years ago, the kernel development model version numbering had changed, and at some point Linus basically said there would probably not be an unstable 2.7.x series, ever, except that they might want to number the version after 2.6.99 2.7.0 instead of 2.7.100, just to keep the numbers short.
In all likelihood, 5 years from today, the kernel will still be 2.6.x.
Remote X is a perfect example of just the bloat X contains.
By the way, I always use remote VNC, and not Remote X. It has advantages like being usable over a WAN (not like X protocol), and you can disconnect and re-connect sessions later without killing apps (much like screen).
A rewrite of X from the ground up would not include bloat and features hardly everyone uses.
The only way to run "Remote X" would be to be utilizing add-on software on TOP of X.
Much like VNC in Windows is installed on TOP of the windowing stack as an additional piece of software, not underneath it, as overhead, all apps have to put up with, even for users who don't use the remoting protocol.
This is no excuse. The Open Source community has brought us Samba for goodness sake.
Reverse-engineering and making an open implementation of a simple web plugin should be harder than reverse-engineering and implementing Windows domain, RPC named pipes, and file sharing protocols?:)
Not to mention the fact that Adobe has made SWF, FLV, and RMTP open specifications.
It was coming to bite them in the a**... with a student suing them and everything.
They finally realized they were getting widespread negative publicity, poorer reviews, more people recommending to stay away frmo kindle and get something else, and maybe, just maybe, it put a small dent in their sales.
Enough for them to stand up and take notice...
If it were just a few customers effected by the deletion and hasn't been widely publicized in the news, I have my doubts that Amazon would have ever done something to right the situation.
For all we know, they've already done it, have an army of massive fully operational quantum computers, and are laughing real hard right now at private researchers trying to catch up.
There may be some validity to it if you were trying to make an overestimate, to establish an upper bound on the number of people (and not a lower bound), and you had some valid basis for saying no more than 4.7% of people lied.
Then your study would find that "At most X people" would be in this category on average, within your confidence interval.
However, you couldn't say "No less than X people", or "X amount of people" are in this category within your confidence interval.
From what the article says, they equate file sharing software users to 'illegal file-sharers'; so someone using BitTorrent to download Linux ISOs would put them in 'file sharer' territory, and therefore count towards the illegal file sharer statistics?
The statistical inferences about the internet using population are only valid if the 1,176 net-connected households are a representative sample of the population they are attempting to draw statistical inferences about.
Meaning the characteristics of the people they randomly chose to be in their group are similar to those of the community they will make inferences about (the internet community).
E.g. if X% of the internet population are catholic people between ages 16-18, and Y% of people in the internet population are ages 22-28 and atheist, X% and Y% of the people in their sample should have those respective characteristics, for the sample to be representative.
If there are differences in the composition of their sample, or if the composition of internet users is not fully understood, then the inferences are fundamentally flawwed.
It's almost impossible to choose a usable sample of internet users as random; asking internet users to pick theirselves results in a biased (self-selecting) sample.
There's not a book of all internet users they can use; they can't force all internet users to partake in their study, internet users with certain characteristics may be more likely than others to even refuse to participate.
Here are some of the issues:
That 11.6% of respondents who admitted to file sharing was adjusted upwards to 16.3% "to reflect the assumption that fewer people admit to file sharing than actually do it."... The report's author told the BBC that the adjustment "wasn't just pulled out of thin air" but based on unspecified evidence
Without specifying the evidence, there is no way to substantiate the validity of this adjustment, and the resulting conclusion is highly questionable.
Jupiter research was working on the assumption that there were 40m people online in the UK in 2008, whereas the Government's own Office of National Statistics claimed there were only 33.9m people online during that year.
In other words, the population something being inferred about was smaller than the report assumed.
Explain in advance that testing will be done, and give the candidate a good idea of what to be prepared for.
Keep it to a minimum, keep it as short and minimal an inconvenience as possible.
Don't spring the testing on the candidate at the interview, or try to treat it as if it's part of the interview.
It's dishonest to ask them to come meet you, and then to ask them to do a task that you had not informed them they would be asked to do.
It will cause undue stress and disdain because they don't know what to expect, or because you're putting them under unreasonable conditions for a meeting.
Interviews should be laid back, so the candidate can be relaxed and comfortable, don't ask the candidate to do a lot for you in a short amount of time.
No timed 200 question essay/long-answer tests.
Maybe a 2 or 3 short question / short answer "Assessment"
They should be asked orally and they should be questions that don't require the candidate to do elaborate math in their head or use scratch paper / calculator / etc.
The candidate may not perform well because they are not mentally prepared for technical assessment, their mental energies are concentrated on interviewing for a position, not development minutia.
Many software engineers carry a degree in their field, issued by an accredited university... which assures a minimum skill level to get that degree (As in, taking courses, and passing tests).
Maybe your group is working poorly, and no one (other than a current member of your team), psosibly has been versed in "how the rest of your group is working" ?
Your candidate is familiar with and well-versed in many version control systems, but your team doesn't use any of that: you swear by a shared drive.
