Dunno why I'm replying, cuz it won't do any good anyway...
i'm a dem sympathizer (i would sooner admit being a miami dolphins fan too), and have voted more dems than backwards racists party.
For the record (dig out your history books if you doubt me), the dixiecrats, segregationists all, split from the democratic party, not the republicans. George Wallace (Boo! Boo! Boo!) was a democrat, too. Lincoln, the guy who set the black man free, was a republican.
Lott? His racist years were spent as a democrat, and he dropped his views when he joined up with the republicans.
Ok, class, repeat after me... democrats are the rasicts, republicans never were.
I like PHP and web apps, and code a little here and there... but I must say that if you are designing a business app, security is of the utmost importance. Therefore, it seems to me that you can design a regular app (QT/$backend, or some other combination) to run on the server, and have the clients log in via ssh or something similar and have the app run on their desktops via port forwarding/X forwarding. This seems to me to be way more secure than SSL web applications, and eliminates the deficiencies you just mentioned.
Ok, there are problems with this scenario (what if the user's connection drops occasionally?), and these would be hurdles to overcome, but my point is that while web apps are 1337, there are other more traditional and perhaps easier ways of making an app with the kind of gui that's needed for business apps
Unless I'm misunderstanding this, these are local exploits only. No one can use these bugs unless he has a valid mysql account on the server in question. These vulnerabilities cannot be used by an external attacker (a website user, for example) to h4x0r the box.
In other words, my servers are not vulnerable. No one else but me has accounts on my boxen. Only a production box (a shell box doing web hosting, for example) where you have untrusted users would be vulnerable.
I'll update my box just as soon as my distro has a patch available, sure, but this event is a non-issue for me (this time).
while we are discussing splattered animals...
on
Science Askew
·
· Score: 3, Funny
Q. What's the last thing that passes through the mind of a fly as he strikes the windshield of a speeding car?
Assuming your laptop runs linux, ssh -X to your workstation, then run whatever apps you want by starting them on the command line. The display will pop up on your laptop.
If your laptop isn't linux, then you could run vncserver on your workstation, ssh to it with the VNC port forwarded, then point your laptop's vnc client to localhost, using the forwarded port.
You want it automatic? A simple shell script would do the trick.
Um, not to be picky, but that's what the supremes addressed with this decision. You don't have to do this, and there are no enforceable laws that say you have to.
Usually, there is an option to fix this in the bios. Normally it's on the first bios setup screen, labelled "Halt on: (list of options)" or somesuch. Tell it to keep keep silent on boot errors, and you can probably yank that keyboard.
Actually, if you're going to be serious about encryption, you ought to encrypt everything you send out.
If you encrypt only the sensitive stuff, anyone watching you knows when you do it. If you routinely send encrypted traffic, no one is going to know when one of your messages actually contains something you'd rather not have divulged.
The military does this all the time. They blast all kinds of noise on the band, and only rarely send any actual message, thus keeping their stuff hidden in plain sight.
There was even (in keeping with the latest trend on/.) a science fiction story that used this as a plot vehicle, which told of messages being received from distant planets where usually there was stellar noise. I want to say it was "The Mote in God's Eye", but don't quote me on that.
Um, do the rules state such? No SSL? I mean, I'm not really too keen on telnetting to my shell. No competent linux admin is going to want to use anything besides SSH.
Or does this refer to the rule against hams using private codes or language to communicate with (voice, CW, or whatever). I can't believe the FCC would mandate insecure data communications. Perhaps the rule is a throwback to the days when data security wasn't as big an issue (and there wasn't a public internet to gateway to, etc.)?
Do you have a URL to the rules, perhaps? Also, knowing what paragraph, etc., in the rules would be handy.
Arrggh. My ticket just lapsed a few days ago, I just realized (I'm KD4TFF).
Anyway, I'm wanting to get into packet, and was discussing this very topic with another ham last week.
This firewall distro works great. I know everyone likes Freesco, and I use that too on occasion, but I've had the NetBSD firewall running at one of my client's offices for about a year and a half, and it's given me absolutely no trouble at all. Several people in our LUG use it as well.
Several apps/components can interface with an exchange server (evolution + connector, for one), but the issue is that of replacing exchange altogether. That, and making the iCalendar etc.-compliant server talk to exchange (until M$ breaks that functionality, of course).
