Don't make strawman arguments based on the strawman's incompetence. Of course you don't want one person controlling critical information. That includes the combination to the office safe in your boss's office. Getting it may not be convenient, but that's the whole point -- to get attention when something unusual happens. "Restores" should always be unusual, especially if they're at odd hours when the usual people aren't around.
As for the last sentence... if you want to work in companies/industries where that's possible, more power to you. But don't pretend that it's reasonable or even legally possible for every company and industry.
You can use public key encryption for backups, with both 'working' and 'recovery' keys. Backups only need the public keys. Backups can be triggered by cron tasks so you only need a trained monkey to change the backup media, not a full sysadmin. The media will have already been encrypted.
Restores require the private keys, but that should be rare enough that it would be noteworthy when somebody asks for the private key. You could use a different key every time, to limit the damage if one key does get out.
It's really not that difficult. You can encrypt backups with public-key encryption -- it uses a random key for a symmetrical cipher, and you encrypt that key with your PK keys. Plural, since you'll probably want to include at least one recovery key. The backups - and the lower-level employees who access them - can be encrypted from birth to grave.
The recovery keys should be well-protected. Think "one disc in safe in CIO's office, second copy with corporate lawyer, third copy in bank safety deposit bank". Or better yet, recovery key in hardware devices that are physically protected.
"Live" access to sensitive systems can be restricted to an inner circle of hell. I mean an inner circle of experienced IT staff. You would want to partition responsibilities anyway in a larger organization.
You encrypt the data with a symmetrical cipher such as AES and a random key, then encrypt that key with PK. You can have multiple copies of the encrypted symmetrical key, e.g., any enterprise-level system will have a "recovery key".
Don't forget that unlimited knowledge also endangers the IT workers. It doesn't matter if you're a former boy scout if some bad guys want the information badly enough to threaten your family... and don't think that there aren't such people out there.
Security people know this. They know the only real solution is being very transparent about the fact that the IT person can't help them no matter how much pressure is applied.
It's easier for us to think about the corrupt employee since, gosh, we would never hire him. Nobody is safe from somebody willing to use violence to get what they want, and that's a scary thought.
I've heard the latter described as "demarchy". The only thing that keeps a democracy from devolving into a demarchy is a strong constitution and bill of rights. That's why the current crowd is so scary -- they're deliberately dismantling both constitution and BOR in order for a smaller group to have undue influence on the law and its enforcement.
A sad example is he Schiavo case. You had a governor announcing that he would ignore his own state's laws and her courts, you had Congress going into an emergency session to pass an unconstitutional law while ignoring many more pressing issues, etc. All so that views of some radicals could be shoved into a grieving family's face.
I can't remember if the Constitution specifically required Senators to be selected by the state governments, but it took a constitutional amendment to force (permit?) direct election.
Senators can still be temporarily replaced by the state government, with the next general election selecting the person to serve out the rest of the term. Representatives have to be replaced by special elections.
This was an important point after 9/11. Had a loaded plane hit the Capitol while Congress was in session, you might have had a situation where only a small fraction of the House survived and could not be replaced for several months. Yet government has to continue, and a quorum is determined by the number of sitting representatives. So you could have national laws passed by literally a few dozen people. It's not hard to imagine that situation leading to disaster in the wake of a successful attack.
There are two big differences between the US and other democracies.
1) we're larger, both in population and geographical distribution. You can't compare our problems with, oh, European countries that have 1/6th the population in a single timezone. Our peers are India, Russia, and...? Maybe Mexico, although she has a third of our population.
2) other countries have elections run from the top down. Single national standards, single national ballots, etc. We have something like 10,000 separate elections. States will usually have their own standards, but it's ultimately run by county clerks etc. There are profound legal problems with having election standards set at the national level -- things that work great in urban centers on the eastern seaboard will fail miserably in rural Montana, and vice versa. (I know, let's just ignore Montana since her population isn't that large!)
I don't recall the exact details, but Daily Kos has been fighting that "young and male [and uninformed]" meme for some time. In the last survey the age profile was fairly flat, with a modest peak in the 40s (iirc), but with strong response well into the 60s and 70s. Young males, ironically, were underrepresented given their relative abundance and their prime candidacy for bearing the weight of current GOP misadventures on their draft-age shoulders.
The other political blogs I'm on seem to have the same skew, if they report it at all. Technical blogs skew younger, but IIRC even slashdot has a sizeable over-30 and over-40 crowd.
Well, there's that criticism that the Bush administration did NOT go after that AQ camp in lawless Iraq since that would weaken the argument for going to war.
