Is there an ethical dilemma in asking a website how to teach your college class because you are admittedly completely unqualified to do so but unwilling to forgo the meager wages?
"seems to me that the number one goal of business is to keep your existing customers excited and to constantly be trying to pull in new customers"
The number one goal of business is to make money. Customer loyalty and acquisition are simply means to that end.
"still don't understand why the people involved in this debate keep talking like a 128k bitrate encoded mp3 is just as good as the original wav"
Because for most people it is. Through most of the consumer level electronics out there you'd only be able to tell the difference at higher volumes. The person on the noisy train listening to his nomad isn't going to be thinking "damn, I wish I encoded this at 256".
Who said it was profitable? If you think spam exists because people are making money you're wrong. There are a few chumps that the media like to cover making it seem as if there are only about 3 spammers sending everything out. In reality most spam comes from people running spam programs from their broadband connections. Think how much spam you could send out for the 8-16 hours a day your computer isn't being used. Now all you have to do is run a program that spams the hell out of the world and you get a check for $20/month. Business wise this isn't profitable, for a teenager thats an appreciable amount of money for no work.
To the people who think you can "put spam out of business", I ask you how well that theory works to pyramid schemes and other age-old scams that everyone knows don't work.
Tarpits are great ideas for people who think they are mail server admins because they have sendmail running on their red hat box at home. For real mail servers they are, to put it kindly, retarded (pun intended). Consider the thousands of concurrent inbound connections a large mail service has. Now apply the stuff you hopefully know about concurrency to half those connections. Yum.
Isn't is a better idea to firewall ALL ports on ALL machines where a compromise could cause problems (and open up those you need to, when you need to)? This seems to be common sense to me.
I think you're missing the point, you don't redesign solely for the purpose of becoming standards compliant. You redesign for lots of purposes, and you do it when your needs warrant it. The key is that WHEN you redesign, move to standards compliant pages.
As far as bandwidth savings being minimal, were you comparing old site w/mod_gzip to new site without? If so, then your results are obviously to be expected. If you did both with mod_gzip, then you likely need to build your CSS skillset some more (no offense intended, it really does take a while to master it).
Sorry, I thought that would qualify as a REAL load. And I'm guessing that 1000+ external connections to the system per second might qualify as "tons" of users?
While performance tests can be valid, you really need to do them yourself. A minor variation can make the results of a test completely inapplicable to your situation.
While I'm not planning on responding to the standard "postgres is better than everything at everything" posts, I thought of a point that would apply to my post.
Mysql was built for performance and they added features when and where they did not compromise that goal. Postgres was built for features and optimized performance when and where features were not compromised. For this reason mysql will likely always be behind postgres for features, and the opposite for performance.
Also when evaluating something that is as critical as a database server, make sure to consider the history of the product. I'm not going to trust the claims of increased performance in the latest version of any software any more than I would trust the stability of new features.
A few projects NEED the advanced features PostgreSQL has. Most projects COULD USE the advanced features PostgreSQL has. If you have rockstar programmers who know the difference between saving keystrokes and saving cpu time, and know that shifting logic load to your DB server is generally a BAD thing, you're going to find that you can almost always do things faster (often much faster) in MySQL. Stability is a tough one as its so subjective its hard to compare. I know we use dozens of MySQL servers collectively running tens of thousands of queries per second 24/7 and we haven't had a major issue or lost any data in years.
If performance is key and you aren't into using fancy stuff just because its fancy, you'll want MySQL. If you don't really care about performance, you might like the additional features PostgreSQL offers.
XML tries to eliminate the step of writing parsers for data, although writing parsers has never been a significant part of application development to begin with.
This is true if you are parsing your own data, but what about parsing third party data? I did that for years and every day was full of dealing with corruption, misformatted files, or formats that varied from the documentation because some new guy was making them on the other end.
True, these problems can happen with XML but they are much easier to spot. Send me a file and a DTD/Schema and I can tell you in a second if any future files are bad.
My view of XML is that what it does really well is transfer data. As far as storing data, well I only consider it when a database isn't available.
Do you mean everybody as in 100% or everybody as in 97%? That last 3%, the NS4, IE4, phone, sidekick, palm, etc people aren't going to see it the same way, and may not be able to use the site at all? Why? Partial CSS support. Its an evil thing, when a browser can't understand a CSS file fully so it picks and chooses what it wants (or just bugs out like NS4).
