You are letting your ideas about life replace actual experience. You don't see how it can be a particular way and thus you argue that it is, in fact, not that way. The fact that you could even argue that hiring is random exhibits a complete disconnect from the actual process. You obviously have never done hiring, and I'm thinking that you may not even have been hired. It isn't even remotely a random process.
Pay attention to the other posters in the thread who have real life experience. Learn from them. Don't argue out your ass about things on which you have no clue.:-)
Redhat dominates the Linux market. This affects a LOT of/. readers. (obviously not all/. readers use linux, and not all linuxers use redhat, but the population is still going to be quite large.)
As well, I think politically it's probably a good idea to be public about this kind of bug. Linux has a rep of being extremely reliable. I, for one, would like to keep it that way, and bugs that affect reliability thus NEED TO BE very embarassing events. Trying to suppress this kind of news may make Linux APPEAR more reliable but actually BE less reliable -- a lose-lose situation for sure.
After all, if Sendmail suddenly started crashing every two weeks, the community would be justifiably furious about it. I don't think it's unreasonable to hold Redhat to a similar standard. They have an enormous advantage over Microsoft by packaging all the Open Source stuff instead of writing it themselves. Seems to me that expecting really good QA on their internally-written software is quite reasonable.
You can bet that if Microsoft had released Win2K with a bug that took it down after two weeks it would have made national news. And Slashdot.:-)
You may not have been in the work environment for very long.:-)
Let me assure you: in very static businesses, like insurance and the phone company (which is what Dilbert is based on), this kind of idiocy is ROUTINE. It is the NORMAL way of doing things. It's exaggerated a bit for effect, but Dilbert is based on truth. No individual company could have ALL the things wrong with it that Dilbert's does and survive -- but almost any individual company could have one or two of them and still make it.
Static companies don't attract much talent, and incompetent people hire incompetent subordinates, and as the incompetence is gradually promoted within an organization, eventually most of the organization becomes incompetent. This is a first-order extension of the Peter Principle, which you should go look up if you haven't heard of it.
The fact that you can disbelieve Dilbert means that you have been very lucky indeed in your working life, and I hope you continue to have that kind of success.
There have been LOTS of problems with AMD chips. Actually, more precisely, the problems have mostly been with the chipsets, which AMD themselves didn't want to make -- they were really hoping the third-party market would do that for them, but nobody stepped up to bat with a really good chipset for the Athlon until very recently.
Quite some time before the Athlon came out, I myself bought a K6-2/300 (which I still have, happily chugging away as a Linux server) and had all kinds of hassles with the Aladdin V chipset and various and sundry cards. I eventually ended up buying a BX-chipset board instead, and was much much happier with it. Even now Linux doesn't run as well as it should, as it doesn't seem to have any support for that IDE chipset and leaves all the drives in non-DMA mode. It doesn't do much work so that's okay for me, but it's a bit annoying.
With Athlon machines, the biggest problem was simply inadequate power supplies. Those chips suck power like nothing else before them (I think the new P4 will suck even more!) and if you put a nice fast GeForce DDR (another power hog) in there, many motherboards and/or power supplies were simply overwhelmed by the demand. Your purchase of that PCPAC power supply was probably the best money you spent in that machine, and may have saved you lots of trouble.
There have also been AGP driver issues with some of the Athlon chipsets, though I haven't yet owned one and don't know the details. I CAN tell you that the compatibility problems have been severe enough that I held off buying an Athlon. It sounds like the KT133 chipset has it pretty well together, finally, but I will probably hold out a bit longer and go SMP when those ship. I haven't done an SMP machine yet for myself, though I have wanted to for a long time.
Oh, another thought: it sounds like you had pretty good luck with your system, but remember that you weren't running fast 3-d graphics and/or Win9X either -- video drivers have been especially problematic. You were running against 'old' standards that are very well documented and easily testable. A lot of people are buying Athlons to game with, and gaming taxes a system harder than almost anything else you can do with it. AGP appears to be something of an evolving standard, too, so there are all sorts of niggling little details that differ from chipset to chipset, and can cause weird behavior that you would never see on a BSD-based server.
Except that our present system amounts to indentured slavery. They can import people, pay them WAY under market and abuse them horribly by requiring ridiculous hours. Why?
Because H-1B people lack the fundamental freedom to vote with their feet. They can't change jobs. THIS is why corporations are so hot and sweaty about the labor shortage. They mean there is a shortage of labor they can exploit unfairly.
Put them on the same terms as anyone else -- ie, they can go anywhere they like, work for anyone they want -- while they're here and I'm all in favor of unlimited visas. People are a country's best resource, and I'm not afraid to compete toe to toe with anyone from anywhere -- as long as the contest is fair.
If the slaves, er, H-1B visa people are set free and the corporations STILL gripe about a shortage, then let's raise the cap. As is, a huge chunk of the labor isn't free to move around... so of COURSE there is a labor shortage. Duh.
There are definitely good points to it, but the character interaction is weak and the 'puzzles' are really stupid -- they mostly consist of finding the right switch panel and pressing it. Oooh, that took brainpower. And most of the battles have been pretty repetitive.
I am presently in a level that has a really massive, huge fight, and it's fun but frustrating. If you're into lots of Star-Trek style shooting of bad guys, you might like this one.
