Network Intrusion Detection by Northcutt and Novak Counter Hack (Reloaded) by Skoudis The Hacking Exposed series by Joel Scambray and other authors are fairly informative as to techniques and defenses, but not necessarily at explaining the topic at a packet level. Hacker's Challenge 2 by Mike Schiffman is a decent introduction at applying analysis skills
There's a ton of useful mailing lists and websites that have similar information, but the above books (particularly the first two) provide a lot of it in well written form in a central location.
Where would I start studying to learn whether this field is a good fit for me?
I'd recommend the Northcutt/Novak book "Network Intrusion Detection" as a good one to start with. If you come out with a knowledge of IP packets, how to read them in hex format and TCPdump (yes, TCPdump, not Ethereal) then continue on in the field. If it's not of interest or is too hard, don't.
(Good) Network security isn't often all that interesting or that sexy. You have to do a good deal of ongoing research to stay on top of what the bad guys are developing. Chances are that you'll deal with a lot of bots, spam, script kiddies, and worms rather than some 'leet hacker who will challenge you to an international manhunt. You have to read lots of packets and system logs. You don't have to be an expert programmer, but being able to write $SCRIPT_LANGUAGE well enough to write quick custom log parsers and analyzers is a big plus.
Of course, there's plenty of hacks (in the old, pre-computer meaning of the term) who'll run Nessus against a client and bill them a couple thousand dollars. But I'm assuming you don't want to be one of those.
You can look at the CISSP prep books, but (IMO) their program is less technically oriented than the SANS type ones, and will show you more about how to interact with management as a security analyst than the technical aspects that you would have to know.
I'm not sure all your comments are very accurate, perhaps this is just a troll.
He (she? These generic names make guessing so much fun) and I do not always agree, but (s)he's a definitely not a troll. Much more in the "let's agree to disagree" class of person.
Only fools would pay for $1200/license to use somebody's pre-packaged open-source software.
Um, yeah... The enterprise experience you base this statement on is?
$1,200/license doesn't add up to all that much in the grand scheme of things. Assuming you have a sysadmin total cost of $50/hour - that's compensation plus employer's side of FICA plus bennies. At that rate, a $1,200 license pays for itself if it saves 24 hours of sysadmin time. A well designed packaging and management system is capable of doing that.
Sure, it doesn't take *that* long to compile and distribute binaries, but then there's the matter of testing. Do you know that kernel update won't cause 100% CPU utilization when Apache tries to send mail? Do you know that software piece foo won't interfere with software piece bar? That's part of what paying the big money is supposed to ensure - that it's been carefully tested. Does that mean you shouldn't put it into your test environment before deploying? No, but it means you're much less likely to find problems and have to spend time debugging them.
"Enterprise" downtime costs add up real fast. If 100 people costing an average of $15/hour rely on a server and it goes down for an hour, that's $1500 of wasted time. I've been in the situation where a key database server that many more users at a much higher cost went down an average of an hour a week consistantly.
There's also the matter that the companies that are charging that kind of money for Linux and other open source software licenses are the ones footing the bill for large amounts of the development going on. Paying them ensures that further development occurs.
If you have more than one license, you could easily hire someone full-time to do upgrades on your servers and use a free linux distribution like Fedora or Gentoo.
So, what is the guaranteed amount of time that those OSes will be supported by their vendors? A few months? A year and change? In the enterprise world, it's not uncommon for a server to be put into service and run for four or five years. Once they're up, running, and stable, you apply the security fixes and that's about it. Having to switch to a newed version of the OS every 1.5 years when the vendor drops security patches for it is expensive and stupid, particularly when you have to go through the stability testing phase again. Maintaining four and five year old software isn't sexy, so you're much less likely to find a user supported distro keeping anchient versions patched than commercial distros.
And if it isn't so simple, then do you really want Redhat holding the gonads of your operations? What are they going to do for you that a dedicated employee wouldn't?
Not quit, not get hit by a bus, do the afore mentioned testing, write the kernel, GUI, etc. If you're running RH, you can find a few hundred people who can walk in off the street and handle a simple server in virtually no time. You can't do the same with Gentoo.
And then there's also the fact that certain enterprise software is only certified to work on the big commercial distros, so if you ever need help with a problem, you better hope that you're running one of them.
I assume, of course, that the true meaning that you refer to is that part of the perscription that gives directions to the pharmacist? Or perhaps the agreement to purchase stocks? Yes, the word does, in fact, have more than one meaning. For example, many fine arts organizations offer subscriptions to their performances. While technically the word rent would also apply there, you'll find far more people who would say "I got my wife a subscription to this season's Operas at the Foo Peformance Hall" than "I got my wife a rental of this season's Operas at the Foo Performance Hall."
Per part b of definition one, you'll see that online services are increasingly using the term subscription to describe granting of access for a period of time to electronic services. In some cases such as LiveJournal or our very own Slashdot, the subscription grants special rights and priviledges, in others, such as Salon, a subscrtion or temporary pass is needed to read the content. It is also used in terms of cellular subscriptions.
in that you pay for something in advance (at discount) and receive the product periodically when it is actually published.
Not exactly. Subscriptions, the type used to aquire magazines, do not require payment in advance nor are they necessarily at a discount. If you're going to complain that you feel other people are misusing a word, it helps to be more precise yourself.
this is not to be confused with BS "subscription" services which take away what you already have when you stop paying.
So, I sense that you have a dislike for "subscription" music services. Rather than laying out logical reasons for that or presenting a good argument why the dictionary is wrong, you simply churn out a bunch of vitriol, which of course, because you're supporting Apple and against any form of DRM, is a great way to get modded up.
You are quite correct that Apple/Daily show is not a (new) Napster/Rhapsody style plan. What you gloss over is what the grandparent poster aludes to and other people have more clearly stated, is that there is most likely a limit to how many shows Apple can reasonably offer on a ala cart basis before users determine that they're better off with a cable/minidish subscription (ah, that word again) and a TiVo (etc) and transfering saved files to their computer/phone/whatever manually. This leads to the supposition that Apple might at some point begin offering a cable-like experience where users can view on-demand but not indefinitely licensed media. It may or may not be correct, but it is something to consider, and something your post failed to address.
It makes a certain amount of sense for video files, in that they are larger than audio files, and also "consumed" less often. Most people aren't going to watch a Daily Show episode dozens of times like they would a music track, but the ability to pull out a random episode from a month ago to show a friend would be desirable. The recent study that showed that iTunes users tend to purchase fewer and fewer songs after an initial flurry of purchases shows that the concept may be worth Apple considering for music as well - a steady monthly fee of $10 may work out to be better for Apple in the long run than $1/track in a pattern that may drop off rapidly.
I'm glad you're happy with your choice not to use a subscription model music service. However, millions of us are quite happy with them, and choose to use them because they offer a comparative advantage that meets our needs better than an ala carte system. If you or anyone else are curious, I can lay those out yet again. That's the great thing about having a choice - we can both be happy. In the mean time, please brush up on your argument skills before railing about the terrible companies that "take away what [I] aready have when [I] stop paying," when that misrepresents the nature of the service and how they treat me.
I would imagine that most of the physical labor of building a chemical processing facility is probably done by people who are not chemical engineers. The guy who welds a pipe to a vat does not have to be a ChemE - he just has to know how to weld to the standard specified by the project definition.
As someone else noted, that guy doing the weld isn't an amateur either, he just doesn't happen to be a chemical engineer. At least in.us, he would have achieved legally licensed status in the state in which he's working after demonstrating a level of skill the field. Further, a good welder's likely to be making about as much as a junior Chem. Engineer does - when things are really, really important, you pay money to make sure someone who really knows what they're doing is taking charge for it.
I would imagine that skilled Joes could contribute code to the project that could be successful. Again, the SoftE would check that code to make sure it was done correctly and to standard.
There's many wrong ways to write code and it's not immediately obvious from a casual glance if something's going to leak memory, expose confidential data, or pose a security risk to the system. Writing code is easy. Writing good code, debugging code, finding special cases, and writing secure code are all hard. Your average businessperson does not know about source control, regression testing, SQL injection, buffer overflows, etc.