(Remember that NATO was enforcing no-fly zones in northern and southern Iraq and northern Iraq had become, de facto, independent of Saddam's control. This was a Good Think in Kurdish occupied lands, but it also opened the door for al Zaquari (iirc) to have a substantial camp outside of Saddam's effective control. It wasn't that Saddam permitted the base there, it was that Saddam couldn't apply meaningful military force under NATO restrictions.)
(Some US planners explicitedly wanted to take out the camp since it harbored AQ, but the administration nixed that plan so it could say that Iraq "harbored" terrorists. Only wonks would know that 1) Saddam wanted them out of there more than we did (as evidenced by our inaction) and 2) he couldn't do anything because of our own actions.)
Maybe my coworkers were feeding me BS, but I've been told that (at least in the past) the questions actually had a "tell us now so you won't fear disclosure in the future" tone.
Obviously this can't be a blanket approach. Confessing to a murder won't eliminate its potential use as blackmail. Confessing to cheating on your wife, with her sister (or brother!), on your wedding day won't eliminate its potential use as blackmail either.
But there's a lot of stuff that's embarassing enough that it could be used to open the door a bit if someone isn't careful. Just enough to convince somebody to do "one little thing" that can then be used to blackmail the person into the next step, etc. But if your boss already knows that dirt, why would you care?
yeah, yeah, yeah. Some people started to notice some of the dangers of smoking in the 19th Century. So what -- there were ads with the show's stars or "doctors" recommending specific brands of cigarettes into the 1950s, and the first gov't mandated warnings didn't appear until the late 60s. Even then tobacco companies threw up a smokescreen for decades.
But that misses the broader point that one of the best predictors for whether you will smoke (iirc) is whether your parents or other close relatives smoke. Teenagers make a big production of being different from their parents, but the parents still model 'adult' behavior to a tremendous extend and teenagers aren't very open to being told what they can't do by authority figures. There's still far too many smokers, but you don't hear about 3- and 4-pack-a-day smokers any more.
BTW, a good contemporary example is High Fructose Corn Syrup (HFCS). Twenty years ago (or so) it didn't exist, but now it's nearly impossible to avoid unless you prepare all of your food from scratch. The government says it's safe, but obesity has skyrocketed over the same period. How do you think your actions today will be seen in 40 years?
That's a different problem. In this case the problem isn't what they're selling, it's how they're doing it. Nobody (within the statistical margin of error) would agree to having an ad pop up 30 times/day, and have it crash four times/day on top of that. So how did this software get onto those systems again? Were users given reasonable notice and a chance to decline installation of this software?
Compounding that is the "dirty hands" observation that legitimate companies do not go to extreme measures to keep their software from being uninstalled. (Setting aside Microsoft and MSIE for the moment...)
BTW it might have been legal for P T Barnum to get cute like that, but there is no doubt that anyone selling tuna as "white salmon" today would be breaking several laws. We can shake our head at the person who believes in "white salmon" without ignoring the fact that the seller committed fraud.
Something that's overlooked is that the major collegiate sports are entertainment, not sports-for-the-sake-of-athletics. Harsh, but true. Viewed in that context, the athletes with scholarships are entertainers, and like all entertainers ALL of their actions reflect back on their employer/university.
Think I'm exaggerating? Ask the University of Colorado. How many scandals has it been involved with recently? How many were related to things that happened on the football field, and how many were related to things that happened off-campus? Guess which ones made the local, even national, news. Guess which ones resulted in ominous warnings that they would affect fundraising activities. (Which is somewhat circular since the money raised for sports rarely covers the actual costs of those sports -- the difference is treated as an advertising cost to promote the school to potential students.)
Actually the recent years have been unique since there was a legitimate athletics-related controversy -- the NCAA's ridiculous refusal to let Jeremy Bloom play football since he got compensation for his activities as a skier. The latter didn't bother the USOC, but it did bother the NCAA. Meanwhile there continue to be serious, but ignored, abuses by "boosters" nationwide....
So while I am worried that this case will set a bad precedence, much like the way "drug test HS athletes" (who do run the risk of injuring themselves on the field) got morphed into the "drug test for any extracurricular activity", I'm also aware of the unusual nature of the big sports programs. I don't know whether it's a good policy, but I think it's a defensible one.
Anyway, we're almost certainly talking about different things. Nobody is suggesting burying long-distance high-tension lines. Just the last half-mile or so. That's enough to eliminate the visual clutter and keep the neighborhood from losing power after a tree limb breaks, etc.
Remember why these fonts were published in the first place. It wasn't a generosity of spirit, it was so their for-profit products would be useful enough to get marketshare.
Printed material is fully rendered and doesn't depend on anything held by the user other than a good light source.
Images are fully rendered and only require an appropriate viewer.
