The computer was useless because it had no monitor or keyboard.
Yup! Useless!
:-) Indeed. I must be entirely mistaken that I
run the production machines that handle banking
transactions for 2 million customers, and a web
site handling 5 millions hits per day all on
machines without a monitor or keyboard. Those
machines are, in fact, entirely useless. How
stupid of me...
It won't be out till next year and it is already pretty unimpressive.
Yep. It piqued my interest because it came with a
hard drive, which is the only thing really lacking
from my Zaurus C860. But since it's currently
vapourware, I'll stick with the Zaurus, which just rocks. I have ssh and web browsing on the move, on
something that easily fits in a jacket pocket. What
more could anyone want? For all their touted benefits, laptops are useless to me because they're
just too big to be portable.
Event major vendor has a miliraty-grade ("B2" or Trusted") OS
Not really true. AFAIK, lots offer C1 or C2, but
few go up to the B ratings. I know DG/UX did, but
that's sadly now discontinued. Trusted Solaris 2.5.1
was rated to B1, but Trusted Solaris 8 isn't. Bull
did a secure version of AIX, and HP will sell you
SEVMS, but if you're looking for a modern B2 Unix,
then your options ar elimited (no Solaris, HP-UX,
Tru64, IRIX or Linux, AFAIK).
Incidentally, that's not to say that those OSes
couldn't be made to meet those requirements, just
that they haven't been certified as such to date.
Google prides itself on having not just the largest number of indexed pages,
but more importantly, the relevance of the returned results. In general, I've
found them to be ahead of the pack for this, which is one of the reasons I
switched to them in the first place (the other being the uncluttered
interface). I was quite surprised, then, when a couple of test searches
with the new Yahoo engine returned more relevant searches than Google. I'm
not going to switch just yet, but it's certainly something I'll be keeping
an eye on...
Companies such as dynamismor shirtpocket import them or better still get someone visiting japan to bring you one back.
Yep, I got my SL-C860 from Shirtpocket, and have been
very happy with it. It is far and away the best PDA
available for my needs, and the screen really does
have to be seen to be believed. It really is that
good. My only gripe is the lack of integrated
Bluetooth. They've fixed that with the Zarus SL-6000, but for some strange reason, they've
reverted back to the SL-5500 form factor. I have
both, and trust me, the clamshell design is much,
much better. Bluetooth via a CF card works well
enough, I'd just prefer to have it built in. But
I'd recommend anyone thinking of a PDA to take a
look.
If the project is an Intranet where desktop standards are IE5.5, then program to only IE5.5 Who cares if doesn't work in Firefly?
Who cares, and who should care are two
different things. So when MS stop supporting IE5.5
(if they haven't done so already), and IE6 has
actually managed to fix some of the more broken
behaviour of earlier versions (behaviour that
your site relies on because it was designed for
IE5.5), then what? You're
left with a broken Intranet site because you made
a brain dead decision in the first place. I'll
repeat what was said earlier.
Anybody with a clue programs to a web standard, not a browser .
if I design a flash interface that can pull information and display it in itself without reloading the page, that means no waiting for ANY excess code, only content, plus the page doesn't blink to another page... what could be better for the user experience?
How about the ability to use my normal keyboard
navigation shortcuts without flash intercepting
them and generally pissing me off? How about being
able to use the forward/back buttons as I can with
any other page on the web? How about being able
to resize the text that the designer has decided
should be in 2.5pt text for no apparently good
reason, which may look fine on a 1024x768 screen, but is barely readable on my 1920x1440 screen?
How about being able to get at information
when I'm on the move and browsing with my Zaurus
through my mobile phone? Flash may not be entirely
useless, but it certainly has no place on the web...
Bah! I knew it wouldn't happen, but I was still hoping against hope
that he'd allow the original versions to be released, rather than the
special editions. Ho hum. I'll probably still buy them anyway. At
least I still have the real versions on VHS. Maybe I'll see if I can rip them myself...
When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.
There's a difference. Microsoft only do it at the
application layer, with a particular
browser that they provide. If you don't like it
(and I can't see why anyone would), you can always
switch to one of the manyalternatives.
Verisign's site finder operates at the DNS level.
It's not as if you can choose to not use DNS, or
switch to another name service.
I can do what I want only with Palm and Windows. Linux is intriguing, but fails the tests of functionality and compatability.
Good for you. I can't, though.