If you look at many of the online tutorials/advice boards on how to program, you'll see many, many bad security flaws being presented as "the way to do things." Sure, turn on PHP globals, it makes programming soooo much easier.
In fact, I think it would be highly inefficient to have an entire software project done by only software engineers. It would be an inefficient use of resources to do so. That would be like hiring mechanical engineers to build cars.
Cars are cookie cutter. They make a slew of them exactly the same. Each bit of code has to be just a little different. Those differences are what lead to problems. To quote you in another thread:... software needs to be tested to make sure it behaves with all the other pieces of software - and that it isn't loaded with spyware or other security-breaking issues.
Reading other people's code can be hard. Reading an unskilled person's code can be a nightmare. Remember, before the time of auto-syncing to a master clock, most VCRs blinked 12:00 because programming them was too hard.
So by your own explanation I take it you are agreement with the parent post then.
Try reading my post again. I clearly say there is room, appropriateness, and personalities that match both. It's not a dichotomy - I don't have to only agree with one. I'm hoping to get some of my work code GPLed and some of my work code BSD licensed, depending on which I feel is more appropriate. I also want to keep some of it closed and proprietary.
This whole resentment for others "getting a free leg up" is what I find most odourous in the GPL camp.
What's so difficult to understand? If I donate something to the general public, I expect them to share it with other people if I put it out under the GPL. Other people can choose to accept my terms - they have no inherent "right" to my work. How many BSD developers were paid anything when MS used various parts of the BSD networking tools? What benefit (bug testing, etc.) went back into the community? How many BSD based companies have been squeezed out of business by MS? Why not just go scrub Bill Gate's bathroom on the weekends? Or my car could use a good wash.
Linux having NTFS write capability means that users in developing countries using old computers have one more potential benefit. OS X having NTFS write capability means that some guy in a coffee shop sipping an expresso that costs a week's wages in a developing country has one more thing to feel smug about. As I noted, Apple has not been friendly to Linux in the past. When you were a kid, did you share your candy with the bully that punched you in the arm when the teacher wasn't looking?
We all "get a leg up" from both GPL and non GPL software,
I pay for all my tools that require fiscal payment and even some that don't. That's the exchange for that leg up. In the case of the GPL, it's accepting the terms on redistributing the code. Like it says, there's nothing that forces you to accept the terms of the GPL.
Using a BSD style license would not be as revenue friendly to organisations like TrollTech because they really would be giving anyone the freedom to compete directly with them, the freedom to not have to pay for commercial use, the freedom to do what they want.
OMG!!!1!! In the real world, people need to be able to do things like pay bills and eat. Alert the news corp! Stop the presses!
I just find the GPL less pragmatic, and brings with it unwanted philosophical baggage which *I* personally would rather avoid.
Good on you. If you want, you can write NTFS code for Apple in your spare time. I'm sure they'd appreciate it. But don't complain that other people don't share your view. It's part of being human.
One of these technial areas is the GPL special exception clause regarding not having to provide source code for major components of the base operating system or other binary components, unless those compoenents normally accompany the executable.
You're misunderstanding the clause. It immediately follows the part that says you have to include all make/installation files required to build the executable. The exception says you don't have to bundle the OS and compiler with those makefiles.
So if I ship a binary operating system image inside an appliance (eg a Mac) that contains both GPL and non GPL code, am I forced to release my code (and potentially other third party code which I have may not have source or permission) under the GPL because the GPL executables "normally accompany" the said operating system and other proprietry software ?
If Apple were to incorporate GPL code into the kernel, they would be legally liable. The whole issue could be made go away if they GPLed the whole thing. If they could not (3rd party source) or would not do so, then they would have to remove the code and would be liable in much the same way that they would be liable if one of their employees had intergrated MS code (or even BSD code, without attribution). In all likelyhood, i
You don't want to aid anybody else around you unless they give you something in return.
No, GPL types don't want to aid them unless they're willing to give everyone something in return.
And for the record, there's nothing wrong with quid pro quo. Would you drop by my place and wash my car for me? Or hang out at Apple HQ and scrub the bathrooms for free?
I'm not saying this as an Apple fan-boy, this is a free software issue. How can software truly be free (as in speech) when you place these sorts of restrictions on people who want to use it?
Speech can be limited and still be free. Insert usual lines about yelling fire, etc.
If your goal is to ensure that everyone has access to the code (and its descendents) that you write, then the APL/BSD license is bad. Many people working on GPLed software believe in that. Otherwise you're just doing work for a commercial enterprise for free.
If your goal is to try to get as many people to use your code as possible, the BSD license is fine. If your goal is that every person in the world has the option to benefit from the code that you write, it's not. There's a place for both licenses.
Apple (from limited reading of the posts) brought nothing to the table but wanted a leg up from Linux. Unless your only goal in life is to have your code used by whoever, there's no benefit to helping Apple in this case. And Apple wasn't overly helpful to getting read/write access to HFS+ access in Linux.
You have the right to live by whatever means you can muster, as long as you don't rob or enslave someone else to provide you with those means.
OK, I'm bored, so I'll bite. In a purely biological measurement, there's nothing that provides a right to life, property, or freedom. Animals (humans included) routinely kill each other over issues of food, land, or dominance. Although humans tend to be the only ones that kill for the pure pleasure or spite of it. Therefore, no natural right to life. Robbing? Again, it's pretty routine to take away food or territory from other animals. Enslaving? Harder, in that most animals lack the ability to control others due to limited brainpower, but there was the nice link the other week about the wasps that create zombie roaches, not to mention the fact that the alpha lion lies around while the female lions go out and hunt for him (oversimplification, but true enough for this).
Really, the only rule in nature is survival of the genes, sometime even at the cost of the owner's life. Everything else's life, property, and freedom are all irrelevant. They are all concepts created by humans, or arguably, some diety/dieties, although the latter isn't provable.
They're rather malleable concepts as well. Is taking someone's house away through eminent domain robbing? What about downloading $MEDIA without permission/payment? Passing a law that raises taxes? If you borrow your neighbor's hose without permission while he's out of town, use it, and put it back before he gets back, is that stealing? Photocopying twenty pages of a book? What about forging signature and transferring someone's domain to your control? Is buying goods made by a 12 year old working 70 hours a week for five cents an hour the same as slavery? One cent? What about an abusive sharecropping situation? How about Jim Crow laws? Company stores? If you ask twenty people from a variety of backgrounds what "freedom of speach" means, you'll get vastly different answers.
As noted above, humans have created (or if you prefer, been given by some higher being) a set of rules governing how a society should operate, based (theoretically) on the fact that certain rules are morally correct and/or benefit the group as a whole by providing certain guidelines that go against the biological drive to spread our own genes. Laws against murder, for example, fall into both categories for most people, because virtually every set of moral codes created state that it is wrong to kill others, at least if they are the same tribe/caste/religion/whatever as you. From a purely pragmatic standpoint, even if you don't particularly think killing is wrong, it's fairly clear that for many people, having rules against killing people increases your own chance of not being killed by someone else, or even if your personal chances of survival are good, that someone you care for or depend upon will end up dead. Laws against speeding fall more into the latter - there's not really a moral guideline that says, "don't drive really fast" in religions other than the indirect don't kill people thing, but there's clearly limits on what can be done safely. Laws against selling liquor on Sunday fall into the former - there's not really a measurable benefit to society from it, but at some point, enough people felt it was morally important to pass a law on the issue and it hasn't bothered enough people to get it done away with it yet.
Some people, AuMatar included, have chosen to believe that providing for the health of people is one of the things that falls into category one (and quite possibly category two as well - providing preventative care reduces the cost that illness takes on the economy). You appear to be on the libertarian twit side of things, which is fine and well, and certainly your "right," but don't go making statements like Health care is not a "fundamental human right" and proceed to declare that you have a "right" to your property. There are no "rights" in nature, only survival of the fittes
I am not entirely sure why people even keep buying laptops with hotels now offering Internet kiosks.
The internet kiosk is most likely "administered" by someone making $8-10/hour who doesn't know what a keylogger is.