But HTML pages (among other things) require that the specified fonts actually be available on the viewer's system. MS could put out the best HTML designer in the world, but if it used fonts that weren't on the user's systems then the results would still look like crap. Making the fonts readily available makes their products more useful and hence more attractive than a competitor's.
I was one of the early adapters of the MS TT fonts and it made a HUGE difference in the appearance of many sites. The people who use 'FrontPage' et al aren't techically sophisticated enough to understand why it's a Really Bad Idea to use the really cool fonts. So they put a lot of effort into creating cool pages that were then rendered using my default font, rarely with good results.
P.S., the same analysis applies to postscript and PDF. In that case the format designers decided to provide a mechanism for embedding any necessary fonts.
I'm sure the autobahn has a speed limit - highest prudent speed or something like that. (Same thing in Montana until they bowed to pressure and set explicit limits.) Actually I think ALL speed limits are written that way, but the cops are too busy to go after the morons doing 60 in a blizzard.
In the real world, that prudent speed will never be much higher than the posted speed limits on the interstate system, at least outside of the congested urban cores on weekends.
In the intermountain west -- you have to deal with rough roads, mass-market vehicles, other traffic, even the possibility of wildlife or livestock on the road. (Ever seen the results of hitting a cow or moose at highway speeds?) I'm not comfortable putting my wrangler over 70 mph, and even with my old MR-2 I would rarely go over 80. It's hard to imagine safely going much faster regardless of what you drive.
P.S., I've found I-90 through Montana one of the worst places to go fast. The problem is RV traffic -- those drivers think they can pass semis since they're going 30 mph and the semis are only going 15 mph. The only problem is that I'm over the horizon when they make their move, but on their tail before they made it halfway past the truck.
Heck - the RV traffic probably wasn't even that heavy. But it clumped at the hills and forced you to crawl for a few miles.
Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.
But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.
On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)
The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.
(BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)
For some reason I keep thinking of the "attractive nuisance" laws.
In a nutshell, if you have an "attractive nuisance" like a pool then it's your responsibility to erect a fence around it to keep everyone else out. (Especially small children and animals that may not be able to get out of the pool on their own.)
It's your land, they are trespassers... but it's still your obligation to take pro-active measures to keep people out.
As others have pointed out elsewhere, open wi-fi connections are not uncommon. Some areas - either small collections of stores or entire urban cores - have established open wi-fi environments as an enticement for potential customers to come. That's why bookstores and coffe shops have free wi-fi - they understand that if they can keep you there, you're more likely to buy more stuff.
If I understand the concepts, unsecured wi-fi is "attractive" and it's up to you to erect a fence. ALL hardware supports WEP, at a minimum, and setting up authentication is straightforward. I've heard that some stores write the daily WEP key on a blackboard behind the counter -- easily seen by the customers, but enough to keep piggybackers out.
All of this is somewhat beside the point in this case -- it sounds like the store had previously asked him to stop using their service and (I assume) to keep out of their parking lot. Explicit instructions will always trump reasonable expectations.
Gah - I have moderator points but there's no "incorrect" flag.
Encryption without authentication is absolutely meaningless. There would be no way to detect a "man in the middle" attack -- anyone with access to the data stream could impersonate the other party and get the complete plaintext stream. Worse, the MitM could almost certainly insert or remove content at will. ("Almost" since it's possible that there's HMAC data at the application layer in addition to the network(?) layer.)
That's crypto 101 material. Any protocol designer that doesn't have MitM attacks as one of his top priorities should go back to his cereal box decoder rings.
SSL contains both strong mutual authentication and message digesting. One or both parties can choose to ignore information, but it's always their choice and they can refuse a connection unless acceptable authentication information has been provided.
Does this directly address spamming and phishing? No... but it guarantees that you can hold somebody responsible for it. That's why the "soft" side of the CA is so important - you're depending on the CA doing due diligence to ensure that 'paypal.com' is who they claim they are, not somebody with a maildrop. Generating and publishing the certs themselves is trivial.
As an aside, "SSL" does NOT mean that you're guaranteed an encrypted channel. A 'null' cipher exists for testing purposes and many administrators never realize that they should specify a minimal acceptable cipher strength. A malicious application or client could attempt to negotiate encryption down to nothing. Some of the other ciphers are only suitable for keeping your kid sister out of your stuff.
I am DEFINITELY not a Windows person, but I seem to recall setting up an ODBC connector to let Access (or some other common Windows app) see into our PostgreSQL database. Other than setting up the connection the change was entirely transparent to the user.
Is that the case? If so, would this solve your immediate problem since the users could continue to use Access for smaller projects that don't warrant a full web-based solution? At least the data will be centralized and routinely backed up.
I'm getting damn tired of this libertarian crap that would demand you throw a heavy stone at a drowning swimmer lest one penny be wasted on an "idle" lifeguard.