I'm trying to get read in on the project (RFCs, relevent projects, etc.), and also ran a few numbers:
100-seat Exchange license plus Outloook: ~$8500, plus $2500 labor for the consultant
100-seat Domino license plus Lotus: ~$8500, plus $2500 labor for the consultant
...so you see, exchange/outlook and domino/notes basically cost the same. They both work, for the most part (notes' clunkiness previously noted). You can certainly put evolution on the desktop, but you're stuck paying $70/seat for connector (whereas outlook is free if you purchase exchange with seats), and you still have to purchase the exchange server and seats.
There are a few projects that allow you to take scheduling info generated by evolution and publish this data to a web page (jical for one), but an exchange replacement AFAIK just doesn't exist yet. Gripe as much as you want, but this is a big missing piece that we have to deal with if we want to be successful dethroning windows in the corporate world.
The upsetting thing is that the iCalendar RFCs were written in 1996, and we still haven't gotten a satisfactory working product, as noted a few weeks ago here on slashdot.
Oh, and:
this post
100-seat Exchange-workalike opensource app plus evolution/Kroupware/phpgroupware/etc.: free, plus $2500 labor for the linux consultant
IANAP, but I've slipped into a mode of typing what I'm trying to make my program do in comments, then I'll dig through my PHP book to figure out how to implement it. Once I get some bit wortking, I'll add another comment saying, "ok, I can make that array work, but now I need to figure out how to put this data into it from a form or something...".
At my work, we had WP 10 (running on win2k), but kept having problems with it. Printer issues, mainly. We rolled back to WP 9 and our problems went away.
I've only been here for 4 months, but my standard query when a worker calls me with printer problems is to check to see whether the've still got 10 on their computer. Apparently the rollback wasn't done on every PC:-/
My buddy from school (hey, Champi!) is a construction project manager in Atlanta, and years ago he told me that normally bids were accepted, opened, and the highest and lowest bids were thrown out at the beginning, then the remaining bids were looked at from there. Supposedly it helped weed out the gouger and the guy at the bottom who didn't know his stuff well enough to put in an informed bid.
I don't know if this is incidental to Georgia or to the construction industry, though.
One more for the road...
on
Haiku vs Spam
·
· Score: 2, Funny
How you gentlemen!!
All your base belong to us.
You know what you doing.
My haiku contribution to this duscussion:
on
Haiku vs Spam
·
· Score: 2, Funny
I learned 'bout haiku
In spring of two thousand two.
I'll forget it soon.
The school in question was the University of Waterloo --- you know, the guys that gave us watfour, watfive fortran, etc. In other words, Microsoft went after one of the big guns. IMHO, this is nothing more than part of their attack against Linux and the GNU.
No, fortran isn't GNU, but it is what many schools used in the dark ages. Fortran in particular was fundamental to most of the engineering research that took place in the 70s and 80s, and while it may not have been free as in speech, many university departments used it like it was free as in beer. Remember that BSD came from a university setting (Berkeley) and was the beginning of the free software movement.
One of my CS professors at LSU back in '82 told us about the bug. IIRC, he said that probably no one would bother doing anything about it until 1999. Looks like he was pretty much on the mark.
Slashdot Mirror
i'm a dem sympathizer (i would sooner admit being a miami dolphins fan too), and have voted more dems than backwards racists party.
For the record (dig out your history books if you doubt me), the dixiecrats, segregationists all, split from the democratic party, not the republicans. George Wallace (Boo! Boo! Boo!) was a democrat, too. Lincoln, the guy who set the black man free, was a republican.
Lott? His racist years were spent as a democrat, and he dropped his views when he joined up with the republicans.
Ok, class, repeat after me... democrats are the rasicts, republicans never were.
[/off-topic]
In fact, here's my blockfile.
...And I have a shell account, haha! Email me and I'll ask the admin about getting you one, too: spacejunk@satellite.nasa.gov
I like PHP and web apps, and code a little here and there... but I must say that if you are designing a business app, security is of the utmost importance. Therefore, it seems to me that you can design a regular app (QT/$backend, or some other combination) to run on the server, and have the clients log in via ssh or something similar and have the app run on their desktops via port forwarding/X forwarding. This seems to me to be way more secure than SSL web applications, and eliminates the deficiencies you just mentioned.
