I don't think they are complaining about their own systems being compromized, but the network effects of thousands of other computers grinding parts of the internet to a halt.
My mail server runs on Linux, but it was unavailable for at least 30 minutes because of the Slammer worm. Not because it was vulnerable, but because of all the idiots dumb enough to put SQL server on an open network...
What about the time they made an aquarium out of the arch behind University Hall! They put panes of glass on either side of the arch, sealed the edges, filled it with water and threw in a bunch of goldfish.
This proved quite a poser for the janitorial staff, since they didn't know how to remove this without killing the fish...
I think the main reason the pranks got more destructive in the past years is because the University wouldn't let them have their fun. I remember the engineers spent half the night painting the shuttle busses that travel across campus every day. They used water soluble paints to be non-destructive, but the University had the cleaning staff in at 6:00 AM to wash the busses clean, so no one saw the prank. They should have just let them have their fun for the day...
The problem is that with security, the very best possible way to keep your site secure is to a) purify incoming data and b) keep your source to yourself unless you want people to let you know where the bugs/holes are.
The problem with this philosophy is that it allow you to be sloppy with your code. You might start out with great intentions of keeping the code clean, but without the fear of ridicule associated with peer review, you will start to slip to catch that deadline.
Knowing other people are going to see the code is the best way to keep a programmer in line. An artist is not going to show all the crap they come up with to the world. They pick their best work and share it because they are proud of it.
Now if only I could adhere to this philosophy myself...
I have done some statistical analysis of the comments posted to slashdot articles in the past year and found that over 92.46% of all posters failed to read the article they were commenting on.
Why is it that whenever someone mentions Perl, everyone has to mention how superior insert favourite language is. Does everyone feel that threatened by Perl? Do that many people hate Perl that much?
I use Perl because it lets me get the job done with little or no hassle. I like the TMTOWTDI nature of Perl, and Perl had one of the bestsupportcommunities out there. There is a huge public codebase that you can draw from. And if you are building websites, there is a plethora of application frameworks and templating languages to choose from (HTML::Mason, Apache::ASP, OpenInteract, CGI::Application, AxKit, Embperl, Apache::PageKit, Template Toolkit, HTML::Template just to name a few).
What really annoys me is most of the time the complaints made against Perl are completely unfounded (like the claims made by the parent post). If someone wants me to refute the complaints made about Perl in the parent post I can, but for now I'll just end my rant here...
If you haven't used Perl before, try it, it's good!
So blocking untrusted servers doesn't make email unreliable? I find that very hard to believe. Considering that most of the time it is Net blocks that are blocked, not just individual IP addresses.
blocking IP addresses is also open to abuse... If I had a grudge against an ISP, I could fake some SPAM headers and send it to any of the IP blockers. Maybe send several copies from different accounts. Getting an IP listed is usually easier than getting it removed, so in the mean time many legitimate emails are being blocked...
I believe you have to attack the root of the problem, and that is stopping the SPAM at the origin. This is probably the more difficult approach, but it is the only one that will avoid dropping legitimate mail.
I'd wait to upgrade, because it looks like version 2.0.45 will be out early next week. There are a couple of silly problems that were introduced into this release that need to be fixed.
I can understand AMI's reasons for keep the source to their BIOS closed while it is being developed, and prior to the release of the motherboard in question. But is there any reason why they can't release the source to older BIOS code that applies to equipment that is already outdated and no longer manufactured? Is there a competitive advantage to holding on to outdated technology?
Do you think that the.002% of the morons that actually click through on these SPAMs are actually going to setup and maintain a filter? You have a higher regard for their intelligence than I do...
The uptake of SPAM is so incredibly small, and yet it is still profitable for these pricks. End user implemented solutions will only help reduce the annoyance of SPAM for that user, but I don't believe it will ever eliminate SPAM.
No spammer has ever made any money by spamming me yet, so do you think they will make less money if I filter their emails and never look at them?
If a SPAM doesn't appear in my inbox, was it ever sent?
By the time the SPAM gets filtered by your mail reader it has already done lots of damage. SPAM costs ISPs money in time, bandwidth, and storage space. Where do you think that extra cost is heading. Right back to the end user.
There are many solutions out there that can limit the amount of SPAM that appears in your inbox (like bayessian filters), but that isn't enough to stop the SPAM problem. It just puts a band-aid over it...
