For quite some time, installing PostgreSQL on Windows was either a long and complicated process involving manual creation and configuration of user accounts and manual registration of services or installation of Cygwin. Back in the late nineties and early oughts when MySQL started to gain its mindshare ascendency over PostgreSQL, getting PostgreSQL to run well on Windows was something of a tiresome task. For some of us, the payoff was well worth it. For those looking for a quick and dirty solution, it wasn't worth the hassle.
As a bona fide geek, I'd much rather the world run on TRDBMS (where the T stands for Truly) systems rather than the SQL engines being touted as RDBMS solutions by the big database vendors. But the fact of the matter is that few business applications require a rigorous database schema and enforcement of Relational Integrity so that the results of various queries can be theoretically proven to be correct rather than being merely being tested and passed against use cases. Situations that require this level of rigor do exist. People in those situations will tend to use a more robust database system.
But if you're making a web discussion system or a relatively simple retail site, there is not a pressing need for that depth. And in a world of scarce resources, your time is often more valuable being put to other tasks. Frequently, the money meter is ticking down and the choice is between a quick and dirty solution and no solution. In that case the quick and dirty solution is clearly better. And in many cases, there is no need to expand it beyond what it is. Not all problems for which quick and dirty solutions are possible ever require scaling up into something more refind.
MySQL is all the database that most applications need. Consequently more people use MySQL than PostgreSQL. Most (not all) organizations that need the features of PostgreSQL that MySQL lacks already have Oracle, DB2 or Informix licenses and tend to use those. Not only that but MySQL for a long time was superior to PostgreSQL (lower hardware requirements, faster to configure, higher performance on simple queries when used as a web front end) in very influential markets during the dot com boom. The result is that there are a far larger user base of people with in depth knowledge of MySQL than for PostgreSQL.
Or another way to look at it, for a long time MySQL was the quick and dirty solution. In many IT market segments, the quick and dirty solution is the most attractive solution. Consequently, MySQL is one of the most (if not the most) popular open source database because it was good enough at doing what needed to be done at the right time. From an evolutionary perspective this is all that is needed.
He's a CEO and he spoke to the business side of each question. For example, look at his question about whether MySQL was going to get into the database appliance market. He said point blank that MySQL AB is going to focus on their engine and let others do the integrating of software/hardware. That is a direct, non-nonsense answer.
Further, many of the questions were very poorly formed, especially in light of the fact that they were being directed to someone running a business rather than writing code. For example, the question of whether databases will be deprecated in favor of file systems. From a business perspective that is a meaningless question as the functionality remains the same. It makes no difference to a company like MySQL whether they're selling their engine as a MySQL DB or MySQL FS. He even hinted at the lack of differentiation in his answer that of course the fs folks say that the db will go away but we see it as the fs going away. If the fs and db merge then it follows that db vendors become fs vendors and vice versa. Its not really a very interesting question from the business perspective other than it puts competitors from two separate market segments where they are notin competition with into a new market segment where they are in competition with each other.
Operating systems are appliances for running other programs. If those other programs require the operating system to be logged in as root, then for all practical purposes the operating system must be running as root. If the operating system is insecure when running as root, that is the fault of the operating system vendor, not the application vendor. Further, the operating system vendor can put a good deal of pressure on applications vendors to avoid this behavior. I dunno if Quickbook qualifies for the Designed for Windows XP logo, but if it does and it still exhibits such bad behavior, this is Microsoft's fault and is illustrative of the quality of their standards.
It may be a fact that my disk driver will eventually fail. But whether or not my disk will fail while it is still in use by me is an unknown. Which is why risk management strategies (of which data backups are a portion) should be implemented based on the probability and cost of various classes of failure.
Saying that all data you want to keep must be backed up is a vast (and harmful) oversimplification. It's the type of simplification that makes a person come off as a raving lunatic and tends to drive people away. A much better approach is simply to get people to think about the factors involved. How much time would it take you to rebuild all of the data on your hard disk? Given that x% of hard disks fail over n years, what is the likelihood that you will need to rebuild your data in the expected lifetime of your computer? Give most people a hard number and they can judge for themselves whether or not backing up is worth it to them.