On the whole I thought Deus Ex was a much, much better game. Star Trek is flashy. Deus Ex uses sort of a creaky engine that isn't nearly as fast and doesn't look as good, but the story is vastly better and the situations and puzzles a lot more interesting.
I think all of Star Trek has gotten that way -- most of it is plastic and cardboard, with very little substance to it. "Quick, hand me the spanning phase-inductance tool, the transmudiating resistance coil is out of alignment!"
Blech.
Oh, one caveat: I have played both games only single-player. I haven't done multiplayer with either.
Red Hat is one of the best companies I've ever seen in terms of not taking advantage of anyone. They really and truly do have their customers' best interests at heart, and I think for that reason alone they will ultimately be wildly successful.
The conspiracy theories are just flat unlikely. It's a HELL of a lot more probable that they stopped supporting the platform because there were about 12 downloads of Sparc Redhat, and those were all the mirror sites.
It's not a popular platform for Linux. Aren't they being smart by re-allocationg their Sparc guys to some other project that will benefit more people?
We have a lot of Solaris machines where I work. The main UNIX guy gave an old pizza box to another one of the IS team to learn about it. He had a hell of a time getting Solaris installed on it.
So I suggested Linux. The UNIX guy overheard that and said that he would take the box back if the guy wanted to run Linux on it. "If you want a linux box, use a PC, that's what it's for."
With that kind of attitude, it's no big wonder that they're not selling very many.
I just finished an incredibly good game that was every bit as rich and involving as any of the old text adventures. It's called 'The Longest Journey'. You can't get it directly in the United States, you have to import it from Europe. (apparently no distributor in the States wants to pick it up, which is STUPID -- this is the best adventure game I've played in years, probably better than Grim Fandango.)
Caveat: it starts pretty slow. The first ten hours or so (this is a LONG adventure) are interesting but won't leap out at you. But if you stick with it, it becomes just amazing further in. It's a shame there's not more wow factor early on.
I imported mine from www.softwarefirst.com. It ended up costing a bit less than $40 including shipping, and I got it about a week after I ordered. They'll tell you the price in pounds, and your credit card company will convert it to $ for you automatically. It was every bit as easy as ordering from a US-based dealer, with the sole exception that you'll only know your final price to within about 50 cents until you get your bill.
It's not just 'as good as' the text adventure games. It's BETTER. And I've played all the Infocoms and a good chunk of the freeware ones up 'til about last year. I speak from experience. Highly recommended.
The Longest Journey is probably the finest example yet of what storytelling on a computer can be like.
Holy cow. My first kernel took about 8 hours as I recall, on a 386-16 with 4MB. I was struggling with signal 11s the whole time, too -- the motherboard was fine in DOS, but flaky in 32-bit mode. I'd have to restart the whole process every half-hour or so.
Damn, what a difference. 8 hours (or 10 in your case) versus 20 seconds. Shit, you wouldn't even have time to go get a cup of coffee anymnre. Used to be you had time for a beach trip.
Down with enhanced productivity!:)
Oh, just occurred to me -- the kernel I was compiling was in the.90 series. I think Linux has grown just a wee bit since then. I bet it would take 15+ hours for a modern kernel on that old machine. No way to know, though -- I gave that machine away long ago.
The best card I ever bought was a Millenium 1. I am still using it in my OpenBSD box. I spent nearly $500 on it -- back when I didn't have much money -- and I used that card steadily for probably three years. When I bought it, it was the fastest DOS VGA card you could buy, and also was damn fast in Windows. 3-D acceleration hadn't even been thought of yet.
I haven't been afraid since to spend a lot of money on a video card, but I'm starting to re-evaluate that a bit. NVidia is moving SO fast with their cards that it's getting foolish to try to buy their top-of-the-line; in six months it will be half-assed at best. It has let them gain a lot of ground but it sure does shorten the life cycle of gfx cards.:(
There's an upside to all the progress too, of course. I downloaded and ran that XL-R8R utility. Pardon my language, but F*CK that is am impressive demo. I remember the old Amiga demo scene -- those guys would have (and probably still will) shit their pants when they saw that. I wouldn't have believed it could be done live until I saw it. I figured graphics like that were another two or three years out -- WRONG. Wow. Recommended. (www.madonion.com)
The proto-geek line was intended as humor, not to be taken all that seriously. I just happen to find that image particularly amusing.:-)
Most Geek Houses are assembled one piece at a time. If you continue to live with net-savvy people, you'll get there. Look back on this conversation in 5 years -- I bet your house by then is fully wireless, remote-controllable, and only gets hacked into once or twice a week. ("God dammit, who made coffee at 3AM AGAIN?"):-)
Sounds like you have an embryonic Geek House -- perhaps that means you qualify as proto-geeks.:-)
I think the Real Deal has at least one (preferably about four) cat5 drops in every room and at least a small networking closet. A well-funded Geek House would have a switch as a network backbone, a good-quality firewall that does NAT/PAT, local WINS, DHCP, and DNS servers (can all be on the same box of course) and some sort of high speed connection to the outside world. It would also have a server with installation programs for all the house network games.
Target functionality: any geek can walk in, wire his computer in using DHCP, and be off and running. No CDs or other admin attention required. This allows you to throw impromptu LAN parties, a staple in any modern geek house.
