I've been in this industry long enough to remember when ties (but not jackets) were mandatory....
Something that these managers have forgotten is that everyone, not just techies, adopted a more casual dress code for a reason. It takes more personal time to maintain a suit - something that's not a big deal if you work 40 hours, but *is* a problem if you're putting in a couple extra hours at work every day.
It also limits what you can do during the work day. With casual clothing, if I know I'll be working late I may take a long lunch and hit the health club. I can't do that if I'm in a suit but the nearby health club doesn't have full-height lockers.
I agree that some people, esp. some developers, have gone too far. But it's not hard to specify a reasonable minimal standards, especially if you're flexible. E.g., if you really need to specify khaki slacks because it's what your customers expect, allow "stone" jeans.
The rumors are that the movie will set up a spinoff series, akin to the way the Showtime movie set up the series. (Not the original movie, since in that movie there was only one Go'uld and he was killed.)
*** SPOILER ALERT ***
*** YOU HAVE BEEN WARNED ***
The expected premise of the movie is the final battle with the Go'uld, closing the original series, and the discovery of the "ancients" who were behind the Atlantis legend, setting up the spinoff series. According to Plato, Atlantis disappeared beneath the waters of the sea, but as countless primitive cultures have pointed out the event horizon of a stargate looks a lot like a watery surface. It's not hard to connect the dots and believe that the Ancients left earth through a stargate and later generations morphed the story into Atlantis disappearing under the ocean.
Since it would be a very short series if humans immediately hooked up with the Ancients, I expect the spinoff to follow a human team searching for evidence of where the Ancients went. We might even see the 8th lock used on the gate again, or dare we hope even the 9th?!
The technical quality of the show is actually better than most Saturday morning cartoons now. But this show is done in a somewhat realistic style (well, excluding the obligatory 3% body fat on all characters) while most cartoons are now drawn in an extremely flat style.
As for the show itself, I've seen one episode. It was a bit weird - it's clearly targeted at young children. That reduces the bad guys to monsters, and strips the complexity from the characters and plot. When I learned of the premise (it's 2040, an SG team leader has been impersonated by aliens attacking the base and he must clear his name) I expected the show to be targeted at tweeners with a slightly more ambiguous message. (Basically variations on "don't judge people on their first impression.")
Don't be so narrow in your approach. Is it a programming error if a stadium roof collapses because the engineers couldn't understand what the output of their computer model was saying?
What about when the construction crew quietly substituted what they thought was an equivalent design to what the computer program came up with for a skywalk over a hotel lobby?
After almost 20 years in this field, I think that at least 80% of the serious "errors" I see are because the user didn't understand the results of the program, and only 20% of them are due to classic development errors.
The lesson to learn from this: the user interface matters. Give some thought to presenting the information in a meaningful manner (e.g., the infamous pre-Challenger graphs showing O-ring erosion vs. the post-Challenger graph that mapped damage by temperature at the time of launch), and allow users to see the information in the way that makes the most sense to them.
How many people run their own DNS servers (or point to ones other than those provided by their ISP)? How hard do you think it is to redirect the "wrong" sites to never-never land?
Even if people have their own routers, how hard do you think it is to install firewall rules in the routers just upstream from the customers to block any packets going to those "wrong" sites? Or to rewrite the IP header so that the traffic is directed to a new location? You suggest proxies, but how many people do you think will know how to set this up? Or that the ISP won't block all proxies, or sites that discuss proxies, ad nauseaum.
Bottom line: it would be trivial for an ISP to control what part of the internet you can see. They haven't bothered because it's still too much effort for the payoff, but don't think for an instant that it's hard to do.
While the law will probably enumerate various possibilities, think of the intent of the changed header.
If you can be easily reached after changing the header field, there's not a problem. This is why that "I had to forge the headers to protect the opt-outs" claim doesn't hold water - if this was a serious concern you could set up a second accuont to handle all complaints yet still protect your outbound account.
If you can't be reached after changing the header field, then it's a problem.
And if attempts to reach you result in the harassment of an innocent third party, e.g., the guy whose domain name you forged in your headers, then it's definitely illegal.
Nope, this is reason 13,793 why all spammers should get the death sentence. The special one, the one where "cruel and unusual" doesn't apply.
Spammers are now criminally impersonating other domains so they can get past the MTAs that require a valid and resolvable FQDN in the message envelope. This eliminates spam from klsjger@xxagt1kjc34.khz, but it can cause a lot of long-lasting damage (from the especially clueless spam fighters) to innocent parties.
When Columbus sailed across the open ocean, the technology was ready. The will was ready. All it took was somebody throwing off the fear that had kept ships close to land since ancient times... and it was still hundreds of years before technology advanced far enough for open ocean voyages to be made in relative safety, after the Harrison chronometers were invented and the role of citrus fruit in preventing scurvy was discovered. Until then, sailing on the open ocean was always a real gamble.