There is a good deal of software (Quickbooks is the pre-eminent example) which are practically impossible to install and use without Admin privs. Technically, you can do it by granting permission to each of the obscure registry keys that QB needs access to, but unless you've got an extremely knowledgable and patient IT guru willing to blow hours on each workstation that needs the software, it ain't going to happen. If only Quickbooks were the only piece of software like this!
But that is neither here nor there. The point is that physical security trumps all. The point I was answering seemed to be claiming that an Administrative password somehow increases security at the local layer. At a practical level, it might deter the 5% of people who want administrative access and aren't familar with how to get it without knowing the password for an administrative account.
1. Boot to single user mode at lilo or whatever boot manager is being used.
2. Boot from an external device.
3. Replace the harddrive.
Unless the existing disk in cryptographically secure and/or the machine is physically built with security in mine (locked case, password on the bios, etc.) physical access gives the user everything they need.
I type sudo on my Mac and the system asks for a password. I hit enter and it tells me that the password is invalid. Why? Because sudo doesn't work like that. It asks for the password of the user account calling the sudo, not the root password.
Also, the last time I installed Ubuntu, the default setup was to not use a root password.
You're assuming, probably fallaciously, that Vista is not going to be similarly structured.
Physical access to a machine already gives a local attacker everything they need to change the admin password. If it's a Linux box, it's simply a matter of booting into single user mode. If it's a Windows box, it's simply a matter of using any of half a dozen freely available utilities.
But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.
The overwhelming majority of Windows code is VB. Sure, there is quite a bit of C++, but I'd bet the amount of C code alone rivals, if not surpasses, the amount of C++ Windows code.
That is quite the old wive's tale that wasn't even true when it was much more common twenty years ago or so. The last C++ code I touched was a multi-tiered billing system engineered to run on Unix and only on Unix. Not to mention that all the large Unix vendors have been on board C++ for quite some time. IIRC the STL, as but one example, was built almost entirely work by SGI and HP.
When asked about the their favorite book on programming, Linus spent a full paragraph explaining why K&R's/The C Programming Language/ is so impressive while Strousoup reply merely said `K&R.' I'll leave it as an exercise for the reader which of these answers shows a better understanding of C.
I also find it interesting that K&R is the only book mentioned by more than one responder.
Billing systems are heavy on not only customized coding, but also on configuration. Back when I worked for a telecom billing provider I couldn't tell you how many times I made absolutely clear to our clients that they were shooting themselves in the foot with the way that they wanted to configure the system only to have them refuse to change course.
For some odd reason once it became Y2K, Convergys wanted to change the name of their flagship PCS billing software from Precedent 2000 to something else. I wouldn't be surprised if Atlys was still around, but when I left Convergys in Jan of 2004 it was supposed to be integrated into their brand new superstructure (I want to say Catalyst, but that can't be right) of which I cannot remember the name. Except for pieces of Atlys that could be canabalized for the new system, Atlys was destined to be shortly retired. The actual billing portion was supposed to be based on the Geneva engine that Convergys ended up with through an acquisition. Of course, that was over two and half years ago when I left. Plans may very well be behind schedule or have been changed entirely.
But what most people don't understand is that (at least in the past, and I'm assuming this is still the case in the present) is that most phone companies (mobile or otherwise) have a conglomerate structure where each region largely makes it's own decisions. One region may very well decide to use different software than another. If a region is gained through acquisition, they are usually only converted to another billing system if a business case can be made that doing so will reduce costs. Hence, the large providers tend use multiple software vendors and sometimes even when they use the same vendor across the board, they have the system partitioned so that each region is run independently.
