I've been programming in Perl for 20 years. Perl 5 is a great language - it did things 20 years ago that are trendy now - things like closures, functional style (if you want it), autoboxing, etc - certainly these weren't new then, but they were new to many Unix people at the time. It also happens to be extremely concise and evolving (5.22 is quite evolved from 5.0, because, among other things, it has included aspects of Perl 6). Perl 6 is going to be a great language too, as the creator wasn't after creating YACLL (Yet Another C-Like Language), is willing to learn from others, and is willing to embrace techniques others like.
If you want what exists elsewhere, by all means use that instead. There certainly are a lot of languages out there to choose from, so I'm sure the troll will find one more to his liking. But I'm glad our language and our community (of which I'm a very small part) exists. I'm proud when people are recognized for what they contribute and the vast majority of people who seek to value everyone. It doesn't sound like the troll who started this subthread wants this - that's fine. But those of us who are secure enough in who we are to work alongside very competent programmers from every continent and every gender are happy to continue participating in our community. Oh, we're also happy to have Camelia as our mascot, and hope that it does attract the kind of community that isn't happy with the conventional.
Of course I suppose The Art of Computing Programming is also a disaster by the standards of trolls.:)
You need someone who has studied communication, specifically AAC, and knows what is possible. You don't need someone inventing things without knowing what is out there (I.E. if someone can't explain what Minspeak is, and who it does and doesn't make sense for, move on).
This person will know about different input technology, input systems, language systems, etc. A computer guy doesn't. Seriously. It requires assessment, not a few paragraph description of the person.
This is way too important to get opinions on Slashdot about. You need to find an expert. The expert probably will be an SLP, but an SLP with significant experience with AAC (most don't have this).
Not only did it happen before, but allowing blacks to be fully integrated occurred during a time of war. The Korean. With no effect on the units' ability to fight, other than now the military was promoting the best person for the job and making the job more attractive to a huge number of US citizens.
There is always time to fight for human rights - after all, isn't that what the military is fighting for? Freedom? So the logic people use that "we're at war" is kind of bogus. Of course we are (and we will be for the next 10 years at least) - we're fighting for the freedom of the Iraqis and Afgans. Unless of course we're not, and we're fighting for oil and ego, in which case we probably don't have time for human rights...but I'd like to believe this isn't why the US went to war.
All that said, I would love to see the Navy at a LGBT event singing "In the Navy" by the Village People to try to attract gay recruits.:)
Don't pursue is not part of the old (pre-yesterday) law. It was proposed to be, but was defeated in congress, leaving us with just the don't ask and don't tell parts.
The military has strict rules against personal relationships - including heterosexual ones, since many units have men and women - and obviously having a relationship between two soldiers in battle can cause divided loyalties. The problem won't be any different with gay soldiers, and, fortunately, the regulation can handle it. Sometimes these are ignored (STDs are the Navy's biggest health concern - with straight guys who are hooking up at port with "less than honorable" women), but generally the military has a way of "encouraging" compliance with thier rules.
Part of managing a professional organization is to carry the expectation of professional behavior by the members. If you don't expect them to be professional, they probably won't be. No matter how many big-brother laws you make. I personally think the military - who we trust to only kill the "right" people - can probably handle a gay or two in their unit.
Just like other militaries that allow openly gay soldiers. Such as Israel (which I would hardly call non-professional).
Trash it (well, recycle it anyhow). Nobody wants the junk. Seriously.
The idea that some third world country is grateful to get insecure, unstable, junk computer equipment...well, that's offensive. Rather than shipping your toxic (literally) junk halfway around the world, if you want to support computers in third world countries (hint: more than 802.11b access points, they need things like water and sewage), simply donate MONEY to an organization that is involved in these things. If education and improving the world is your goal, I'd recommend Unicef.