And "backups"??? Your team has no idea what those are. Clearly any candidate who would think you should be having backups doesn't have the experience you need...
The competition probably tests too.
Or will be laden with inefficiency due to employees who don't have the skills they claim to have.
Oh, yes, and this only works if the competition's going to hire you. In a tight job market, when you need the job, it would really be quite foolish to refuse a simple skills test outright.
Haven't they ever heard of signed patches?
Why can't they make the one-click upgrade verify a GPG signature before performing the installation of the code contained in the upgrade file?
That doesn't have the least bit of an effect on exploitability of the bug, or its wormability.
The wp*.php files are very obvious give-away that you run wordpres.
There was exactly 1 really clever worm of this nature. The internet worm created by Robert Morris Jr. 21 years ago. And perhaps the first worm in a PHP/CGI app which was not this one.
The rest have just been copycats, non-original. And the payload isn't even clever.
Yes, CS programs don't prove your ability to develop good software. But most do assure students have the ability to develop software, because programming, and submitting completed programs is an element of CS programs.
But Electrician licensing programs don't test actual electrician skills, either, they are WRITTEN tests not practical tests, and they test knowledge of the field, and knowledge of the electrical code, they are not practical skills tests. There are plenty of licensed electricians out there that you wouldn't want to hire.
Just like Software Engineering degree programs create and test knowledge, not skills.
In fact, skills are pretty hard to accurately test.
Familiarity with a programming language isn't all that important. A CS person should be able to learn any of the common programming languages in a week or two, maximum.
Familiarity with APIs and data formats takes a lot longer, and is of more importance.
A C++ programmer on your project is going to have a bit of a hard time, even if they've been coding 15 years using various frameworks, if they never used the STL, and the STL is standard for your project.
Their course selection is sparse with only 9 courses available, and the subject of all their courses appears to be non-technical, elementary, and uninteresting (to me at least).
It would be interesting if they were offering advanced courses in various disciplines as well. E.g. senior-level classes in political science, philosophy, CS courses like advanced C# programming, etc.
The biological, physical, and behavioral sciences are under-represented in their course catalog, they don't even have a history course. And mathematics is represented at a poor level; most science majors at a uni would be taking calculus in their first Freshman semester, not "Precalculus".
It would be a waste of your time if you had already taken some college classes, so it's not as if students may defect to a service like this as some sort of replacement for their UNI.
So you pay $99/month and get access to maybe at most 10 courses, but most of them have implicit pre-requisites, eg.. it would be unusual to take English Composition I and II simultaneously; 5 courses fall into that category.
So you would be taking at most 5 courses at a time. By the end of 2nd semester, there'd be no courses on this site left for you to take; I seriously doubt they can add many courses at a quick rate, it's costly to develop.
Their service is no replacement for going to an institution, which has to accept you anyways for you to obtain credit, and even if you were to take all of the courses they offer and get credit for all of them, you won't be close to a degree.
So this could very well be an upsell to the universities who will give credit for some of their courses. They can use this to get more students who would otherwise be going to different schools.
Sure there are multiple specifications involved, but there's demonstrably open source work, so it can't be _that_ hard:
VLC is an open source media player and can play FLVs.
The Open source media player XBMC has some support for playing RTMP streams.
Not to mention rtmpdump
And Gnash claims to support most SWF v7 and v8 features.
There is also an open-source Action script compiler called MTASC
If we have open source tools to actually generate the bytecode... is it not a reasonable thought that tools could have been developed to actually run that bytecode?
Some years ago, the kernel development model version numbering had changed, and at some point Linus basically said there would probably not be an unstable 2.7.x series, ever, except that they might want to number the version after 2.6.99 2.7.0 instead of 2.7.100, just to keep the numbers short.
In all likelihood, 5 years from today, the kernel will still be 2.6.x.
Remote X is a perfect example of just the bloat X contains. By the way, I always use remote VNC, and not Remote X. It has advantages like being usable over a WAN (not like X protocol), and you can disconnect and re-connect sessions later without killing apps (much like screen).
A rewrite of X from the ground up would not include bloat and features hardly everyone uses.
The only way to run "Remote X" would be to be utilizing add-on software on TOP of X.
Much like VNC in Windows is installed on TOP of the windowing stack as an additional piece of software, not underneath it, as overhead, all apps have to put up with, even for users who don't use the remoting protocol.
I'm not sure what Y and Z are, but I know Linux can run X... My web browser is running under X. :)
They used distcc, which required multiple pieces of hardware.
It has ports of the only PC games that really matter:
This is no excuse. The Open Source community has brought us Samba for goodness sake.
Reverse-engineering and making an open implementation of a simple web plugin should be harder than reverse-engineering and implementing Windows domain, RPC named pipes, and file sharing protocols? :)
Not to mention the fact that Adobe has made SWF, FLV, and RMTP open specifications.
It was coming to bite them in the a**... with a student suing them and everything.