In contrast, when the USSR and US developed their lunar programs the technology was NOT ready. You can make a strong argument that the technology is STILL not ready. (Develop single stage to orbit reusable launch platforms with a cost under $100/lb and get back to me.)
What we had was a proxy war. The German V-2 rockets were an annoyance to London, but only killed people in the immediate vicinity of the bomb. Sputnik foreshadowed a day where somebody anywhere in the world could drop a hydrogen bomb in any city, and it (rightly) terrified the leaders of both countries.
Then 40 years ago today came the Cuban Missile Crisis. At the time, people panicked. Then we thought that it wasn't really that bad after all. Now we are learning that it really was - at one point a US warship thought that a Soviet sub had fired a torpedo at it and was seconds away from returning fire when they determined that it was a noisemaker, not a torpedo. The Soviet sub captain was out of contact with his commanders and did not know whether his country was at war... but was authorized to use a nuclear-tipped torpedo. It would have been suicide, but it would have also taken out every US warship in the area.
Furthermore the US did not know that the local Soviet commander had moved the warheads from their storage area at the dock to the launch sites, and I'm not sure that the Soviet military command knew this either. He did it on his own initiative, not waiting for orders.
After this, there was no doubt that a direct confrontation between the US and USSR was far too dangerous. The countries could (and did) continue to fight proxy wars, but couldn't be too public without risking the proxy war becoming a direct confrontation.
This was a real problem... until Kennedy made an incredible claim (considering the state of the US space program at the time) that the US would put a man on the moon, and return him safely to earth, within a few short years. The US and USSR space programs (including the secret Soviet lunar program) were then a proxy war that allowed the two superpowers to compete, but without the risk of a mid-level field commander making a bad decision and having half of earth's population go "fzzzt" as a result.
So we made it to the moon far earlier than our technology would normally allow, both the US and USSR suffered casualties (Apollo 1 for the US, and two manned Soviet missions), and we avoided disasters on Apollo 11, 12 and 13 (the first two from faulty flight software on the LEM, the last by the explosion in one of the tanks) by sheer blind luck.
But this was at a tremendous cost. It turns out that space is so damn useful that we've been able to support a NEO program anyway, but we really need to develop the ability to cheaply and reliably get into orbit before we can start the clock on returning to the moon, establshing bases, etc.
Is the EULA a contract? I don't think so, many courts don't think so. Contracts require informed consent and exchange of considerations of value, and you have neither when you can't read the EULA until you open the package yet can't get your money back once the package has been opened.
But that doesn't matter since Microsoft is using technical self-help. Their software can call home regardless of any individual negotiation to disable this "feature." It can call home regardless of any court order that it be disabled on software installed in a system used in a medical, legal, finacial or spiritual setting.
Even if you posit that UCITA passed and the EULA is a binding contract, your argument still doesn't work since the onus is not on Microsoft to produce software that can never be used in an unlawful manner, it's on the user to obey all applicable laws. If that means that they can't use Windows, well then they need to use other software. There's plenty of alternatives, it's not like Microsoft has been convicted in federal court of being a monopoly that has ilegally used its monopoly to suppress the competition.
(No wait, it HAS been convicted. Yet that doesn't change the fact that this is still the customer's concern, not theirs. Given their track record, I would not be surprised to learn that MS has deliberately set up this dilemma in an attempt to force an exemption for their products.)
I used to have a set of pages up (currently dead) that launched 6 different implementations with a single click... and the animations had 50, 100, and 250 lines. Not isolated sorts
With 50 points, you think quick sort is faster, but think the simplicity of some of the other sorts may make them preferable.
But with just 250 points, you have no doubts about the relative performance of the various algorithms.
I've often wished that *nix would add a third privilege level between the kernel and user-space. It would be ideal for trusted libraries.
As a specific example, think of libc. This library is always in memory and is used by almost every program. It would be trivial to have the kernel load it, plus a few other key libraries, into a special 'ring' between the kernel and user-space as part of the boot process. These libraries could be appended to the kernel image (e.g., via an embedded tar file).
User-space programs could call it as usual, but internally these libraries could never depend on user-space (instead of other trusted) libraries and could never be corrupted by user-space applications.
(Background: the Intel rings follow the standard protocol that a higher ring can call a lower ring, but can't modify data in it. Contrawise, a lower ring can modify the data in a higher ring but can't call it. Ring 3 is user space, and ring 0 is the kernel.)
Forget your ad hoc (and really lame) analogies. This comes down to one question, and one question only:
What is the written policy on this?
Can anyone ask the sysadmin to 'unsend' mail? Is this privileged limited to responses, or superiors sending mail to subordinates, or just people with fancy titles and corner offices?
You can defend pretty much any policy (since a corporate email account serves the corporation, not the individuals employed by it) as long as it's published and available to anyone who's affected by it.