Also, 802.11b uses radio, which means it needs to comply with whatever country's laws you send it to. US channels are not necessarily the third world's channels, and it's best to actually work with the government rather than assuming "They should be grateful weather or not is compatible with their usage of radio spectrum - Look at me, the rich person, doing nothing about their hunger, but giving them my trash I'm too cheap to recycle!"
I've worked for non-profits, the other suggestion here. We had lots of people offer us worthless junk for tax write-off purposes. Apparently our mission was not important enough to have reliable computer equipment (we only fed the hungry, so we apparently, unlike business, didn't need a computer with things like a warranty). Anytime you have "free" equipment, if you don't have a plan in place to replace/repair it when it breaks, it's not worth having - because you will end up depending on the equipment, which will be a disaster when it fails (and you have no money to fix it).
Sure, it should not ignore robots.txt. And if that's true, there's a problem - but I'd like MS's side of the story before assuming that it ignores robots.txt - who knows, maybe the robots.txt is malformed.
I'd also like to know what user agent string is the crawler using.
But all that said, this is not exactly news worthy. I've run large, dynamic internet sites for years. I've had problems with many, many different kinds of crawlers, from many companies (including companies like Google). There's a ton of bots out there that do ignore robots.txt (there was a few hundred bots that scanned the site I used to run, back in 2001, that ignored robots.txt). So it's something a programmer really needs to be ready to deal with.
Yes, these bots are rude, abusive, and inconsiderate of the site owners (go figure - most of the companies running them, the small bots, are pretty much unethical anyhow - anything for a buck). But it's on the internet, just like spam and a bunch of other things we all get annoyed with. You have to deal with it.
I suggest applications like mod_bwshare to even out this type of behavior, traffic shaping at the network layer for known abusers you don't just want to block, etc. Those are the tactics I use.
First, this just screws customers of Novell - typically big organizations which can afford Windows licenses, but have been starting to implement Linux (from Novell, among others) on the basis of Linux's merits (instead of just it's cost). If you're a customer of Novell, you can read this as:
FSF is looking at making you change all of your systems relatively shortly because FSF doesn't agree with Novell's business model. You're going to have to find a new vendor.
That new vendor is going to be Microsoft. They are going to say, "Why should some long hairs from Massachussets be able to disrupt my data center? I rely on my service contract with Novell. Well, I'm done with them. I'm going to go with a product where there are market forces in place to give me some stability." They aren't going to see this as a Novell issue, they are going to see this as a LINUX and FSF issue.
But FSF has different goals than most of the Linux community. FSF's goal is that no one sells code. Most of the Linux community want to see their software running as many places as possible. Often these goals are compatible (free of cost means it is easier to get people to install!), but sometimes they are not. This is an example of "not".
But I've never thought GPL was "free". If your software is free, let me do whatever I want with it. Seriously. Don't tie in clauses preventing certain uses that go against your morals. If it's free, let it be free. Otherwise call it what it is, but don't use the word "free" to do that, since it's clearly not free in a "free to use however you want" way. I think the BSD (especially new form of the license) is an example of a truly free license. It's also possible for mere mortals to understand the BSD license (that's another part of being "free" - I have to know what rights I have and don't have).
I administer a decently sized storage subsystem connected to about 10 servers (half database servers, 1/4 large storage space but low speed requirement, 1/4 backup/tape/etc server).
For a single server, a FC system seems like overkill to me. Buy a direct attached SCSI enclosure and be done with it.
For 10 or more servers, sharing disk space, a SAN (FC IMHO, although iSCSI is acceptible if your servers all share the same security requirements - I.E. are all on the same port of your firewall) is the way to go.
Here's what I see the benefits of a FC SAN as (if you don't need these benefits, you'll waste your money on the SAN if you buy it):
1) High availability
2) Good fault monitoring capability (me and my vendor both get paged if anything goes down, even as simple as a disk reporting errors)
3) Good reporting capability. I can tell you how many transactions a second I process on which spindles, find sources of contention, know my peak disk activity times, etc.