Just use a combination of a whitelist and an autoreply. If your on my whitelist you get through automatically. If not, my mailer automatically sends you a response saying that your not on my whitelist, and asks you to reply to the message to get through my filter. The returned message will have a unique ID in it that will work once to pass the filter. I will see the second message and can choose to add you to my whitelist.
The only way the spammer will get through is if they have a valid return email, and an intelligent agent on the other end that can interpret the returned mail and send a new spam. Highly unlikely that this would happen.
There is a slight inconvenience the first time someone tries to contact you because they will have to mail you twice.
It's not who he likes, but who he trusts! There is a big difference there, and if you read the message again, you will see that he has accepted major patches from people he dislikes and doesn't get along with...
If you set things up correctly, then most of that memory is actually shared between the processes. If you read the mod_perl guide (http://perl.apache.org/docs/1.0/guide/performance.html#Sharing_Memory) it explains all of this stuff for you...
I guess you haven't used LEGO Minstorms yourself. It comes with a Drag and Drop GUI programming language that looks like lego bricks. You literally build you program on screen before uploading it to your RCX. I think it is a fantastic tool for teaching kids the basics of programming, and it's fun to boot...
Just to nitpick a little more, but actually Ottawa (The capital of Canada) and Toronto (the capital of Ontario) are both closer to Sudbury than Kingston is. The reason Kingston was mentioned is because a lot of the research is being done at Queens University in Kingston, even though the Observatory is in Sudbury.
Personally I wouldn't expect anyone outside of Canada to be able to point out Kingston or Sudbury on a map. Unless the map is labelled of course... - Cees
The reason that companies are coming up with their own "Open Source" lisence is so that their code will still be "branded" with the company name.
If Novell decides to release said code under the GPL, it looks to the casual observer that we have another piece of software coming from the GNU project. By releasing it under their own lisence, any derivative of the work will still have the Novell name attacted to it.
It might seem like a pain to all of us who have to carefully read through the lawyer speak, but I think it is a small price to pay for having a new source of Open Source projects. Novell gets some name recognition and we get access to the code.
Basically, you can revive an unconscious person, but if they (or you) get an air embolism or rupture their lungs on the way up they are dead. DCS (the bends) and even plain old drowning act slowly compared to these two instant killers.
I didn't want to get into too much detail, but I guess the distinction here is between unconscious and non-breathing. If the diver is still breathing, then I agree controlling the ascent is by far the best choice. However, if you have a non-breathing diver there is very little risk of rupturing their lungs on a rapid ascent (unless there is a physical obstruction of their airway), and this is what this doctor was advocating. The idea is to get the person to the surface as fast as you can, so that someone at the surface can begin rescue breathing as soon as possible. The longer you wait before you begin AR and CPR, the less chance you will have of reviving them, and even if you do revive them, the chance of brain damage increases very quickly.
I really should have used the term non-breathing in my post intstead of unconscious.
Anyway, it is good to see that there is at least one other diver around here. And I'm glad to see that you have an interest that goes beyond basic sport diving...
of a similar experiment I heard about a SCUBA diving physician.
As most people know, when you SCUBA dive, it is very dangerous to make a rapid ascent to the surface. You can get the Bends, or blow a hole in your lung or other nasty things can happen to you.
What this doctor was trying to figure out, was if you are performing an underwater rescue of a diver, and that diver is unconscious, do you take him up slowly (and risk not having enough time to revive him), or do you drop his weight belt and "Air Mail" him to the surface (where hopefully someone else can start to revive the person immediately).
In order to test his theory, he used himself as the victim. He dove down to 40 ft, and had someone knock him unconscious (probably with a hypodermic needle or something), and they fired him up to the surface... They repeated this several times. As far as I know, he suffered no damage, and his tests were a success:)
Now there is some dedication to your sport (and profession)...
I think you are missing an important distinction here. The reason that poeple don't mourn the mother of 3 that dies in the car wreck, is because that person had no direct influence on their lives. It is a tragedy that fades very quickly to gray along with the other tragedies that occur each and every day (sorry, I didn't mean for that to rhyme:).
When someone famous dies, the loss of that individual is no more tragic than that of the mother of 3 who dies in the car wreck. But people are not necesarilly mourning the loss of Mary Kay Bergman the person. They are mourning the end of her contributions to our society. Some people will say that she contributed nothing in her work on South Park, and in turn will not mourn her passing. Others will show grief and a sense of loss at this news, and you can bet that they were fans of the show.