I've seen this thing about PNG being smaller than GIF, and I'd like to believe in it, but I haven't found it to be true. In at least 90% of cases where I try both (which is most every image), I find that GIF is smaller than PNG, often significantly so.
Also, PNG for online photos is kind of silly. Its nice for full screen high quality stuff, but for smaller things like thumbnails where you can't tell the difference betwee lossy and lossless, JPEG beats it hands down (often 50% smaller).
Maybe I'm doing something wrong, but to me PNG's only feature worth using (in the real world) is alpha.
Do you have any facts or specific experience to back this up, or are you talking out of your ass?
The experience of looking through thousands and thousands of spam headers and source info. Almost all large spam attacks come from colo or broadband.
Spamming directly from your own broadband connection is retarded; that's why most spammers don't do it.
I'm sorry but I beg to differ. Most ISP's don't shut spammers off unless they get actual phone calls from enough users/admins. Typically they stall for 24 hours or so at which point the spamming has stopped and they say "Sorry, its stopped, there is nothing we can do". The ISP you worked at obviously took it more seriously than just about every one we have dealt with.
Shutting them off sounds like a plan, but that's not the practice. Even if it got to the point where they get shut off, they just call the next provider. In major areas there can be a dozen or more broadband providers. After a few mistakes the spammer gets wise to policies and becomes even harder to detect, or has moved up to colo, of which there are hundreds of choices available to them.
Don't just cancel their account, but make them pay
Again, sounds good, but remember that this activity isn't illegal so if the fines become too much the spammer will take the ISP to court and likely get the fine reduced or eliminated (re: adhesion contracts). Also, spammers aren't exactly the most honest businesspeople, so the credit card they gave you, if it was legit, was probably cancelled and your legal department will laugh at you if you want to pursue anything more than standard bill collection on a few hundred bucks.
That's easy. Not every sender has to pay, if a user adds an address/domain to his whitelist the mail would go through, just like many solutions in place now. The sender-pays model is built on the principle that there will be absolutely no hope of a spam getting into a mailbox for free, thus reducing the incentive to send it in the first place. If the ad is truly legit, then the marketer should pay for delivery, just like any other medium. Its basically a way for spam to be safely ignored without infringing on the legitimate practice of email marketing.
I don't think this would actually be that hard. Granted, we have a homegrown system with MUCH more comprehensive control and tracking than a basic sendmail install, but if this became a reality I think it would be mere weeks before implementations became available. Its simply a matter of having a whitelist of senders (which is common) with prepaid credits, and a cronjob-style program that debits the account, and can suspend the white-listing (and request additional funds) when the quota is exceeded. Alternatively, a post-paid account could be set up and a bill could easily be generated (if you trusted them enough to pay it). If the revenue warrants it for larger email service providers (not coincidentally the ones hardest hit by spam), you could even set up special mail servers and use a firewall and/or standard SMTP authentication to limit access to paid senders (thus avoiding any token/sender forgery).
"If no-one ever responded to SPAM, it would die out pretty rapidly."
"There is an endless supply of spammers who have yet to realise that it doesn't pay"
The first is false. The second is true. What people don't realize is that spam is NOT about someone sending mail through an ISP's server! This is easy to stop, and most ISP's have had countermeasures in place for years. Unfortunately every hacker out there thinks he/she has the solution through limiting these things.
Most spammers don't use open relays, and they don't use their ISP's mail server!
So if we could please move on, the problem is that spammers are doing the same thing as many people on slashdot, they are running their own mail server off their cheap (often free thanks to parents, and yes I am asserting that much spam is from teenagers) broadband connections, or as Barry mentioned, setting up a colo and blasting out 10 or 20 megabit of spam until the place gets enough heat to shut you off (and rent the box to the next spammer).
If we could start thinking about this problem in terms of 2003 and not 1998, we might make some progress.
Ahh multifinder. In its day that was the bomb-diggity. The familiar scent of nostalgia brings to mind the old "two floppies means infinite storage!" SE.
Question: does anyone know of any info on how much the average game costs to produce? I'm really curious to see how it stacks up to other mass-market entertainment like movies/tv/music/etc. I could price up a business app pretty well but games are a whole different world.