4) Typically good support by the vendor (when one of the two redundant storage processors simply *rebooted* unexepectedly, rather than my vendor saying, "Ah, that's a fluke, we're not going to do anything about it unless it comes back in again", they had a new storage processor to me within one hour)
5) Can be connected to a large number of servers
6) Good ones have good security systems (so I can allow servers 1 & 2 to access virtual disk 1, server 3 to access virtual disk 2, with no server seeing other servers' disks)
7) Ease of adding disks. I can easily add 10 times the current capacity to the array with no downtime.
8) LAN-free backups. You can block-copy data between the SAN and tape unit without ever touching the network.
9) Multi-site support. You can run fiber channel a very long way, between buildings, sites, etc.
10) Ability to snapshot and copy data. I can copy data from one storage system to antoher connected over the same FC fabric with a few mouse clicks. I can instantly take a snapshot of the data (for instance, prior to installing a Windows service pack or when forensic analysis is required) without the hosts even knowing I did it.
Note that "large amounts of space" and "speed" aren't in the 10 things I thought of above. Really, that's secondary for most of my apps, even large databases, as in real use I'm not running into speed issues (nor would I on direct attached disks, I suspect). It's about a whole lot more than speed and space.
As for proprietary drives, why would you test a drive today?
If I start getting soft errors, hard errors, warning lights, etc, on a disk drive, I replace it. Period. I have 4 hour support with Dell. They can test the drive AFTER replacing mine. It takes me 4 hours to get the drive, 2 minutes to swap it (I have to walk down a flight of stairs). If the data is sensitive, then I say I want to keep my drive when I buy the server if it should fail (doesn't cost much). I then find a way of destroying it (such as a bonded company that specializes in drive destruction).
Now, why would I want to put a server drive into another computer to see if it works? I could be optimizing my databases, tuning monitoring systems, helping users, architecting new systems, etc, rather then dinking around with hardware. All these things affect the bottom line much more then whether or not the disk is *really* bad.
This has been default resolver behavior on Unix (including Mac OS X and Linux, IIRC) since early versions of the resolver libraries.
I am NOT talking about the DNS server itself, rather the client libraries.
On a Linux machine (at least RH9), look at "man 3 resolver".
Note the "RES_DNSRCH" option:
"If set, res_search() will search for host names in the current domain and in parent domains. This option is used by gethostbyname(3). [Enabled by default]."
Note also that it is enabled unless someone turns it off in the code of the calling application.
Note that "gethostbyname" is the common way in Unix C programming to find out the IP address of a DNS name. And gethostbyname() *is* using this option.
If someone wants to disagree with this, I'm going to say "read the source" and then post that source to disprove this.
In this case, when google.com returned NXDOMAIN, the resolver (accessed by gethostbyname on OS X and Linux) then looks up google.com.localdomain.tld. It then looks up google.com.tld. So, if your local domain was "example.net", it would try google.com.example.net followed by google.com.net - exactly the behavior we saw yesterday. It also explains why some people got "page not found" instead (there is no "google.com.com" - no DNS wildcard under com.com)
I'm sorry, but "important" email being sent to a free email account?
If you get important email, I suggest paying for an account that provides support as part of the price. "Free" doesn't typically mean "great support", not even in the case of Google.
Yes, IE does do some bizare stuff on its own, but this is a RESOLVER issue.
Let's say you have a domain called "example.com". Let's say you have a host called "foo.example.com". What happens, with the common configuration, when you telnet to "foo.example.com" from a machine called "bar.example.com"? Well, if your resolve.conf contains search example.com, it will try to look up foo.example.com, then foo.example.com.example.com, then foo.example.com.com. The relevant section from resolv.conf (5) on my RH9 box:
Most resolver queries will
be attempted using each component of the search path in turn
until a match is found.