Before today I had never heard of Mary Kay Bergman, and I still don't know anything about her. But I do know that she has made me laugh, and that is what I'll miss.
If you're willing to work contract, you can make a lot more than that in Canada. I started at $40/hr right out of University (although I did have 2-3 years of work experience already). And really, any coder worth their beans can do my job. I'm just building web applications using DB2 and server side JavaScript.
By the way, $40/hr is the minimum that you should ask for (in Toronto). I was asked how much I wanted, and I said $40. That's what I got, no questions asked... Makes me think I should have said 50 or 60 and haggled with them a bit:)
I assume that these sites get hit often and hit hard... What made you think that Linux could hold up to the pressure, and has it performed as you had hoped?
I think you better check that again. I took a quick look at all the posts, and there are only about 4 posts that have been marked down, and they are all worthless drivel that has nothing do do with the article (ie first posts, and the like).
All of the the other articles that you assume have been marked down, haven't been moderated at all. You can tell if a comment has been moderated, because it has a rating plus a reason for the rating (ie Interesting, Funny, Flamebait, etc...)
There are several comments that are rated at 2 that haven't been moderated because that users karma is higher (they have earned this extra point by continuously providing interesting or insightful comments). Also, the comments that you assume are marked down are starting at 0, because the user is either and Anonymous Coward, or have posted enough drivel on the site to have lost a Karma point.
I agree that there are many moderators who need to get their heads out of their collective butts, but most of the time, the system works quite well.
So we, the open source community, spend our time and effort developing tools and MS packs them up and sells them.
And how is this a bad thing? What this would result in is:
Microsoft accepts that Open Source software is a viable alternative to Microsoft's in-house products
Microsoft is required (by the license) to release the source code with their distribution.
Microsoft is required (by the license) to release all changes they have made to the source code So now, your average Microsofty will see Open Source in a better light. They may also ask, if I can see the source to this software, why won't they give me the source to that software.
Slashdot Mirror
I don't think they are complaining about their own systems being compromized, but the network effects of thousands of other computers grinding parts of the internet to a halt.
My mail server runs on Linux, but it was unavailable for at least 30 minutes because of the Slammer worm. Not because it was vulnerable, but because of all the idiots dumb enough to put SQL server on an open network...
What about the time they made an aquarium out of the arch behind University Hall! They put panes of glass on either side of the arch, sealed the edges, filled it with water and threw in a bunch of goldfish.
This proved quite a poser for the janitorial staff, since they didn't know how to remove this without killing the fish...
I think the main reason the pranks got more destructive in the past years is because the University wouldn't let them have their fun. I remember the engineers spent half the night painting the shuttle busses that travel across campus every day. They used water soluble paints to be non-destructive, but the University had the cleaning staff in at 6:00 AM to wash the busses clean, so no one saw the prank. They should have just let them have their fun for the day...
The problem with this philosophy is that it allow you to be sloppy with your code. You might start out with great intentions of keeping the code clean, but without the fear of ridicule associated with peer review, you will start to slip to catch that deadline.
Knowing other people are going to see the code is the best way to keep a programmer in line. An artist is not going to show all the crap they come up with to the world. They pick their best work and share it because they are proud of it.
Now if only I could adhere to this philosophy myself...
I have done some statistical analysis of the comments posted to slashdot articles in the past year and found that over 92.46% of all posters failed to read the article they were commenting on.
Why is it that whenever someone mentions Perl, everyone has to mention how superior insert favourite language is. Does everyone feel that threatened by Perl? Do that many people hate Perl that much?
I use Perl because it lets me get the job done with little or no hassle. I like the TMTOWTDI nature of Perl, and Perl had one of the best support communities out there. There is a huge public codebase that you can draw from. And if you are building websites, there is a plethora of application frameworks and templating languages to choose from (HTML::Mason, Apache::ASP, OpenInteract, CGI::Application, AxKit, Embperl, Apache::PageKit, Template Toolkit, HTML::Template just to name a few).
What really annoys me is most of the time the complaints made against Perl are completely unfounded (like the claims made by the parent post). If someone wants me to refute the complaints made about Perl in the parent post I can, but for now I'll just end my rant here...
If you haven't used Perl before, try it, it's good!