Of course, in the real world management considers deciding this policy and committing to writing a very low priority (unless they've been nailed by a lawsuit because they lacked a formal policy and differences in treatment were attributed to the employees' race, gender, religion, or similar protected status). That's why SAGE (System Administrator Guild, www.sage.org) has established a model policy.
If your company doesn't have a formal policy, ask them to include the SAGE policy by reference. If they refuse to establish a policy, or don't honor whatever policy they have, find another job. It's a hassle, but all it takes is one lawsuit where you're named co-defendent because an employee is suing the company for "arbitrary and capricious" enforcement of IT policies to make you wish you had never shown up for your job interview.
You can't easily spoof the IP address for HTTP (since it requires a TCP/IP handshake), and I was suggesting sending a message in response to a virus attack, not spam.
One of the scariest things about this last extension is that some copyrights HAD expired, then were reinstated.
That is what is the most obscene thing about the extension, IMHO. Republication of several volumes which have long been out-of-print because it made no economic sense for the IP holder (the cost of tracking down the heirs could easily exceed the physical costs of a low volume publication run!) have been forced to be suspended with no renumeration to the parties who had already spent good money to prepare for publication of the material once it entered the public domain, for absolutely no benefit to anyone except that it protected a few corporate logos.
Quick, when was the last time Mickey Mouse appeared in a Disney animation? I think there was a short released with one of the animated films a few years ago, but before that you would have to go back to the 50s. When was the last time Steamboat Willie appeared in any theater outside of the Disney theme parks? Mickey is still protected as a trademark, but you can't credibly claim that the early works still need copyright protection.
Two dumb birds for the price of one....
on
Stopping NetBIOS Spam?
·
· Score: 3, Insightful
This stupid question (block the port, be done with it) has given me a potentially useful idea.
How hard would it be to send a message back to the boxes that have some code red or similar virus. Basically you ask my web server for c:/scripts/something, you get a Windows message back informing you in no uncertain terms that your box is infected and the OS needs to be reinstalled.
This isn't an attack, but if enough people did it (just one message per infection attempt) people would soon be forced to do something because of the barrage of messages. And the people who let their boxes REMAIN infected with a virus that's been out in the wild for over a year are hardly the type of people to have locked down port 139.
Or we can save him the effort and tell him what his "revolutionary" idea is, thus simultaneously providing proof of prior art (making the patent question moot) and that he needs to spend more time studying cryptology before his next big idea.
The fact that he says it's "multiple use" and that it requires a "digital key" suggests that he's using the key as the seed for some crypto PRNG (e.g., you recursively encrypt your salt with your key as the password, then pull out some of the bytes to create your OTP. Put the random salt as the first few bytes of the cipher text and voila, instant multiuse OTPs. Not weak (not if you use a good crypto PRNG), but hardly an original thought that would not occur to the casual practitioner of the science.
(There's also the pesky fact that most experts would consider this approach foolhardy. If you have a decent encryption routine, use it to encrypt the data directly. Crypto PRNGs are believed to be strong, but I don't know if this has been formally studied. There would well be an emergent property in the implementation that makes the PRNG highly predictable.)
A refinement would involve recognizing that DSA keys actually have a 'generator' attribute, and you could use that to map your salt to a seemingly random sequence of values. It should be much more efficient than the recursive crypto approach, but again is hardly original since the very reason that these keys include generators is that they're used to efficiently generate ephemeral session keys via the same property.
So what, all that proves is that the ENVELOPE was sent to yourself on the specified date.
Or did you think that all of those scenes in old movies where someone steamed open an envelope to discover some crucial fact was just literary license?
A theory I would like to see developed is that operating an open relay poses a public nuisance and that it you have your access yanked at will. More importantly, a complantant can compel your access to be yanked. That wouldn't kill spam, but it may have a significant impact on the joe jobs.
One way to do this is to set up an easily accessed test for being an open relay - you could use any of the existing ones, or create a new one. If you're a sysadmin, you're expected to test your own site after every configuration change, software update, etc. If you don't and somebody else does, you get a record of every failure... as does a public record. You then have some reasonable time to close the relay, say 10 business days, and then each and every person who receives spam through your open relay can get statutory damages of, oh, $250. Enough to make it worthwhile to pursue the matter in small claims court.
The Free Speechers will point out that there are, rare, valid reasons for running an open relay. Fine... but if you do that then you need to take some effective steps to ensure that spam doesn't get through the relay, only that rare legitimate OR material.
I've seen the senior developers (10+ years) hit hardest. A lot of good ones were released because their companies collapsed entirely, or at least cut entire projects and divisions, and there just isn't enough new business to fill the leadership roles that senior developers naturally fit into.
It's easy to say that it should be easy for us to fill more junior roles - just swallow our pride and accept lower pay - but in truth even if we can get past the HR gatekeeper few people are comfortable hiring a senior person for a junior position. The perception is that we're either going to immediately jump to a better job (yeah, we all know how easy it is to find jobs today!) or try to get their job. In fact, if you're worried about keeping your house it doesn't look so bad to just "sit" at a job for a few years while things stabilize both personally and in the industry.
