one way or another I would expect most companies would find a way of making your life hell afterwards.
Sounds like grounds to make even more money. Lawsuit time!
Frankly, most employers do not comply simply because they don't know the law exists. I simply showed the law to my employer and they conformed very quickly without fuss. Their concern was to be lawful more than to rip off employees.
See this for a nice minimum that employers could/should be paying. By law, if CA employers do not pay engineers at least $41/hour ($85600/year), then those employees must be eligible for overtime pay. At most companies I know, working more than 8 hours a day (or more than 5 days a week) is standard practice, and you could well earn more than the $85k. That's why most companies that comply with the law one way or another just end up paying people the $85k flat salary.
If you get less, think about making your company pay you back pay overtime for all the hours you've worked, and for all future overtime. It might be as simple as notifying the CA state labor dept.
Well, the White House can veto laws, so it does get a vote. A rather powerful one. However, I do agree it's kind of silly to imagine that the White House would even get a vote on something if Congress voted it down to begin with.
... that not publishing vulnerabilities doesn't stop exploits. This one had exploits long before the vulnerability was known to anyone but the hackers. I have to laugh every time MS whines about how problems would go away if vulnerabilities were never disclosed, except to the vendor of course. The only thing that might go away is the bad PR, if even that.
Funny, haven't heard that name in a while. I was Pete's neighbor for a couple years, long ago. He was a good guy, but went a little too heavy on the drugs. He always seemed to want to be a politician, but it was pretty obvious his druggy past would come back to haunt him. Guess he went into marketing instead. It's good to see he's still fighting the good fight.
That's a very interesting observation. Air Canada was indeed negligent here, but how many times have you written code to limit such a thing? When you're trying to get something working and bug-free, it's hard to think of every nefarious thing someone could do with your application.
The last time I thought of such a thing was today. That's one of the things I do for a living. But you're right that webmasters (and others) aren't renowned for getting little details like this right...
it's dumb to give them to someone who doesn't work for the company anymore.
Yeah, someone who works for the company would never do anything nefarious with the information, would they? It just seems obvious that everyone with access to the site, employees or otherwise, should have limits placed on accesses. It's crazy to allow anyone hundreds of thousands of queries.
It turns out they are a security hole. That makes them a bad idea, even if they are a way to save money for the airlines
That's a bit shortsighted, isn't it? These tickets are a great idea all the way around. It's how they give access to the information that's at fault, not the concept of zero-cost tickets. That's like saying that because you killed someone with your car, all cars are a bad idea. The problem here is that Air Canada's website allowed an individual to do 600,000 lookups (whateve the number was). There should be a reasonable limit, like 100 a day or less. There's no reason for any one person to have more than that, and with such a limit in place the program should be able to continue without a problem.
We implemented something very similar to this years and years ago at a company where I used to work. It sped up certain operations mightily. However, nothing comes for free. We found that it improved throughput at the cost of responsiveness. A great thing if you don't have users waiting for "ls" to finish, sitting at their shell window. A very bad thing if you do. It's the age-old tradeoff of throughput versus responsiveness. Just imagine a slider between the two poles, and set it where you want it. But you can't have both, unless you find some way to remove outright inefficiency, which doesn't seem to be what they've done here.
I was standing in line at an ATM one day, waiting my turn. The person in front of me put in her card and pressed some buttons. Then BAM, the machine froze and the screen went blank. The person left in disgust after hitting buttons in the hopeless attempt to get her card back. She eventually left and I used the working machine next to the broken one. I glanced over at the dead ATM before I left myself and noticed the it was finally rebooting itself. It was slightly modified, but clearly a Windows NT boot sequence. Heh.
Their language packs wouldn't be complete without these languages/alphabets:
- Ebonics - Pig latin - Esperanto - Elvish - Klingon - Linear B
I guarantee you Microsoft won't support any of these. But the open source community is certainly not above it, and will surely be the only recourse for anyone needing to localize software in those languages. And I'm sure there's more I haven't named here.
This patent will never hold water. The idea is an old one. Proposals like this appear from time to time, and are promptly shot down by the horrified masses. I wish the patent would survive, however, because it will be a deterrent to anyone wanting to do this. Though one has to wonder how a patent will really stop someone from starting a space advertising company on, say, the Cocos Islands and floating messages over the rest of the patented world?
Any decent CD ROM drive, paired with one of very many good ripper applications, can rip the CD regardless of any copy protection scheme. Just get yourself a good ripper and enjoy your music. The music labels want you to believe their copy protection schemes are more than just FUD, but they're not. They're useless and easily cirumvented by anyone willing to spend just a little time getting their environment optimized.
Why, yes, it does. Fully expect Kodak to start trying to take apart the digital photography industry for profit. It couldn't innovate fast enough to survive as digital photography developed around it, and has to keep itself from collapsing completely somehow. It's time for desperation measures at Kodak.
Let's hope their patents can be invalidated, or the digital photography industry may get owned.