IE has a different broken component, but that doesn't come into effect until AFTER the resolver does its thing - it appends a bunch of TLDs to the name, not just ones in your search path. But IE does show you the proper URL when *it* (instead of the resolver) does this.
Yes, this all is very dangerous behavior and some systems have learned "Only append the primary domain, not each subdomain". I think Windows is one of these systems actually. That's why if you are quux.baz.example.com, a Window's machine can't telnet to foo.example.com by simply typing in "telnet foo". This was a departure from the Unix resolver rules for security reasons - a good idea IMHO. (if a user typed "secureexampleintrant", you wouldn't want a phisher out there to have set up secureexampleintrant.com so your user unknowingly goes there instead of secureexampleintranet.example.com). Of course I am of the opinion that these "DNS shortcuts" are bad in general and the search kewyord in BIND needs to go away. Let people type the whole URL.
A little DNS knowledge is a dangerous thing indeed, though, as there is all sorts of FUD with this. This is DEFINATELY not a browser problem.
It supports branching (a must if you ever plan on releasing a V2 of anything), which, although CVS claims to, CVS does it very badly.
It is quick.
It is EASY from an administration standpoint. Easier then VSS. Other then checking your backups once in a while, you never mess with it. It really is "install and forget".
It allows the possibility for work to continue despite network problems, although I admit this is a bit ugly.
It has atomic changelists. Unlike CVS, where each file is submitted independently, all files are submitted and succeed or fail as a group. So an entire feature either gets there or doesn't. This also lets you remove the entire feature with one command, and lets your QA department know exactly what has changed (They can ask the developper who submitted the change, "What does this do?" rather then having to ask that for every file that was part of the change - MUCH less work).
It is cross-platform, on just about anything you'll need it on (including Linux).
It even has MS Office integration if you want that.
It has a valid security model, at least when compared to VSS (which has absolutely no security IMHO - yes, you can set passwords and protections and such, but changing a few bytes in the client will nullify those protections!).
I can't recommend it highly enough. It isn't cheap, but neither is VSS.
DOS had a utility (not included with it, of course) called "LIST" which let you change colors and bookmark (IIRC). It didn't let you change fonts, but I have read lots of manuals with the program. It was basically "less" on steroids.
It is perfectly legal to carry an air-band radio transmitter onto a plane. I've done it several times. It's not legal to use on the plane unless the Captain agrees (and he usually defers to the company's rules - that is, he says "no"). But it is a good point, since you could transmit over many navigational signals with one, including things like ILS (Instrument Landing System). In theory, loss of any of those systems (it would be very hard to give false readings, as you would have to not jam but maliciously interfeer with multiple systems - you could break it, not make it give false data) would only result in the pilots implementing their emergency procedures...
Of course anyone who has used a radio transmitter near a computer knows that it ain't good for the computer. A sufficiently powerful transmitter will cause computer problems. I have no idea how that would affect an aircraft fly-by-wire system, nor do I know what kind of transmitter would be needed to get through the shielding...
Actually, both sides of a TCP connection generate independant sequence numbers. Thus, you DO need to guess sequence numbers. The only exception to this is TTCP, which, AFAIK, is not used by web servers.
If the IP you picked when you spoofed is alive and receiving packets, then it will send a RST packet whenever it receives a connected packet that makes no sense. That will close the connection.
To the other people who talked about how easy TCP spoofing is: I stand behind my words that this is difficult to do today. I propose a challenge - execute a spoofing attack against a W2K server (the easiest of the modern operating systems to spoof) and post the exploit. Put your code where your mouth is. This code should work against a W2K box with modest activity on it. It should not involve sniffing packets on the Windows 2000 side of the LAN.
It isn't spoofing if you are on the same wire, either. It is just picking another technically (although not necessarily politically) legitimate IP.
