No, I'm saying that FTP, telnet, etc are not programs for illegal access (as opposed to a script kiddy's rootkit).
The treaty itself doesn't talk about programs designed to access other systems being illegal per se: that is ZDNet's precis, and an incorrect one IMHO. The treaty explictly qualifies all references to illegal interception, access, etc as being "without right".
Call me a hapless tool of the ZOG, but you're a fruit-loop, mate.
While undoubtedly the intent and effect of this treaty is to abridge our civil rights, I seriously doubt its main purpose is to offer the tender young butts of/. readers to scary black studs in jail.
Furthermore, I seriously doubt that the majority of people who might be caught by such legislation are Protestants; between Hindus, Muslims, Catholics and us sneaky untrustworthy Jews, I would say you're in a minority. Not that I take you seriously, you understand...
That is what zdnet say. But if you read the actual treaty (http://conventions.coe.int/treaty/EN/projets/cybe rcrime.doc) (sorry for the icky Word doc, NMF) you will see that the words "access, intercept or interfere" are qualified with the term "without right", and the treaty sections are headed "Illegal Access", "Illegal Interception", and so on.
I don't like the treaty for other reasons, but it's not that stupidly drafted. So remember people, always read the primary sources, and don't get distracted from the main issues, which are (IMHO):
- to what extent governments should compromise your rights in order to prevent or detect crime.
- what constitutes "cybercrime" in any case.
I've always thought that most so-called knowledge workers have about 4 or 5 hours of good concentration in them each day. The rest is spent farting about, not out of laziness, but because you need the social stimulation and distraction for your own well-being and to let your unconscious mind process stuff.
If you read books on software engineering (Mythical Man Month, Peopleware, Death March Projects) you'll see that the more people work, the less benefit to the company in terms of output there is - more than 1 60 hour week in a row, and you'll be LESS productive than you used to be with 40.
So most overtime, or early arrival and late departure, is in fact symbolic: it acheives nothing for the company. It only proves the devotion of the worker to the company. Worker devotion is not a tradable asset:-)
Everybody recognises this, but no one seems to be able to do anything about it. (Just as managers will sagely nod when someone says "adding more programmers will make a late project later", and then go ahead and put more on anyway.)
The best thing that the young and nerdy audience of Slashdot could do is excercise its collective discretion not to work stupid hours for little benefit. (See http://www.theregister.co.uk/content/1/13813.html for another "High tech labour is scarce" story). Refuse to worship at the altar of the company: take a rational attitude to your life. Unless it's enormous fun, in which case knock yourself out.
1. I'm a Jewish atheist.
2. I have all the stuff I need.
3. I don't need to guilt trip other people into thinking that their love for me is measured by what they buy me.
4. But if you must, I really like fruit cake.
Dunno about whether hiding parts of the system is a problem. MacOS already has hidden directories and files you shouldn't play with, such as the Temporary Items Folder in each directory, or the Desktop DF and DB files. These do not normally lead to maintainability nightmares - the worst problems I ever saw were when "bad" apps revealed them in file dialogue boxes and allowed users to manipulate them.
man is great for the admin and the programmer; if you are intimate with the guts of the system.
But HELP was comprehensive and aimed at the user.
And DCL - had its own version of command completion (just type as many chars as required to distinguish commands), a basic like syntax, and and all commands had an absolutely regular syntax, unlike Unix commands.
Sometime I miss the old vaxcluster. Usually after I've got the argument order to ln wrong *again*.
Ruby is written by a Japanese programmer, and to me it looks just like a kinder, gentler perl. If you read the docs comparisons to Perl are frequently made.
I wouldn't know how Japanese as a natural language influenced the Ruby language though.
Where I live, New Zealand, what Yahoo are doing is illegal under our Privacy Act. This act pf parliament forbids gatherers of information to use it for purposes which do not have the explicit consent of the originator.
American./ readers may be interested in this site:
People with accounts on lots of services tend to recycle passwords, through laziness or ignorance. So if you can infer from someone's email what other services they use, you have a good chance of taking them over too.
I used to do frontline support at a University - you would be amazed at how many people use the same password for everything.
This is a trojan horse that is conceptually no different to my sending you a perl or bash script as a attachment and fooling you into running it.