If you have a house full of college-age geeks, you may also want to have a fridge with plentiful alchoholic beverages. But geeks of all ages will appreciate a good stock of liquid caffeine-infusion mechanisms. Coffee is relatively inexpensive but usually doesn't go over with the under-18 crowd. Colas work for almost any guest. If you have an extremely well-heeled geek house, you can even provide munchies, but this will impact the pocketbook nearly as much as a bad computer-games habit.
It is generally a good idea to have maid service, too.:-)
Your fundamental goal -- allowing anonymous, untracked internet usage, while simultaneously being *absolutely sure* that unauthorized data isn't getting out -- is impossible.
The traditional method of access control in this sort of circumstance is a proxy-style firewall. However, I don't know of any proxy firewalls that can inspect for specific content. They can check for correctness of protocol data, but I don't know of any way to set off klaxons and call the police if the user manages to embed today's secret word in an HTTP:// request.
You definitely can't use packet-level firewalls for this purpose, even stateful inspection ones, because users can bury any data they want in traffic bound for, say, port 80. It doesn't have to be just HTTP. Packet-level firewalls just work on port pairings. Example: if I were ever in a network that refused me access to my home machine, I'd probably just tunnel through port 80, which is open 90% of the time. A proxy firewall would stop that: a packet firewall will not.
It might be possible to custom-code an outbound content filter into an open-source proxy like Squid. Squid isn't a firewall, so you'd probably have to dual-home your Squid box (to make it the only way out) and then have a firewall between it and the outside.
Even at that level, it would still be possible to sneak things out. Almost any system that allows two-way communication can have arbitrary data inserted into the data stream in a way that is very inobvious to even a savvy network admin. Just a few days ago I saw a method to tunnel IP networking over DNS requests. (seriously). I think it was probably posted here on/. if you're interested. Good luck catching THAT with a sniffer.:-)
What this all boils down to is this: if you allow any form of two-way communication into your network, then employees can get data out. Period. And there's no way you can know what it is without extensive and highly sophisticated pattern analysis.
If the data is really sensitive, you might consider the old 'air gap' solution; have a private network that isn't connected to the outside in ANY WAY, and then an external network that employees use on a day-to-day basis. If you put that network on a hub, or on a switch that supports port mirroring, you should be able to monitor all traffic on that private network (assuming you don't exceed, in aggregate, the bandwidth on your monitoring port if you're switch-based) and ensure that no foreign MAC addresses show up on the network, and that all the traffic stays local. You can't, of course, control what users do with things like floppy disks. However, having the separate high-security network will let you monitor intensely enough to be aware that a given employee is accessing data they don't normally need access to. At least, it can do that if you're willing to put the effort into writing/customizing the monitoring tools. Definitely a non-trivial effort.
If you can't build two networks, then you probably shouldn't even bother monitoring. It won't do you any good. Anyone out there with a real clue will waltz right past any protections you might set up.
David Gerrold did a very interesting science fiction book five or six years ago. It was called Earth, and concerned itself with reality 50 years in the future. (He pointed out at the time that this is the very hardest kind of SF to write, because a large chunk of your audience will be around to see if it happens!)
He posited a very Net-centric society with most everyone running very heavy filters to extract the data that interested them. Gerrold was obviously worried about this; the protagonist wrote a virus that would simply mess with people's filters a little. It would start letting in a worldview that they wouldn't ordinarily subscribe to. It was designed to shake them up a little without being overtly destructive. It helped keep people from going completely insular and stale.
I can see a couple of strong parallels here, and I don't think this has crossed very many people's minds. We already know about the obvious abuses: if they really knew what people watched, it would be fairly easy to determine a good chunk of the potentially-rebellious population simply by accessing their viewing records. Folks who watch a lot of TV Nation and Discovery Channel are not likely to be nearly as malleable as the Millionaire crowd.
Right, you knew that. But I think there's a more subtle danger here. In essence, by targeting you with personalized ads and, presumably, actual programs, aren't they able to manipulate your worldview to an astonishing degree? Wouldn't they be able to sort of bury you into a feedback loop? IE, if you are paranoid, feed you programs to fuel your paranoia and extract more money from you for bomb shelter supplies?
I don't think this is possible, I think this is INEVITABLE. They're going to do whatever they can to extract as much money from you as possible. Telling you the truth is not on the agenda. If lying to you extracts more cash from you, that is the right thing to do from the perspective of the stockholders.
Personally, I do NOT NOT NOT like the fact that ANYONE can control what I see but me. I'm unwilling to surrender that much of my choice. Admittedly there is already a great deal of manipulation going on in the media (if you don't think so, go read some foreign newspapers -- you'll be AMAZED at what you don't hear about here.) But TiVO is going from the subtle and indirect to the obvious and blatant.
I worry, as did Gerrold, about the feedback loops in self-referential reinforcing programs and behavior. That way leads to madness -- literally. As a culture we are already nuts, bonkers, crazy as loons. Individual people I know are almost always quite sane and reasonable, but in a group we believe in Life as Seen On Television, generally don't question what's on the tube. We cherish and embrace simulated homicide as light entertainment before dinner, and pay no attention whatsoever to state-sanctioned executions or the fact that we have a higher percentage of our population in prison than any other First World country.
We're already nutty as fruitcakes, as a group. What are we going to do when they can control what we see directly? Do we go mad one by one instead?