I already use a challenge/response system to filter my spam, and it works amazingly well. This is similar to the proposed MS/Sendmail "plug-in" in that it tries to verify that the sender is real and actually sent the email in question.
The one big problem neither system solves is spam from sources that are not forged, and actually have a valid return address. Nigerian spam gets through in either case, because an actual human is there. And sites that have a response-bot get through my challenge system (for the moment). These are the extreme rarity, of course, but if everyone used such a system then the spammers would just start using real verifiable return addresses all the time. It's easy to generate a new domain name every day (some already do) and get new IP blocks on a regular basis, so there's no easy way to automatically block email.
Even worse, spammers could still send out the email using zombies while putting valid return addresses in the spam so that it can be verified. They only need to hack their sendmail plugin to auto-verify any email with their return address on it and they can still use zombies all they like to send spam.
I think it's safe to say, as long as there's email, there will be spam.
Vonage already offers 911 service, and it didn't cost me an additional cent. You have the option of enabling it or not, but I didn't see a price difference either way. Is this story just FUD?
I'm tired as fuck of all the self-righteous pricks running around who think their one-on-one conversations are more important than my conversation over the phone.
It's not the conversations themselves that are the problem. It's the fact that people on cell phones usually talk unreasonably loudly that makes them a problem. Not to mention their stupid polyphonic ringers blasting out at 60 decibels every 10 minutes.
This is the only way to truly learn about computers and to be a true programmer. It should be required learning before moving on to high-level languages.
I can't read the Forbes list as it appears to be slasdotted, but the Subaru Justy should be on it! I would guess it's not. It's generally overlooked and easy to forget. But there's a reason you don't see very many of them on the road.
I bought one because it was compact, fairly cheap, and had "4WD". Unfortunately, it didn't have a transmission - or at least most of the time it didn't. I had the transmission replaced 6 times in the first year, all under warranty, because it needed a new one every 2500 miles. I dumped it on a dealer at a loss before the warranty ran out. The dealer tried to put the blame on me, as if I didn't know how to drive, but his mechanic said they'd had 14 Justys in for new transmissions, some of them multiple times.
Slashdot Mirror
When do we get a 100 gb solid state disk for 50 dollars?
When 10 terabyte hard disks are 50 dollars and the minimum space required for an OS install is greater than 100GB.
one way or another I would expect most companies would find a way of making your life hell afterwards.
Sounds like grounds to make even more money. Lawsuit time!
Frankly, most employers do not comply simply because they don't know the law exists. I simply showed the law to my employer and they conformed very quickly without fuss. Their concern was to be lawful more than to rip off employees.
See this for a nice minimum that employers could/should be paying. By law, if CA employers do not pay engineers at least $41/hour ($85600/year), then those employees must be eligible for overtime pay. At most companies I know, working more than 8 hours a day (or more than 5 days a week) is standard practice, and you could well earn more than the $85k. That's why most companies that comply with the law one way or another just end up paying people the $85k flat salary.
If you get less, think about making your company pay you back pay overtime for all the hours you've worked, and for all future overtime. It might be as simple as notifying the CA state labor dept.
Well, the White House can veto laws, so it does get a vote. A rather powerful one. However, I do agree it's kind of silly to imagine that the White House would even get a vote on something if Congress voted it down to begin with.
actually you mean "crackers" not "hackers". check the jargon file for info.
No, I meant "hackers". I think the term "crackers" sounds stupid so I never use it. Sounds like a racist term anyway.
... that not publishing vulnerabilities doesn't stop exploits. This one had exploits long before the vulnerability was known to anyone but the hackers. I have to laugh every time MS whines about how problems would go away if vulnerabilities were never disclosed, except to the vendor of course. The only thing that might go away is the bad PR, if even that.
Funny, haven't heard that name in a while. I was Pete's neighbor for a couple years, long ago. He was a good guy, but went a little too heavy on the drugs. He always seemed to want to be a politician, but it was pretty obvious his druggy past would come back to haunt him. Guess he went into marketing instead. It's good to see he's still fighting the good fight.
That's a very interesting observation. Air Canada was indeed negligent here, but how many times have you written code to limit such a thing? When you're trying to get something working and bug-free, it's hard to think of every nefarious thing someone could do with your application.
The last time I thought of such a thing was today. That's one of the things I do for a living. But you're right that webmasters (and others) aren't renowned for getting little details like this right...
it's dumb to give them to someone who doesn't work for the company anymore.
Yeah, someone who works for the company would never do anything nefarious with the information, would they? It just seems obvious that everyone with access to the site, employees or otherwise, should have limits placed on accesses. It's crazy to allow anyone hundreds of thousands of queries.
It turns out they are a security hole. That makes them a bad idea, even if they are a way to save money for the airlines
That's a bit shortsighted, isn't it? These tickets are a great idea all the way around. It's how they give access to the information that's at fault, not the concept of zero-cost tickets. That's like saying that because you killed someone with your car, all cars are a bad idea. The problem here is that Air Canada's website allowed an individual to do 600,000 lookups (whateve the number was). There should be a reasonable limit, like 100 a day or less. There's no reason for any one person to have more than that, and with such a limit in place the program should be able to continue without a problem.
