The Slashdot traffic sometimes temporarily pushes us past the amount of traffic we can handle and still have a reasonable response time. I'm working on some upgrades to address the issue.
I agree. I thought the picture representation was an effort to not have to do different languages. For example, on the backs of branded PCs, you've got things that are suppose to tell you what a port does. There's a oval in a box that is supposed to be a monitor. There's 01010 for a serial port (if you don't even know what a serial port is, how is a string of bits in series supposed to help you figure that out?). Then there's a dot matrix printer shape for parallel. Who gets a new dot matrix any more?
You see them all the time in little Internet toys, and media programs. Look at the KAI graphics stuff for example. Look at any of the "skinnable" applets. I've seen some MP3 players that look downright weird.
The problem is, I hate most of them.
I'm afraid that GUIs (as they exist in the mainstream now) have been hard-coded into our brains. New GUIs have a backwards compatibility problem like you wouldn't believe; they have to be backwards compatible with people.
Unfortunately, we've learned the current GUIs so well, that any major departure is just "wrong."
Nope, I'm certain it was piss. I was quite surprised when I stumbled on it. We had been typing in various obscenties etc... of course, and when we got to piss, it asked for a direction. So, we went about pising on things until we got to a guard.
Also Ultima 2, I think. We discovered that you could do other command, and type is piss or urin (only took 4 letters) on a guard, and it would charge you 100 gold, and the guard would disappear. The guards were normally invincible.
It's good to know that I'd get such a quick answer from the list, but pride dictates that I not go asking how to assign values to variables on a mailing list.:)
But the point I was trying to make was that a simple example would have done wonders for me.
SecurityFocus' webserver is Roxen. A bunch of our webforms are combinations of RXML, pike and a few other things. I also had never heard of Pike or Roxen until I started here, and Elias forced me to learn it.
Anyway, my point is that I had to try to learn Pike by reading said documentation. It's really not very good. It's well organized, but it's incomplete, and lacks good examples. In many cases, I had to make inferences about how something worked by trying it and watching the errors.
The docs especially fall down when it come to how Pike works (differently) when called from Roxen via the tag. For example, I think it took me about 5 hours of searching the docs, mailing list archives, and other code already on our site to figure out how to get variables between the RXML scope and the scope.
Not that it's all bad, of course. There are some real nice features in RXML/Pike when it comes to forms processing, database hooks, etc.. variables submitted via forms appear in RXML code like first-class variables.
Actually, my friends and I always thought the proper bastardization of the title "Master of Puppets" was "Pasture of Muppets." Unfortunately, I don't have the artistic skills neccessary to depict Kermit & co. in a field with the Metallica logo atop.
I am a good programmer, but I am *not* a security expert, nor do I have the time to learn how to be one on top of my other responsibilities. I don't want to use M$ products like IIS and ASP, but I know that if I do - and if a bug or security hole is found - it will pretty much be written off as M$' fault, and not mine, although I will probably have to go back and fix the damage
However, I choose open source software, and we get hacked, my company will *definitely* view it as my fault. Now, I'm not one to play it safe, and I've got Linux/Apache/MySQL/PHP/Perl running all over the place, but still.....this topic makes me worry.
It shouldn't matter which technology you use. if you get hacked, it's your fault or it isn't regardless of which set of stuff you pick. Obviously, if your employer or whatever is going to assign blame because you picked something "weird", you have to cover your ass.
But the point I want to make is that it doesn't matter if you're a security expert or not. Someone, you, the OS vendor, the web server vendor, has already screwed up. There's a decent chance that someone might find said screw-up. If they come after you, you'll be defaced, and there's not a lot you can do to prevent it. In such a situation, the thing to do is to prepare a plan on how to react and recover.
This includes things like buy-in for downtime to apply patches, whether or not you'll want to do forensics and prosecution, or whether you'll just try to get back on line as quickly as possible.
The advantage of open-source is that you'll probably get a patch quicker, or you might even be able to make your own when you see a vulnerability report.
Any local firewall (i.e. host protecting itself) will be inadequate if the source can be spoofed. I.e. ipchains can't tell the difference between a real NFS packet from 192.168.0.2, and a spoofed one. NFS runs over UDP in most cases, and the source would be easily spoofed. All it takes for your exploit to slip through would be to use the right source address, which would probably be easily determined.
You can do anti-spoofing somewhere external to the boxes, but theyn you've got an external firewall.
Probably because they're running things behind the firewall like NFS and some flavor of SQL which won't be secure enough to expose to the Internet anytime soon.