Look at the history of social security. It wasn't a few more bucks for affluent middle-class retirees, it was keep poor older Americans (the vast majority) from starving to death or freezing to death in the winter. This isn't hyperbole, and a generation earlier the idea that many working people could actually live that long (vs. dying from illness or injury on the job) would have been ludicrious.
They should have saved? Please... this was an era where the simplest things we take for granted (e.g., getting some meat daily) would have been unimaginable. And even if they did managed to save a little... let's just say that banks today have those "Insured by the FDIC" signs on their front door for a reason!
Look at the modern reality of social security. I pay social security... and I know that it goes straight into my parent's pocket. A few years ago four immediate members of my family were retired. I know that they all worked hard their entire lives (my father, in his 80s, still has a part-time job!) and the extra money went into providing the kids with an education. Think I begrudge them today? Think that society at large would have been better off with another working class drone instead of college-educated information workers?
Finally, if you really insist on calling social security "welfare", then I'll insist that public schools are also "welfare" for the irresponsible people who couldn't keep it in their pants until they could afford to pay the entire cost of their kid's education. I'm not just talking about K-12 schools either -- I'm including government-backed student loans, taxpayer funded state universities, etc.
Why do I mention this? Tell me about yourself. How much "welfare" have you received in your education? In current numbers I doubt it was less than $100k. When will you repay it?
(P.S., I don't begrudge helping to pay for the education of other people's kids. That 6th grader may be the one who saves me from a fire in 20 years, and the college freshman may be the one who saves my spouse's life in 25 years.)
(P.P.S., the reason for the subject line is that a "drown the baby" republican's proposed budget cuts for a city recently came to light. (Or maybe it's just an urban legend, who knows?) Prominent on the list of cuts was cutting lifeguards at public pools... if not closing them outright. (Let them pay for country clubs.) Reducing hours at public libraries. Things that make a big difference for working people look at you like you're crazy when you suggest they should put money into savings instead of their kids' bellies.)
I'm sure a lawyer could chirp up with details, but a few years ago the Colorado Supreme Court ruled that the police needed to get a search warrant to examine the contents of a tent. They ruled that tents were temporary domiciles, same as hotel rooms, and entitled to the same protection.(*) His closure of the tent, like closing your hotel room door, indicated that uninvited visitors were unwelcome. That includes police sans warrant.
Is a zipped tent, or a locked convertable with the top down, any practical limitation? Of course not, but neither is a window to a man with a rock. But legally it's the intent that mattered in that case.
In the parent case, I have a mixed mind on the decision. I understand the reasoning, but I also understand that "freedom of association" protects the right of a group to exclude unwanted persons (primarily police) just as much as it means that a group can get together for peaceful purposes.
(*) The old Dragnet series had a horrible scene where the cops searched an apartment under the authority granted by the landlord. Uh, no. Odd, iirc my ugrad business law class made it clear that only the occupants can consent to a search. (Details undoubtably differ by state.) Residental rental contracts universally provide access exemptions, but in every one of my leases it's been immediate if there's a critical problem that requires immediate action (e.g., burst pipe or smoke), and after 24 hours if there's a legitimate business need (e.g., to perform city-mandated annual inspection of the smoke alarm). Otherwise, keep out. The landlord can unlock the door for a search warrant, but can no more open the door to the police for an unwarranted search than he can open the door for my "visiting brother" who's dropped by to pick up my "unwanted" computer.
On the other hand there have been cases of residents suing their landlord after they discovered hidden cameras installed by their landlord... and losing. That's not the same as a government agent, of course, but it highlights the need to check with a local lawyer if there's a question.
Let me more precise -- I'm referring to workstation and server software, not kiddie-pool web sites or games. Don't get me wrong, the latter are important in their own niches but you don't run SME (small to medium enterprise), much less large enterprise or scientific software, on top of PHP. Five FTE developers is on the low end of SME, but my current team is smaller and our client base is 80k professionals.
I've been tracking the local job listings for years and the job listings probably split 70% java, 25% C++ (100% legacy) and 5% C (100% kernel and device driver). The recruiters I keep in contact with have been presenting positions with the same rough split -- even though several of them know that I'm very good at Unix/C development. If the C market is expanding none of us have seen it.
I don't think it's a temporary shift either. Nearly everything I did in C/Motif would now be done in Java/browser, and much of the backend stuff would use Java as well since the way we think about the problem has shifted.
(P.S., you're joking with the 'office software' comment, right? Doesn't the fact that you can name the handful of products that dominate their niche tell you something? How many developers does all of Microsoft, Oracle, Adobe, etc. account for -- maybe 1% of the total competent talent pool?)