Actually, I blame ISPs. And idiot boosterish journalists.
Yup.
I blame people who market the virtues of email, and its ease of use, broadband access, and 24 x 7 connectivity, and fail to educate their user base about elementary security.
Re:Have I slipped back in time again ... - no!
on
Linux 2.2.15 Released
·
· Score: 1
You are missing something.
Odd numbered kernels are development kernels, while even numbered ones are "stable".
There are lots of good reasons to use 2.2 series kernels, like not having weird-arsed crashes owing to obscure bugs under heavy load, being more confident that there are fewer unpublicised security holes, yadda yadda.You may not be living dangerously using a 2.3.x kernel, and if you have obscure hardware you might NEED to, and someone has to run them or they won't be properly tested, but sometimes you need the comfort of a stable series kernel.
I wouldn't say that he composed great music for everything neccessarily.
Much of what is striking about his music comes from the fact that he wrote very similar music regardless of the instrument.
Thus, you have things like the Chaconne in the D Minor violin sonata which are essentially polyphonic keyboard music rendered into violin arpeggios. Conversely, you have Back keyboard music that requires enormous dexterity because you're playing something that's easy on a stringed instrument.
I can't think of a specific example, but there are Bach solo concertos that differ only in the choice of the solo instrument - the pair I have in mind is oboe vs violin, which hardly share similar characteristics as far as idiomatic writing go.
Bach's music sits above the orchestration layer. At the time he was writing, people were still expecting that ensembles could and would subsititute voices of approximately the same range regardless of timbre. Hence the figured basses that don't indicate what bass instrument is to play the actual bass line, or which keyboard instrument will realise the continuo.
Bach was good at orchestration, but he really wrote for an Platonic ideal set of voices in the mind. That's why it works well on the Moog.
I don't see any mention of Tux, just Mark Williams.
Interesting. This must mean that Slahdot is read in Redmond. And since this story's only been up for a couple of hours when I looked, is must be read with keen interest.
Yes, Ian Witten and Lloyd Smith at the University of Waikato built one where you can whistle, hum or sing into a Java applet and it would find matching themes. ISTR that it's actually the rhythm that most strongly identifies the theme - everyone can tell that dit-dit-dit-dah is beethoven's 5th Symphony, even stripped of all pitch info. Add contour, andf you're away. It's called Meldoex - Melody index.
The paper they wrote is Smith, Lloyd A., Rodger J. McNab and Ian H. Witten. Sequence-based melodic comparison: a dynamic-programming approach. In Hewlett, Walter B. and Eleanor Selfridge-Field (eds.) Melodic Similarity: Concepts, Procedures, and Applications, Computing in Musicology 11, Chapter 4, 1998, p 101--117.
Check out http://www.nzdl.org/cgi-bin/gwmm?c=meldex&a=page&p =coltitle for a demo.
I am very proud of my copy, and it makes great reading in small lumps.
The code is really quite beautiful, and Lions' commentary complements it well. he invites you to consider alternative ways of writing a particular function, and mostly, the original IS best.
The best thing is: it explains the famous comment "You are not expected to understand this".
Most dangerous if management mistrust their staff
on
Analyzing the Analysts
·
· Score: 4
A former boss had a regular subscription to Gartner Group reports. He would always favour Gartner advice over our own.
This was especially weird, since we were a small New Zealand university, and about as far away from the environment that these reports were written for as one could imagine.
The underlying problem was that the boss (as bosses will) had lost touch with the technology, and was paranoid that his staff were trying to pull one over on him. Rather than taking the high road - building a workforce he could trust - he took the low road of ignoring their advice in favour Gartner's. Result: poor decisions based on advice that was never really relevant to our circumstances.
While we were building cheap effective linux based solutions that actually worked - see, that mistrust had become justified:-( - he would be telling us how an NT only world was "inevitable", and pointing to Gartner to back it up. (Remember how anti-Linux Gartner used to be 2 years ago?)
Analyst reports have their place as preliminary reading before you do your own research, or as a second opinion. If you don't have time to do you own research, and you haven't hired someon whose judgement you can trust, you are not taking things seriously, and deserve whatever you get.
