It was working fine when I used it last night, though.:)
Seriously, I don't like the new generation windows-based ATMs. And not because they're insecure, or because they crash. Because they're _slower_ than the old ones they're replacing. The only good thing about them is the nice big easy-to-read colour display. But have you noticed that with the old ones, you'd put your card in and it would _immediately_ ask you for your PIN. The new ones seem to stop, read the data from your card, send a request to head office to validate the card (some of Barclay's ATMs display an image of the type of card you've put in at this point... is that pointless or what?) and *then* ask you for your PIN. Very annoying.
I would hope that the lesson here has been learned: a mission-critical service (which ATMs are, these days) should be firewalled from everything that it reasonably can be, and should not be running unnecessary services.
The ATMs should be running a custom application to drive the user interface which just pipes its data over an encrypted byte-stream protocol (maybe SSH, maybe something else, I don't know) to a central authorisation server. It should be able to accept a 'status query' request from a machine located in the branch that periodically checks that the ATMs are running and still have cash. These are the only services that are required. Everything else should be disabled. Everything else should be firewalled.
As long as banks follow these security precautions (and I've worked at a UK bank before now -- they're pretty hot on security, as a rule) they should not be susceptible to virus/worm infection, except by a custom-written worm that exploits security flaws in the custom ATM software... and at this point it doesn't matter what OS you're using.
But "Obviously wearing tinfoil hat" isn't one of the mod options.
Actually, it should be. It should also not affect the score of the post, only the tag that it gets. Then you can set a bonus/penalty for tinfoil hat posts in your user preferences depending on whether you think you need one or not.
A competing toy could match on pictures or color patterns.
That would make it more difficult. I have seen some cubes that have this (they have a picture on each side that you have to match together), and always thought that looked too tricky.
Is it just me, or is the color scheme even the same?
Does look it. And it's even got the 70's rounded edges on the colour stickers. OK, they've copied the physical appearance which might (or might not) count as a trademark violation.
Of course, to stop anyone selling them, you'd need to get an injunction against them. That's the way the system works.
And when the IT department works out that you're intentionally circumventing their monitoring and blocking of sites that frequently carry spyware and trojans, they're going to be _really_ pissed off with you.
Huh? The ads I have on the page are for "Basecamp painless project management", "O'Reilly Revolution In The Valley", and a third one which isn't loading at the moment (i.e., we've slashdotted boingboing's ad server), but which I doubt is pornographic, given the tone of the rest of the site which is largely IT related.
So? Are you suggesting/. should report everything immediately? Or that we should all be checking novell's web site daily to make sure we know if something like this is happening?
What happens if ICANN don't approve the '.eu' domain? The EU, along with EURid, the company designated to manage the domain, have already announced that registrations will be available from October 2005. The EU has actually passed a directive, mandating that the domain _will_ come into existance. As one of the world's most powerful political organisations, I was just wondering what steps they would take to ensure this happened if ICANN happened to disagree...?:)
In Australia, to get a.com.au domain name you need to be a "registered" business or the owner of a trademark. If the same is applied to.com TLD(non-mommercial entities should not use it), then most of the problems would disappear.
Unfortunately, there are many countries around the world where it is legal, in fact perhaps mandatory for some kinds of businesses, not to be an incorporated company, which precludes registration of this kind. For instance, in Britain, firms of solicitors are not allowed to be incorporated -- they trade as sole traders or partnerships, for which there is no registration process.
The question that has to be asked is - what trademark. Obviously not "Rubik's cube" because that's not what the product was called - it was called "magic cube". "Cube" perhaps?
32, I believe. Still, it isn't perfect, and we should perhaps look at ways to improve it.
Only one group can have permissions applied to a file?
Not true. All major Linux filesystems support POSIX ACLs now, enabling you to apply whatever permissions you like.
And no group nesting allowed?
What are the security benefits of allowing this? Personally, I am not aware of any, as I believe whether it is allowed or not the systems are actually equivalent -- it is merely an implementation detail that should be ironed out by any reasonably well written management system.
You can mod this comment down, but you can't propose a security system like THAT to a company interested in protecting their assets. WAKE UP SLASHDOT.
Even without ACLs, it is more than adequate for 99% of companies. Hell, most of them wouldn't want to spend the admin time required to manage anything more complex.
But their software _must_ be secure. I mean, it says right there that three years ago they decided to make it a top priority. How could they have failed to sort it all out in three years?
If you want to write something that actually does something, and you need to do it fast, then stick to CLI.