This might have been funnier 6 days ago...
We implemented something very similar to this years and years ago at a company where I used to work. It sped up certain operations mightily. However, nothing comes for free. We found that it improved throughput at the cost of responsiveness. A great thing if you don't have users waiting for "ls" to finish, sitting at their shell window. A very bad thing if you do. It's the age-old tradeoff of throughput versus responsiveness. Just imagine a slider between the two poles, and set it where you want it. But you can't have both, unless you find some way to remove outright inefficiency, which doesn't seem to be what they've done here.
Think "The Man Show" meets computers.
Oh yeah! Can't wait to see those scantily clad computers!
I was standing in line at an ATM one day, waiting my turn. The person in front of me put in her card and pressed some buttons. Then BAM, the machine froze and the screen went blank. The person left in disgust after hitting buttons in the hopeless attempt to get her card back. She eventually left and I used the working machine next to the broken one. I glanced over at the dead ATM before I left myself and noticed the it was finally rebooting itself. It was slightly modified, but clearly a Windows NT boot sequence. Heh.
Their language packs wouldn't be complete without these languages/alphabets:
- Ebonics
- Pig latin
- Esperanto
- Elvish
- Klingon
- Linear B
I guarantee you Microsoft won't support any of these. But the open source community is certainly not above it, and will surely be the only recourse for anyone needing to localize software in those languages. And I'm sure there's more I haven't named here.
This patent will never hold water. The idea is an old one. Proposals like this appear from time to time, and are promptly shot down by the horrified masses. I wish the patent would survive, however, because it will be a deterrent to anyone wanting to do this. Though one has to wonder how a patent will really stop someone from starting a space advertising company on, say, the Cocos Islands and floating messages over the rest of the patented world?
Any decent CD ROM drive, paired with one of very many good ripper applications, can rip the CD regardless of any copy protection scheme. Just get yourself a good ripper and enjoy your music. The music labels want you to believe their copy protection schemes are more than just FUD, but they're not. They're useless and easily cirumvented by anyone willing to spend just a little time getting their environment optimized.
"Um, doesn't that apply to all digital cameras?"
Why, yes, it does. Fully expect Kodak to start trying to take apart the digital photography industry for profit. It couldn't innovate fast enough to survive as digital photography developed around it, and has to keep itself from collapsing completely somehow. It's time for desperation measures at Kodak.
Let's hope their patents can be invalidated, or the digital photography industry may get owned.
I already use a challenge/response system to filter my spam, and it works amazingly well. This is similar to the proposed MS/Sendmail "plug-in" in that it tries to verify that the sender is real and actually sent the email in question.
The one big problem neither system solves is spam from sources that are not forged, and actually have a valid return address. Nigerian spam gets through in either case, because an actual human is there. And sites that have a response-bot get through my challenge system (for the moment). These are the extreme rarity, of course, but if everyone used such a system then the spammers would just start using real verifiable return addresses all the time. It's easy to generate a new domain name every day (some already do) and get new IP blocks on a regular basis, so there's no easy way to automatically block email.
Even worse, spammers could still send out the email using zombies while putting valid return addresses in the spam so that it can be verified. They only need to hack their sendmail plugin to auto-verify any email with their return address on it and they can still use zombies all they like to send spam.
I think it's safe to say, as long as there's email, there will be spam.
Vonage already offers 911 service, and it didn't cost me an additional cent. You have the option of enabling it or not, but I didn't see a price difference either way. Is this story just FUD?
I'm tired as fuck of all the self-righteous pricks running around who think their one-on-one conversations are more important than my conversation over the phone.
It's not the conversations themselves that are the problem. It's the fact that people on cell phones usually talk unreasonably loudly that makes them a problem. Not to mention their stupid polyphonic ringers blasting out at 60 decibels every 10 minutes.
I already do this. I implemented it with a few simple iptables rules. Nothing tricky. All this stuff about using perl and such seems unnecessary.
This is the only way to truly learn about computers and to be a true programmer. It should be required learning before moving on to high-level languages.
It was manual. I think the automatics didn't suffer from this problem.
I can't read the Forbes list as it appears to be slasdotted, but the Subaru Justy should be on it! I would guess it's not. It's generally overlooked and easy to forget. But there's a reason you don't see very many of them on the road.
I bought one because it was compact, fairly cheap, and had "4WD". Unfortunately, it didn't have a transmission - or at least most of the time it didn't. I had the transmission replaced 6 times in the first year, all under warranty, because it needed a new one every 2500 miles. I dumped it on a dealer at a loss before the warranty ran out. The dealer tried to put the blame on me, as if I didn't know how to drive, but his mechanic said they'd had 14 Justys in for new transmissions, some of them multiple times.
Plain and simple, a total piece of garbage.