So blocking untrusted servers doesn't make email unreliable? I find that very hard to believe. Considering that most of the time it is Net blocks that are blocked, not just individual IP addresses.
blocking IP addresses is also open to abuse... If I had a grudge against an ISP, I could fake some SPAM headers and send it to any of the IP blockers. Maybe send several copies from different accounts. Getting an IP listed is usually easier than getting it removed, so in the mean time many legitimate emails are being blocked...
I believe you have to attack the root of the problem, and that is stopping the SPAM at the origin. This is probably the more difficult approach, but it is the only one that will avoid dropping legitimate mail.
I'd wait to upgrade, because it looks like version 2.0.45 will be out early next week. There are a couple of silly problems that were introduced into this release that need to be fixed.
v &m =104321038630487&w=2
http://marc.theaimsgroup.com/?l=apache-httpd-de
IANAAD (I am not an Apache developer), so don't kill me if I'm wrong, but that's what I read from the mailing list...
I can understand AMI's reasons for keep the source to their BIOS closed while it is being developed, and prior to the release of the motherboard in question. But is there any reason why they can't release the source to older BIOS code that applies to equipment that is already outdated and no longer manufactured? Is there a competitive advantage to holding on to outdated technology?
Just wondering...
Do you think that the .002% of the morons that actually click through on these SPAMs are actually going to setup and maintain a filter? You have a higher regard for their intelligence than I do...
The uptake of SPAM is so incredibly small, and yet it is still profitable for these pricks. End user implemented solutions will only help reduce the annoyance of SPAM for that user, but I don't believe it will ever eliminate SPAM.
No spammer has ever made any money by spamming me yet, so do you think they will make less money if I filter their emails and never look at them?
If a SPAM doesn't appear in my inbox, was it ever sent?
By the time the SPAM gets filtered by your mail reader it has already done lots of damage. SPAM costs ISPs money in time, bandwidth, and storage space. Where do you think that extra cost is heading. Right back to the end user.
There are many solutions out there that can limit the amount of SPAM that appears in your inbox (like bayessian filters), but that isn't enough to stop the SPAM problem. It just puts a band-aid over it...
Just use a combination of a whitelist and an autoreply. If your on my whitelist you get through automatically. If not, my mailer automatically sends you a response saying that your not on my whitelist, and asks you to reply to the message to get through my filter. The returned message will have a unique ID in it that will work once to pass the filter. I will see the second message and can choose to add you to my whitelist.
The only way the spammer will get through is if they have a valid return email, and an intelligent agent on the other end that can interpret the returned mail and send a new spam. Highly unlikely that this would happen.
There is a slight inconvenience the first time someone tries to contact you because they will have to mail you twice.
- Cees
REG: Yeah. Well, what Jesus blatantly fails to appreciate is that it's the meek who are the problem.
In many cases users are the problem, not usability...
Do you pronounce it Sequel or S-Q-L???
/. poll!
To me it is Postgres-Q-L and My-S-Q-L, but I think the Microsofties call it Microsoft Sequel Server...
Maybe good for a
It's not who he likes, but who he trusts! There is a big difference there, and if you read the message again, you will see that he has accepted major patches from people he dislikes and doesn't get along with...
If you set things up correctly, then most of that memory is actually shared between the processes. If you read the mod_perl guide (http://perl.apache.org/docs/1.0/guide/performance .html#Sharing_Memory) it explains all of this stuff for you...
Cees
I guess you haven't used LEGO Minstorms yourself. It comes with a Drag and Drop GUI programming language that looks like lego bricks. You literally build you program on screen before uploading it to your RCX. I think it is a fantastic tool for teaching kids the basics of programming, and it's fun to boot...
Just to nitpick a little more, but actually Ottawa (The capital of Canada) and Toronto (the capital of Ontario) are both closer to Sudbury than Kingston is. The reason Kingston was mentioned is because a lot of the research is being done at Queens University in Kingston, even though the Observatory is in Sudbury.
Personally I wouldn't expect anyone outside of Canada to be able to point out Kingston or Sudbury on a map. Unless the map is labelled of course...
- Cees
The reason that companies are coming up with their own "Open Source" lisence is so that their code will still be "branded" with the company name.
If Novell decides to release said code under the GPL, it looks to the casual observer that we have another piece of software coming from the GNU project. By releasing it under their own lisence, any derivative of the work will still have the Novell name attacted to it.