I remember long ago at University learning that there was no subsitute for primary sources. Secondary sources are only ever there to get you up to speed. Treating secondary sources as though they were reliable was always a recipe for disaster.
Already, fashion trends start in the criminal classes, and propagate out as the children of the upper classes get a cheap thrill.
It is already a fashion aphorism that to see what the well-dressed woman will be wearing in five years, see what New York streetwalkers are wearing now.
(Minor point for any fellow New Zealanders - i read a legal opinion recently that said that inspecting employee email violated the Privacy Act, EVEN when the employer provides the email access.)
Strategy one.
Point out that it is impractical to scan encoded attachments, especially if they are images.
Point out that users have no control over incoming unsolicted email. Point out that "unsolicited" is tricky to define.
Point out that filtering on keywords is a doomed enterprise. You won't be getting any mail from Scunthorpe, for a start.
Point out that the resource required to implement monitoring could be better spent in improving the workplace in other ways.
Find out the goal. Is it to prevent people goofing off? Is it to forestall harassment lawsuits? Is it control your bandwidth consumption? In the first case, give people meaningful work to do. In the second, educate the legal people to understand how this is outside the effective control of the company. In the third, bill people for email based on your server logs.
Write a 50 page cost-benefit analysis.
Strategy two:
Agree. Tell them that you'll be happy to start as soon as you have a $FAVOURITE_MEGABUCK_SERVER_PLATFORM to cope with the expected server load. Aim high.
I bought an "Ohmigod they killed Kenny" T Shirt, which he now proudly wears, much to the confusion of his students.
The interesting thing is that I cannot ever recall Dad swearing; he smoothly changes the subject whenever sexuality comes up (you should pardon the expression); and is generally regarded by his peers as an upright and moral citizen.
My theory is that he loathes hypocrisy, and tolerates the crudity in return for the pleasure of seeing the Establishment get shafted. (He's always been a sucker for adult animation though).
Anyway, South Park is nothing on 18th Century authors. Ever read Jonathon Swift? "Cecilia shits?"
Well - it depends. The original poster's context was "a large scale intranet backend".
My (possibly quite incorrect, I admit) reading between the lines is that it therefore is not that big, or important, and that the main corporate databases livse somewhere else already. So cost may in fact be an important factor. There's other things too: what in-house expertise is there?
I agree that a knee-jerk "Linux, right or wrong" approach is stupid, but you might still be able to build a reasonble case for Linux. So long as we all stick to replying with things we know of ourselves, we can let the original poster make up his own mind.
Anyway, as long as I see management make decisions based on who bought them the best lunch, and which sales droids they trust, I'm not sure that deciding for religious reasons is that bad.:-)
We've got a test Oracle/Linux box here, and are sufficiently impressed that we've ordered a multiprocessor box to build a production system on.
Two things I'd point out are:
- once you have Oraperl built, you have a great quick-and-dirty web interface happening with Apache/mod_perl/DBI (or other OSS web-db interface of your choice). Oracle's own solution (OWS/Developer 2000/PL-SQL )sucks badly cause of rotten performance, plus you don't have the huge range of existing Perl modules (or Python libraries, or PHP scripts, yadda yadda) to draw on. Oh, and when I had to hack apart someone else's OWS based system a few months ago, I discovered that the text editor in Developer 2000 wasn't even as good as Wordpad for finding and replacing. And you have to compile PL SQL. And it is so SLOOOOOW! And if you don't believe me, see Philip Greenspun. Meanwhile, we can now talk to Oracle on our AIX boxes from the Linux box. Yippee! (Did I mention the appalling huge Java applets that won't even run on a Mac JVM, thus obliterating the point of a cross-platform browser-based solution anyway?)
- there seem to be some licensing cost differences for different platforms, ie it's cheaper per seat on lower spec'd hardware. At least it is for us. All other things being equal, Oracle on (commodity?) Intel linux boxen might be a great deal cheaper than proprietary Unix/Risc solutions.
Slashdot Mirror
No, I'm saying that FTP, telnet, etc are not programs for illegal access (as opposed to a script kiddy's rootkit).
The treaty itself doesn't talk about programs designed to access other systems being illegal per se: that is ZDNet's precis, and an incorrect one IMHO. The treaty explictly qualifies all references to illegal interception, access, etc as being "without right".