You're going at the problem wrong. Don't worry about getting your clients to accept a self-signed cert, worry about getting them to add your own root certificate to those they trust.
This is actually straightforward - you point them to a URL that returns the root cert, with MIME type application/x-x509-ca-cert, and tell them to accept it for all uses when the broswer pops up a dialog box.
You should then use this root cert to sign your web server certs (and certs for mail servers, databases, whatever). All should be trusted immediately, assuming you have your other ducks in a row. (E.g., you need to have your web server cert's common name resolve to the IP address of the web server.)
It's a bit more work to maintain a mini-CA than to just use self-signed certs, but overall the benefits outweigh the hassles. Many of us are working on JSP tools to operate mid-range CAs, but I don't know how far most are. (The problem is Microsoft's eternally changing standards on how clients generate the cert request on their side - I can handle Netscape/Mozilla with ease, but it seems like every version of MSIE is just slightly different.)
As several other posters have commented, there are some real risks to LASIK. They may be rare, and you can dramatically lower your risks by paying a few more bucks to go to the guy who handles the people messed up by cheaper places. Also, you can improve your odds by wearing glasses for a couple weeks longer than required during the pre-op period - let your eyes get back to their natural shape.
However, I made my decision based on the risks associated with not having the surgery. My vision was bad enough that glasses weren't really an option because of the weight. The pre-op period was a nightmare. Without glasses, I was legally blind and outside of known environments functionally blind.
When I looked at the big picture - the increased risk of injury or even death because of blindness without glasses, the fact that I was largely incapacitated if I was unable to wear contacts for some reason, etc., I went ahead with the surgery.
Overall, I'm fairly happy with the results. I'm starting to have some problems reading very fine print (e.g., doing 2-up code listings), but I'm sure that's related to the fact I'm over 40, not because of the surgery. (In fact, I still have unusually good close vision for my age.) I seem to have more floaters than before, but that may just be my imagination since exams show nothing unusual.
And as others have pointed out, my night vision has gone to hell. But it took me months to figure this out, since it's so hard to find darkness in an urban environment. When I'm driving, the lights from my car's headlights or even a full moon (e.g., during a recent night-time drive across Wyoming and Utah) is enough to keep my vision in the corrected region.
One small point - the deaths were at the hands of National Guards troops about the same age as the protesters, and just as scared. The ROTC (iirc) building was burned down just days earlier, and crowd could have turned ugly very fast.
This is a subtle point that is often overlooked. The students at Kent State were not killed by an official organ of the US Government dedicated to eradicating dissent, the equivalence of the Nazi Gestapo or the East German Stazi. They were killed by young men who were scared shitless by a situation they were unprepared for, and a bad situation rapidly got far, far worse.
The government still screwed the pooch, but I don't think you could identify even one individual in the government who thought that it would be a good idea to gun down a bunch of students at an anti-war rally. It was much more a sin of omission (they should have sent in professionals who could handle the stress) than commission.
I think that's out of date. I'm seeing a lot of indicators that it's now mostly done by really sleazy criminal players.
E.g., get insurance from us... we guarantee we can beat any other offer because we'll sell you a policy but be long gone when you make a claim.
Apply for a new mortgage from us... if you're really dumb, you'll pay us a kilobuck or two in upfront fees. If not, we'll still have lots of detailed information that can be used for identity theft.
Even the miracle cream that gives you both big tits and a long dick seem to be coming from just one or two sources running some pretty heavy duty software to find open relays and "dead" domains.
I can't remember the name of the event now ("Lesser something," from the name of a plant that became widespread over the period. It's probably even mentioned in that article:-), but a similar thing happened at the end of the last ice age (and there's evidence it happened before). Europe was getting warmer, then suddenly got very cold again for close to a thousand years. Then gradual warming resumed and we entered the current pattern.
The cause is believed to be the melting of the continential ice caps. This dumped a lot of cold water into the Atlantic and turned off the Gulf Stream, and it took a long time for it to turn back on.
In this case, the only question is how quickly polar ice and melt and how much is required to turn off the Gulf Stream. For a long time it was assumed that it wouldn't be enough to cause problems, but now geologists aren't so sure.
Europe may be in for a rough time, but overall temperatures will continue to rise. At least the ships from the American west coast and Asia will be able to sail directly to Europe through the NW passage. (Seriously, I was just reading about how the US and Canada are starting to think about what will be required to support maritime traffic as the polar ice melts.)
Wasn't that a Voyager episode, with Torres and Paris stuck in space suits (not even a shuttlecraft) with the ship nowhere in sight and the air running out?
And wasn't something similar done in DS-9, somewhere in the Delta quadrant before the war?
This episode might have been new, but the writers keep treading over the same ground.