1. Security - see above. The kiosk doesn't have $VPN software on it. Your applications may drop files in temporary directories that you can't easily shred to make sure the next person who comes along doesn't scoop it up. Assuming you and your IT staff are up to snuff, you're reasonably certain of being virus and spyware free on your laptop. 2. It's not in your room. That means it's not convenient to check e-mail, watch movies, listen to music, etc. 3. VOIP, both to have your work phone number ring to your hotel and to talk to home on the cheap. 4. Games. 5. No lines to use your laptop. 6. In flight entertainment, not to mention the ability to work when your flight gets canceled and you have an unexpected eight hour layover in Chicago. 7. Your in-house applications or specialized software (Dev Studio, Eclipse, CVS, etc.) are on your laptop. Chances are not so much on the hotel kiosk. 8. Did I emphasize security enough?
To examine in order to note the similarities or differences of.
Note the usage notes, which state that the preposition "to" is generally indicates that compare is being used to highlight differences between the two (or more) things, while "with" is usually used to indicate similar traits. Note that the origional post stated:
How about the idiots who, for example, think Bush is comparable to Hitler?
Also, recall that a rather famous playwright and poet once asked,
Shall I compare thee to a summer's day?
Clearly, the intent is to compare a human being with a temporal event, things that don't share precisely similar traits.
Anyone with any level of computer knowledge these days should know such activities are both highly immoral and illegal.
From my reading of the article, it sounds like you're way overestimating the ability of the attackers. It sounds like they're simple script kiddies that used a few automated attacks. I doubt they targeted the hospital, it just happened to be exposed and vulnerable and came up in random scans.
I hope the IT staff of the hospital reviews this situation and revamps their software to minimize this risk in the future.
It's not just a matter of adjusting software, it's a matter of network design. Systems running an ICU should not be connected to the internet, ever. You run a private network for those systems. If you must have remote access, add a modem pool, or if you're really comfortable with the product, a VPN gateway. But the latter still introduces some possibility of random attacks getting through. For added protection, all internet bound packets on the private network can be routed to an IDS to help determine what's going on if there is a malicious user or system on the network. Beyond protecting systems that run the hospital, it also means that confidential patient information can't leak out.
Most everything I would have had to say, Bogtha got to first. He's spot on.
Splendid. You can read my response to that post then.
You write that like it's something to be proud of. It's not! Quite the opposite, that's one of the hallmarks of a designer that doesn't understand the media in question. This is not oil, it's not charcoal, and it's definately not.pdf either.
I'm not sure if you're attempting to mock the consistant appearance or the need for kludges here. If you're mocking the consistancy, I'll just say that if you are of the opinion that web pages should look significantly different depending on which browser you're using, I'll be sure not to take any design statements you make seriously. The whole thing is CSS - the content is 98% just that. If users don't like the way I made it look, they're welcome to use their own style sheet or turn it off. The content will remain the same AND will be displayed in a useful order no matter what browser you use. Some sites fall apart in lynx usbility-wise, as important navigation tools end up in out of the way places.
And if you're mocking the need for kludges, I'll just point out the inconstancies in how IE 5, 6, and 5 for Mac handle CSS.
Out of curiosity, are you the one responsible for the design of antiwar.com?
Do you mean that it looks in lynx as it does in firefox, ot it looks in firefox as it does in lynx?
I'll give you the benefit of the doubt and assume you're not trolling. It looks basically identical between the two if you turned off style sheets and images in Firefox. The significance of this is that the logical order of the page is preserved, compared to some sites which become very hard to use in lynx due to the layout putting needed elements in hard to get to places.
You are taking two different things and conflating them here. Lynx cannot provide real-time graphing. The fact that it doesn't support Java is irrelevant; it's perfectly possible to write a website that uses Java when it's available and falls back to alternatives when it isn't.
If that is the goal is to provide real-time graphic monitoring of server software, then there is no lynx based alternative available. If live updates of information are important, the same data CANNOT be provided through lynx, period. If you really wanted to, you could write a top-like terminal application (some of the software I'm refering to does) that you can access through ssh, but there is no lynx workaround. The post I replied to stated that all websites should work in lynx - I gave a good, valid reason why some java (and flash) sites won't work in lynx.
Are you sure about that? It can't handle the graphical Ajax. That doesn't mean it cannot manipulate the database. I've written something similar, nice drag and drop manipulation of data for Ajax clients. It works in Lynx too. Why? Because I started from a solid base (HTML that works everywhere), and wrote the Javascript to use and manipulate that information - instead of starting with the Javascript, taking a step back and thinking "all this Javascript will never work in Lynx".
Really, what you did was write two applications that use the same address. Let's look at a simple example. You want to change a name in a field. My AJAX process:
0. The user goes to the page that displays the data in rows. At this time, all the information is simply text, not form inputs - the vast majority of the time, the users simply want to see the information, not change it. Clicking the "edit" button next to each row changes the information into from inputs, and hides all of the other "edit" buttons so as to prevent confusion. The "edit" button changes to a cancel button and an "change foo" button appears. 1. Submit the update information via AJAX - the POST data is generated on the fly, so there's not tons of form information cluttering up the page (or GET data appended to URIs) 2. Validate the data and then attempt the update on the server 2a. If sucessful, requery that specific row for the values now in it to be returned so the browser reflects what's in the database rather than what the browser thinks is in the database 3. The AJAX handler parses the returned data and either updates the row or handles the error
Now, I can and have written database front-ends that are fully plain HTML compatable as well as being compatable with AJAX. So I'm well aware that I could simply have non-AJAX clients do a POST that duplicates step 1 (again, being aware that the HTML code is messier due to the need to have POST variables embedded in the code for each row of the database being displayed, also being aware that I have to write a lot of javascript to hide things that are necessary for the non-AJAX user interface but distracting to the attractive design the AJAX interface has.
Step 2 remains basically the same, but step 3 on has to changed. I need to fully requery the database for all of the information on the rows that had been displayed unless I've done some really bizarre caching of the previous results on the server and can modify just the single row. (as an aside, I'm fully aware that a problem with the AJAX database front-end that doesn't refresh the information displayed could lead to a user trying to modify a row based on stale data. Depending on the need, this can be completely ignored (generally a bad idea) or prevented by submitting all of the data from the row and verifying that it hasn't been changed by someone else before doing the update and optionally by periodically polling the database and changing any information that's been changed on the user's screen.)
And that was just a simple example. In the real application, there's various things the user can do that pulls in other information and either correlates it with
Do you use java, javascript, CSS, flash, CGI, etc., or not?
Your post:
No, a flashier website will still work just fine on lynx, if it's done competently.
That's an awful broad statement to make in response to a post that gives five specific examples (some valid, some not). However, grandparent poster did not give sufficient detail, but I'm bored and will give some.
1. Java. I fail to see how a visually oriented java based website will work "just fine" in lynx, regardless of comptence. Let's take a good example of when to use java - I have a number of server software packages that use java based websites to provide system/software monitoring capability, specifically real-time graphing of various things. Lynx cannot provide that. If I'm in text only mode for whatever reason, I'll monitor the servers using text utilities.
2. Javascript. Moving into something I've written recently, I have a nice AJAX based based database front-end. It's meant to allow users on Windows, OS X, or Linux to graphically manipulate the database. It does so very nicely according to all of the users. Lynx cannot do what's required for the application. However, again, if I were trying to work the console, there are text based database front-ends. The key is to use the appropriate tool.
3. CSS. OK, grandparent loses some points on this one, as most things you do with CSS don't affect lynx, in that it simply ignores the CSS and presents the content in plain format.
4. Flash. I'll assume that the flash content is something that would be useful to the viewer and is, per your statement, "done competently." This eliminates sites that use Flash "incompetently" - doing things like using it for naviation and not providing html links to the same content and so on and so forth. This still leaves us with interactive meida, multimedia presentations, online tutorials that simulate applications, and various front-end software as discussed in points 1 and 2 that's also possible to do in flash. Unless you've convinced lynx to download the flash file and hand it off to flashplayer, none of these will work with lynx.
5. CGI. I'll give you this one, as whether a website is using CGI or not really doesn't have much effect on whether a page will work on lynx or not. I suppose maybe the poster was getting at the fact that many of the clever CGI programmers these days also integrate java, javascript, or flash into their applications.