Of course, you can place the orders using you Amazon Affilate Sote, giving yourself a small percentage. But I think that would make it a tad too obvious as to who the culprit was. Unless it was your friend's store.:)
I think that's an excellent point. If the lawyer won't tell you what's going on, they the employer hasn't hired a lawyer for YOU, they've hired one for THEMSELVES.
What happenes if they decide they are happy with some sort of settlement offer then ends up screwing you, but gets them off the hook?
They are required to protect their trademark, or lose it. If you check out the links at the bottom of the page, you'll run across some interesting, such as reference to a book that used "for dummies" before IDG did.
Now, the trademark infringement doesn't seem to apply to non-commercial or parody sites. (Or Slashdot, since it's reporting about it.) However, IDG feels it neccessary to chase these people anyway. They're paying people to do this.
So, what would happen to their costs if all the/. readers put up trademark bait for IDG?
www.dirtcheapdrives.com has a creatve DVD RAM that claims to do 5.2 GB for $279. (Sorry, you'll have to click through their site... they do their links via Javascript, and I'm not in the mood to reverse-engineer their site.)
I've never used one... I'm going by the specs on paper.
I agree they're not nearly as ubiquitous. But, I believe most of not all DVD players will read all the CD formats.
On the curriculum page, I only see the word security mentioned once, in relation to DB stuff.
One of the central problems with information security is that application developers don't know how to do secure programming. They aren't taught this in school, or really in any of the places to learn programming. Typically, they have to learn through pain, or from the places that teach security rather than programming.
Do you think that the little bit you've got on the curriculum now is sufficient, and if not, do you have plans to develop that further? If you want a real differentiating factor for your graduates, there's a good one.
Slashdot Mirror
The Slashdot traffic sometimes temporarily pushes us past the amount of traffic we can handle and still have a reasonable response time. I'm working on some upgrades to address the issue.
I'm working on it.
I agree. I thought the picture representation was an effort to not have to do different languages. For example, on the backs of branded PCs, you've got things that are suppose to tell you what a port does. There's a oval in a box that is supposed to be a monitor. There's 01010 for a serial port (if you don't even know what a serial port is, how is a string of bits in series supposed to help you figure that out?). Then there's a dot matrix printer shape for parallel. Who gets a new dot matrix any more?
When I can't figure out which %!@&^% eyeball to poke to get the thing to minimiize, that might as well be a new GUI.
You see them all the time in little Internet toys, and media programs. Look at the KAI graphics stuff for example. Look at any of the "skinnable" applets. I've seen some MP3 players that look downright weird.
The problem is, I hate most of them.
I'm afraid that GUIs (as they exist in the mainstream now) have been hard-coded into our brains. New GUIs have a backwards compatibility problem like you wouldn't believe; they have to be backwards compatible with people.
Unfortunately, we've learned the current GUIs so well, that any major departure is just "wrong."
Nope, I'm certain it was piss. I was quite surprised when I stumbled on it. We had been typing in various obscenties etc... of course, and when we got to piss, it asked for a direction. So, we went about pising on things until we got to a guard.
It's another cheat, but what the heck...
Also Ultima 2, I think. We discovered that you could do other command, and type is piss or urin (only took 4 letters) on a guard, and it would charge you 100 gold, and the guard would disappear. The guards were normally invincible.
Ehh... it's been done. Red Dwarf's "White Hole" episode.
Go shove a planet down it's throat.
I'll check out the tutorial, thanks.
:)
It's good to know that I'd get such a quick answer from the list, but pride dictates that I not go asking how to assign values to variables on a mailing list.
But the point I was trying to make was that a simple example would have done wonders for me.
SecurityFocus' webserver is Roxen. A bunch of our webforms are combinations of RXML, pike and a few other things. I also had never heard of Pike or Roxen until I started here, and Elias forced me to learn it.
Anyway, my point is that I had to try to learn Pike by reading said documentation. It's really not very good. It's well organized, but it's incomplete, and lacks good examples. In many cases, I had to make inferences about how something worked by trying it and watching the errors.
The docs especially fall down when it come to how Pike works (differently) when called from Roxen via the tag. For example, I think it took me about 5 hours of searching the docs, mailing list archives, and other code already on our site to figure out how to get variables between the RXML scope and the scope.
Not that it's all bad, of course. There are some real nice features in RXML/Pike when it comes to forms processing, database hooks, etc.. variables submitted via forms appear in RXML code like first-class variables.
Actually, my friends and I always thought the proper bastardization of the title "Master of Puppets" was "Pasture of Muppets." Unfortunately, I don't have the artistic skills neccessary to depict Kermit & co. in a field with the Metallica logo atop.