Slashdot Mirror
I've been in this industry long enough to remember when ties (but not jackets) were mandatory....
Something that these managers have forgotten is that everyone, not just techies, adopted a more casual dress code for a reason. It takes more personal time to maintain a suit - something that's not a big deal if you work 40 hours, but *is* a problem if you're putting in a couple extra hours at work every day.
It also limits what you can do during the work day. With casual clothing, if I know I'll be working late I may take a long lunch and hit the health club. I can't do that if I'm in a suit but the nearby health club doesn't have full-height lockers.
I agree that some people, esp. some developers, have gone too far. But it's not hard to specify a reasonable minimal standards, especially if you're flexible. E.g., if you really need to specify khaki slacks because it's what your customers expect, allow "stone" jeans.
The rumors are that the movie will set up a spinoff series, akin to the way the Showtime movie set up the series. (Not the original movie, since in that movie there was only one Go'uld and he was killed.)
*** SPOILER ALERT ***
*** YOU HAVE BEEN WARNED ***
The expected premise of the movie is the final battle with the Go'uld, closing the original series, and the discovery of the "ancients" who were behind the Atlantis legend, setting up the spinoff series. According to Plato, Atlantis disappeared beneath the waters of the sea, but as countless primitive cultures have pointed out the event horizon of a stargate looks a lot like a watery surface. It's not hard to connect the dots and believe that the Ancients left earth through a stargate and later generations morphed the story into Atlantis disappearing under the ocean.
Since it would be a very short series if humans immediately hooked up with the Ancients, I expect the spinoff to follow a human team searching for evidence of where the Ancients went. We might even see the 8th lock used on the gate again, or dare we hope even the 9th?!
The technical quality of the show is actually better than most Saturday morning cartoons now. But this show is done in a somewhat realistic style (well, excluding the obligatory 3% body fat on all characters) while most cartoons are now drawn in an extremely flat style.
As for the show itself, I've seen one episode. It was a bit weird - it's clearly targeted at young children. That reduces the bad guys to monsters, and strips the complexity from the characters and plot. When I learned of the premise (it's 2040, an SG team leader has been impersonated by aliens attacking the base and he must clear his name) I expected the show to be targeted at tweeners with a slightly more ambiguous message. (Basically variations on "don't judge people on their first impression.")
Don't be so narrow in your approach. Is it a programming error if a stadium roof collapses because the engineers couldn't understand what the output of their computer model was saying?
What about when the construction crew quietly substituted what they thought was an equivalent design to what the computer program came up with for a skywalk over a hotel lobby?
After almost 20 years in this field, I think that at least 80% of the serious "errors" I see are because the user didn't understand the results of the program, and only 20% of them are due to classic development errors.
The lesson to learn from this: the user interface matters. Give some thought to presenting the information in a meaningful manner (e.g., the infamous pre-Challenger graphs showing O-ring erosion vs. the post-Challenger graph that mapped damage by temperature at the time of launch), and allow users to see the information in the way that makes the most sense to them.
Surely you jest.
How many people run their own DNS servers (or point to ones other than those provided by their ISP)? How hard do you think it is to redirect the "wrong" sites to never-never land?
Even if people have their own routers, how hard do you think it is to install firewall rules in the routers just upstream from the customers to block any packets going to those "wrong" sites? Or to rewrite the IP header so that the traffic is directed to a new location? You suggest proxies, but how many people do you think will know how to set this up? Or that the ISP won't block all proxies, or sites that discuss proxies, ad nauseaum.
Bottom line: it would be trivial for an ISP to control what part of the internet you can see. They haven't bothered because it's still too much effort for the payoff, but don't think for an instant that it's hard to do.
While the law will probably enumerate various possibilities, think of the intent of the changed header.
If you can be easily reached after changing the header field, there's not a problem. This is why that "I had to forge the headers to protect the opt-outs" claim doesn't hold water - if this was a serious concern you could set up a second accuont to handle all complaints yet still protect your outbound account.
If you can't be reached after changing the header field, then it's a problem.
And if attempts to reach you result in the harassment of an innocent third party, e.g., the guy whose domain name you forged in your headers, then it's definitely illegal.
Everything else is just window dressing.
Nope, this is reason 13,793 why all spammers should get the death sentence. The special one, the one where "cruel and unusual" doesn't apply.
Spammers are now criminally impersonating other domains so they can get past the MTAs that require a valid and resolvable FQDN in the message envelope. This eliminates spam from klsjger@xxagt1kjc34.khz, but it can cause a lot of long-lasting damage (from the especially clueless spam fighters) to innocent parties.
When Columbus sailed across the open ocean, the technology was ready. The will was ready. All it took was somebody throwing off the fear that had kept ships close to land since ancient times... and it was still hundreds of years before technology advanced far enough for open ocean voyages to be made in relative safety, after the Harrison chronometers were invented and the role of citrus fruit in preventing scurvy was discovered. Until then, sailing on the open ocean was always a real gamble.