So that gives you two points and grandparent three. I award the belt to him.
Really, what it comes down to is evaluating who will be using your site, what they're doing, and what their needs and expectations are. Most of what grandparent posted about aren't used in a *needed* way on public websites, but are extremely useful when done correctly. You also need to evaluate what portion of your site is reasonable to have higher requirements for. Are you simply presenting information or pushing the envelope into increased user interaction?
Google.com works with lynx, while google maps does not. Part of what google maps presents (directions, things near places) *could* be presented in lynx, but you know, doing so would take a very large amount of effort for virtually no payoff. I don't think google stockholders are loosing too much sleep over the issue.
Similarly, my main website supports and has been tested in IE 5.x for Windows and Mac, IE 6, Mozilla, Firefox, Safari, Opera, Konqueror, Lynx, and Links. It looks virtually identical in all of them, but doing so required some horrible kludges that make the code harder to read and understand.
On the other hand, my web applications (both internal and for public use) support IE 6, Moz/FireFox, and Safari. The code is clean and simple, and works in all three with the exact same code for the most part - there's very little that's coded based on which browser you're using (obviously, the AJAX calls are different). I could spend time devising wa
You know this idea that people make judgements in the first 50ms before you can really gain a conscious impression of it (though probably something flashes in your subconcious) remind me of one of the entries in the "Dangerous Ideas" article in Edge (slashdot had it as a story a short while ago) in which Nobel Prize winning biochemist Eric R. Kandel argues that much of what we call "free will" is processed unconsciously without awareness:
willeh "said":
You know this idea that people make judgements in the first 50ms before you can really gain a conscious impression of it (though probably something flashes in your subconcious) remind me of one of the entries in the "Dangerous Ideas" article in Edge Magazine in which Nobel Prize winning biochemist Eric R. Kandel argues that much of what we call "free will" is processed unconsciously without awareness:
To be fair, he/she added, "Interesting read for sure." Insert usual karma whore comments, etc. here.
Microsoft's policy is that they will only release critical patches for 9X/ME systems because they have EOLed them. Their study of the vulnerability found that while those systems are vulnerable, that it is not critical because no attack vector has been identified. Whether or not you trust their assessment is another question, but that's why there's no patch for them. See questions 2, 3, and 4 in the FAQ.
A number of reasons. In small clubs, volume is often pushingly loud because the band is inexeperienced or not that good, and have way too high stage volume. I've had guitar players who have their amps turned up so loud that by themselves they were 110 dB and would not turn down. Drummers are often very loud, particularly the snare.
With bigger shows, the audience is generally there for an "experience" - one that includes chest shaking volume. To get that amount of bass takes a good amount of power and to make the rest of the mix sound balanced requires even more. Your average race track fan wouldn't go to see a bunch of people racing Honda Accords any more than most rock concert goers would go to see a show that was at 80 dB.
I try to keep things at a reasonable level, but when the people paying me tell me to turn it up, I tend to do so. I generally have spare earplugs that I'll give to anyone that asks, but very few do.
There's also the question of how far back the audience extends from the speakers. In order to provide coverage to the back of a deep audience, the volume has to be significantly louder up front.
Other factors include the fact that many musicians and support people have significant hearing damage and either require greater and greater volume to hear or don't realize how loud it is. People running sound at smaller events are often less skilled and perceive "loud" as the best thing to achieve. Think of the types of people who have car stereos that make the entire car vibrate. Same concept.
Alcohol also makes people perceive things as being softer, and alcohol is very often found at live events. I've had lots of drunk people come up to me at shows that were quite loud and complain that it was too soft.
As someone who works in the live audio industry, it pains me to see the people who stand directly in front of the speakers with no protection. Hearing loss is permanent and unpleasant. It's not something that just comes back.
Flying the other day, the guy sitting two seats across from me had his iPod turned up so loud that I could hear the drum rolls clearly, despite having 27dB drop earplugs in. For comparison's sake, when I listened (without the earplugs) to music for a little while when I worked on some code, I used a pair of Sony cheapie headphones. Held six inches from me, I couldn't hear the music above the noise of the airplane (again, without the earplugs).
The use of loud audio sources, both with portable audio devices and cell phones (I can often hear the sending side of a cell phone conversation from 15 feet away) is going to cause significant damage to the hearing of the "with it" generation.
For those curious why people are so intent on damaging their hearing, I'll give two facts:
1. People associate louder sound as being more impressive.
2. (partially related to 1) People perceive louder sound differently than softer sound. Our hearing system changes its frequency response based on how loud the source is, refered to as the Fletcher-Munson Curve(s).
The bottom line? Be aware of how loud you're listening to audio sources and protect yourself. Tinnitus is horrible (ringing in the ears), but it's also common to suffer damage in the 3-6 KHz range, where much of the understandability of speech is, leading to the situation of being able to hear but not make out what someone is saying. Turn down your cell phone and personal audio device, as well as your car stereo. If you're curious just how loud the audio in you life is, an SPL meter can easily be aquired at your local Rat Shack or online source. You might be surprised.
This company isn't in the business of running a computer network, so why should it dedicate more staff than necessary to maintaining one perfectly when there's nothing impeding the daily running of what the comapny does do?
Computers have become vital to just about any office at this point. Having a single source of failure (getting hit by a bus, quitting, being on vacation) is a really poor idea for mission critical resources. I've seen hundreds of employees idled for an average of an hour a week due to poorly administered database systems at the cost of roughly $40,000 in wasted hours per week.
Is blowing a multimillion dollar government contract because the sysadmin gets overly stressed out and quits without writing down the system passwords really worth it?
Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY... As it is, all that's happened is silly girl didn't report a stolen phone.
I know reading the article is frowned upon here and all, but it does kind of point out that the woman had been out of the country for a month and returned to find a huge phone bill. In the course of investigating what happened, she was told that her company did have pattern matching/potential abuse detection software deployed but ignores the results. The "silly girl" is an edge case due to the length of her being out of the country, but I don't have a lot of sympathy for the phone company. They chose to ignore what was 99.999% an abusive situation either to profit or out of complete cluelessness. Neither case gets a whole lot of sympathy from me. Here's a basic algorithm:
If an account's monthly balance >= 3*Average of 3 previous month's total charges, chances are something is wrong. Of course, you have to add checks for a new account, but that's not that much more difficult.
When media began (first stories, then music, then books, and so on) you hoped someone would copy your work, so that it would spread.
Perhaps to an extent, but within the post dark ages pre-modern time, most of the arts were supported by wealthy patrons. Copying was largely limited by the fact that it was difficult and time consuming. Modern electronics and digital bits have changed that necessitating changes to copyright laws. Also, and extremely importantly, our society has rapidly moved from one where the majority of the people earn their income by creating physical items to one where people create ideas, data, and concepts.
special interests succeeded in getting copyright extended
The initial copyright period in the United States was 14 years, with an extension of 14 years if the person was still living. Average life expectancy at the time was late twenties to forties, depending on your economic class. Even by the early 20th century, average life expectency was 47 years. A term of protection that covered 28 years was very likely to cover your entire adult life. If the concept of copyrights includes providing income over the life of the author (as indicated by the copyright act of 1790) then it has to grow as life span increases.
As an example, had Linus been hit by a bus a few years ago, under the original terms of the copyright law (we'll ignore the fact it didn't provide any protection for foreigners), significant chunks of Linux would be coming into the public domain rather than staying under the GPL in the next couple years. Would that really be a good thing?
Has it gone too far now? Yes. But that doesn't mean that any increase is unreasonable.
He got his in the form of a tree, though...
You're one classy guy, gotta tell you. Is your argument there that accidents only happen to "bad" people?
Slashdot Mirror
Anonymous hotmail account? It wouldn't be anonymous if they were doing packet captures with ethereal or ettercap or something.
I don't know about hotmail, but every webmail that I've used features https for that very reason...
Network Intrusion Detection by Northcutt and Novak
Counter Hack (Reloaded) by Skoudis
The Hacking Exposed series by Joel Scambray and other authors are fairly informative as to techniques and defenses, but not necessarily at explaining the topic at a packet level.