Slashdot Mirror
Don't make strawman arguments based on the strawman's incompetence. Of course you don't want one person controlling critical information. That includes the combination to the office safe in your boss's office. Getting it may not be convenient, but that's the whole point -- to get attention when something unusual happens. "Restores" should always be unusual, especially if they're at odd hours when the usual people aren't around.
As for the last sentence... if you want to work in companies/industries where that's possible, more power to you. But don't pretend that it's reasonable or even legally possible for every company and industry.
You can use public key encryption for backups, with both 'working' and 'recovery' keys. Backups only need the public keys. Backups can be triggered by cron tasks so you only need a trained monkey to change the backup media, not a full sysadmin. The media will have already been encrypted.
Restores require the private keys, but that should be rare enough that it would be noteworthy when somebody asks for the private key. You could use a different key every time, to limit the damage if one key does get out.
It's really not that difficult. You can encrypt backups with public-key encryption -- it uses a random key for a symmetrical cipher, and you encrypt that key with your PK keys. Plural, since you'll probably want to include at least one recovery key. The backups - and the lower-level employees who access them - can be encrypted from birth to grave.
The recovery keys should be well-protected. Think "one disc in safe in CIO's office, second copy with corporate lawyer, third copy in bank safety deposit bank". Or better yet, recovery key in hardware devices that are physically protected.
"Live" access to sensitive systems can be restricted to an inner circle of hell. I mean an inner circle of experienced IT staff. You would want to partition responsibilities anyway in a larger organization.
You encrypt the data with a symmetrical cipher such as AES and a random key, then encrypt that key with PK. You can have multiple copies of the encrypted symmetrical key, e.g., any enterprise-level system will have a "recovery key".
Don't forget that unlimited knowledge also endangers the IT workers. It doesn't matter if you're a former boy scout if some bad guys want the information badly enough to threaten your family... and don't think that there aren't such people out there.
Security people know this. They know the only real solution is being very transparent about the fact that the IT person can't help them no matter how much pressure is applied.
It's easier for us to think about the corrupt employee since, gosh, we would never hire him. Nobody is safe from somebody willing to use violence to get what they want, and that's a scary thought.
I've heard the latter described as "demarchy". The only thing that keeps a democracy from devolving into a demarchy is a strong constitution and bill of rights. That's why the current crowd is so scary -- they're deliberately dismantling both constitution and BOR in order for a smaller group to have undue influence on the law and its enforcement.
A sad example is he Schiavo case. You had a governor announcing that he would ignore his own state's laws and her courts, you had Congress going into an emergency session to pass an unconstitutional law while ignoring many more pressing issues, etc. All so that views of some radicals could be shoved into a grieving family's face.
I don't think they anticipated our disparity in state populations. I think the ratio between California and Wyoming is close to 100:1.
I can't remember if the Constitution specifically required Senators to be selected by the state governments, but it took a constitutional amendment to force (permit?) direct election.
Senators can still be temporarily replaced by the state government, with the next general election selecting the person to serve out the rest of the term. Representatives have to be replaced by special elections.
This was an important point after 9/11. Had a loaded plane hit the Capitol while Congress was in session, you might have had a situation where only a small fraction of the House survived and could not be replaced for several months. Yet government has to continue, and a quorum is determined by the number of sitting representatives. So you could have national laws passed by literally a few dozen people. It's not hard to imagine that situation leading to disaster in the wake of a successful attack.
There are two big differences between the US and other democracies.
1) we're larger, both in population and geographical distribution. You can't compare our problems with, oh, European countries that have 1/6th the population in a single timezone. Our peers are India, Russia, and...? Maybe Mexico, although she has a third of our population.
2) other countries have elections run from the top down. Single national standards, single national ballots, etc. We have something like 10,000 separate elections. States will usually have their own standards, but it's ultimately run by county clerks etc. There are profound legal problems with having election standards set at the national level -- things that work great in urban centers on the eastern seaboard will fail miserably in rural Montana, and vice versa. (I know, let's just ignore Montana since her population isn't that large!)
I don't recall the exact details, but Daily Kos has been fighting that "young and male [and uninformed]" meme for some time. In the last survey the age profile was fairly flat, with a modest peak in the 40s (iirc), but with strong response well into the 60s and 70s. Young males, ironically, were underrepresented given their relative abundance and their prime candidacy for bearing the weight of current GOP misadventures on their draft-age shoulders.
The other political blogs I'm on seem to have the same skew, if they report it at all. Technical blogs skew younger, but IIRC even slashdot has a sizeable over-30 and over-40 crowd.
Well, there's that criticism that the Bush administration did NOT go after that AQ camp in lawless Iraq since that would weaken the argument for going to war.