In contrast, when the USSR and US developed their lunar programs the technology was NOT ready. You can make a strong argument that the technology is STILL not ready. (Develop single stage to orbit reusable launch platforms with a cost under $100/lb and get back to me.)
What we had was a proxy war. The German V-2 rockets were an annoyance to London, but only killed people in the immediate vicinity of the bomb. Sputnik foreshadowed a day where somebody anywhere in the world could drop a hydrogen bomb in any city, and it (rightly) terrified the leaders of both countries.
Then 40 years ago today came the Cuban Missile Crisis. At the time, people panicked. Then we thought that it wasn't really that bad after all. Now we are learning that it really was - at one point a US warship thought that a Soviet sub had fired a torpedo at it and was seconds away from returning fire when they determined that it was a noisemaker, not a torpedo. The Soviet sub captain was out of contact with his commanders and did not know whether his country was at war... but was authorized to use a nuclear-tipped torpedo. It would have been suicide, but it would have also taken out every US warship in the area.
Furthermore the US did not know that the local Soviet commander had moved the warheads from their storage area at the dock to the launch sites, and I'm not sure that the Soviet military command knew this either. He did it on his own initiative, not waiting for orders.
After this, there was no doubt that a direct confrontation between the US and USSR was far too dangerous. The countries could (and did) continue to fight proxy wars, but couldn't be too public without risking the proxy war becoming a direct confrontation.
This was a real problem... until Kennedy made an incredible claim (considering the state of the US space program at the time) that the US would put a man on the moon, and return him safely to earth, within a few short years. The US and USSR space programs (including the secret Soviet lunar program) were then a proxy war that allowed the two superpowers to compete, but without the risk of a mid-level field commander making a bad decision and having half of earth's population go "fzzzt" as a result.
So we made it to the moon far earlier than our technology would normally allow, both the US and USSR suffered casualties (Apollo 1 for the US, and two manned Soviet missions), and we avoided disasters on Apollo 11, 12 and 13 (the first two from faulty flight software on the LEM, the last by the explosion in one of the tanks) by sheer blind luck.
But this was at a tremendous cost. It turns out that space is so damn useful that we've been able to support a NEO program anyway, but we really need to develop the ability to cheaply and reliably get into orbit before we can start the clock on returning to the moon, establshing bases, etc.
Is the EULA a contract? I don't think so, many courts don't think so. Contracts require informed consent and exchange of considerations of value, and you have neither when you can't read the EULA until you open the package yet can't get your money back once the package has been opened.
But that doesn't matter since Microsoft is using technical self-help. Their software can call home regardless of any individual negotiation to disable this "feature." It can call home regardless of any court order that it be disabled on software installed in a system used in a medical, legal, finacial or spiritual setting.
Even if you posit that UCITA passed and the EULA is a binding contract, your argument still doesn't work since the onus is not on Microsoft to produce software that can never be used in an unlawful manner, it's on the user to obey all applicable laws. If that means that they can't use Windows, well then they need to use other software. There's plenty of alternatives, it's not like Microsoft has been convicted in federal court of being a monopoly that has ilegally used its monopoly to suppress the competition.
(No wait, it HAS been convicted. Yet that doesn't change the fact that this is still the customer's concern, not theirs. Given their track record, I would not be surprised to learn that MS has deliberately set up this dilemma in an attempt to force an exemption for their products.)
That's a poorly designed animation page.
I used to have a set of pages up (currently dead) that launched 6 different implementations with a single click... and the animations had 50, 100, and 250 lines. Not isolated sorts
With 50 points, you think quick sort is faster, but think the simplicity of some of the other sorts may make them preferable.
But with just 250 points, you have no doubts about the relative performance of the various algorithms.
I've often wished that *nix would add a third privilege level between the kernel and user-space. It would be ideal for trusted libraries.
As a specific example, think of libc. This library is always in memory and is used by almost every program. It would be trivial to have the kernel load it, plus a few other key libraries, into a special 'ring' between the kernel and user-space as part of the boot process. These libraries could be appended to the kernel image (e.g., via an embedded tar file).
User-space programs could call it as usual, but internally these libraries could never depend on user-space (instead of other trusted) libraries and could never be corrupted by user-space applications.
(Background: the Intel rings follow the standard protocol that a higher ring can call a lower ring, but can't modify data in it. Contrawise, a lower ring can modify the data in a higher ring but can't call it. Ring 3 is user space, and ring 0 is the kernel.)
Forget your ad hoc (and really lame) analogies. This comes down to one question, and one question only:
What is the written policy on this?
Can anyone ask the sysadmin to 'unsend' mail? Is this privileged limited to responses, or superiors sending mail to subordinates, or just people with fancy titles and corner offices?
You can defend pretty much any policy (since a corporate email account serves the corporation, not the individuals employed by it) as long as it's published and available to anyone who's affected by it.