Most modern billing systems are tied into collections systems. Most collections systems allow the firm to schedule treatments in any order they want. It sounds to me like the way the situation is described that someone on Sprint's end scheduled financially writing off the account (don't send further payment) a few days prior to disconnecting the mobile unit for non-payment. In theory, this should be fine. At the point that the customer gets the notice, it's already too late to pay. In practice, the firm may have worded the form letter very poorly and may not have placed a prominent message on the account to clue in the CSR when the customer called. For a CSR that doesn't look closely, the account would have looked fine as it would have had a zero balance since it was already written off.
Disclaimer: I used to work on the Collections back end for the software Sprint used to use for their PCS billing. I don't know if Sprint Mobile is still using the same billing software as they were back in 2000 when I last supported the Sprint business unit at my former employer.
I don't know if it is still the case, but it used to be the case (at least in Ohio) that if you put in any sort of power generating device and hooked it up to the grid, the local power company had to buy your excess power. Back in the eighties my father looked into this because (at the time) federal and local governments were subsidizing up to 90% of the cost through tax credits.
Set top devices are notorious for power drain
on
How the Wii Was Born
·
· Score: 1
For the past few generations, DVD players, VCRs, Stereos and Televisions have been notorious for power drains when turned ``off''. With the exception of high end items, most of these appliances are not being engineered with being green in mind. Instead they're designed with instant gratification in mind and keep things charged up so as to be ``instand on'' when the remote gets hit.
Just last month I was telling my teenaged daughter that there is no reasonable expectation of privacy on the internet. Every IM and every email are like sending postcards that anyone between her and the recipient can read. Consequently, she shouldn't ever put anything in either that she would be embarassed by if it showed up in the newspaper. If she wants privacy, she needs to use a medium that can provide that. The internet ain't it.
But compared to Islam, Judaism, Hinduism, Sikhism, Taoism, various ancestral Asiatic religions and the rest of the religions of the world, this is a minority stance.
Also, nowhere in my previous post did I say that Jesus condoned warfare. My point was that faith, according to the Gospel, says nothing about whether you should use reason. The whole point of Jesus' parable was that people/ought/ to use their heads.
Machiavelli opined in/The Prince/ that an unarmed prophet was no prophet at all. And in fact, Christianity (which Machiavelli implicitly condemened with his observation) is rather exceptional in the marketplace of religions in this aspect. Most of the world's major religions have major figures that were also great warriors. And even within Christianity, Jesus Christ himself is quoted in the Gospels that a king going to war estimates the size and power of enemy armies and sues for peace if his resources are insufficient for the task at hand. I don't see any prima facie disconnect between nuclear weapons programs when your enemies have such and having faith.
I visited the Udvar-Hazy Center when I stopped by northern VA to visit an aunt of mine while I was out in DC. The SR71 was back on display. They've been grounded for quite some time.
Slashdot Mirror
For quite some time, installing PostgreSQL on Windows was either a long and complicated process involving manual creation and configuration of user accounts and manual registration of services or installation of Cygwin. Back in the late nineties and early oughts when MySQL started to gain its mindshare ascendency over PostgreSQL, getting PostgreSQL to run well on Windows was something of a tiresome task. For some of us, the payoff was well worth it. For those looking for a quick and dirty solution, it wasn't worth the hassle.
As a bona fide geek, I'd much rather the world run on TRDBMS (where the T stands for Truly) systems rather than the SQL engines being touted as RDBMS solutions by the big database vendors. But the fact of the matter is that few business applications require a rigorous database schema and enforcement of Relational Integrity so that the results of various queries can be theoretically proven to be correct rather than being merely being tested and passed against use cases. Situations that require this level of rigor do exist. People in those situations will tend to use a more robust database system.
But if you're making a web discussion system or a relatively simple retail site, there is not a pressing need for that depth. And in a world of scarce resources, your time is often more valuable being put to other tasks. Frequently, the money meter is ticking down and the choice is between a quick and dirty solution and no solution. In that case the quick and dirty solution is clearly better. And in many cases, there is no need to expand it beyond what it is. Not all problems for which quick and dirty solutions are possible ever require scaling up into something more refind.