It might seem like a pain to all of us who have to carefully read through the lawyer speak, but I think it is a small price to pay for having a new source of Open Source projects. Novell gets some name recognition and we get access to the code.
Seems like a win win situation to me...
- Cees
I didn't want to get into too much detail, but I guess the distinction here is between unconscious and non-breathing. If the diver is still breathing, then I agree controlling the ascent is by far the best choice. However, if you have a non-breathing diver there is very little risk of rupturing their lungs on a rapid ascent (unless there is a physical obstruction of their airway), and this is what this doctor was advocating. The idea is to get the person to the surface as fast as you can, so that someone at the surface can begin rescue breathing as soon as possible. The longer you wait before you begin AR and CPR, the less chance you will have of reviving them, and even if you do revive them, the chance of brain damage increases very quickly.
I really should have used the term non-breathing in my post intstead of unconscious.
Anyway, it is good to see that there is at least one other diver around here. And I'm glad to see that you have an interest that goes beyond basic sport diving...
- Cees
of a similar experiment I heard about a SCUBA diving physician.
:)
As most people know, when you SCUBA dive, it is very dangerous to make a rapid ascent to the surface. You can get the Bends, or blow a hole in your lung or other nasty things can happen to you.
What this doctor was trying to figure out, was if you are performing an underwater rescue of a diver, and that diver is unconscious, do you take him up slowly (and risk not having enough time to revive him), or do you drop his weight belt and "Air Mail" him to the surface (where hopefully someone else can start to revive the person immediately).
In order to test his theory, he used himself as the victim. He dove down to 40 ft, and had someone knock him unconscious (probably with a hypodermic needle or something), and they fired him up to the surface... They repeated this several times. As far as I know, he suffered no damage, and his tests were a success
Now there is some dedication to your sport (and profession)...
ps are there any SCUBA divers on SlashDot???
- Cees
I think you are missing an important distinction here. The reason that poeple don't mourn the mother of 3 that dies in the car wreck, is because that person had no direct influence on their lives. It is a tragedy that fades very quickly to gray along with the other tragedies that occur each and every day (sorry, I didn't mean for that to rhyme :).
When someone famous dies, the loss of that individual is no more tragic than that of the mother of 3 who dies in the car wreck. But people are not necesarilly mourning the loss of Mary Kay Bergman the person. They are mourning the end of her contributions to our society. Some people will say that she contributed nothing in her work on South Park, and in turn will not mourn her passing. Others will show grief and a sense of loss at this news, and you can bet that they were fans of the show.
Before today I had never heard of Mary Kay Bergman, and I still don't know anything about her. But I do know that she has made me laugh, and that is what I'll miss.
- Cees
If you're willing to work contract, you can make a lot more than that in Canada. I started at $40/hr right out of University (although I did have 2-3 years of work experience already). And really, any coder worth their beans can do my job. I'm just building web applications using DB2 and server side JavaScript.
:)
By the way, $40/hr is the minimum that you should ask for (in Toronto). I was asked how much I wanted, and I said $40. That's what I got, no questions asked... Makes me think I should have said 50 or 60 and haggled with them a bit
I assume that these sites get hit often and hit hard... What made you think that Linux could hold up to the pressure, and has it performed as you had hoped?
I think you better check that again. I took a quick look at all the posts, and there are only about 4 posts that have been marked down, and they are all worthless drivel that has nothing do do with the article (ie first posts, and the like).
All of the the other articles that you assume have been marked down, haven't been moderated at all. You can tell if a comment has been moderated, because it has a rating plus a reason for the rating (ie Interesting, Funny, Flamebait, etc...)
There are several comments that are rated at 2 that haven't been moderated because that users karma is higher (they have earned this extra point by continuously providing interesting or insightful comments). Also, the comments that you assume are marked down are starting at 0, because the user is either and Anonymous Coward, or have posted enough drivel on the site to have lost a Karma point.
I agree that there are many moderators who need to get their heads out of their collective butts, but most of the time, the system works quite well.
Microsoft accepts that Open Source software is a viable alternative to Microsoft's in-house products
Microsoft is required (by the license) to release the source code with their distribution.
Microsoft is required (by the license) to release all changes they have made to the source code So now, your average Microsofty will see Open Source in a better light. They may also ask, if I can see the source to this software, why won't they give me the source to that software.
Once one Sheep is over the dam...