Sure, you can do proxies, but there are only a few thousand of them. So FAST has to check them out, record them as proxies, and move on. Not a big deal. You can also do it with 802.11b and open LANs. But, once again, this community probably doesn't have access to more then a few thosand of them. When they get bogus links, it will take them a few seconds to figure out they are bogus and block the IP/subnet they were sent from in the case of massive spoofing.
Wouldn't it be easier just to get an AOL account and do it there? They won't want to block all AOL addresses.
Of course I don't think I have a problem with people getting busted for piracy, either, so I don't have a problem with FAST. I own the commercial software I use. (I would love to see the Post-Microsoft world that would happen if every user of Windows actually had to pay what MS thinks Windows is worth - some people would figure out that it isn't worth it)
Re:Mess them up.
on
e-Denounce
·
· Score: 4, Funny
Lets just reverse engineer the protocol and write our own clients with spoofed source addresses. Shouldn't be that hard.
It probably uses TCP. Contrary to popular opinion, spoofing TCP is very difficult. It's about as hard as factoring 1024 bit prime numbers - you can factor 1024 bit numbers "off-line", but you have to guess sequence numbers "real-time" to do TCP spoofing.
Unless of course you are planning on injecting false BGP routes into the backbone - well above the capabilities of most people.
I'm actually getting tired of hearing how easy it is to spoof IPs. For ICMP/UDP? Sure. Old SunOS, Windows, and Linux? Sure. But if you are using modern operating systems, it is nearly impossible to spoof TCP.
Re:Some helpful links with reg code generation inf
on
More On Policing Shareware
·
· Score: 5, Informative
Okay, you want to write your own key generator.
My advice:
1) Use RECOGNIZED encryption & hashing algorithms. Do NOT invent your own!
2) Don't shorten the result from a hash. I recommend at least 128 bits of entropy in the key (if you use Base64 to represent your key, you need 22 characters)
3) Use public key encryption to prevent giving away your secrets.
An example protocol:
User sends his name (case sensitive) and the current timestamp (both of which the client stores to use in future validation) to the "authentication server" which also takes his credit card number. After receiving payment and validating the timestamp, it generates the registration code as follows:
1) Take the username, timestamp, and a secret symetric string (which will be embedded into the client, but, thus, vulnerable to attack). Concatenate them together with some sort of seperator (like a NUL character).
2) Take this new concatenated string and do some bit scrambling if needed. Take the MD5 hash of this new string and use for the next step.
3) Using RSA and a PRIVATE KEY (*NOT* embedded in your application!), encrypt this hash. Send the encrypted hash value in Base64 to the user. Remember he may need the timestamp as well to re-enter this value. The timestamp can be simply a day/month/year string.
To VALIDATE a registration string,
1) Decrypt the encrypted hash string using the PUBLIC KEY (embedded in your application). Because it is a public key, it doesn't matter if anyone knows it.
2) Verify that that hash equals the value of a hash constructed on a client using the user's name, his registration timestamp, and the shared secret embedded in the application.
Really, this isn't a secret science. But every game designer seems to think he is more creative then hundreds of experts on encryption. This is basically no different then a FFI (Friend or Foe Identification) system used on a military aircraft.
I don't know what they mean by "polynomials", but a public key algorithm would avoid any realistic possibility of a key generator. You would have to crack the codes a different way.
Don't spend a lot of money, because you are going to destroy these.
Sure, you can buy marine laptops, but, as you know, anything with the word "marine" in it immediately costs 5x what it should. If you can buy enough laptops to last the life of a marine laptop at the cost of one marine laptop, you are doing better then fussing about marine certified laptops. Besides, you'll want a new one in a couple of years anyhow!
You might even consider used laptops.
This is especially an option if boating for you means "going out on the weekends" versus "sailing around the world." If you sail around the world, then, yes, it probably is worth the money to buy a hardened laptop. Otherwise, spend your money on other parts of your boat!:)
I would definatly recommend AGAINST desktops, as other posters have mentioned.