Hacker's Challenge 2 by Mike Schiffman is a decent introduction at applying analysis skills
There's a ton of useful mailing lists and websites that have similar information, but the above books (particularly the first two) provide a lot of it in well written form in a central location.
Where would I start studying to learn whether this field is a good fit for me?
I'd recommend the Northcutt/Novak book "Network Intrusion Detection" as a good one to start with. If you come out with a knowledge of IP packets, how to read them in hex format and TCPdump (yes, TCPdump, not Ethereal) then continue on in the field. If it's not of interest or is too hard, don't.
(Good) Network security isn't often all that interesting or that sexy. You have to do a good deal of ongoing research to stay on top of what the bad guys are developing. Chances are that you'll deal with a lot of bots, spam, script kiddies, and worms rather than some 'leet hacker who will challenge you to an international manhunt. You have to read lots of packets and system logs. You don't have to be an expert programmer, but being able to write $SCRIPT_LANGUAGE well enough to write quick custom log parsers and analyzers is a big plus.
Of course, there's plenty of hacks (in the old, pre-computer meaning of the term) who'll run Nessus against a client and bill them a couple thousand dollars. But I'm assuming you don't want to be one of those.
You can look at the CISSP prep books, but (IMO) their program is less technically oriented than the SANS type ones, and will show you more about how to interact with management as a security analyst than the technical aspects that you would have to know.
I'm not sure all your comments are very accurate, perhaps this is just a troll.
He (she? These generic names make guessing so much fun) and I do not always agree, but (s)he's a definitely not a troll. Much more in the "let's agree to disagree" class of person.
Only fools would pay for $1200/license to use somebody's pre-packaged open-source software.
Um, yeah... The enterprise experience you base this statement on is?
$1,200/license doesn't add up to all that much in the grand scheme of things. Assuming you have a sysadmin total cost of $50/hour - that's compensation plus employer's side of FICA plus bennies. At that rate, a $1,200 license pays for itself if it saves 24 hours of sysadmin time. A well designed packaging and management system is capable of doing that.
Sure, it doesn't take *that* long to compile and distribute binaries, but then there's the matter of testing. Do you know that kernel update won't cause 100% CPU utilization when Apache tries to send mail? Do you know that software piece foo won't interfere with software piece bar? That's part of what paying the big money is supposed to ensure - that it's been carefully tested. Does that mean you shouldn't put it into your test environment before deploying? No, but it means you're much less likely to find problems and have to spend time debugging them.
"Enterprise" downtime costs add up real fast. If 100 people costing an average of $15/hour rely on a server and it goes down for an hour, that's $1500 of wasted time. I've been in the situation where a key database server that many more users at a much higher cost went down an average of an hour a week consistantly.
There's also the matter that the companies that are charging that kind of money for Linux and other open source software licenses are the ones footing the bill for large amounts of the development going on. Paying them ensures that further development occurs.
If you have more than one license, you could easily hire someone full-time to do upgrades on your servers and use a free linux distribution like Fedora or Gentoo.
So, what is the guaranteed amount of time that those OSes will be supported by their vendors? A few months? A year and change? In the enterprise world, it's not uncommon for a server to be put into service and run for four or five years. Once they're up, running, and stable, you apply the security fixes and that's about it. Having to switch to a newed version of the OS every 1.5 years when the vendor drops security patches for it is expensive and stupid, particularly when you have to go through the stability testing phase again. Maintaining four and five year old software isn't sexy, so you're much less likely to find a user supported distro keeping anchient versions patched than commercial distros.
And if it isn't so simple, then do you really want Redhat holding the gonads of your operations? What are they going to do for you that a dedicated employee wouldn't?
Not quit, not get hit by a bus, do the afore mentioned testing, write the kernel, GUI, etc. If you're running RH, you can find a few hundred people who can walk in off the street and handle a simple server in virtually no time. You can't do the same with Gentoo.
And then there's also the fact that certain enterprise software is only certified to work on the big commercial distros, so if you ever need help with a problem, you better hope that you're running one of them.
here "subscription" has its tru meaning
Dictionary.com definition
I assume, of course, that the true meaning that you refer to is that part of the perscription that gives directions to the pharmacist? Or perhaps the agreement to purchase stocks? Yes, the word does, in fact, have more than one meaning. For example, many fine arts organizations offer subscriptions to their performances. While technically the word rent would also apply there, you'll find far more people who would say "I got my wife a subscription to this season's Operas at the Foo Peformance Hall" than "I got my wife a rental of this season's Operas at the Foo Performance Hall."
Per part b of definition one, you'll see that online services are increasingly using the term subscription to describe granting of access for a period of time to electronic services. In some cases such as LiveJournal or our very own Slashdot, the subscription grants special rights and priviledges, in others, such as Salon, a subscrtion or temporary pass is needed to read the content. It is also used in terms of cellular subscriptions.
in that you pay for something in advance (at discount) and receive the product periodically when it is actually published.
Not exactly. Subscriptions, the type used to aquire magazines, do not require payment in advance nor are they necessarily at a discount. If you're going to complain that you feel other people are misusing a word, it helps to be more precise yourself.
this is not to be confused with BS "subscription" services which take away what you already have when you stop paying.
So, I sense that you have a dislike for "subscription" music services. Rather than laying out logical reasons for that or presenting a good argument why the dictionary is wrong, you simply churn out a bunch of vitriol, which of course, because you're supporting Apple and against any form of DRM, is a great way to get modded up.
You are quite correct that Apple/Daily show is not a (new) Napster/Rhapsody style plan. What you gloss over is what the grandparent poster aludes to and other people have more clearly stated, is that there is most likely a limit to how many shows Apple can reasonably offer on a ala cart basis before users determine that they're better off with a cable/minidish subscription (ah, that word again) and a TiVo (etc) and transfering saved files to their computer/phone/whatever manually. This leads to the supposition that Apple might at some point begin offering a cable-like experience where users can view on-demand but not indefinitely licensed media. It may or may not be correct, but it is something to consider, and something your post failed to address.
It makes a certain amount of sense for video files, in that they are larger than audio files, and also "consumed" less often. Most people aren't going to watch a Daily Show episode dozens of times like they would a music track, but the ability to pull out a random episode from a month ago to show a friend would be desirable. The recent study that showed that iTunes users tend to purchase fewer and fewer songs after an initial flurry of purchases shows that the concept may be worth Apple considering for music as well - a steady monthly fee of $10 may work out to be better for Apple in the long run than $1/track in a pattern that may drop off rapidly.
I'm glad you're happy with your choice not to use a subscription model music service. However, millions of us are quite happy with them, and choose to use them because they offer a comparative advantage that meets our needs better than an ala carte system. If you or anyone else are curious, I can lay those out yet again. That's the great thing about having a choice - we can both be happy. In the mean time, please brush up on your argument skills before railing about the terrible companies that "take away what [I] aready have when [I] stop paying," when that misrepresents the nature of the service and how they treat me.
I would imagine that most of the physical labor of building a chemical processing facility is probably done by people who are not chemical engineers. The guy who welds a pipe to a vat does not have to be a ChemE - he just has to know how to weld to the standard specified by the project definition.
.us, he would have achieved legally licensed status in the state in which he's working after demonstrating a level of skill the field. Further, a good welder's likely to be making about as much as a junior Chem. Engineer does - when things are really, really important, you pay money to make sure someone who really knows what they're doing is taking charge for it.
... software needs to be tested to make sure it behaves with all the other pieces of software - and that it isn't loaded with spyware or other security-breaking issues.
As someone else noted, that guy doing the weld isn't an amateur either, he just doesn't happen to be a chemical engineer. At least in
I would imagine that skilled Joes could contribute code to the project that could be successful. Again, the SoftE would check that code to make sure it was done correctly and to standard.
There's many wrong ways to write code and it's not immediately obvious from a casual glance if something's going to leak memory, expose confidential data, or pose a security risk to the system. Writing code is easy. Writing good code, debugging code, finding special cases, and writing secure code are all hard. Your average businessperson does not know about source control, regression testing, SQL injection, buffer overflows, etc.