Anyway, read it yourself, decide for yourself.
Call me a hapless tool of the ZOG, but you're a fruit-loop, mate.
/. readers to scary black studs in jail.
While undoubtedly the intent and effect of this treaty is to abridge our civil rights, I seriously doubt its main purpose is to offer the tender young butts of
Furthermore, I seriously doubt that the majority of people who might be caught by such legislation are Protestants; between Hindus, Muslims, Catholics and us sneaky untrustworthy Jews, I would say you're in a minority. Not that I take you seriously, you understand...
That is what zdnet say. But if you read the actual treaty (http://conventions.coe.int/treaty/EN/projets/cybe rcrime.doc) (sorry for the icky Word doc, NMF) you will see that the words "access, intercept or interfere" are qualified with the term "without right", and the treaty sections are headed "Illegal Access", "Illegal Interception", and so on.
I don't like the treaty for other reasons, but it's not that stupidly drafted. So remember people, always read the primary sources, and don't get distracted from the main issues, which are (IMHO):
- to what extent governments should compromise your rights in order to prevent or detect crime.
- what constitutes "cybercrime" in any case.
I've always thought that most so-called knowledge workers have about 4 or 5 hours of good concentration in them each day. The rest is spent farting about, not out of laziness, but because you need the social stimulation and distraction for your own well-being and to let your unconscious mind process stuff.
:-)
If you read books on software engineering (Mythical Man Month, Peopleware, Death March Projects) you'll see that the more people work, the less benefit to the company in terms of output there is - more than 1 60 hour week in a row, and you'll be LESS productive than you used to be with 40.
So most overtime, or early arrival and late departure, is in fact symbolic: it acheives nothing for the company. It only proves the devotion of the worker to the company. Worker devotion is not a tradable asset
Everybody recognises this, but no one seems to be able to do anything about it. (Just as managers will sagely nod when someone says "adding more programmers will make a late project later", and then go ahead and put more on anyway.)
The best thing that the young and nerdy audience of Slashdot could do is excercise its collective discretion not to work stupid hours for little benefit. (See http://www.theregister.co.uk/content/1/13813.html for another "High tech labour is scarce" story). Refuse to worship at the altar of the company: take a rational attitude to your life. Unless it's enormous fun, in which case knock yourself out.
1. I'm a Jewish atheist.
2. I have all the stuff I need.
3. I don't need to guilt trip other people into thinking that their love for me is measured by what they buy me.
4. But if you must, I really like fruit cake.
Dunno about whether hiding parts of the system is a problem. MacOS already has hidden directories and files you shouldn't play with, such as the Temporary Items Folder in each directory, or the Desktop DF and DB files. These do not normally lead to maintainability nightmares - the worst problems I ever saw were when "bad" apps revealed them in file dialogue boxes and allowed users to manipulate them.
I'll take HELP over man any day.
man is great for the admin and the programmer; if you are intimate with the guts of the system.
But HELP was comprehensive and aimed at the user.
And DCL - had its own version of command completion (just type as many chars as required to distinguish commands), a basic like syntax, and and all commands had an absolutely regular syntax, unlike Unix commands.
Sometime I miss the old vaxcluster. Usually after I've got the argument order to ln wrong *again*.
It would look like Ruby.
Ruby is written by a Japanese programmer, and to me it looks just like a kinder, gentler perl. If you read the docs comparisons to Perl are frequently made.
I wouldn't know how Japanese as a natural language influenced the Ruby language though.
American ./ readers may be interested in this site:
http://www.knowledge-basket.co.n z/privacy/top.html
People with accounts on lots of services tend to recycle passwords, through laziness or ignorance. So if you can infer from someone's email what other services they use, you have a good chance of taking them over too.
I used to do frontline support at a University - you would be amazed at how many people use the same password for everything.
This is a trojan horse that is conceptually no different to my sending you a perl or bash script as a attachment and fooling you into running it.
Actually, I blame ISPs. And idiot boosterish journalists.
Yup.
I blame people who market the virtues of email, and its ease of use, broadband access, and 24 x 7 connectivity, and fail to educate their user base about elementary security.
You are missing something.
Odd numbered kernels are development kernels, while even numbered ones are "stable".