MySQL is all the database that most applications need. Consequently more people use MySQL than PostgreSQL. Most (not all) organizations that need the features of PostgreSQL that MySQL lacks already have Oracle, DB2 or Informix licenses and tend to use those. Not only that but MySQL for a long time was superior to PostgreSQL (lower hardware requirements, faster to configure, higher performance on simple queries when used as a web front end) in very influential markets during the dot com boom. The result is that there are a far larger user base of people with in depth knowledge of MySQL than for PostgreSQL.
Or another way to look at it, for a long time MySQL was the quick and dirty solution. In many IT market segments, the quick and dirty solution is the most attractive solution. Consequently, MySQL is one of the most (if not the most) popular open source database because it was good enough at doing what needed to be done at the right time. From an evolutionary perspective this is all that is needed.
He's a CEO and he spoke to the business side of each question. For example, look at his question about whether MySQL was going to get into the database appliance market. He said point blank that MySQL AB is going to focus on their engine and let others do the integrating of software/hardware. That is a direct, non-nonsense answer.
Further, many of the questions were very poorly formed, especially in light of the fact that they were being directed to someone running a business rather than writing code. For example, the question of whether databases will be deprecated in favor of file systems. From a business perspective that is a meaningless question as the functionality remains the same. It makes no difference to a company like MySQL whether they're selling their engine as a MySQL DB or MySQL FS. He even hinted at the lack of differentiation in his answer that of course the fs folks say that the db will go away but we see it as the fs going away. If the fs and db merge then it follows that db vendors become fs vendors and vice versa. Its not really a very interesting question from the business perspective other than it puts competitors from two separate market segments where they are notin competition with into a new market segment where they are in competition with each other.
... at a job interview. Been plenty of times where I've been asked about MySQL. I don't think there is any danger of MySQL not having a market.
Just do a search on Monster. 101 job hits come up on Postgres. 3 job hits come up on SQLite. Thousands of hits come up when searching for MySQL.
Operating systems are appliances for running other programs. If those other programs require the operating system to be logged in as root, then for all practical purposes the operating system must be running as root. If the operating system is insecure when running as root, that is the fault of the operating system vendor, not the application vendor. Further, the operating system vendor can put a good deal of pressure on applications vendors to avoid this behavior. I dunno if Quickbook qualifies for the Designed for Windows XP logo, but if it does and it still exhibits such bad behavior, this is Microsoft's fault and is illustrative of the quality of their standards.
Saying that all data you want to keep must be backed up is a vast (and harmful) oversimplification. It's the type of simplification that makes a person come off as a raving lunatic and tends to drive people away. A much better approach is simply to get people to think about the factors involved. How much time would it take you to rebuild all of the data on your hard disk? Given that x% of hard disks fail over n years, what is the likelihood that you will need to rebuild your data in the expected lifetime of your computer? Give most people a hard number and they can judge for themselves whether or not backing up is worth it to them.
There is a good deal of software (Quickbooks is the pre-eminent example) which are practically impossible to install and use without Admin privs. Technically, you can do it by granting permission to each of the obscure registry keys that QB needs access to, but unless you've got an extremely knowledgable and patient IT guru willing to blow hours on each workstation that needs the software, it ain't going to happen. If only Quickbooks were the only piece of software like this!
But that is neither here nor there. The point is that physical security trumps all. The point I was answering seemed to be claiming that an Administrative password somehow increases security at the local layer. At a practical level, it might deter the 5% of people who want administrative access and aren't familar with how to get it without knowing the password for an administrative account.
2. Boot from an external device.
3. Replace the harddrive.
Unless the existing disk in cryptographically secure and/or the machine is physically built with security in mine (locked case, password on the bios, etc.) physical access gives the user everything they need.
Also, the last time I installed Ubuntu, the default setup was to not use a root password.
You're assuming, probably fallaciously, that Vista is not going to be similarly structured.
But if there is no admin password, the server cannot authenticate the Administrator account from across the network. This essentially means that by default Administrator is a physical access only account. I don't see how that is startling insecure. In fact, it's a step in the right direction.
By a single word, even?