I am a good programmer, but I am *not* a security expert, nor do I have the time to learn how to be one on top of my other responsibilities. I don't want to use M$ products like IIS and ASP, but I know that if I do - and if a bug or security hole is found - it will pretty much be written off as M$' fault, and not mine, although I will probably have to go back and fix the damage
However, I choose open source software, and we get hacked, my company will *definitely* view it as my fault. Now, I'm not one to play it safe, and I've got Linux/Apache/MySQL/PHP/Perl running all over the place, but still.....this topic makes me worry.
It shouldn't matter which technology you use. if you get hacked, it's your fault or it isn't regardless of which set of stuff you pick. Obviously, if your employer or whatever is going to assign blame because you picked something "weird", you have to cover your ass.
But the point I want to make is that it doesn't matter if you're a security expert or not. Someone, you, the OS vendor, the web server vendor, has already screwed up. There's a decent chance that someone might find said screw-up. If they come after you, you'll be defaced, and there's not a lot you can do to prevent it. In such a situation, the thing to do is to prepare a plan on how to react and recover.
This includes things like buy-in for downtime to apply patches, whether or not you'll want to do forensics and prosecution, or whether you'll just try to get back on line as quickly as possible.
The advantage of open-source is that you'll probably get a patch quicker, or you might even be able to make your own when you see a vulnerability report.
Any local firewall (i.e. host protecting itself) will be inadequate if the source can be spoofed. I.e. ipchains can't tell the difference between a real NFS packet from 192.168.0.2, and a spoofed one. NFS runs over UDP in most cases, and the source would be easily spoofed. All it takes for your exploit to slip through would be to use the right source address, which would probably be easily determined.
You can do anti-spoofing somewhere external to the boxes, but theyn you've got an external firewall.
Probably because they're running things behind the firewall like NFS and some flavor of SQL which won't be secure enough to expose to the Internet anytime soon.
Of course, you can place the orders using you Amazon Affilate Sote, giving yourself a small percentage. But I think that would make it a tad too obvious as to who the culprit was. Unless it was your friend's store. :)
I think that's an excellent point. If the lawyer won't tell you what's going on, they the employer hasn't hired a lawyer for YOU, they've hired one for THEMSELVES.
What happenes if they decide they are happy with some sort of settlement offer then ends up screwing you, but gets them off the hook?
No! This server is MINE! Get off.
They are required to protect their trademark, or lose it. If you check out the links at the bottom of the page, you'll run across some interesting, such as reference to a book that used "for dummies" before IDG did.
/. readers put up trademark bait for IDG?
Now, the trademark infringement doesn't seem to apply to non-commercial or parody sites. (Or Slashdot, since it's reporting about it.) However, IDG feels it neccessary to chase these people anyway. They're paying people to do this.
So, what would happen to their costs if all the
www.dirtcheapdrives.com has a creatve DVD RAM that claims to do 5.2 GB for $279. (Sorry, you'll have to click through their site... they do their links via Javascript, and I'm not in the mood to reverse-engineer their site.)
I've never used one... I'm going by the specs on paper.
I agree they're not nearly as ubiquitous. But, I believe most of not all DVD players will read all the CD formats.
Why not straight to DVD? This application doesn't need a fast DVD player. I'm guessing the DVD mechanism wouldn't be much more than CD.
Or at least make it an option, I suppose. There are lots more CD burners than DVD writers out there.. but for this, I could be pursuaded.
Do you believe that when someone downloads a Metallica song via Napster that you're losing a sale?
If yes, may we explain to you why you're probably wrong?
If no, then why are you doing this? As far as I know, copyrights don't have to be rigorously defended like trademarks do.
I can't get to the site at the moment, but if it's comparable to what I've seen before..
Sure. I'd probably buy 2 at $600/ea. The voice is a cool gimick..make sure other controls are there, too.
Did they do it because of pressure, or because a unique feature in each CPU adds significantly to the cost, and they need to compete with AMD?
On the curriculum page, I only see the word security mentioned once, in relation to DB stuff.
One of the central problems with information security is that application developers don't know how to do secure programming. They aren't taught this in school, or really in any of the places to learn programming. Typically, they have to learn through pain, or from the places that teach security rather than programming.
Do you think that the little bit you've got on the curriculum now is sufficient, and if not, do you have plans to develop that further? If you want a real differentiating factor for your graduates, there's a good one.
If I had to guess, I'd say it's because the question is answered here:
http://www.photo.net/wtr/dead-trees/ story.html