Of course, in the real world management considers deciding this policy and committing to writing a very low priority (unless they've been nailed by a lawsuit because they lacked a formal policy and differences in treatment were attributed to the employees' race, gender, religion, or similar protected status). That's why SAGE (System Administrator Guild, www.sage.org) has established a model policy.
If your company doesn't have a formal policy, ask them to include the SAGE policy by reference. If they refuse to establish a policy, or don't honor whatever policy they have, find another job. It's a hassle, but all it takes is one lawsuit where you're named co-defendent because an employee is suing the company for "arbitrary and capricious" enforcement of IT policies to make you wish you had never shown up for your job interview.
You can't easily spoof the IP address for HTTP (since it requires a TCP/IP handshake), and I was suggesting sending a message in response to a virus attack, not spam.
One of the scariest things about this last extension is that some copyrights HAD expired, then were reinstated.
That is what is the most obscene thing about the extension, IMHO. Republication of several volumes which have long been out-of-print because it made no economic sense for the IP holder (the cost of tracking down the heirs could easily exceed the physical costs of a low volume publication run!) have been forced to be suspended with no renumeration to the parties who had already spent good money to prepare for publication of the material once it entered the public domain, for absolutely no benefit to anyone except that it protected a few corporate logos.
Quick, when was the last time Mickey Mouse appeared in a Disney animation? I think there was a short released with one of the animated films a few years ago, but before that you would have to go back to the 50s. When was the last time Steamboat Willie appeared in any theater outside of the Disney theme parks? Mickey is still protected as a trademark, but you can't credibly claim that the early works still need copyright protection.
This stupid question (block the port, be done with it) has given me a potentially useful idea.
How hard would it be to send a message back to the boxes that have some code red or similar virus. Basically you ask my web server for c:/scripts/something, you get a Windows message back informing you in no uncertain terms that your box is infected and the OS needs to be reinstalled.
This isn't an attack, but if enough people did it (just one message per infection attempt) people would soon be forced to do something because of the barrage of messages. And the people who let their boxes REMAIN infected with a virus that's been out in the wild for over a year are hardly the type of people to have locked down port 139.
Or we can save him the effort and tell him what his "revolutionary" idea is, thus simultaneously providing proof of prior art (making the patent question moot) and that he needs to spend more time studying cryptology before his next big idea.
The fact that he says it's "multiple use" and that it requires a "digital key" suggests that he's using the key as the seed for some crypto PRNG (e.g., you recursively encrypt your salt with your key as the password, then pull out some of the bytes to create your OTP. Put the random salt as the first few bytes of the cipher text and voila, instant multiuse OTPs. Not weak (not if you use a good crypto PRNG), but hardly an original thought that would not occur to the casual practitioner of
the science.
(There's also the pesky fact that most experts would consider this approach foolhardy. If you have a decent encryption routine, use it to encrypt the data directly. Crypto PRNGs are believed to be strong, but I don't know if this has been formally studied. There would well be an emergent property in the implementation that makes the PRNG highly predictable.)
A refinement would involve recognizing that DSA keys actually have a 'generator' attribute, and you could use that to map your salt to a seemingly random sequence of values. It should be much more efficient than the recursive crypto approach, but again is hardly original since the very reason that these keys include generators is that they're used to efficiently generate ephemeral session keys via the same property.
So what, all that proves is that the ENVELOPE was sent to yourself on the specified date.
Or did you think that all of those scenes in old movies where someone steamed open an envelope to discover some crucial fact was just literary license?
A theory I would like to see developed is that operating an open relay poses a public nuisance and that it you have your access yanked at will. More importantly, a complantant can compel your access to be yanked. That wouldn't kill spam, but it may have a significant impact on the joe jobs.
One way to do this is to set up an easily accessed test for being an open relay - you could use any of the existing ones, or create a new one. If you're a sysadmin, you're expected to test your own site after every configuration change, software update, etc. If you don't and somebody else does, you get a record of every failure... as does a public record. You then have some reasonable time to close the relay, say 10 business days, and then each and every person who receives spam through your open relay can get statutory damages of, oh, $250. Enough to make it worthwhile to pursue the matter in small claims court.
The Free Speechers will point out that there are, rare, valid reasons for running an open relay. Fine... but if you do that then you need to take some effective steps to ensure that spam doesn't get through the relay, only that rare legitimate OR material.
I've seen the senior developers (10+ years) hit hardest. A lot of good ones were released because their companies collapsed entirely, or at least cut entire projects and divisions, and there just isn't enough new business to fill the leadership roles that senior developers naturally fit into.
It's easy to say that it should be easy for us to fill more junior roles - just swallow our pride and accept lower pay - but in truth even if we can get past the HR gatekeeper few people are comfortable hiring a senior person for a junior position. The perception is that we're either going to immediately jump to a better job (yeah, we all know how easy it is to find jobs today!) or try to get their job. In fact, if you're worried about keeping your house it doesn't look so bad to just "sit" at a job for a few years while things stabilize both personally and in the industry.