I need a web browser, an ssh
client, and a terminal window capable of displaying
at least 80 columns of text. My Zaurus gives me
that. Nothing else I've found does. The fact that
it runs Linux is a bonus, of course, and has huge
hack value:-)
What you meant to say was that your new book has just been
released. If you're going to pimp your wares on Slashdot, at least
put an appropriate disclaimer on. That said, I completely agree with
the premise of the book. I've met a lot of mediocre programmers, and
a few good ones. But I've never yet met a real star that didn't have
some background in assembly language programming. Personally, I haven't
written anything in assembly in well over a decade. But that fact that
I can do so if needed makes me a better programmer, and I'd
recommend it to any aspiring coder as a key skill to learn. I wouldn't
say IA32 is a particularly nice introduction (I'd start with a cleaner, simpler architecture, such as 6502), but it is at least widely available
to anyone that wants to study it...
I already have a solution for this scenario. It's called a VPN.
Congratulations. You've just extended your "secure"
corporate
network beyond the physical walls of the office,
and into the house of one of your employees.
Are you sure that the machine they're
using as a VPN
client hasn't been rooted? VPNs have their uses,
but they're far from solving this problem, and in
many ways weaken your overall security. The
correct solution is to change the authorisation
criteria from things you know (password, "secret
handshake") to things you know plus
something else, for example, things you have.
We do this with one time passwords sent to a
user's mobile phone. Once that's been entered,
they're prompted for their normal password.
Thus even if the box has been rooted, and has
keystroke and network sniffers galore, it doesn't
matter. So long as the black hats don't have my
trusted employee's mobile phone, they're not
going to get in (and furthermore, the unexpected
passwords being sent to the phone act as an early
warning system to let us know someone's trying
to break in). Of course, no security
measures are perfect, and theoretically,
with root access,
they could hijack an existing ssh connection
once it's been opened, but it's non-trivial, and
we've raised the bar considerably.
the latest version of the google toolbar returns results with the page one results being filled with nothing but ads
Speaking from a position of ignorance, what is
the Google toolbar, and why would anyone use it?
I'm guessing it's like the somewhat annoying
Google search box in Firebird and Galeon.
I've tried jboss and tomcat and don't have any complaints. They work very well, and (at least from what I've heard) are very secure.
YMMV, but we've found exactly the opposite. We've
had 3 separate security problems through using
tomcat, two of which caused "session leakage",
i.e., displaying one customer's session information
to another. As a finacial services site, we just
can't afford that sort of exposure. Yes, it only
shows up under high load, but the 4 million or so
hits a day that we get is enough to provoke it.
Consequently we're moving to Resin (rather than
ditching servlets altogether, which would be my
preferred option, but whatever).
Because of this you might consider trying to run tomcat without apache.
Tried it. It's slow and inflexible. Stick with
Apache.
I downloaded the "free" Real Media player the other day and was disgusted to see that it loads up advertising.
Huh? I don't get any of that. Is it specific to the
Windows version or something? I'm using v8.0.3.421
(which annoyingly needs an LD_ASSUME_KERNEL setting
to stop it dumping core under FC1, but is otherwise
fine).
You can get WMP on Linux.
Just walk over to mplayerhq.hu and download
No, actually, you can't. WMP playback isn't
available with mplayer unless you're using an x86
box, where you can use the Windows codecs. Explain
to me how I can play WMP files/streams on my
Linux/PPC and Linux/SPARC boxen, and I'll be
interested.
I have to agree that this tax-on-tax business is commonplace among governments and completely unjustifiable.
It is at least logical. VAT is a tax on the value
of goods. The value is the cost that the purchaser
is prepared to pay, which includes P&P and import
duty. If someone is prepared to pay that much for
the goods, then that's their value, and hence that's
the taxable amount. It still sucks, though,
particularly on goods that aren't available
locally, and have to be imported from
elsewhere.
Incidentally, are tickets for your gig at The
Garage going to be available? Stargreen could
confirm that the venue was booked, but couldn't
get tickets. Or are they only going to be
available on the door?
I have an iPod, and I ripped all of my CDs using a supported format. My coffee tastes pretty good.
Your coffee is going to taste pretty grim in a few years, when the latest ipod drops support for your
existing AAC encoded music in favour of their
newer incompatible AAC++ codec of the week.
Meanwhile, I'll still be happily playing my Ogg FLAC
and Ogg Vorbis files without problems.
Re:Yes, but measuring webserver market share is ha
on
2003: Year of Apache
·
· Score: 5, Interesting
Do you count the total number of webservers, or just domains? What if you use a very ineffecient implimentation, and it takes twice the number of machines to do it?
Even then, how do you count them? How many machines
are running any given web site? My sites currently
have 8 servers behind a pair of load balancers. But
it appears to the outside world as if it's a single
machine. Also, do you consider all servers equal?
Should my personal site be given equal weight with
my company's banking sites? I'd be interested to
see a weighted graph so that sites with more
traffic have a greater impact. But the problem
with that is, how do you measure it?