If you look at many of the online tutorials/advice boards on how to program, you'll see many, many bad security flaws being presented as "the way to do things." Sure, turn on PHP globals, it makes programming soooo much easier.
In fact, I think it would be highly inefficient to have an entire software project done by only software engineers. It would be an inefficient use of resources to do so. That would be like hiring mechanical engineers to build cars.
Cars are cookie cutter. They make a slew of them exactly the same. Each bit of code has to be just a little different. Those differences are what lead to problems. To quote you in another thread:
Reading other people's code can be hard. Reading an unskilled person's code can be a nightmare. Remember, before the time of auto-syncing to a master clock, most VCRs blinked 12:00 because programming them was too hard.
So by your own explanation I take it you are agreement with the parent post then.
Try reading my post again. I clearly say there is room, appropriateness, and personalities that match both. It's not a dichotomy - I don't have to only agree with one. I'm hoping to get some of my work code GPLed and some of my work code BSD licensed, depending on which I feel is more appropriate. I also want to keep some of it closed and proprietary.
This whole resentment for others "getting a free leg up" is what I find most odourous in the GPL camp.
What's so difficult to understand? If I donate something to the general public, I expect them to share it with other people if I put it out under the GPL. Other people can choose to accept my terms - they have no inherent "right" to my work. How many BSD developers were paid anything when MS used various parts of the BSD networking tools? What benefit (bug testing, etc.) went back into the community? How many BSD based companies have been squeezed out of business by MS? Why not just go scrub Bill Gate's bathroom on the weekends? Or my car could use a good wash.
Linux having NTFS write capability means that users in developing countries using old computers have one more potential benefit. OS X having NTFS write capability means that some guy in a coffee shop sipping an expresso that costs a week's wages in a developing country has one more thing to feel smug about. As I noted, Apple has not been friendly to Linux in the past. When you were a kid, did you share your candy with the bully that punched you in the arm when the teacher wasn't looking?
We all "get a leg up" from both GPL and non GPL software,
I pay for all my tools that require fiscal payment and even some that don't. That's the exchange for that leg up. In the case of the GPL, it's accepting the terms on redistributing the code. Like it says, there's nothing that forces you to accept the terms of the GPL.
Using a BSD style license would not be as revenue friendly to organisations like TrollTech because they really would be giving anyone the freedom to compete directly with them, the freedom to not have to pay for commercial use, the freedom to do what they want.
OMG!!!1!! In the real world, people need to be able to do things like pay bills and eat. Alert the news corp! Stop the presses!
I just find the GPL less pragmatic, and brings with it unwanted philosophical baggage which *I* personally would rather avoid.
Good on you. If you want, you can write NTFS code for Apple in your spare time. I'm sure they'd appreciate it. But don't complain that other people don't share your view. It's part of being human.
One of these technial areas is the GPL special exception clause regarding not having to provide source code for major components of the base operating system or other binary components, unless those compoenents normally accompany the executable.
You're misunderstanding the clause. It immediately follows the part that says you have to include all make/installation files required to build the executable. The exception says you don't have to bundle the OS and compiler with those makefiles.
So if I ship a binary operating system image inside an appliance (eg a Mac) that contains both GPL and non GPL code, am I forced to release my code (and potentially other third party code which I have may not have source or permission) under the GPL because the GPL executables "normally accompany" the said operating system and other proprietry software ?
If Apple were to incorporate GPL code into the kernel, they would be legally liable. The whole issue could be made go away if they GPLed the whole thing. If they could not (3rd party source) or would not do so, then they would have to remove the code and would be liable in much the same way that they would be liable if one of their employees had intergrated MS code (or even BSD code, without attribution). In all likelyhood, i
You don't want to aid anybody else around you unless they give you something in return.
No, GPL types don't want to aid them unless they're willing to give everyone something in return.
And for the record, there's nothing wrong with quid pro quo. Would you drop by my place and wash my car for me? Or hang out at Apple HQ and scrub the bathrooms for free?
I'm not saying this as an Apple fan-boy, this is a free software issue. How can software truly be free (as in speech) when you place these sorts of restrictions on people who want to use it?
Speech can be limited and still be free. Insert usual lines about yelling fire, etc.
If your goal is to ensure that everyone has access to the code (and its descendents) that you write, then the APL/BSD license is bad. Many people working on GPLed software believe in that. Otherwise you're just doing work for a commercial enterprise for free.
If your goal is to try to get as many people to use your code as possible, the BSD license is fine. If your goal is that every person in the world has the option to benefit from the code that you write, it's not. There's a place for both licenses.
Apple (from limited reading of the posts) brought nothing to the table but wanted a leg up from Linux. Unless your only goal in life is to have your code used by whoever, there's no benefit to helping Apple in this case. And Apple wasn't overly helpful to getting read/write access to HFS+ access in Linux.
You have the right to live by whatever means you can muster, as long as you don't rob or enslave someone else to provide you with those means.
OK, I'm bored, so I'll bite. In a purely biological measurement, there's nothing that provides a right to life, property, or freedom. Animals (humans included) routinely kill each other over issues of food, land, or dominance. Although humans tend to be the only ones that kill for the pure pleasure or spite of it. Therefore, no natural right to life. Robbing? Again, it's pretty routine to take away food or territory from other animals. Enslaving? Harder, in that most animals lack the ability to control others due to limited brainpower, but there was the nice link the other week about the wasps that create zombie roaches, not to mention the fact that the alpha lion lies around while the female lions go out and hunt for him (oversimplification, but true enough for this).
Really, the only rule in nature is survival of the genes, sometime even at the cost of the owner's life. Everything else's life, property, and freedom are all irrelevant. They are all concepts created by humans, or arguably, some diety/dieties, although the latter isn't provable.
They're rather malleable concepts as well. Is taking someone's house away through eminent domain robbing? What about downloading $MEDIA without permission/payment? Passing a law that raises taxes? If you borrow your neighbor's hose without permission while he's out of town, use it, and put it back before he gets back, is that stealing? Photocopying twenty pages of a book? What about forging signature and transferring someone's domain to your control? Is buying goods made by a 12 year old working 70 hours a week for five cents an hour the same as slavery? One cent? What about an abusive sharecropping situation? How about Jim Crow laws? Company stores? If you ask twenty people from a variety of backgrounds what "freedom of speach" means, you'll get vastly different answers.
As noted above, humans have created (or if you prefer, been given by some higher being) a set of rules governing how a society should operate, based (theoretically) on the fact that certain rules are morally correct and/or benefit the group as a whole by providing certain guidelines that go against the biological drive to spread our own genes. Laws against murder, for example, fall into both categories for most people, because virtually every set of moral codes created state that it is wrong to kill others, at least if they are the same tribe/caste/religion/whatever as you. From a purely pragmatic standpoint, even if you don't particularly think killing is wrong, it's fairly clear that for many people, having rules against killing people increases your own chance of not being killed by someone else, or even if your personal chances of survival are good, that someone you care for or depend upon will end up dead. Laws against speeding fall more into the latter - there's not really a moral guideline that says, "don't drive really fast" in religions other than the indirect don't kill people thing, but there's clearly limits on what can be done safely. Laws against selling liquor on Sunday fall into the former - there's not really a measurable benefit to society from it, but at some point, enough people felt it was morally important to pass a law on the issue and it hasn't bothered enough people to get it done away with it yet.
Some people, AuMatar included, have chosen to believe that providing for the health of people is one of the things that falls into category one (and quite possibly category two as well - providing preventative care reduces the cost that illness takes on the economy). You appear to be on the libertarian twit side of things, which is fine and well, and certainly your "right," but don't go making statements like Health care is not a "fundamental human right" and proceed to declare that you have a "right" to your property. There are no "rights" in nature, only survival of the fittes
I am not entirely sure why people even keep buying laptops with hotels now offering Internet kiosks.
The internet kiosk is most likely "administered" by someone making $8-10/hour who doesn't know what a keylogger is.
1. Security - see above. The kiosk doesn't have $VPN software on it. Your applications may drop files in temporary directories that you can't easily shred to make sure the next person who comes along doesn't scoop it up. Assuming you and your IT staff are up to snuff, you're reasonably certain of being virus and spyware free on your laptop.