There are lots of good reasons to use 2.2 series kernels, like not having weird-arsed crashes owing to obscure bugs under heavy load, being more confident that there are fewer unpublicised security holes, yadda yadda.You may not be living dangerously using a 2.3.x kernel, and if you have obscure hardware you might NEED to, and someone has to run them or they won't be properly tested, but sometimes you need the comfort of a stable series kernel.
I wouldn't say that he composed great music for everything neccessarily.
Much of what is striking about his music comes from the fact that he wrote very similar music regardless of the instrument.
Thus, you have things like the Chaconne in the D Minor violin sonata which are essentially polyphonic keyboard music rendered into violin arpeggios. Conversely, you have Back keyboard music that requires enormous dexterity because you're playing something that's easy on a stringed instrument.
I can't think of a specific example, but there are Bach solo concertos that differ only in the choice of the solo instrument - the pair I have in mind is oboe vs violin, which hardly share similar characteristics as far as idiomatic writing go.
Bach's music sits above the orchestration layer. At the time he was writing, people were still expecting that ensembles could and would subsititute voices of approximately the same range regardless of timbre. Hence the figured basses that don't indicate what bass instrument is to play the actual bass line, or which keyboard instrument will realise the continuo.
Bach was good at orchestration, but he really wrote for an Platonic ideal set of voices in the mind. That's why it works well on the Moog.
I don't see any mention of Tux, just Mark Williams.
Interesting. This must mean that Slahdot is read in Redmond. And since this story's only been up for a couple of hours when I looked, is must be read with keen interest.
Yes, Ian Witten and Lloyd Smith at the University of Waikato built one where you can whistle, hum or sing into a Java applet and it would find matching themes. ISTR that it's actually the rhythm that most strongly identifies the theme - everyone can tell that dit-dit-dit-dah is beethoven's 5th Symphony, even stripped of all pitch info. Add contour, andf you're away. It's called Meldoex - Melody index.
p =coltitle for a demo.
The paper they wrote is Smith, Lloyd A., Rodger J. McNab and Ian H. Witten. Sequence-based melodic comparison: a dynamic-programming approach. In Hewlett, Walter B. and Eleanor Selfridge-Field (eds.) Melodic Similarity: Concepts, Procedures, and Applications, Computing in Musicology 11, Chapter 4, 1998, p 101--117.
Check out http://www.nzdl.org/cgi-bin/gwmm?c=meldex&a=page&
Do.
I am very proud of my copy, and it makes great reading in small lumps.
The code is really quite beautiful, and Lions' commentary complements it well. he invites you to consider alternative ways of writing a particular function, and mostly, the original IS best.
The best thing is: it explains the famous comment "You are not expected to understand this".
A former boss had a regular subscription to Gartner Group reports. He would always favour Gartner advice over our own.
:-( - he would be telling us how an NT only world was "inevitable", and pointing to Gartner to back it up. (Remember how anti-Linux Gartner used to be 2 years ago?)
This was especially weird, since we were a small New Zealand university, and about as far away from the environment that these reports were written for as one could imagine.
The underlying problem was that the boss (as bosses will) had lost touch with the technology, and was paranoid that his staff were trying to pull one over on him. Rather than taking the high road - building a workforce he could trust - he took the low road of ignoring their advice in favour Gartner's. Result: poor decisions based on advice that was never really relevant to our circumstances.
While we were building cheap effective linux based solutions that actually worked - see, that mistrust had become justified
Analyst reports have their place as preliminary reading before you do your own research, or as a second opinion. If you don't have time to do you own research, and you haven't hired someon whose judgement you can trust, you are not taking things seriously, and deserve whatever you get.
I remember long ago at University learning that there was no subsitute for primary sources. Secondary sources are only ever there to get you up to speed. Treating secondary sources as though they were reliable was always a recipe for disaster.
Good $DEITY! Are you insane?
Now sacrificing paperclips would be different...
Exactly.
Already, fashion trends start in the criminal classes, and propagate out as the children of the upper classes get a cheap thrill.
It is already a fashion aphorism that to see what the well-dressed woman will be wearing in five years, see what New York streetwalkers are wearing now.
Hats will finally make a comeback...