As an aside, I'm getting mildly concerned about
Apache's market share. Not because I don't like
it -- I do, and run both personal and corporate
sites with it. But I distrust software monocultures,
and I fear Apache's heading that way. So I hope
that Apache gets some viable competition. I also
hope, however, that it comes from somewhere that
isn't intent on displacing it with proprietary,
incompatible servers. So that'd be something
other than IIS, then...
A perfect example of why dig is inappropriate for
pretty much any task other than debugging BIND.
Using host would get you the data you need in a
much more sane format:
"...conducting sub $50 transactions (for sites conducting higher value transactions please see InstantSSL Pro or PremiumSSL certificate types)."
I really don't think I should disclose how big my transactions are to this company. It's really none of their business.
So don't. Their "sub $50 transactions" is mostly
marketing blurb, in the hopes of persuading
companies to buy one of their premium certificates
instead. There's nothing to say you can't
use it for higher value transactions, and in fact
we use several of them, and yes, our transactions
are typically
a couple of orders of magnitude higher than $50.
The only difference is the level of insurance
they offer to the customer in the event of a
fraudulent site using one of their certificates.
Slashdot Mirror
Yup! Useless!
Yep. It piqued my interest because it came with a hard drive, which is the only thing really lacking from my Zaurus C860. But since it's currently vapourware, I'll stick with the Zaurus, which just rocks. I have ssh and web browsing on the move, on something that easily fits in a jacket pocket. What more could anyone want? For all their touted benefits, laptops are useless to me because they're just too big to be portable.
Not really true. AFAIK, lots offer C1 or C2, but few go up to the B ratings. I know DG/UX did, but that's sadly now discontinued. Trusted Solaris 2.5.1 was rated to B1, but Trusted Solaris 8 isn't. Bull did a secure version of AIX, and HP will sell you SEVMS, but if you're looking for a modern B2 Unix, then your options ar elimited (no Solaris, HP-UX, Tru64, IRIX or Linux, AFAIK).
Incidentally, that's not to say that those OSes couldn't be made to meet those requirements, just that they haven't been certified as such to date.
Google prides itself on having not just the largest number of indexed pages, but more importantly, the relevance of the returned results. In general, I've found them to be ahead of the pack for this, which is one of the reasons I switched to them in the first place (the other being the uncluttered interface). I was quite surprised, then, when a couple of test searches with the new Yahoo engine returned more relevant searches than Google. I'm not going to switch just yet, but it's certainly something I'll be keeping an eye on...
Yep, I got my SL-C860 from Shirtpocket, and have been very happy with it. It is far and away the best PDA available for my needs, and the screen really does have to be seen to be believed. It really is that good. My only gripe is the lack of integrated Bluetooth. They've fixed that with the Zarus SL-6000, but for some strange reason, they've reverted back to the SL-5500 form factor. I have both, and trust me, the clamshell design is much, much better. Bluetooth via a CF card works well enough, I'd just prefer to have it built in. But I'd recommend anyone thinking of a PDA to take a look.
Who cares, and who should care are two different things. So when MS stop supporting IE5.5 (if they haven't done so already), and IE6 has actually managed to fix some of the more broken behaviour of earlier versions (behaviour that your site relies on because it was designed for IE5.5), then what? You're left with a broken Intranet site because you made a brain dead decision in the first place. I'll repeat what was said earlier. Anybody with a clue programs to a web standard, not a browser .
How about the ability to use my normal keyboard navigation shortcuts without flash intercepting them and generally pissing me off? How about being able to use the forward/back buttons as I can with any other page on the web? How about being able to resize the text that the designer has decided should be in 2.5pt text for no apparently good reason, which may look fine on a 1024x768 screen, but is barely readable on my 1920x1440 screen? How about being able to get at information when I'm on the move and browsing with my Zaurus through my mobile phone? Flash may not be entirely useless, but it certainly has no place on the web...
Bah! I knew it wouldn't happen, but I was still hoping against hope that he'd allow the original versions to be released, rather than the special editions. Ho hum. I'll probably still buy them anyway. At least I still have the real versions on VHS. Maybe I'll see if I can rip them myself...
There's a difference. Microsoft only do it at the application layer, with a particular browser that they provide. If you don't like it (and I can't see why anyone would), you can always switch to one of the many alternatives. Verisign's site finder operates at the DNS level. It's not as if you can choose to not use DNS, or switch to another name service.
Good for you. I can't, though. I need a web browser, an ssh client, and a terminal window capable of displaying at least 80 columns of text. My Zaurus gives me that. Nothing else I've found does. The fact that it runs Linux is a bonus, of course, and has huge hack value :-)
Sounds familiar. Mine stole my SL5500, now I have a C860. She's demanding that I buy her one of those now :-)
What you meant to say was that your new book has just been released. If you're going to pimp your wares on Slashdot, at least put an appropriate disclaimer on. That said, I completely agree with the premise of the book. I've met a lot of mediocre programmers, and a few good ones. But I've never yet met a real star that didn't have some background in assembly language programming. Personally, I haven't written anything in assembly in well over a decade. But that fact that I can do so if needed makes me a better programmer, and I'd recommend it to any aspiring coder as a key skill to learn. I wouldn't say IA32 is a particularly nice introduction (I'd start with a cleaner, simpler architecture, such as 6502), but it is at least widely available to anyone that wants to study it...