Come on, what about all the custom apps everyone writes internally in their companies? In many cases, they have a much larger investment in those apps than they do in commercial ones.
70,000 apps? It wouldn't shock me if there were seventy million.
Chances are very good that Windows will still be around in some form well after everyone reading this is dead.
can hold the opinion it does. It simply doesn't make sense to me.
I don't see the fundamental difference between publishing source code and publishing, say, a recipe for cookies. They are both simply lists of instructions. The computer code CAN BE executed by a machine at high speed, but it does not HAVE TO BE -- I can execute source code with pencil and paper. Machines aren't too good at running cookie recipes yet, but that's coming.
If I were to extrapolate from this ruling, couldn't it be declared illegal to publish instructions on how to open a safe? There could certainly be both legitimate and illegal uses for the information. It seems obvious to me that I could host safe-cracking instructions, er, safely. People might not LIKE THEM (or me) very much for publishing them but I don't think anyone could argue that A) I had to take the instructions down, or B) that I was liable for someone else using the instructions to commit a theft. Is this a correct interpretation of the law in this country?
If this is the case, let's say a new brand of safe-cracking robot was released onto the market, programmable in a particular machine-readable language -- let's call it UnSafe. If I then rewrote my English instructions into UnSafe format and published those, am I not suddenly treading on the DMCA, and couldn't I now be sued?
And what do we do when computers gain the ability to read ordinary English instructions? I'm betting we see rudimentary forms of this within 10-12 years. Will that mean we are no longer able to talk about bypassing security at all, in any way, shape, or form?
I can jump in here and say that OpenBSD (and, I presume, the Net and Free varieties of same) has a MUCH better firewall setup than Linux does.
Linux's firewalling is 'stateless'. That is, it works on a packet-by-packet basis. Each packet is treated independently of every other packet. It's easy to do things like 'block all requests from anyone except X.X.X.X on port X.X.X.X", but it's quite difficult to do things like 'let me call out on HTTP, but don't let other people call IN on that same port.' You can sort of simulate this by using all sorts of tricky rules disallowing packets with various combinations of SYN/ACK/FIN/RST to particular ports, but you end up leaving holes that savvy attackers can see through.
OpenBSD's ipfw and ipnat packages are wonderful in comparison. The rules are quite simple and straightforward. 'pass' rules are also stateful (for tcp/udp and icmp) with the simple keyword 'keep state'. This lets you block incoming HTTP and allow outgoing without any of the trickery you have to do on a Linux box, and without leaving holes open.
I got a nicely tight firewall and NAT environment set up in a couple of hours, and I could have done it faster if I had done it before. Total elapsed time from a naked box to a fully functional firewall, DNS, NAT, and DHCP server was about eight hours.
I think the 2.4 netfilter code in Linux may offer similar functionality (probably even better, as packages tend to leapfrog one another), but I can tell you that OpenBSD utterly and absolutely destroys Linux 2.2 on this particular front.
Bringing this back to some relevancy to the original question: strikes me that there are two major ways of solving the problem. The first would be by running the Linux firewall package on the same machine, and preventing connections to those ports from machines other than 127.0.0.1. Simple rules would probably be okay, as he probably won't want to connect OUT on those ports either. A better solution would be a standalone firewall machine running NAT, and I would suggest that anyone considering this sort of a setup check out the BSDs.
I imagine FreeBSD would be best if you were planning to also use that server as a desktop. NetBSD would be useful if you had a strange machine to use for a firewall. But if, like me, you had an old moldy box just gathering dust, and don't plan to use it for anything BUT a server, OpenBSD is nicely tuned to do exactly this job.
it would already have been done and you could buy a solution that works.
The fact that you can't buy a solution that actually works means that the problem is hard. There are a number of companies with significant numbers of programmers on staff, all competing in this market, and NONE of their solutions work well. They are all hype and fluff, not solid delivery.
While it is certainly possible for an individual to have a great idea and change the rules, barring some stroke of genius you simply cannot do what you want to do. You will miss bad sites and you will block good ones.
This has nothing to do with ideals. This is based purely on the fact that filtering DOES NOT WORK. It cannot be done reliably. Language is too complex. And I guarantee you that any reasonably savvy kid is going to slice right through any protections you devise.
Try posting a sign: "Don't view material through this server that is unsuitable for children under the age of X" -- you can get a statement from your management on what X should be. Bar people permanently for abusing their privileges.
You cannot solve this problem technically. You will have to do it socially.
Don't you actually read the articles you post about? It spells out as clear as day that the new game will be set before Episode 1.
I would expect this sort of goof from a junior staffer, not one of the senior people. Shame on you! I don't think it's too much to ask that you read and really understand an article before you post a synopsis/blurb about it.
This isn't a major crime, but it is sloppy as hell and symptomatic of what is ailing/. -- lack of attention from the senior people. You can't expect quality journalism from your staff if you don't even take the time to do it yourself.:(
You mean people are getting free software for free?!?! Oh, the shame of it. This had better be stopped, and quick. Throw those scumsucking reviewers in the slammer.
Next time, buddy, you better PAY FOR your free software before you review it!
I think Delphi Pro lists at about $500 (that's around what I paid for version 3 anyway), and there's also a Studio version for about $1800 that's aimed at professional developers.