Ok, there are problems with this scenario (what if the user's connection drops occasionally?), and these would be hurdles to overcome, but my point is that while web apps are 1337, there are other more traditional and perhaps easier ways of making an app with the kind of gui that's needed for business apps
In other words, my servers are not vulnerable. No one else but me has accounts on my boxen. Only a production box (a shell box doing web hosting, for example) where you have untrusted users would be vulnerable.
I'll update my box just as soon as my distro has a patch available, sure, but this event is a non-issue for me (this time).
A. His rear end.
Ba-da-boom.
If your laptop isn't linux, then you could run vncserver on your workstation, ssh to it with the VNC port forwarded, then point your laptop's vnc client to localhost, using the forwarded port.
You want it automatic? A simple shell script would do the trick.
Hrmph. I'll bet it does get appealed to the supreme court, in short order.
Um, not to be picky, but that's what the supremes addressed with this decision. You don't have to do this, and there are no enforceable laws that say you have to.
Usually, there is an option to fix this in the bios. Normally it's on the first bios setup screen, labelled "Halt on: (list of options)" or somesuch. Tell it to keep keep silent on boot errors, and you can probably yank that keyboard.
If you encrypt only the sensitive stuff, anyone watching you knows when you do it. If you routinely send encrypted traffic, no one is going to know when one of your messages actually contains something you'd rather not have divulged.
The military does this all the time. They blast all kinds of noise on the band, and only rarely send any actual message, thus keeping their stuff hidden in plain sight.
There was even (in keeping with the latest trend on /.) a science fiction story that used this as a plot vehicle, which told of messages being received from distant planets where usually there was stellar noise. I want to say it was "The Mote in God's Eye", but don't quote me on that.
Say what?
You'll have to pardon me, I'm from the south, so I wouldn't know about trains running over snowmobiles. Does this happen often?
Or does this refer to the rule against hams using private codes or language to communicate with (voice, CW, or whatever). I can't believe the FCC would mandate insecure data communications. Perhaps the rule is a throwback to the days when data security wasn't as big an issue (and there wasn't a public internet to gateway to, etc.)?
Do you have a URL to the rules, perhaps? Also, knowing what paragraph, etc., in the rules would be handy.
Arrggh. My ticket just lapsed a few days ago, I just realized (I'm KD4TFF).
Anyway, I'm wanting to get into packet, and was discussing this very topic with another ham last week.
This firewall distro works great. I know everyone likes Freesco, and I use that too on occasion, but I've had the NetBSD firewall running at one of my client's offices for about a year and a half, and it's given me absolutely no trouble at all. Several people in our LUG use it as well.
:-)
Great product
I'm trying to get read in on the project (RFCs, relevent projects, etc.), and also ran a few numbers:
There are a few projects that allow you to take scheduling info generated by evolution and publish this data to a web page (jical for one), but an exchange replacement AFAIK just doesn't exist yet. Gripe as much as you want, but this is a big missing piece that we have to deal with if we want to be successful dethroning windows in the corporate world.
The upsetting thing is that the iCalendar RFCs were written in 1996, and we still haven't gotten a satisfactory working product, as noted a few weeks ago here on slashdot.
Oh, and:
Just curious, I've been wondering for a while what your sig meant :-/
The flash app of which you speak --- may we view it? Grazi.
Its ugly, but it seems to help me out.
I've only been here for 4 months, but my standard query when a worker calls me with printer problems is to check to see whether the've still got 10 on their computer. Apparently the rollback wasn't done on every PC :-/
I don't know if this is incidental to Georgia or to the construction industry, though.
How you gentlemen!!
All your base belong to us.
You know what you doing.
In spring of two thousand two.
I'll forget it soon.
Heh.
The school in question was the University of Waterloo --- you know, the guys that gave us watfour, watfive fortran, etc. In other words, Microsoft went after one of the big guns. IMHO, this is nothing more than part of their attack against Linux and the GNU. No, fortran isn't GNU, but it is what many schools used in the dark ages. Fortran in particular was fundamental to most of the engineering research that took place in the 70s and 80s, and while it may not have been free as in speech, many university departments used it like it was free as in beer. Remember that BSD came from a university setting (Berkeley) and was the beginning of the free software movement.
One of my CS professors at LSU back in '82 told us about the bug. IIRC, he said that probably no one would bother doing anything about it until 1999. Looks like he was pretty much on the mark.