Congratulations. You've just extended your "secure" corporate network beyond the physical walls of the office, and into the house of one of your employees. Are you sure that the machine they're using as a VPN client hasn't been rooted? VPNs have their uses, but they're far from solving this problem, and in many ways weaken your overall security. The correct solution is to change the authorisation criteria from things you know (password, "secret handshake") to things you know plus something else, for example, things you have. We do this with one time passwords sent to a user's mobile phone. Once that's been entered, they're prompted for their normal password. Thus even if the box has been rooted, and has keystroke and network sniffers galore, it doesn't matter. So long as the black hats don't have my trusted employee's mobile phone, they're not going to get in (and furthermore, the unexpected passwords being sent to the phone act as an early warning system to let us know someone's trying to break in). Of course, no security measures are perfect, and theoretically, with root access, they could hijack an existing ssh connection once it's been opened, but it's non-trivial, and we've raised the bar considerably.
Speaking from a position of ignorance, what is the Google toolbar, and why would anyone use it? I'm guessing it's like the somewhat annoying Google search box in Firebird and Galeon.
Yes. Two had already been fixed by others (one was in a newer release, one wasn't but had a separate patch available). The third we fixed ourselves.
YMMV, but we've found exactly the opposite. We've had 3 separate security problems through using tomcat, two of which caused "session leakage", i.e., displaying one customer's session information to another. As a finacial services site, we just can't afford that sort of exposure. Yes, it only shows up under high load, but the 4 million or so hits a day that we get is enough to provoke it. Consequently we're moving to Resin (rather than ditching servlets altogether, which would be my preferred option, but whatever).
Because of this you might consider trying to run tomcat without apache.
Tried it. It's slow and inflexible. Stick with Apache.
Huh? I don't get any of that. Is it specific to the Windows version or something? I'm using v8.0.3.421 (which annoyingly needs an LD_ASSUME_KERNEL setting to stop it dumping core under FC1, but is otherwise fine).
No, actually, you can't. WMP playback isn't available with mplayer unless you're using an x86 box, where you can use the Windows codecs. Explain to me how I can play WMP files/streams on my Linux/PPC and Linux/SPARC boxen, and I'll be interested.
It is at least logical. VAT is a tax on the value of goods. The value is the cost that the purchaser is prepared to pay, which includes P&P and import duty. If someone is prepared to pay that much for the goods, then that's their value, and hence that's the taxable amount. It still sucks, though, particularly on goods that aren't available locally, and have to be imported from elsewhere.
Incidentally, are tickets for your gig at The Garage going to be available? Stargreen could confirm that the venue was booked, but couldn't get tickets. Or are they only going to be available on the door?
A humourous reply, yes, but YHBT. Take a look at the spelling of "Raymond".
Your coffee is going to taste pretty grim in a few years, when the latest ipod drops support for your existing AAC encoded music in favour of their newer incompatible AAC++ codec of the week. Meanwhile, I'll still be happily playing my Ogg FLAC and Ogg Vorbis files without problems.
Even then, how do you count them? How many machines are running any given web site? My sites currently have 8 servers behind a pair of load balancers. But it appears to the outside world as if it's a single machine. Also, do you consider all servers equal? Should my personal site be given equal weight with my company's banking sites? I'd be interested to see a weighted graph so that sites with more traffic have a greater impact. But the problem with that is, how do you measure it?
As an aside, I'm getting mildly concerned about Apache's market share. Not because I don't like it -- I do, and run both personal and corporate sites with it. But I distrust software monocultures, and I fear Apache's heading that way. So I hope that Apache gets some viable competition. I also hope, however, that it comes from somewhere that isn't intent on displacing it with proprietary, incompatible servers. So that'd be something other than IIS, then...
; > DiG 9.2.2 > aol.com txt
[...]
A perfect example of why dig is inappropriate for pretty much any task other than debugging BIND. Using host would get you the data you need in a much more sane format:
I really don't think I should disclose how big my transactions are to this company. It's really none of their business.
So don't. Their "sub $50 transactions" is mostly marketing blurb, in the hopes of persuading companies to buy one of their premium certificates instead. There's nothing to say you can't use it for higher value transactions, and in fact we use several of them, and yes, our transactions are typically a couple of orders of magnitude higher than $50. The only difference is the level of insurance they offer to the customer in the event of a fraudulent site using one of their certificates.