Slashdot Mirror
Pay attention to the other posters in the thread who have real life experience. Learn from them. Don't argue out your ass about things on which you have no clue. :-)
From http://pespmc1.vib.ac.be/PETERPR.html:
This link is an interesting (short) take on an extension to that principle.After you've read that, I suggest you rearrange your prejudices awhile. :-)
No, this is important to know.
/. readers. (obviously not all /. readers use linux, and not all linuxers use redhat, but the population is still going to be quite large.)
:-)
Redhat dominates the Linux market. This affects a LOT of
As well, I think politically it's probably a good idea to be public about this kind of bug. Linux has a rep of being extremely reliable. I, for one, would like to keep it that way, and bugs that affect reliability thus NEED TO BE very embarassing events. Trying to suppress this kind of news may make Linux APPEAR more reliable but actually BE less reliable -- a lose-lose situation for sure.
After all, if Sendmail suddenly started crashing every two weeks, the community would be justifiably furious about it. I don't think it's unreasonable to hold Redhat to a similar standard. They have an enormous advantage over Microsoft by packaging all the Open Source stuff instead of writing it themselves. Seems to me that expecting really good QA on their internally-written software is quite reasonable.
You can bet that if Microsoft had released Win2K with a bug that took it down after two weeks it would have made national news. And Slashdot.
Like the other poster said, it was real. It was pretty much a 'don't care' bug though -- whoever heard of a 98 box staying up that long anyway?
:-)
I'm lucky to get 48 hours, much less 48 days!
You may not have been in the work environment for very long. :-)
Let me assure you: in very static businesses, like insurance and the phone company (which is what Dilbert is based on), this kind of idiocy is ROUTINE. It is the NORMAL way of doing things. It's exaggerated a bit for effect, but Dilbert is based on truth. No individual company could have ALL the things wrong with it that Dilbert's does and survive -- but almost any individual company could have one or two of them and still make it.
Static companies don't attract much talent, and incompetent people hire incompetent subordinates, and as the incompetence is gradually promoted within an organization, eventually most of the organization becomes incompetent. This is a first-order extension of the Peter Principle, which you should go look up if you haven't heard of it.
The fact that you can disbelieve Dilbert means that you have been very lucky indeed in your working life, and I hope you continue to have that kind of success.
There have been LOTS of problems with AMD chips. Actually, more precisely, the problems have mostly been with the chipsets, which AMD themselves didn't want to make -- they were really hoping the third-party market would do that for them, but nobody stepped up to bat with a really good chipset for the Athlon until very recently.
Quite some time before the Athlon came out, I myself bought a K6-2/300 (which I still have, happily chugging away as a Linux server) and had all kinds of hassles with the Aladdin V chipset and various and sundry cards. I eventually ended up buying a BX-chipset board instead, and was much much happier with it. Even now Linux doesn't run as well as it should, as it doesn't seem to have any support for that IDE chipset and leaves all the drives in non-DMA mode. It doesn't do much work so that's okay for me, but it's a bit annoying.
With Athlon machines, the biggest problem was simply inadequate power supplies. Those chips suck power like nothing else before them (I think the new P4 will suck even more!) and if you put a nice fast GeForce DDR (another power hog) in there, many motherboards and/or power supplies were simply overwhelmed by the demand. Your purchase of that PCPAC power supply was probably the best money you spent in that machine, and may have saved you lots of trouble.
There have also been AGP driver issues with some of the Athlon chipsets, though I haven't yet owned one and don't know the details. I CAN tell you that the compatibility problems have been severe enough that I held off buying an Athlon. It sounds like the KT133 chipset has it pretty well together, finally, but I will probably hold out a bit longer and go SMP when those ship. I haven't done an SMP machine yet for myself, though I have wanted to for a long time.
Oh, another thought: it sounds like you had pretty good luck with your system, but remember that you weren't running fast 3-d graphics and/or Win9X either -- video drivers have been especially problematic. You were running against 'old' standards that are very well documented and easily testable. A lot of people are buying Athlons to game with, and gaming taxes a system harder than almost anything else you can do with it. AGP appears to be something of an evolving standard, too, so there are all sorts of niggling little details that differ from chipset to chipset, and can cause weird behavior that you would never see on a BSD-based server.
My $0.02.
Because H-1B people lack the fundamental freedom to vote with their feet. They can't change jobs. THIS is why corporations are so hot and sweaty about the labor shortage. They mean there is a shortage of labor they can exploit unfairly.
Put them on the same terms as anyone else -- ie, they can go anywhere they like, work for anyone they want -- while they're here and I'm all in favor of unlimited visas. People are a country's best resource, and I'm not afraid to compete toe to toe with anyone from anywhere -- as long as the contest is fair.
If the slaves, er, H-1B visa people are set free and the corporations STILL gripe about a shortage, then let's raise the cap. As is, a huge chunk of the labor isn't free to move around... so of COURSE there is a labor shortage. Duh.
There are definitely good points to it, but the character interaction is weak and the 'puzzles' are really stupid -- they mostly consist of finding the right switch panel and pressing it. Oooh, that took brainpower. And most of the battles have been pretty repetitive.
I am presently in a level that has a really massive, huge fight, and it's fun but frustrating. If you're into lots of Star-Trek style shooting of bad guys, you might like this one.