The overwhelming majority of Windows code is VB. Sure, there is quite a bit of C++, but I'd bet the amount of C code alone rivals, if not surpasses, the amount of C++ Windows code.
That is quite the old wive's tale that wasn't even true when it was much more common twenty years ago or so. The last C++ code I touched was a multi-tiered billing system engineered to run on Unix and only on Unix. Not to mention that all the large Unix vendors have been on board C++ for quite some time. IIRC the STL, as but one example, was built almost entirely work by SGI and HP.
I also find it interesting that K&R is the only book mentioned by more than one responder.
Billing systems are heavy on not only customized coding, but also on configuration. Back when I worked for a telecom billing provider I couldn't tell you how many times I made absolutely clear to our clients that they were shooting themselves in the foot with the way that they wanted to configure the system only to have them refuse to change course.
For some odd reason once it became Y2K, Convergys wanted to change the name of their flagship PCS billing software from Precedent 2000 to something else. I wouldn't be surprised if Atlys was still around, but when I left Convergys in Jan of 2004 it was supposed to be integrated into their brand new superstructure (I want to say Catalyst, but that can't be right) of which I cannot remember the name. Except for pieces of Atlys that could be canabalized for the new system, Atlys was destined to be shortly retired. The actual billing portion was supposed to be based on the Geneva engine that Convergys ended up with through an acquisition. Of course, that was over two and half years ago when I left. Plans may very well be behind schedule or have been changed entirely.
But what most people don't understand is that (at least in the past, and I'm assuming this is still the case in the present) is that most phone companies (mobile or otherwise) have a conglomerate structure where each region largely makes it's own decisions. One region may very well decide to use different software than another. If a region is gained through acquisition, they are usually only converted to another billing system if a business case can be made that doing so will reduce costs. Hence, the large providers tend use multiple software vendors and sometimes even when they use the same vendor across the board, they have the system partitioned so that each region is run independently.
Disclaimer: I used to work on the Collections back end for the software Sprint used to use for their PCS billing. I don't know if Sprint Mobile is still using the same billing software as they were back in 2000 when I last supported the Sprint business unit at my former employer.
I don't know if it is still the case, but it used to be the case (at least in Ohio) that if you put in any sort of power generating device and hooked it up to the grid, the local power company had to buy your excess power. Back in the eighties my father looked into this because (at the time) federal and local governments were subsidizing up to 90% of the cost through tax credits.
For the past few generations, DVD players, VCRs, Stereos and Televisions have been notorious for power drains when turned ``off''. With the exception of high end items, most of these appliances are not being engineered with being green in mind. Instead they're designed with instant gratification in mind and keep things charged up so as to be ``instand on'' when the remote gets hit.
Just last month I was telling my teenaged daughter that there is no reasonable expectation of privacy on the internet. Every IM and every email are like sending postcards that anyone between her and the recipient can read. Consequently, she shouldn't ever put anything in either that she would be embarassed by if it showed up in the newspaper. If she wants privacy, she needs to use a medium that can provide that. The internet ain't it.
But compared to Islam, Judaism, Hinduism, Sikhism, Taoism, various ancestral Asiatic religions and the rest of the religions of the world, this is a minority stance.
/ought/ to use their heads.
Also, nowhere in my previous post did I say that Jesus condoned warfare. My point was that faith, according to the Gospel, says nothing about whether you should use reason. The whole point of Jesus' parable was that people
Machiavelli opined in /The Prince/ that an unarmed prophet was no prophet at all. And in fact, Christianity (which Machiavelli implicitly condemened with his observation) is rather exceptional in the marketplace of religions in this aspect. Most of the world's major religions have major figures that were also great warriors. And even within Christianity, Jesus Christ himself is quoted in the Gospels that a king going to war estimates the size and power of enemy armies and sues for peace if his resources are insufficient for the task at hand. I don't see any prima facie disconnect between nuclear weapons programs when your enemies have such and having faith.
I visited the Udvar-Hazy Center when I stopped by northern VA to visit an aunt of mine while I was out in DC. The SR71 was back on display. They've been grounded for quite some time.