2. It's not in your room. That means it's not convenient to check e-mail, watch movies, listen to music, etc.
3. VOIP, both to have your work phone number ring to your hotel and to talk to home on the cheap.
4. Games.
5. No lines to use your laptop.
6. In flight entertainment, not to mention the ability to work when your flight gets canceled and you have an unexpected eight hour layover in Chicago.
7. Your in-house applications or specialized software (Dev Studio, Eclipse, CVS, etc.) are on your laptop. Chances are not so much on the hotel kiosk.
8. Did I emphasize security enough?
That enough reasons?
Comparison deals with similar traits.
Dictionary.com's definitions
Note the second definition:
To examine in order to note the similarities or differences of.
Note the usage notes, which state that the preposition "to" is generally indicates that compare is being used to highlight differences between the two (or more) things, while "with" is usually used to indicate similar traits. Note that the origional post stated:
How about the idiots who, for example, think Bush is comparable to Hitler?
Also, recall that a rather famous playwright and poet once asked,
Shall I compare thee to a summer's day?
Clearly, the intent is to compare a human being with a temporal event, things that don't share precisely similar traits.
Anyone with any level of computer knowledge these days should know such activities are both highly immoral and illegal.
From my reading of the article, it sounds like you're way overestimating the ability of the attackers. It sounds like they're simple script kiddies that used a few automated attacks. I doubt they targeted the hospital, it just happened to be exposed and vulnerable and came up in random scans.
I hope the IT staff of the hospital reviews this situation and revamps their software to minimize this risk in the future.
It's not just a matter of adjusting software, it's a matter of network design. Systems running an ICU should not be connected to the internet, ever. You run a private network for those systems. If you must have remote access, add a modem pool, or if you're really comfortable with the product, a VPN gateway. But the latter still introduces some possibility of random attacks getting through. For added protection, all internet bound packets on the private network can be routed to an IDS to help determine what's going on if there is a malicious user or system on the network. Beyond protecting systems that run the hospital, it also means that confidential patient information can't leak out.
Most everything I would have had to say, Bogtha got to first. He's spot on.
.pdf either.
Splendid. You can read my response to that post then.
You write that like it's something to be proud of. It's not! Quite the opposite, that's one of the hallmarks of a designer that doesn't understand the media in question. This is not oil, it's not charcoal, and it's definately not
I'm not sure if you're attempting to mock the consistant appearance or the need for kludges here. If you're mocking the consistancy, I'll just say that if you are of the opinion that web pages should look significantly different depending on which browser you're using, I'll be sure not to take any design statements you make seriously. The whole thing is CSS - the content is 98% just that. If users don't like the way I made it look, they're welcome to use their own style sheet or turn it off. The content will remain the same AND will be displayed in a useful order no matter what browser you use. Some sites fall apart in lynx usbility-wise, as important navigation tools end up in out of the way places.
And if you're mocking the need for kludges, I'll just point out the inconstancies in how IE 5, 6, and 5 for Mac handle CSS.
Out of curiosity, are you the one responsible for the design of antiwar.com?
Do you mean that it looks in lynx as it does in firefox, ot it looks in firefox as it does in lynx?
I'll give you the benefit of the doubt and assume you're not trolling. It looks basically identical between the two if you turned off style sheets and images in Firefox. The significance of this is that the logical order of the page is preserved, compared to some sites which become very hard to use in lynx due to the layout putting needed elements in hard to get to places.
You are taking two different things and conflating them here. Lynx cannot provide real-time graphing. The fact that it doesn't support Java is irrelevant; it's perfectly possible to write a website that uses Java when it's available and falls back to alternatives when it isn't.
If that is the goal is to provide real-time graphic monitoring of server software, then there is no lynx based alternative available. If live updates of information are important, the same data CANNOT be provided through lynx, period. If you really wanted to, you could write a top-like terminal application (some of the software I'm refering to does) that you can access through ssh, but there is no lynx workaround. The post I replied to stated that all websites should work in lynx - I gave a good, valid reason why some java (and flash) sites won't work in lynx.
Are you sure about that? It can't handle the graphical Ajax. That doesn't mean it cannot manipulate the database. I've written something similar, nice drag and drop manipulation of data for Ajax clients. It works in Lynx too. Why? Because I started from a solid base (HTML that works everywhere), and wrote the Javascript to use and manipulate that information - instead of starting with the Javascript, taking a step back and thinking "all this Javascript will never work in Lynx".
Really, what you did was write two applications that use the same address. Let's look at a simple example. You want to change a name in a field. My AJAX process:
0. The user goes to the page that displays the data in rows. At this time, all the information is simply text, not form inputs - the vast majority of the time, the users simply want to see the information, not change it. Clicking the "edit" button next to each row changes the information into from inputs, and hides all of the other "edit" buttons so as to prevent confusion. The "edit" button changes to a cancel button and an "change foo" button appears.
1. Submit the update information via AJAX - the POST data is generated on the fly, so there's not tons of form information cluttering up the page (or GET data appended to URIs)
2. Validate the data and then attempt the update on the server
2a. If sucessful, requery that specific row for the values now in it to be returned so the browser reflects what's in the database rather than what the browser thinks is in the database
3. The AJAX handler parses the returned data and either updates the row or handles the error
Now, I can and have written database front-ends that are fully plain HTML compatable as well as being compatable with AJAX. So I'm well aware that I could simply have non-AJAX clients do a POST that duplicates step 1 (again, being aware that the HTML code is messier due to the need to have POST variables embedded in the code for each row of the database being displayed, also being aware that I have to write a lot of javascript to hide things that are necessary for the non-AJAX user interface but distracting to the attractive design the AJAX interface has.
Step 2 remains basically the same, but step 3 on has to changed. I need to fully requery the database for all of the information on the rows that had been displayed unless I've done some really bizarre caching of the previous results on the server and can modify just the single row. (as an aside, I'm fully aware that a problem with the AJAX database front-end that doesn't refresh the information displayed could lead to a user trying to modify a row based on stale data. Depending on the need, this can be completely ignored (generally a bad idea) or prevented by submitting all of the data from the row and verifying that it hasn't been changed by someone else before doing the update and optionally by periodically polling the database and changing any information that's been changed on the user's screen.)
And that was just a simple example. In the real application, there's various things the user can do that pulls in other information and either correlates it with
Grandparent post:
Do you use java, javascript, CSS, flash, CGI, etc., or not?
Your post:
No, a flashier website will still work just fine on lynx, if it's done competently.
That's an awful broad statement to make in response to a post that gives five specific examples (some valid, some not). However, grandparent poster did not give sufficient detail, but I'm bored and will give some.
1. Java. I fail to see how a visually oriented java based website will work "just fine" in lynx, regardless of comptence. Let's take a good example of when to use java - I have a number of server software packages that use java based websites to provide system/software monitoring capability, specifically real-time graphing of various things. Lynx cannot provide that. If I'm in text only mode for whatever reason, I'll monitor the servers using text utilities.
2. Javascript. Moving into something I've written recently, I have a nice AJAX based based database front-end. It's meant to allow users on Windows, OS X, or Linux to graphically manipulate the database. It does so very nicely according to all of the users. Lynx cannot do what's required for the application. However, again, if I were trying to work the console, there are text based database front-ends. The key is to use the appropriate tool.
3. CSS. OK, grandparent loses some points on this one, as most things you do with CSS don't affect lynx, in that it simply ignores the CSS and presents the content in plain format.
4. Flash. I'll assume that the flash content is something that would be useful to the viewer and is, per your statement, "done competently." This eliminates sites that use Flash "incompetently" - doing things like using it for naviation and not providing html links to the same content and so on and so forth. This still leaves us with interactive meida, multimedia presentations, online tutorials that simulate applications, and various front-end software as discussed in points 1 and 2 that's also possible to do in flash. Unless you've convinced lynx to download the flash file and hand it off to flashplayer, none of these will work with lynx.