For me, RAD is synonymous with GUI building. GUI building by hand takes time, and can largely be automated. This is where you have the largest benefits. I'm sure there are CLI RAD tools, but I'm not sure how they would work. I suppose something like automated SQL query builders would count. Command line parser builders, too.
I'll freely admit that I don't like RAD, and that the VB model doesn't actually fit most of the work I do (90% of my apps have a very simple GUI that takes less than an hour to write by hand, connected to a complex back end that doesn't do much that can be reused from somebody else's components). I also have a number of tools that help me write GUIs faster than would usually be possible without a RAD environment.
You've missed the point. This is an instruction from top-level government to lower-level government departments that they ought to be considering open source solutions. It's an internal document. You don't have to trust it; the other government departments that it was written for do.
The question is: why bother releasing in.DOC when there's an RTF right above it? Hmm..
The RTF doesn't contain the metadata. We can't tell who edited it and for how long, and there won't be any embarassing edits to display in the revision history. Obviously they have to release the.DOC file as well, otherwise we wouldn't be getting our money's worth.:)
Well, they've had a public consultation that's lasted about a year, so probably it has occupied all of one medium-senior civil servant's time for this period, that'd probably be about GBP 60,000. Then there would be that civil servant's secretary, who probably earns something like GBP 30,000. On top of this, there would have been reports commissioned from research agencies, probably another GBP 100,000 there. Publicity, arranging a web server for the consultation documents, general administrative cost probably come somewhere in the region of another GBP 30,000. So, I'd guess somewhere in the region of a quarter of a million pounds.
Just top of the head figures, of course, I have no information on how much money the government actually is wasteing.
That's actually what this is about. The government is publishing the results of their consultation on OSS. They're essentially telling all government departments: when you're buying a new IT system, make sure you consider an open source alternative. It's OK if that's not what's right, but you have to at least consider it. And, if you have two systems that can do the job equally well for similar prices, and one is open source, favour the open source one.
So I can use Perl to implement a basic GUI with drop-down menus and buttons linked to dialog boxes and components that move and resize with the main window without actually writing a line of code? Because that's what I expect from a production-quality RAD environment.
It was working fine when I used it last night, though. :)
Seriously, I don't like the new generation windows-based ATMs. And not because they're insecure, or because they crash. Because they're _slower_ than the old ones they're replacing. The only good thing about them is the nice big easy-to-read colour display. But have you noticed that with the old ones, you'd put your card in and it would _immediately_ ask you for your PIN. The new ones seem to stop, read the data from your card, send a request to head office to validate the card (some of Barclay's ATMs display an image of the type of card you've put in at this point... is that pointless or what?) and *then* ask you for your PIN. Very annoying.
I would hope that the lesson here has been learned: a mission-critical service (which ATMs are, these days) should be firewalled from everything that it reasonably can be, and should not be running unnecessary services.
The ATMs should be running a custom application to drive the user interface which just pipes its data over an encrypted byte-stream protocol (maybe SSH, maybe something else, I don't know) to a central authorisation server. It should be able to accept a 'status query' request from a machine located in the branch that periodically checks that the ATMs are running and still have cash. These are the only services that are required. Everything else should be disabled. Everything else should be firewalled.
As long as banks follow these security precautions (and I've worked at a UK bank before now -- they're pretty hot on security, as a rule) they should not be susceptible to virus/worm infection, except by a custom-written worm that exploits security flaws in the custom ATM software... and at this point it doesn't matter what OS you're using.
But "Obviously wearing tinfoil hat" isn't one of the mod options.
Actually, it should be. It should also not affect the score of the post, only the tag that it gets. Then you can set a bonus/penalty for tinfoil hat posts in your user preferences depending on whether you think you need one or not.
So, where can I get a nakedness-sensitive spider of my own? :)
A competing toy could match on pictures or color patterns.
That would make it more difficult. I have seen some cubes that have this (they have a picture on each side that you have to match together), and always thought that looked too tricky.
Is it just me, or is the color scheme even the same?
Does look it. And it's even got the 70's rounded edges on the colour stickers. OK, they've copied the physical appearance which might (or might not) count as a trademark violation.
Of course, to stop anyone selling them, you'd need to get an injunction against them. That's the way the system works.
Moderation -2
50% Troll
20% Insightful
10% Interesting
So... what are the other 20%?
And when the IT department works out that you're intentionally circumventing their monitoring and blocking of sites that frequently carry spyware and trojans, they're going to be _really_ pissed off with you.
Huh? The ads I have on the page are for "Basecamp painless project management", "O'Reilly Revolution In The Valley", and a third one which isn't loading at the moment (i.e., we've slashdotted boingboing's ad server), but which I doubt is pornographic, given the tone of the rest of the site which is largely IT related.