OK, so a big question is what is the difference between scripts and programs? To me, a script is something you just write. A program is something you design, then write. I don't really care what language its in. A 10 line Java program that does some simple operation on args is a script. A huge multi-module Perl file/script is a program. There are other terms to differentiate what most people are talking about, its simply compiled vs. interpreted.
Re: The Main Topic
This basically means the difference is that programmers can script but scripters can't program. *ducks* Seriously, if you are writing complex enterprise-critical applications in javascript, you aren't a scripter, you are a programmer (who probably made a bad language choice). Conversely it you are just running search and replace on open source C code to suit some minor business requirement and compiling it, you aren't a programmer.
Sorry, if this was actually the case spam would be a rather trivial problem to solve. I understand why you think this because it is a widespread myth. Of the millions of servers connecting to us each day, its true that the spam attacks are concentrated in a smaller number of addresses, but this is just because we are one given ISP on one given day. Tomorrow its a whole new set of addresses, repeat, repeat, repeat. Some people misinterpret this and conclude that it must be some small cabal of spamkings, when this is simply not the case.
The real problem with spam is that anyone with broadband access can send a frightening amount of mail, and ISPs are very reluctant to pre-emptively shut this person off due to fear they will be sued by the spammer. It takes much convincing to get them to take action, and usually by the time the ISP decides to do anything about it (often many hours), they have likely stopped and/or changed IP, at which point they tell complaining mail server admins that there is nothing they can do, which is very obviously false.
Thanks to the above for saving me the trouble of explaining the issues. A minor addendum:
"Stories about being flooded with traffic sound impressive but computers are so fast now, it's hard to put anecdotes into context."
This is moot because computers on both sides get faster. Also, its doubtful any small-medium ISP even with the latest generation of machines can ignore the full force of AOL or Hotmail's hundreds (thousands?) of mail servers crushing you with connections and traffic.
Slashdot Mirror
Is there an ethical dilemma in asking a website how to teach your college class because you are admittedly completely unqualified to do so but unwilling to forgo the meager wages?
"seems to me that the number one goal of business is to keep your existing customers excited and to constantly be trying to pull in new customers"
The number one goal of business is to make money. Customer loyalty and acquisition are simply means to that end.
"still don't understand why the people involved in this debate keep talking like a 128k bitrate encoded mp3 is just as good as the original wav"
Because for most people it is. Through most of the consumer level electronics out there you'd only be able to tell the difference at higher volumes. The person on the noisy train listening to his nomad isn't going to be thinking "damn, I wish I encoded this at 256".
I think its safe to assume that total is downloads, not files on his system.
Quick Fix is an absolute godsend. If anything out there contends from Brooks' single productivity booster I'd nominate it.
Who said it was profitable? If you think spam exists because people are making money you're wrong. There are a few chumps that the media like to cover making it seem as if there are only about 3 spammers sending everything out. In reality most spam comes from people running spam programs from their broadband connections. Think how much spam you could send out for the 8-16 hours a day your computer isn't being used. Now all you have to do is run a program that spams the hell out of the world and you get a check for $20/month. Business wise this isn't profitable, for a teenager thats an appreciable amount of money for no work.
To the people who think you can "put spam out of business", I ask you how well that theory works to pyramid schemes and other age-old scams that everyone knows don't work.
Tarpits are great ideas for people who think they are mail server admins because they have sendmail running on their red hat box at home. For real mail servers they are, to put it kindly, retarded (pun intended). Consider the thousands of concurrent inbound connections a large mail service has. Now apply the stuff you hopefully know about concurrency to half those connections. Yum.
Isn't is a better idea to firewall ALL ports on ALL machines where a compromise could cause problems (and open up those you need to, when you need to)? This seems to be common sense to me.
I think you're missing the point, you don't redesign solely for the purpose of becoming standards compliant. You redesign for lots of purposes, and you do it when your needs warrant it. The key is that WHEN you redesign, move to standards compliant pages.
As far as bandwidth savings being minimal, were you comparing old site w/mod_gzip to new site without? If so, then your results are obviously to be expected. If you did both with mod_gzip, then you likely need to build your CSS skillset some more (no offense intended, it really does take a while to master it).