(Remember that NATO was enforcing no-fly zones in northern and southern Iraq and northern Iraq had become, de facto, independent of Saddam's control. This was a Good Think in Kurdish occupied lands, but it also opened the door for al Zaquari (iirc) to have a substantial camp outside of Saddam's effective control. It wasn't that Saddam permitted the base there, it was that Saddam couldn't apply meaningful military force under NATO restrictions.)
(Some US planners explicitedly wanted to take out the camp since it harbored AQ, but the administration nixed that plan so it could say that Iraq "harbored" terrorists. Only wonks would know that 1) Saddam wanted them out of there more than we did (as evidenced by our inaction) and 2) he couldn't do anything because of our own actions.)
Maybe my coworkers were feeding me BS, but I've been told that (at least in the past) the questions actually had a "tell us now so you won't fear disclosure in the future" tone.
Obviously this can't be a blanket approach. Confessing to a murder won't eliminate its potential use as blackmail. Confessing to cheating on your wife, with her sister (or brother!), on your wedding day won't eliminate its potential use as blackmail either.
But there's a lot of stuff that's embarassing enough that it could be used to open the door a bit if someone isn't careful. Just enough to convince somebody to do "one little thing" that can then be used to blackmail the person into the next step, etc. But if your boss already knows that dirt, why would you care?
yeah, yeah, yeah. Some people started to notice some of the dangers of smoking in the 19th Century. So what -- there were ads with the show's stars or "doctors" recommending specific brands of cigarettes into the 1950s, and the first gov't mandated warnings didn't appear until the late 60s. Even then tobacco companies threw up a smokescreen for decades.
But that misses the broader point that one of the best predictors for whether you will smoke (iirc) is whether your parents or other close relatives smoke. Teenagers make a big production of being different from their parents, but the parents still model 'adult' behavior to a tremendous extend and teenagers aren't very open to being told what they can't do by authority figures. There's still far too many smokers, but you don't hear about 3- and 4-pack-a-day smokers any more.
BTW, a good contemporary example is High Fructose Corn Syrup (HFCS). Twenty years ago (or so) it didn't exist, but now it's nearly impossible to avoid unless you prepare all of your food from scratch. The government says it's safe, but obesity has skyrocketed over the same period. How do you think your actions today will be seen in 40 years?
That's a different problem. In this case the problem isn't what they're selling, it's how they're doing it. Nobody (within the statistical margin of error) would agree to having an ad pop up 30 times/day, and have it crash four times/day on top of that. So how did this software get onto those systems again? Were users given reasonable notice and a chance to decline installation of this software?
Compounding that is the "dirty hands" observation that legitimate companies do not go to extreme measures to keep their software from being uninstalled. (Setting aside Microsoft and MSIE for the moment...)
BTW it might have been legal for P T Barnum to get cute like that, but there is no doubt that anyone selling tuna as "white salmon" today would be breaking several laws. We can shake our head at the person who believes in "white salmon" without ignoring the fact that the seller committed fraud.
Something that's overlooked is that the major collegiate sports are entertainment, not sports-for-the-sake-of-athletics. Harsh, but true. Viewed in that context, the athletes with scholarships are entertainers, and like all entertainers ALL of their actions reflect back on their employer/university.
Think I'm exaggerating? Ask the University of Colorado. How many scandals has it been involved with recently? How many were related to things that happened on the football field, and how many were related to things that happened off-campus? Guess which ones made the local, even national, news. Guess which ones resulted in ominous warnings that they would affect fundraising activities. (Which is somewhat circular since the money raised for sports rarely covers the actual costs of those sports -- the difference is treated as an advertising cost to promote the school to potential students.)
Actually the recent years have been unique since there was a legitimate athletics-related controversy -- the NCAA's ridiculous refusal to let Jeremy Bloom play football since he got compensation for his activities as a skier. The latter didn't bother the USOC, but it did bother the NCAA. Meanwhile there continue to be serious, but ignored, abuses by "boosters" nationwide....
So while I am worried that this case will set a bad precedence, much like the way "drug test HS athletes" (who do run the risk of injuring themselves on the field) got morphed into the "drug test for any extracurricular activity", I'm also aware of the unusual nature of the big sports programs. I don't know whether it's a good policy, but I think it's a defensible one.
Are you sure that isn't inductance?
Anyway, we're almost certainly talking about different things. Nobody is suggesting burying long-distance high-tension lines. Just the last half-mile or so. That's enough to eliminate the visual clutter and keep the neighborhood from losing power after a tree limb breaks, etc.
Remember why these fonts were published in the first place. It wasn't a generosity of spirit, it was so their for-profit products would be useful enough to get marketshare.
Printed material is fully rendered and doesn't depend on anything held by the user other than a good light source.
Images are fully rendered and only require an appropriate viewer.