On the whole I thought Deus Ex was a much, much better game. Star Trek is flashy. Deus Ex uses sort of a creaky engine that isn't nearly as fast and doesn't look as good, but the story is vastly better and the situations and puzzles a lot more interesting.
I think all of Star Trek has gotten that way -- most of it is plastic and cardboard, with very little substance to it. "Quick, hand me the spanning phase-inductance tool, the transmudiating resistance coil is out of alignment!"
Blech.
Oh, one caveat: I have played both games only single-player. I haven't done multiplayer with either.
Red Hat is one of the best companies I've ever seen in terms of not taking advantage of anyone. They really and truly do have their customers' best interests at heart, and I think for that reason alone they will ultimately be wildly successful.
The conspiracy theories are just flat unlikely. It's a HELL of a lot more probable that they stopped supporting the platform because there were about 12 downloads of Sparc Redhat, and those were all the mirror sites.
It's not a popular platform for Linux. Aren't they being smart by re-allocationg their Sparc guys to some other project that will benefit more people?
We have a lot of Solaris machines where I work. The main UNIX guy gave an old pizza box to another one of the IS team to learn about it. He had a hell of a time getting Solaris installed on it.
So I suggested Linux. The UNIX guy overheard that and said that he would take the box back if the guy wanted to run Linux on it. "If you want a linux box, use a PC, that's what it's for."
With that kind of attitude, it's no big wonder that they're not selling very many.
I just finished an incredibly good game that was every bit as rich and involving as any of the old text adventures. It's called 'The Longest Journey'. You can't get it directly in the United States, you have to import it from Europe. (apparently no distributor in the States wants to pick it up, which is STUPID -- this is the best adventure game I've played in years, probably better than Grim Fandango.)
Caveat: it starts pretty slow. The first ten hours or so (this is a LONG adventure) are interesting but won't leap out at you. But if you stick with it, it becomes just amazing further in. It's a shame there's not more wow factor early on.
I imported mine from www.softwarefirst.com. It ended up costing a bit less than $40 including shipping, and I got it about a week after I ordered. They'll tell you the price in pounds, and your credit card company will convert it to $ for you automatically. It was every bit as easy as ordering from a US-based dealer, with the sole exception that you'll only know your final price to within about 50 cents until you get your bill.
It's not just 'as good as' the text adventure games. It's BETTER. And I've played all the Infocoms and a good chunk of the freeware ones up 'til about last year. I speak from experience. Highly recommended.
The Longest Journey is probably the finest example yet of what storytelling on a computer can be like.
Holy cow. My first kernel took about 8 hours as I recall, on a 386-16 with 4MB. I was struggling with signal 11s the whole time, too -- the motherboard was fine in DOS, but flaky in 32-bit mode. I'd have to restart the whole process every half-hour or so.
:)
.90 series. I think Linux has grown just a wee bit since then. I bet it would take 15+ hours for a modern kernel on that old machine. No way to know, though -- I gave that machine away long ago.
Damn, what a difference. 8 hours (or 10 in your case) versus 20 seconds. Shit, you wouldn't even have time to go get a cup of coffee anymnre. Used to be you had time for a beach trip.
Down with enhanced productivity!
Oh, just occurred to me -- the kernel I was compiling was in the
Actually I thought it was kind of cool. Big iron is interesting. Running Linux on big iron is very interesting. :-)
I wonder how long kernel compiles actually take?
The best card I ever bought was a Millenium 1. I am still using it in my OpenBSD box. I spent nearly $500 on it -- back when I didn't have much money -- and I used that card steadily for probably three years. When I bought it, it was the fastest DOS VGA card you could buy, and also was damn fast in Windows. 3-D acceleration hadn't even been thought of yet.
:(
I haven't been afraid since to spend a lot of money on a video card, but I'm starting to re-evaluate that a bit. NVidia is moving SO fast with their cards that it's getting foolish to try to buy their top-of-the-line; in six months it will be half-assed at best. It has let them gain a lot of ground but it sure does shorten the life cycle of gfx cards.
There's an upside to all the progress too, of course. I downloaded and ran that XL-R8R utility. Pardon my language, but F*CK that is am impressive demo. I remember the old Amiga demo scene -- those guys would have (and probably still will) shit their pants when they saw that. I wouldn't have believed it could be done live until I saw it. I figured graphics like that were another two or three years out -- WRONG. Wow. Recommended. (www.madonion.com)
I have rarely read a more incoherent article. It didn't actually SAY anything.
One of the downsides of the web: most of us aren't lucky enough to have an editor. This guy needed one.
The proto-geek line was intended as humor, not to be taken all that seriously. I just happen to find that image particularly amusing. :-)
:-)
Most Geek Houses are assembled one piece at a time. If you continue to live with net-savvy people, you'll get there. Look back on this conversation in 5 years -- I bet your house by then is fully wireless, remote-controllable, and only gets hacked into once or twice a week. ("God dammit, who made coffee at 3AM AGAIN?")
<<RON>>
Sounds like you have an embryonic Geek House -- perhaps that means you qualify as proto-geeks. :-)
:-)
I think the Real Deal has at least one (preferably about four) cat5 drops in every room and at least a small networking closet. A well-funded Geek House would have a switch as a network backbone, a good-quality firewall that does NAT/PAT, local WINS, DHCP, and DNS servers (can all be on the same box of course) and some sort of high speed connection to the outside world. It would also have a server with installation programs for all the house network games.