"tens of thousands of queries per second 24/7"
Sorry, I thought that would qualify as a REAL load. And I'm guessing that 1000+ external connections to the system per second might qualify as "tons" of users?
While performance tests can be valid, you really need to do them yourself. A minor variation can make the results of a test completely inapplicable to your situation.
While I'm not planning on responding to the standard "postgres is better than everything at everything" posts, I thought of a point that would apply to my post.
Mysql was built for performance and they added features when and where they did not compromise that goal. Postgres was built for features and optimized performance when and where features were not compromised. For this reason mysql will likely always be behind postgres for features, and the opposite for performance.
Also when evaluating something that is as critical as a database server, make sure to consider the history of the product. I'm not going to trust the claims of increased performance in the latest version of any software any more than I would trust the stability of new features.
Three words: performance performance performance.
A few projects NEED the advanced features PostgreSQL has. Most projects COULD USE the advanced features PostgreSQL has. If you have rockstar programmers who know the difference between saving keystrokes and saving cpu time, and know that shifting logic load to your DB server is generally a BAD thing, you're going to find that you can almost always do things faster (often much faster) in MySQL. Stability is a tough one as its so subjective its hard to compare. I know we use dozens of MySQL servers collectively running tens of thousands of queries per second 24/7 and we haven't had a major issue or lost any data in years.
If performance is key and you aren't into using fancy stuff just because its fancy, you'll want MySQL. If you don't really care about performance, you might like the additional features PostgreSQL offers.
XML tries to eliminate the step of writing parsers for data, although writing parsers has never been a significant part of application development to begin with.
This is true if you are parsing your own data, but what about parsing third party data? I did that for years and every day was full of dealing with corruption, misformatted files, or formats that varied from the documentation because some new guy was making them on the other end.
True, these problems can happen with XML but they are much easier to spot. Send me a file and a DTD/Schema and I can tell you in a second if any future files are bad.
My view of XML is that what it does really well is transfer data. As far as storing data, well I only consider it when a database isn't available.
Do you mean everybody as in 100% or everybody as in 97%? That last 3%, the NS4, IE4, phone, sidekick, palm, etc people aren't going to see it the same way, and may not be able to use the site at all? Why? Partial CSS support. Its an evil thing, when a browser can't understand a CSS file fully so it picks and chooses what it wants (or just bugs out like NS4).
I've seen this thing about PNG being smaller than GIF, and I'd like to believe in it, but I haven't found it to be true. In at least 90% of cases where I try both (which is most every image), I find that GIF is smaller than PNG, often significantly so.
Also, PNG for online photos is kind of silly. Its nice for full screen high quality stuff, but for smaller things like thumbnails where you can't tell the difference betwee lossy and lossless, JPEG beats it hands down (often 50% smaller).
Maybe I'm doing something wrong, but to me PNG's only feature worth using (in the real world) is alpha.
Do you have any facts or specific experience to back this up, or are you talking out of your ass?
The experience of looking through thousands and thousands of spam headers and source info. Almost all large spam attacks come from colo or broadband.
Spamming directly from your own broadband connection is retarded; that's why most spammers don't do it.
I'm sorry but I beg to differ. Most ISP's don't shut spammers off unless they get actual phone calls from enough users/admins. Typically they stall for 24 hours or so at which point the spamming has stopped and they say "Sorry, its stopped, there is nothing we can do". The ISP you worked at obviously took it more seriously than just about every one we have dealt with.
Shutting them off sounds like a plan, but that's not the practice. Even if it got to the point where they get shut off, they just call the next provider. In major areas there can be a dozen or more broadband providers. After a few mistakes the spammer gets wise to policies and becomes even harder to detect, or has moved up to colo, of which there are hundreds of choices available to them.
Don't just cancel their account, but make them pay
Again, sounds good, but remember that this activity isn't illegal so if the fines become too much the spammer will take the ISP to court and likely get the fine reduced or eliminated (re: adhesion contracts). Also, spammers aren't exactly the most honest businesspeople, so the credit card they gave you, if it was legit, was probably cancelled and your legal department will laugh at you if you want to pursue anything more than standard bill collection on a few hundred bucks.