But HTML pages (among other things) require that the specified fonts actually be available on the viewer's system. MS could put out the best HTML designer in the world, but if it used fonts that weren't on the user's systems then the results would still look like crap. Making the fonts readily available makes their products more useful and hence more attractive than a competitor's.
I was one of the early adapters of the MS TT fonts and it made a HUGE difference in the appearance of many sites. The people who use 'FrontPage' et al aren't techically sophisticated enough to understand why it's a Really Bad Idea to use the really cool fonts. So they put a lot of effort into creating cool pages that were then rendered using my default font, rarely with good results.
P.S., the same analysis applies to postscript and PDF. In that case the format designers decided to provide a mechanism for embedding any necessary fonts.
I'm sure the autobahn has a speed limit - highest prudent speed or something like that. (Same thing in Montana until they bowed to pressure and set explicit limits.) Actually I think ALL speed limits are written that way, but the cops are too busy to go after the morons doing 60 in a blizzard.
In the real world, that prudent speed will never be much higher than the posted speed limits on the interstate system, at least outside of the congested urban cores on weekends.
In the intermountain west -- you have to deal with rough roads, mass-market vehicles, other traffic, even the possibility of wildlife or livestock on the road. (Ever seen the results of hitting a cow or moose at highway speeds?) I'm not comfortable putting my wrangler over 70 mph, and even with my old MR-2 I would rarely go over 80. It's hard to imagine safely going much faster regardless of what you drive.
P.S., I've found I-90 through Montana one of the worst places to go fast. The problem is RV traffic -- those drivers think they can pass semis since they're going 30 mph and the semis are only going 15 mph. The only problem is that I'm over the horizon when they make their move, but on their tail before they made it halfway past the truck.
Heck - the RV traffic probably wasn't even that heavy. But it clumped at the hills and forced you to crawl for a few miles.
Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.
But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.
On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)
The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.
(BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)
For some reason I keep thinking of the "attractive nuisance" laws.
In a nutshell, if you have an "attractive nuisance" like a pool then it's your responsibility to erect a fence around it to keep everyone else out. (Especially small children and animals that may not be able to get out of the pool on their own.)
It's your land, they are trespassers... but it's still your obligation to take pro-active measures to keep people out.
As others have pointed out elsewhere, open wi-fi connections are not uncommon. Some areas - either small collections of stores or entire urban cores - have established open wi-fi environments as an enticement for potential customers to come. That's why bookstores and coffe shops have free wi-fi - they understand that if they can keep you there, you're more likely to buy more stuff.
If I understand the concepts, unsecured wi-fi is "attractive" and it's up to you to erect a fence. ALL hardware supports WEP, at a minimum, and setting up authentication is straightforward. I've heard that some stores write the daily WEP key on a blackboard behind the counter -- easily seen by the customers, but enough to keep piggybackers out.
All of this is somewhat beside the point in this case -- it sounds like the store had previously asked him to stop using their service and (I assume) to keep out of their parking lot. Explicit instructions will always trump reasonable expectations.
Gah - I have moderator points but there's no "incorrect" flag.
Encryption without authentication is absolutely meaningless. There would be no way to detect a "man in the middle" attack -- anyone with access to the data stream could impersonate the other party and get the complete plaintext stream. Worse, the MitM could almost certainly insert or remove content at will. ("Almost" since it's possible that there's HMAC data at the application layer in addition to the network(?) layer.)
That's crypto 101 material. Any protocol designer that doesn't have MitM attacks as one of his top priorities should go back to his cereal box decoder rings.
SSL contains both strong mutual authentication and message digesting. One or both parties can choose to ignore information, but it's always their choice and they can refuse a connection unless acceptable authentication information has been provided.
Does this directly address spamming and phishing? No... but it guarantees that you can hold somebody responsible for it. That's why the "soft" side of the CA is so important - you're depending on the CA doing due diligence to ensure that 'paypal.com' is who they claim they are, not somebody with a maildrop. Generating and publishing the certs themselves is trivial.
As an aside, "SSL" does NOT mean that you're guaranteed an encrypted channel. A 'null' cipher exists for testing purposes and many administrators never realize that they should specify a minimal acceptable cipher strength. A malicious application or client could attempt to negotiate encryption down to nothing. Some of the other ciphers are only suitable for keeping your kid sister out of your stuff.
I am DEFINITELY not a Windows person, but I seem to recall setting up an ODBC connector to let Access (or some other common Windows app) see into our PostgreSQL database. Other than setting up the connection the change was entirely transparent to the user.
Is that the case? If so, would this solve your immediate problem since the users could continue to use Access for smaller projects that don't warrant a full web-based solution? At least the data will be centralized and routinely backed up.