5. CGI. I'll give you this one, as whether a website is using CGI or not really doesn't have much effect on whether a page will work on lynx or not. I suppose maybe the poster was getting at the fact that many of the clever CGI programmers these days also integrate java, javascript, or flash into their applications.
So that gives you two points and grandparent three. I award the belt to him.
Really, what it comes down to is evaluating who will be using your site, what they're doing, and what their needs and expectations are. Most of what grandparent posted about aren't used in a *needed* way on public websites, but are extremely useful when done correctly. You also need to evaluate what portion of your site is reasonable to have higher requirements for. Are you simply presenting information or pushing the envelope into increased user interaction?
Google.com works with lynx, while google maps does not. Part of what google maps presents (directions, things near places) *could* be presented in lynx, but you know, doing so would take a very large amount of effort for virtually no payoff. I don't think google stockholders are loosing too much sleep over the issue.
Similarly, my main website supports and has been tested in IE 5.x for Windows and Mac, IE 6, Mozilla, Firefox, Safari, Opera, Konqueror, Lynx, and Links. It looks virtually identical in all of them, but doing so required some horrible kludges that make the code harder to read and understand.
On the other hand, my web applications (both internal and for public use) support IE 6, Moz/FireFox, and Safari. The code is clean and simple, and works in all three with the exact same code for the most part - there's very little that's coded based on which browser you're using (obviously, the AJAX calls are different). I could spend time devising wa
For all we know, this "on-topic" comment is a dupe, too.
7 &cid=14489311
http://science.slashdot.org/comments.pl?sid=17416
tehanu said:
You know this idea that people make judgements in the first 50ms before you can really gain a conscious impression of it (though probably something flashes in your subconcious) remind me of one of the entries in the "Dangerous Ideas" article in Edge (slashdot had it as a story a short while ago) in which Nobel Prize winning biochemist Eric R. Kandel argues that much of what we call "free will" is processed unconsciously without awareness:
willeh "said":
You know this idea that people make judgements in the first 50ms before you can really gain a conscious impression of it (though probably something flashes in your subconcious) remind me of one of the entries in the "Dangerous Ideas" article in Edge Magazine in which Nobel Prize winning biochemist Eric R. Kandel argues that much of what we call "free will" is processed unconsciously without awareness:
To be fair, he/she added, "Interesting read for sure." Insert usual karma whore comments, etc. here.
Microsoft's policy is that they will only release critical patches for 9X/ME systems because they have EOLed them. Their study of the vulnerability found that while those systems are vulnerable, that it is not critical because no attack vector has been identified. Whether or not you trust their assessment is another question, but that's why there's no patch for them. See questions 2, 3, and 4 in the FAQ.
n /MS06-001.mspx
http://www.microsoft.com/technet/security/Bulleti
I suspect 3.x is the same, but really, if you're using 3.10 as a desktop...
A number of reasons. In small clubs, volume is often pushingly loud because the band is inexeperienced or not that good, and have way too high stage volume. I've had guitar players who have their amps turned up so loud that by themselves they were 110 dB and would not turn down. Drummers are often very loud, particularly the snare.
With bigger shows, the audience is generally there for an "experience" - one that includes chest shaking volume. To get that amount of bass takes a good amount of power and to make the rest of the mix sound balanced requires even more. Your average race track fan wouldn't go to see a bunch of people racing Honda Accords any more than most rock concert goers would go to see a show that was at 80 dB.
I try to keep things at a reasonable level, but when the people paying me tell me to turn it up, I tend to do so. I generally have spare earplugs that I'll give to anyone that asks, but very few do.
There's also the question of how far back the audience extends from the speakers. In order to provide coverage to the back of a deep audience, the volume has to be significantly louder up front.
Other factors include the fact that many musicians and support people have significant hearing damage and either require greater and greater volume to hear or don't realize how loud it is. People running sound at smaller events are often less skilled and perceive "loud" as the best thing to achieve. Think of the types of people who have car stereos that make the entire car vibrate. Same concept.
Alcohol also makes people perceive things as being softer, and alcohol is very often found at live events. I've had lots of drunk people come up to me at shows that were quite loud and complain that it was too soft.
As someone who works in the live audio industry, it pains me to see the people who stand directly in front of the speakers with no protection. Hearing loss is permanent and unpleasant. It's not something that just comes back.
Flying the other day, the guy sitting two seats across from me had his iPod turned up so loud that I could hear the drum rolls clearly, despite having 27dB drop earplugs in. For comparison's sake, when I listened (without the earplugs) to music for a little while when I worked on some code, I used a pair of Sony cheapie headphones. Held six inches from me, I couldn't hear the music above the noise of the airplane (again, without the earplugs).
The use of loud audio sources, both with portable audio devices and cell phones (I can often hear the sending side of a cell phone conversation from 15 feet away) is going to cause significant damage to the hearing of the "with it" generation.
For those curious why people are so intent on damaging their hearing, I'll give two facts:
1. People associate louder sound as being more impressive.
2. (partially related to 1) People perceive louder sound differently than softer sound. Our hearing system changes its frequency response based on how loud the source is, refered to as the Fletcher-Munson Curve(s).
The bottom line? Be aware of how loud you're listening to audio sources and protect yourself. Tinnitus is horrible (ringing in the ears), but it's also common to suffer damage in the 3-6 KHz range, where much of the understandability of speech is, leading to the situation of being able to hear but not make out what someone is saying. Turn down your cell phone and personal audio device, as well as your car stereo. If you're curious just how loud the audio in you life is, an SPL meter can easily be aquired at your local Rat Shack or online source. You might be surprised.
This company isn't in the business of running a computer network, so why should it dedicate more staff than necessary to maintaining one perfectly when there's nothing impeding the daily running of what the comapny does do?
Computers have become vital to just about any office at this point. Having a single source of failure (getting hit by a bus, quitting, being on vacation) is a really poor idea for mission critical resources. I've seen hundreds of employees idled for an average of an hour a week due to poorly administered database systems at the cost of roughly $40,000 in wasted hours per week.
Is blowing a multimillion dollar government contract because the sysadmin gets overly stressed out and quits without writing down the system passwords really worth it?
Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY ... As it is, all that's happened is silly girl didn't report a stolen phone.
I know reading the article is frowned upon here and all, but it does kind of point out that the woman had been out of the country for a month and returned to find a huge phone bill. In the course of investigating what happened, she was told that her company did have pattern matching/potential abuse detection software deployed but ignores the results. The "silly girl" is an edge case due to the length of her being out of the country, but I don't have a lot of sympathy for the phone company. They chose to ignore what was 99.999% an abusive situation either to profit or out of complete cluelessness. Neither case gets a whole lot of sympathy from me. Here's a basic algorithm:
If an account's monthly balance >= 3*Average of 3 previous month's total charges, chances are something is wrong. Of course, you have to add checks for a new account, but that's not that much more difficult.
When media began (first stories, then music, then books, and so on) you hoped someone would copy your work, so that it would spread.
Perhaps to an extent, but within the post dark ages pre-modern time, most of the arts were supported by wealthy patrons. Copying was largely limited by the fact that it was difficult and time consuming. Modern electronics and digital bits have changed that necessitating changes to copyright laws. Also, and extremely importantly, our society has rapidly moved from one where the majority of the people earn their income by creating physical items to one where people create ideas, data, and concepts.
special interests succeeded in getting copyright extended
The initial copyright period in the United States was 14 years, with an extension of 14 years if the person was still living. Average life expectancy at the time was late twenties to forties, depending on your economic class. Even by the early 20th century, average life expectency was 47 years. A term of protection that covered 28 years was very likely to cover your entire adult life. If the concept of copyrights includes providing income over the life of the author (as indicated by the copyright act of 1790) then it has to grow as life span increases.
As an example, had Linus been hit by a bus a few years ago, under the original terms of the copyright law (we'll ignore the fact it didn't provide any protection for foreigners), significant chunks of Linux would be coming into the public domain rather than staying under the GPL in the next couple years. Would that really be a good thing?
Has it gone too far now? Yes. But that doesn't mean that any increase is unreasonable.
He got his in the form of a tree, though...
You're one classy guy, gotta tell you. Is your argument there that accidents only happen to "bad" people?