They finally realized they were getting widespread negative publicity, poorer reviews, more people recommending to stay away frmo kindle and get something else, and maybe, just maybe, it put a small dent in their sales.
Enough for them to stand up and take notice...
If it were just a few customers effected by the deletion and hasn't been widely publicized in the news, I have my doubts that Amazon would have ever done something to right the situation.
For all we know, they've already done it, have an army of massive fully operational quantum computers, and are laughing real hard right now at private researchers trying to catch up.
Unleash the kids on slashdot, show them how to post a comment, and tell them to have as much fun as possible.
Buy them books from the GNAA's reading list (or whatever that org / its successors are called nowadays).
Tomorrow's lesson is how to pwn newbs in world of warcraft, sell off their gear for real-$$$ profit.
And on Friday... all about Linux boxen and how to root them....
Just please don't teach them how to send e-mail spam.
There may be some validity to it if you were trying to make an overestimate, to establish an upper bound on the number of people (and not a lower bound), and you had some valid basis for saying no more than 4.7% of people lied.
Then your study would find that "At most X people" would be in this category on average, within your confidence interval.
However, you couldn't say "No less than X people", or "X amount of people" are in this category within your confidence interval.
It could be that file sharers are slightly more likely to have excluded themselves from or refused to participate in the study.
In this case, 3% is >1.17 million people.
From what the article says, they equate file sharing software users to 'illegal file-sharers'; so someone using BitTorrent to download Linux ISOs would put them in 'file sharer' territory, and therefore count towards the illegal file sharer statistics?
The statistical inferences about the internet using population are only valid if the 1,176 net-connected households are a representative sample of the population they are attempting to draw statistical inferences about.
Meaning the characteristics of the people they randomly chose to be in their group are similar to those of the community they will make inferences about (the internet community).
E.g. if X% of the internet population are catholic people between ages 16-18, and Y% of people in the internet population are ages 22-28 and atheist, X% and Y% of the people in their sample should have those respective characteristics, for the sample to be representative.
If there are differences in the composition of their sample, or if the composition of internet users is not fully understood, then the inferences are fundamentally flawwed.
It's almost impossible to choose a usable sample of internet users as random; asking internet users to pick theirselves results in a biased (self-selecting) sample. There's not a book of all internet users they can use; they can't force all internet users to partake in their study, internet users with certain characteristics may be more likely than others to even refuse to participate.
Here are some of the issues:
That 11.6% of respondents who admitted to file sharing was adjusted upwards to 16.3% "to reflect the assumption that fewer people admit to file sharing than actually do it." ... The report's author told the BBC that the adjustment "wasn't just pulled out of thin air" but based on unspecified evidence
Without specifying the evidence, there is no way to substantiate the validity of this adjustment, and the resulting conclusion is highly questionable.
Jupiter research was working on the assumption that there were 40m people online in the UK in 2008, whereas the Government's own Office of National Statistics claimed there were only 33.9m people online during that year.
In other words, the population something being inferred about was smaller than the report assumed.
Explain in advance that testing will be done, and give the candidate a good idea of what to be prepared for.
Keep it to a minimum, keep it as short and minimal an inconvenience as possible.
Don't spring the testing on the candidate at the interview, or try to treat it as if it's part of the interview.
It's dishonest to ask them to come meet you, and then to ask them to do a task that you had not informed them they would be asked to do.
It will cause undue stress and disdain because they don't know what to expect, or because you're putting them under unreasonable conditions for a meeting.
Interviews should be laid back, so the candidate can be relaxed and comfortable, don't ask the candidate to do a lot for you in a short amount of time.
No timed 200 question essay/long-answer tests.
Maybe a 2 or 3 short question / short answer "Assessment"
They should be asked orally and they should be questions that don't require the candidate to do elaborate math in their head or use scratch paper / calculator / etc.
The candidate may not perform well because they are not mentally prepared for technical assessment, their mental energies are concentrated on interviewing for a position, not development minutia.
Many software engineers carry a degree in their field, issued by an accredited university... which assures a minimum skill level to get that degree (As in, taking courses, and passing tests).
Maybe your group is working poorly, and no one (other than a current member of your team), psosibly has been versed in "how the rest of your group is working" ?
Your candidate is familiar with and well-versed in many version control systems, but your team doesn't use any of that: you swear by a shared drive.
And "backups"??? Your team has no idea what those are. Clearly any candidate who would think you should be having backups doesn't have the experience you need...
The competition probably tests too. Or will be laden with inefficiency due to employees who don't have the skills they claim to have.
Oh, yes, and this only works if the competition's going to hire you. In a tight job market, when you need the job, it would really be quite foolish to refuse a simple skills test outright.
The secured outer enevlope with a notary seal on it is further evidence showing that the contents of the document have not been altered.
Ok, i'll find one with two buttons, then:
Metacrawler in 1996.
They even provide links, and the two buttons "Comprehensive Search" and "Fast Search"
Are reminiscent of Google's "normal search" and "I'm feeling lucky" mode.