I'm getting damn tired of this libertarian crap that would demand you throw a heavy stone at a drowning swimmer lest one penny be wasted on an "idle" lifeguard.
Look at the history of social security. It wasn't a few more bucks for affluent middle-class retirees, it was keep poor older Americans (the vast majority) from starving to death or freezing to death in the winter. This isn't hyperbole, and a generation earlier the idea that many working people could actually live that long (vs. dying from illness or injury on the job) would have been ludicrious.
They should have saved? Please... this was an era where the simplest things we take for granted (e.g., getting some meat daily) would have been unimaginable. And even if they did managed to save a little... let's just say that banks today have those "Insured by the FDIC" signs on their front door for a reason!
Look at the modern reality of social security. I pay social security... and I know that it goes straight into my parent's pocket. A few years ago four immediate members of my family were retired. I know that they all worked hard their entire lives (my father, in his 80s, still has a part-time job!) and the extra money went into providing the kids with an education. Think I begrudge them today? Think that society at large would have been better off with another working class drone instead of college-educated information workers?
Finally, if you really insist on calling social security "welfare", then I'll insist that public schools are also "welfare" for the irresponsible people who couldn't keep it in their pants until they could afford to pay the entire cost of their kid's education. I'm not just talking about K-12 schools either -- I'm including government-backed student loans, taxpayer funded state universities, etc.
Why do I mention this? Tell me about yourself. How much "welfare" have you received in your education? In current numbers I doubt it was less than $100k. When will you repay it?
(P.S., I don't begrudge helping to pay for the education of other people's kids. That 6th grader may be the one who saves me from a fire in 20 years, and the college freshman may be the one who saves my spouse's life in 25 years.)
(P.P.S., the reason for the subject line is that a "drown the baby" republican's proposed budget cuts for a city recently came to light. (Or maybe it's just an urban legend, who knows?) Prominent on the list of cuts was cutting lifeguards at public pools... if not closing them outright. (Let them pay for country clubs.) Reducing hours at public libraries. Things that make a big difference for working people look at you like you're crazy when you suggest they should put money into savings instead of their kids' bellies.)
I'm sure a lawyer could chirp up with details, but a few years ago the Colorado Supreme Court ruled that the police needed to get a search warrant to examine the contents of a tent. They ruled that tents were temporary domiciles, same as hotel rooms, and entitled to the same protection.(*) His closure of the tent, like closing your hotel room door, indicated that uninvited visitors were unwelcome. That includes police sans warrant.
Is a zipped tent, or a locked convertable with the top down, any practical limitation? Of course not, but neither is a window to a man with a rock. But legally it's the intent that mattered in that case.
In the parent case, I have a mixed mind on the decision. I understand the reasoning, but I also understand that "freedom of association" protects the right of a group to exclude unwanted persons (primarily police) just as much as it means that a group can get together for peaceful purposes.
(*) The old Dragnet series had a horrible scene where the cops searched an apartment under the authority granted by the landlord. Uh, no. Odd, iirc my ugrad business law class made it clear that only the occupants can consent to a search. (Details undoubtably differ by state.) Residental rental contracts universally provide access exemptions, but in every one of my leases it's been immediate if there's a critical problem that requires immediate action (e.g., burst pipe or smoke), and after 24 hours if there's a legitimate business need (e.g., to perform city-mandated annual inspection of the smoke alarm). Otherwise, keep out. The landlord can unlock the door for a search warrant, but can no more open the door to the police for an unwarranted search than he can open the door for my "visiting brother" who's dropped by to pick up my "unwanted" computer.
On the other hand there have been cases of residents suing their landlord after they discovered hidden cameras installed by their landlord... and losing. That's not the same as a government agent, of course, but it highlights the need to check with a local lawyer if there's a question.
Let me more precise -- I'm referring to workstation and server software, not kiddie-pool web sites or games. Don't get me wrong, the latter are important in their own niches but you don't run SME (small to medium enterprise), much less large enterprise or scientific software, on top of PHP. Five FTE developers is on the low end of SME, but my current team is smaller and our client base is 80k professionals.
I've been tracking the local job listings for years and the job listings probably split 70% java, 25% C++ (100% legacy) and 5% C (100% kernel and device driver). The recruiters I keep in contact with have been presenting positions with the same rough split -- even though several of them know that I'm very good at Unix/C development. If the C market is expanding none of us have seen it.
I don't think it's a temporary shift either. Nearly everything I did in C/Motif would now be done in Java/browser, and much of the backend stuff would use Java as well since the way we think about the problem has shifted.
(P.S., you're joking with the 'office software' comment, right? Doesn't the fact that you can name the handful of products that dominate their niche tell you something? How many developers does all of Microsoft, Oracle, Adobe, etc. account for -- maybe 1% of the total competent talent pool?)