You're going at the problem wrong. Don't worry about getting your clients to accept a self-signed cert, worry about getting them to add your own root certificate to those they trust.
This is actually straightforward - you point them to a URL that returns the root cert, with MIME type application/x-x509-ca-cert, and tell them to accept it for all uses when the broswer pops up a dialog box.
You should then use this root cert to sign your web server certs (and certs for mail servers, databases, whatever). All should be trusted immediately, assuming you have your other ducks in a row. (E.g., you need to have your web server cert's common name resolve to the IP address of the web server.)
It's a bit more work to maintain a mini-CA than to just use self-signed certs, but overall the benefits outweigh the hassles. Many of us are working on JSP tools to operate mid-range CAs, but I don't know how far most are. (The problem is Microsoft's eternally changing standards on how clients generate the cert request on their side - I can handle Netscape/Mozilla with ease, but it seems like every version of MSIE is just slightly different.)
As several other posters have commented, there are some real risks to LASIK. They may be rare, and you can dramatically lower your risks by paying a few more bucks to go to the guy who handles the people messed up by cheaper places. Also, you can improve your odds by wearing glasses for a couple weeks longer than required during the pre-op period - let your eyes get back to their natural shape.
However, I made my decision based on the risks associated with not having the surgery. My vision was bad enough that glasses weren't really an option because of the weight. The pre-op period was a nightmare. Without glasses, I was legally blind and outside of known environments functionally blind.
When I looked at the big picture - the increased risk of injury or even death because of blindness without glasses, the fact that I was largely incapacitated if I was unable to wear contacts for some reason, etc., I went ahead with the surgery.
Overall, I'm fairly happy with the results. I'm starting to have some problems reading very fine print (e.g., doing 2-up code listings), but I'm sure that's related to the fact I'm over 40, not because of the surgery. (In fact, I still have unusually good close vision for my age.) I seem to have more floaters than before, but that may just be my imagination since exams show nothing unusual.
And as others have pointed out, my night vision has gone to hell. But it took me months to figure this out, since it's so hard to find darkness in an urban environment. When I'm driving, the lights from my car's headlights or even a full moon (e.g., during a recent night-time drive across Wyoming and Utah) is enough to keep my vision in the corrected region.
One small point - the deaths were at the hands of National Guards troops about the same age as the protesters, and just as scared. The ROTC (iirc) building was burned down just days earlier, and crowd could have turned ugly very fast.
This is a subtle point that is often overlooked. The students at Kent State were not killed by an official organ of the US Government dedicated to eradicating dissent, the equivalence of the Nazi Gestapo or the East German Stazi. They were killed by young men who were scared shitless by a situation they were unprepared for, and a bad situation rapidly got far, far worse.
The government still screwed the pooch, but I don't think you could identify even one individual in the government who thought that it would be a good idea to gun down a bunch of students at an anti-war rally. It was much more a sin of omission (they should have sent in professionals who could handle the stress) than commission.
I think that's out of date. I'm seeing a lot of indicators that it's now mostly done by really sleazy criminal players.
E.g., get insurance from us... we guarantee we can beat any other offer because we'll sell you a policy but be long gone when you make a claim.
Apply for a new mortgage from us... if you're really dumb, you'll pay us a kilobuck or two in upfront fees. If not, we'll still have lots of detailed information that can be used for identity theft.
Even the miracle cream that gives you both big tits and a long dick seem to be coming from just one or two sources running some pretty heavy duty software to find open relays and "dead" domains.
I can't remember the name of the event now ("Lesser something," from the name of a plant that became widespread over the period. It's probably even mentioned in that article :-), but a similar thing happened at the end of the last ice age (and there's evidence it happened before). Europe was getting warmer, then suddenly got very cold again for close to a thousand years. Then gradual warming resumed and we entered the current pattern.
The cause is believed to be the melting of the continential ice caps. This dumped a lot of cold water into the Atlantic and turned off the Gulf Stream, and it took a long time for it to turn back on.
In this case, the only question is how quickly polar ice and melt and how much is required to turn off the Gulf Stream. For a long time it was assumed that it wouldn't be enough to cause problems, but now geologists aren't so sure.
Europe may be in for a rough time, but overall temperatures will continue to rise. At least the ships from the American west coast and Asia will be able to sail directly to Europe through the NW passage. (Seriously, I was just reading about how the US and Canada are starting to think about what will be required to support maritime traffic as the polar ice melts.)
Wasn't that a Voyager episode, with Torres and Paris stuck in space suits (not even a shuttlecraft) with the ship nowhere in sight and the air running out?
And wasn't something similar done in DS-9, somewhere in the Delta quadrant before the war?
This episode might have been new, but the writers keep treading over the same ground.