If you wanted a real life example, this is more or less what Dave Winer (Userland) has been saying.
(Minor point for any fellow New Zealanders - i read a legal opinion recently that said that inspecting employee email violated the Privacy Act, EVEN when the employer provides the email access.)
Strategy one.
Point out that it is impractical to scan encoded attachments, especially if they are images.
Point out that users have no control over incoming unsolicted email. Point out that "unsolicited" is tricky to define.
Point out that filtering on keywords is a doomed enterprise. You won't be getting any mail from Scunthorpe, for a start.
Point out that the resource required to implement monitoring could be better spent in improving the workplace in other ways.
Find out the goal. Is it to prevent people goofing off? Is it to forestall harassment lawsuits? Is it control your bandwidth consumption? In the first case, give people meaningful work to do. In the second, educate the legal people to understand how this is outside the effective control of the company. In the third, bill people for email based on your server logs.
Write a 50 page cost-benefit analysis.
Strategy two:
Agree. Tell them that you'll be happy to start as soon as you have a $FAVOURITE_MEGABUCK_SERVER_PLATFORM to cope with the expected server load. Aim high.
Well, my 60 year old father watches it avidly.
I bought an "Ohmigod they killed Kenny" T Shirt, which he now proudly wears, much to the confusion of his students.
The interesting thing is that I cannot ever recall Dad swearing; he smoothly changes the subject whenever sexuality comes up (you should pardon the expression); and is generally regarded by his peers as an upright and moral citizen.
My theory is that he loathes hypocrisy, and tolerates the crudity in return for the pleasure of seeing the Establishment get shafted. (He's always been a sucker for adult animation though).
Anyway, South Park is nothing on 18th Century authors. Ever read Jonathon Swift? "Cecilia shits?"
Well - it depends. The original poster's context was "a large scale intranet backend".
:-)
My (possibly quite incorrect, I admit) reading between the lines is that it therefore is not that big, or important, and that the main corporate databases livse somewhere else already. So cost may in fact be an important factor. There's other things too: what in-house expertise is there?
I agree that a knee-jerk "Linux, right or wrong" approach is stupid, but you might still be able to build a reasonble case for Linux. So long as we all stick to replying with things we know of ourselves, we can let the original poster make up his own mind.
Anyway, as long as I see management make decisions based on who bought them the best lunch, and which sales droids they trust, I'm not sure that deciding for religious reasons is that bad.
We've got a test Oracle/Linux box here, and are sufficiently impressed that we've ordered a multiprocessor box to build a production system on.
Two things I'd point out are:
- once you have Oraperl built, you have a great quick-and-dirty web interface happening with Apache/mod_perl/DBI (or other OSS web-db interface of your choice). Oracle's own solution (OWS/Developer 2000/PL-SQL )sucks badly cause of rotten performance, plus you don't have the huge range of existing Perl modules (or Python libraries, or PHP scripts, yadda yadda) to draw on. Oh, and when I had to hack apart someone else's OWS based system a few months ago, I discovered that the text editor in Developer 2000 wasn't even as good as Wordpad for finding and replacing. And you have to compile PL SQL. And it is so SLOOOOOW! And if you don't believe me, see Philip Greenspun. Meanwhile, we can now talk to Oracle on our AIX boxes from the Linux box. Yippee! (Did I mention the appalling huge Java applets that won't even run on a Mac JVM, thus obliterating the point of a cross-platform browser-based solution anyway?)
- there seem to be some licensing cost differences for different platforms, ie it's cheaper per seat on lower spec'd hardware. At least it is for us. All other things being equal, Oracle on (commodity?) Intel linux boxen might be a great deal cheaper than proprietary Unix/Risc solutions.
I've noticed several criticisms of the existing GTK docs in the comments posted so far.
I hope that all the people who posted them have communicated them to the authors. In particular, told the authors about:
- typos
- broken cross refs
- unclear examples
OSS documentation (which is notoriously poor) ought to be able to benefit from the same review-rewrite-release strategy as the code.
So, don't just complain (fun though it is to let off steam). Send in corrections.
I notice in the latest GTK tutorial there is an open invitation for contributions. I also notice more than a dozen named contributors.
This is BTW the best way for people who are not ueber-hackers to contribute.