That's easy. Not every sender has to pay, if a user adds an address/domain to his whitelist the mail would go through, just like many solutions in place now. The sender-pays model is built on the principle that there will be absolutely no hope of a spam getting into a mailbox for free, thus reducing the incentive to send it in the first place. If the ad is truly legit, then the marketer should pay for delivery, just like any other medium. Its basically a way for spam to be safely ignored without infringing on the legitimate practice of email marketing.
I don't think this would actually be that hard. Granted, we have a homegrown system with MUCH more comprehensive control and tracking than a basic sendmail install, but if this became a reality I think it would be mere weeks before implementations became available. Its simply a matter of having a whitelist of senders (which is common) with prepaid credits, and a cronjob-style program that debits the account, and can suspend the white-listing (and request additional funds) when the quota is exceeded. Alternatively, a post-paid account could be set up and a bill could easily be generated (if you trusted them enough to pay it). If the revenue warrants it for larger email service providers (not coincidentally the ones hardest hit by spam), you could even set up special mail servers and use a firewall and/or standard SMTP authentication to limit access to paid senders (thus avoiding any token/sender forgery).
Your message is somewhat of a contradiction:
"If no-one ever responded to SPAM, it would die out pretty rapidly."
"There is an endless supply of spammers who have yet to realise that it doesn't pay"
The first is false. The second is true. What people don't realize is that spam is NOT about someone sending mail through an ISP's server! This is easy to stop, and most ISP's have had countermeasures in place for years. Unfortunately every hacker out there thinks he/she has the solution through limiting these things.
Most spammers don't use open relays, and they don't use their ISP's mail server!
So if we could please move on, the problem is that spammers are doing the same thing as many people on slashdot, they are running their own mail server off their cheap (often free thanks to parents, and yes I am asserting that much spam is from teenagers) broadband connections, or as Barry mentioned, setting up a colo and blasting out 10 or 20 megabit of spam until the place gets enough heat to shut you off (and rent the box to the next spammer).
If we could start thinking about this problem in terms of 2003 and not 1998, we might make some progress.
Ahh multifinder. In its day that was the bomb-diggity. The familiar scent of nostalgia brings to mind the old "two floppies means infinite storage!" SE.
Question: does anyone know of any info on how much the average game costs to produce? I'm really curious to see how it stacks up to other mass-market entertainment like movies/tv/music/etc. I could price up a business app pretty well but games are a whole different world.
This is just a post for the people who have their TiVo set to record "Best Quality". :P
Just test SimCity 4. It kicks the snot out of my P4-2.26/1GB DDR/4200.
OK, so a big question is what is the difference between scripts and programs? To me, a script is something you just write. A program is something you design, then write. I don't really care what language its in. A 10 line Java program that does some simple operation on args is a script. A huge multi-module Perl file/script is a program. There are other terms to differentiate what most people are talking about, its simply compiled vs. interpreted.
Re: The Main Topic
This basically means the difference is that programmers can script but scripters can't program. *ducks* Seriously, if you are writing complex enterprise-critical applications in javascript, you aren't a scripter, you are a programmer (who probably made a bad language choice). Conversely it you are just running search and replace on open source C code to suit some minor business requirement and compiling it, you aren't a programmer.
Sorry, if this was actually the case spam would be a rather trivial problem to solve. I understand why you think this because it is a widespread myth. Of the millions of servers connecting to us each day, its true that the spam attacks are concentrated in a smaller number of addresses, but this is just because we are one given ISP on one given day. Tomorrow its a whole new set of addresses, repeat, repeat, repeat. Some people misinterpret this and conclude that it must be some small cabal of spamkings, when this is simply not the case.
The real problem with spam is that anyone with broadband access can send a frightening amount of mail, and ISPs are very reluctant to pre-emptively shut this person off due to fear they will be sued by the spammer. It takes much convincing to get them to take action, and usually by the time the ISP decides to do anything about it (often many hours), they have likely stopped and/or changed IP, at which point they tell complaining mail server admins that there is nothing they can do, which is very obviously false.
Thanks to the above for saving me the trouble of explaining the issues. A minor addendum:
"Stories about being flooded with traffic sound impressive but computers are so fast now, it's hard to put anecdotes into context."
This is moot because computers on both sides get faster. Also, its doubtful any small-medium ISP even with the latest generation of machines can ignore the full force of AOL or Hotmail's hundreds (thousands?) of mail servers crushing you with connections and traffic.