Target functionality: any geek can walk in, wire his computer in using DHCP, and be off and running. No CDs or other admin attention required. This allows you to throw impromptu LAN parties, a staple in any modern geek house.
If you have a house full of college-age geeks, you may also want to have a fridge with plentiful alchoholic beverages. But geeks of all ages will appreciate a good stock of liquid caffeine-infusion mechanisms. Coffee is relatively inexpensive but usually doesn't go over with the under-18 crowd. Colas work for almost any guest. If you have an extremely well-heeled geek house, you can even provide munchies, but this will impact the pocketbook nearly as much as a bad computer-games habit.
It is generally a good idea to have maid service, too.
Your fundamental goal -- allowing anonymous, untracked internet usage, while simultaneously being *absolutely sure* that unauthorized data isn't getting out -- is impossible.
/. if you're interested. Good luck catching THAT with a sniffer. :-)
The traditional method of access control in this sort of circumstance is a proxy-style firewall. However, I don't know of any proxy firewalls that can inspect for specific content. They can check for correctness of protocol data, but I don't know of any way to set off klaxons and call the police if the user manages to embed today's secret word in an HTTP:// request.
You definitely can't use packet-level firewalls for this purpose, even stateful inspection ones, because users can bury any data they want in traffic bound for, say, port 80. It doesn't have to be just HTTP. Packet-level firewalls just work on port pairings. Example: if I were ever in a network that refused me access to my home machine, I'd probably just tunnel through port 80, which is open 90% of the time. A proxy firewall would stop that: a packet firewall will not.
It might be possible to custom-code an outbound content filter into an open-source proxy like Squid. Squid isn't a firewall, so you'd probably have to dual-home your Squid box (to make it the only way out) and then have a firewall between it and the outside.
Even at that level, it would still be possible to sneak things out. Almost any system that allows two-way communication can have arbitrary data inserted into the data stream in a way that is very inobvious to even a savvy network admin. Just a few days ago I saw a method to tunnel IP networking over DNS requests. (seriously). I think it was probably posted here on
What this all boils down to is this: if you allow any form of two-way communication into your network, then employees can get data out. Period. And there's no way you can know what it is without extensive and highly sophisticated pattern analysis.
If the data is really sensitive, you might consider the old 'air gap' solution; have a private network that isn't connected to the outside in ANY WAY, and then an external network that employees use on a day-to-day basis. If you put that network on a hub, or on a switch that supports port mirroring, you should be able to monitor all traffic on that private network (assuming you don't exceed, in aggregate, the bandwidth on your monitoring port if you're switch-based) and ensure that no foreign MAC addresses show up on the network, and that all the traffic stays local. You can't, of course, control what users do with things like floppy disks. However, having the separate high-security network will let you monitor intensely enough to be aware that a given employee is accessing data they don't normally need access to. At least, it can do that if you're willing to put the effort into writing/customizing the monitoring tools. Definitely a non-trivial effort.
If you can't build two networks, then you probably shouldn't even bother monitoring. It won't do you any good. Anyone out there with a real clue will waltz right past any protections you might set up.
He posited a very Net-centric society with most everyone running very heavy filters to extract the data that interested them. Gerrold was obviously worried about this; the protagonist wrote a virus that would simply mess with people's filters a little. It would start letting in a worldview that they wouldn't ordinarily subscribe to. It was designed to shake them up a little without being overtly destructive. It helped keep people from going completely insular and stale.
I can see a couple of strong parallels here, and I don't think this has crossed very many people's minds. We already know about the obvious abuses: if they really knew what people watched, it would be fairly easy to determine a good chunk of the potentially-rebellious population simply by accessing their viewing records. Folks who watch a lot of TV Nation and Discovery Channel are not likely to be nearly as malleable as the Millionaire crowd.
Right, you knew that. But I think there's a more subtle danger here. In essence, by targeting you with personalized ads and, presumably, actual programs, aren't they able to manipulate your worldview to an astonishing degree? Wouldn't they be able to sort of bury you into a feedback loop? IE, if you are paranoid, feed you programs to fuel your paranoia and extract more money from you for bomb shelter supplies?
I don't think this is possible, I think this is INEVITABLE. They're going to do whatever they can to extract as much money from you as possible. Telling you the truth is not on the agenda. If lying to you extracts more cash from you, that is the right thing to do from the perspective of the stockholders.
Personally, I do NOT NOT NOT like the fact that ANYONE can control what I see but me. I'm unwilling to surrender that much of my choice. Admittedly there is already a great deal of manipulation going on in the media (if you don't think so, go read some foreign newspapers -- you'll be AMAZED at what you don't hear about here.) But TiVO is going from the subtle and indirect to the obvious and blatant.
I worry, as did Gerrold, about the feedback loops in self-referential reinforcing programs and behavior. That way leads to madness -- literally. As a culture we are already nuts, bonkers, crazy as loons. Individual people I know are almost always quite sane and reasonable, but in a group we believe in Life as Seen On Television, generally don't question what's on the tube. We cherish and embrace simulated homicide as light entertainment before dinner, and pay no attention whatsoever to state-sanctioned executions or the fact that we have a higher percentage of our population in prison than any other First World country.