So? Are you suggesting /. should report everything immediately? Or that we should all be checking novell's web site daily to make sure we know if something like this is happening?
Not if it is dictated by the function of the object, it can't. And I'd say that almost all aspects of the rubik's cube's appearance are functional.
What happens if ICANN don't approve the '.eu' domain? The EU, along with EURid, the company designated to manage the domain, have already announced that registrations will be available from October 2005. The EU has actually passed a directive, mandating that the domain _will_ come into existance. As one of the world's most powerful political organisations, I was just wondering what steps they would take to ensure this happened if ICANN happened to disagree...? :)
In Australia, to get a .com.au domain name you need to be a "registered" business or the owner of a trademark. If the same is applied to .com TLD(non-mommercial entities should not use it), then most of the problems would disappear.
Unfortunately, there are many countries around the world where it is legal, in fact perhaps mandatory for some kinds of businesses, not to be an incorporated company, which precludes registration of this kind. For instance, in Britain, firms of solicitors are not allowed to be incorporated -- they trade as sole traders or partnerships, for which there is no registration process.
The question that has to be asked is - what trademark. Obviously not "Rubik's cube" because that's not what the product was called - it was called "magic cube". "Cube" perhaps?
OK. Microsoft spam. Yep, that's a new one on me. :(
Users are limited to 16 groups??
32, I believe. Still, it isn't perfect, and we should perhaps look at ways to improve it.
Only one group can have permissions applied to a file?
Not true. All major Linux filesystems support POSIX ACLs now, enabling you to apply whatever permissions you like.
And no group nesting allowed?
What are the security benefits of allowing this? Personally, I am not aware of any, as I believe whether it is allowed or not the systems are actually equivalent -- it is merely an implementation detail that should be ironed out by any reasonably well written management system.
You can mod this comment down, but you can't propose a security system like THAT to a company interested in protecting their assets. WAKE UP SLASHDOT.
Even without ACLs, it is more than adequate for 99% of companies. Hell, most of them wouldn't want to spend the admin time required to manage anything more complex.
You have to specifically request to receive it. In my book, this means it isn't spam.
But their software _must_ be secure. I mean, it says right there that three years ago they decided to make it a top priority. How could they have failed to sort it all out in three years?
Security
About three years ago, we made software security a top priority
s/three years ago/ten years too late/
Also worth reading the groklaw article on this, which is available here.
If you want to write something that actually does something, and you need to do it fast, then stick to CLI.
For me, RAD is synonymous with GUI building. GUI building by hand takes time, and can largely be automated. This is where you have the largest benefits. I'm sure there are CLI RAD tools, but I'm not sure how they would work. I suppose something like automated SQL query builders would count. Command line parser builders, too.
I'll freely admit that I don't like RAD, and that the VB model doesn't actually fit most of the work I do (90% of my apps have a very simple GUI that takes less than an hour to write by hand, connected to a complex back end that doesn't do much that can be reused from somebody else's components). I also have a number of tools that help me write GUIs faster than would usually be possible without a RAD environment.
You've missed the point. This is an instruction from top-level government to lower-level government departments that they ought to be considering open source solutions. It's an internal document. You don't have to trust it; the other government departments that it was written for do.
The question is: why bother releasing in .DOC when there's an RTF right above it? Hmm..
.DOC file as well, otherwise we wouldn't be getting our money's worth. :)
The RTF doesn't contain the metadata. We can't tell who edited it and for how long, and there won't be any embarassing edits to display in the revision history. Obviously they have to release the
Well, they've had a public consultation that's lasted about a year, so probably it has occupied all of one medium-senior civil servant's time for this period, that'd probably be about GBP 60,000. Then there would be that civil servant's secretary, who probably earns something like GBP 30,000. On top of this, there would have been reports commissioned from research agencies, probably another GBP 100,000 there. Publicity, arranging a web server for the consultation documents, general administrative cost probably come somewhere in the region of another GBP 30,000. So, I'd guess somewhere in the region of a quarter of a million pounds.
Just top of the head figures, of course, I have no information on how much money the government actually is wasteing.
That's actually what this is about. The government is publishing the results of their consultation on OSS. They're essentially telling all government departments: when you're buying a new IT system, make sure you consider an open source alternative. It's OK if that's not what's right, but you have to at least consider it. And, if you have two systems that can do the job equally well for similar prices, and one is open source, favour the open source one.
So I can use Perl to implement a basic GUI with drop-down menus and buttons linked to dialog boxes and components that move and resize with the main window without actually writing a line of code? Because that's what I expect from a production-quality RAD environment.