We're already nutty as fruitcakes, as a group. What are we going to do when they can control what we see directly? Do we go mad one by one instead?
70,000 apps? It wouldn't shock me if there were seventy million.
Chances are very good that Windows will still be around in some form well after everyone reading this is dead.
can hold the opinion it does. It simply doesn't make sense to me.
I don't see the fundamental difference between publishing source code and publishing, say, a recipe for cookies. They are both simply lists of instructions. The computer code CAN BE executed by a machine at high speed, but it does not HAVE TO BE -- I can execute source code with pencil and paper. Machines aren't too good at running cookie recipes yet, but that's coming.
If I were to extrapolate from this ruling, couldn't it be declared illegal to publish instructions on how to open a safe? There could certainly be both legitimate and illegal uses for the information. It seems obvious to me that I could host safe-cracking instructions, er, safely. People might not LIKE THEM (or me) very much for publishing them but I don't think anyone could argue that A) I had to take the instructions down, or B) that I was liable for someone else using the instructions to commit a theft. Is this a correct interpretation of the law in this country?
If this is the case, let's say a new brand of safe-cracking robot was released onto the market, programmable in a particular machine-readable language -- let's call it UnSafe. If I then rewrote my English instructions into UnSafe format and published those, am I not suddenly treading on the DMCA, and couldn't I now be sued?
And what do we do when computers gain the ability to read ordinary English instructions? I'm betting we see rudimentary forms of this within 10-12 years. Will that mean we are no longer able to talk about bypassing security at all, in any way, shape, or form?
I can jump in here and say that OpenBSD (and, I presume, the Net and Free varieties of same) has a MUCH better firewall setup than Linux does.
Linux's firewalling is 'stateless'. That is, it works on a packet-by-packet basis. Each packet is treated independently of every other packet. It's easy to do things like 'block all requests from anyone except X.X.X.X on port X.X.X.X", but it's quite difficult to do things like 'let me call out on HTTP, but don't let other people call IN on that same port.' You can sort of simulate this by using all sorts of tricky rules disallowing packets with various combinations of SYN/ACK/FIN/RST to particular ports, but you end up leaving holes that savvy attackers can see through.
OpenBSD's ipfw and ipnat packages are wonderful in comparison. The rules are quite simple and straightforward. 'pass' rules are also stateful (for tcp/udp and icmp) with the simple keyword 'keep state'. This lets you block incoming HTTP and allow outgoing without any of the trickery you have to do on a Linux box, and without leaving holes open.
I got a nicely tight firewall and NAT environment set up in a couple of hours, and I could have done it faster if I had done it before. Total elapsed time from a naked box to a fully functional firewall, DNS, NAT, and DHCP server was about eight hours.
I think the 2.4 netfilter code in Linux may offer similar functionality (probably even better, as packages tend to leapfrog one another), but I can tell you that OpenBSD utterly and absolutely destroys Linux 2.2 on this particular front.
Bringing this back to some relevancy to the original question: strikes me that there are two major ways of solving the problem. The first would be by running the Linux firewall package on the same machine, and preventing connections to those ports from machines other than 127.0.0.1. Simple rules would probably be okay, as he probably won't want to connect OUT on those ports either. A better solution would be a standalone firewall machine running NAT, and I would suggest that anyone considering this sort of a setup check out the BSDs.
I imagine FreeBSD would be best if you were planning to also use that server as a desktop. NetBSD would be useful if you had a strange machine to use for a firewall. But if, like me, you had an old moldy box just gathering dust, and don't plan to use it for anything BUT a server, OpenBSD is nicely tuned to do exactly this job.
The fact that you can't buy a solution that actually works means that the problem is hard. There are a number of companies with significant numbers of programmers on staff, all competing in this market, and NONE of their solutions work well. They are all hype and fluff, not solid delivery.
While it is certainly possible for an individual to have a great idea and change the rules, barring some stroke of genius you simply cannot do what you want to do. You will miss bad sites and you will block good ones.
This has nothing to do with ideals. This is based purely on the fact that filtering DOES NOT WORK. It cannot be done reliably. Language is too complex. And I guarantee you that any reasonably savvy kid is going to slice right through any protections you devise.
Try posting a sign: "Don't view material through this server that is unsuitable for children under the age of X" -- you can get a statement from your management on what X should be. Bar people permanently for abusing their privileges.
You cannot solve this problem technically. You will have to do it socially.
Don't you actually read the articles you post about? It spells out as clear as day that the new game will be set before Episode 1.
/. -- lack of attention from the senior people. You can't expect quality journalism from your staff if you don't even take the time to do it yourself. :(
I would expect this sort of goof from a junior staffer, not one of the senior people. Shame on you! I don't think it's too much to ask that you read and really understand an article before you post a synopsis/blurb about it.
This isn't a major crime, but it is sloppy as hell and symptomatic of what is ailing
You mean people are getting free software for free?!?! Oh, the shame of it. This had better be stopped, and quick. Throw those scumsucking reviewers in the slammer.
Next time, buddy, you better PAY FOR your free software before you review it!
I think Delphi Pro lists at about $500 (that's around what I paid for version 3 anyway), and there's also a Studio version for about $1800 that's aimed at professional developers.