The responses here, at least the ones along the lines of "But collaboration is allowed in the real world" sicken me. I would (and HAVE) fired programmers who couldn't program simple stuff on thier own. The collaboration in industry is not anywhere near the level of syntax and elementry algorithm design.
A University degree is supposed to signify that you demonstrated knowledge in certain areas.
Cheating is not demonstrating knowledge.
Undergraduate level programming assignments do not require even consultation with other students, IMHO. They are too simple. If you can't code an undergraduate programming project without extensive "consulting", then you can't program. Period.
I am sickened by the number of people with CS degrees only because of "teamwork" and "consulting". I would guess, from my experience, 95% of people with CS degrees can't write a sort routine. Widespread use of these kinds of programs might fix some of this. As would harsher grading. In the real world, you don't get partial credit for a program that only dumps core or doesn't meet any of the design objectives. (in my opinion, any program which doesn't properly run a set of tests, provided to the students in the project instructions, should receive an "F" grade)
No wonder the software industry is such a mess. I've seem CS *GRADUATE* students who couldn't use malloc(). Note that I did not say "who use malloc() wrong - no, these students could not even figure out how to call malloc() nor explain what it did. There's something strange happening (I call it cheating) when someone can graduate with a CS degree yet never use dynamic memory allocation knowingly...
S/MIME is an Internet Standard. I know that Outlook, Outlook Express, and Netscape Mail all support it. Others probably do, too. I can send a signed message to an Outlook user today and they can respond with an encrypted one. With PGP, that isn't usually possible today.
The other problem with PGP is that it is nearly impossible to securely exchange keys, unless you luck out and trust someone who has signed it (not likely!). You end up having to call them up on the phone and read the fingerprint or trust that your mail was secure (in which case, why are you encrypting?). S/Mime relys mostly on certificates, which although they have many problems, do solve the majority of key distribution problems.
Slashdot Mirror
+1.
I've been programming in Perl for 20 years. Perl 5 is a great language - it did things 20 years ago that are trendy now - things like closures, functional style (if you want it), autoboxing, etc - certainly these weren't new then, but they were new to many Unix people at the time. It also happens to be extremely concise and evolving (5.22 is quite evolved from 5.0, because, among other things, it has included aspects of Perl 6). Perl 6 is going to be a great language too, as the creator wasn't after creating YACLL (Yet Another C-Like Language), is willing to learn from others, and is willing to embrace techniques others like.
If you want what exists elsewhere, by all means use that instead. There certainly are a lot of languages out there to choose from, so I'm sure the troll will find one more to his liking. But I'm glad our language and our community (of which I'm a very small part) exists. I'm proud when people are recognized for what they contribute and the vast majority of people who seek to value everyone. It doesn't sound like the troll who started this subthread wants this - that's fine. But those of us who are secure enough in who we are to work alongside very competent programmers from every continent and every gender are happy to continue participating in our community. Oh, we're also happy to have Camelia as our mascot, and hope that it does attract the kind of community that isn't happy with the conventional.
Of course I suppose The Art of Computing Programming is also a disaster by the standards of trolls. :)
You don't need technology.
You need someone who has studied communication, specifically AAC, and knows what is possible. You don't need someone inventing things without knowing what is out there (I.E. if someone can't explain what Minspeak is, and who it does and doesn't make sense for, move on).
This person will know about different input technology, input systems, language systems, etc. A computer guy doesn't. Seriously. It requires assessment, not a few paragraph description of the person.
This is way too important to get opinions on Slashdot about. You need to find an expert. The expert probably will be an SLP, but an SLP with significant experience with AAC (most don't have this).
Not only did it happen before, but allowing blacks to be fully integrated occurred during a time of war. The Korean. With no effect on the units' ability to fight, other than now the military was promoting the best person for the job and making the job more attractive to a huge number of US citizens.
There is always time to fight for human rights - after all, isn't that what the military is fighting for? Freedom? So the logic people use that "we're at war" is kind of bogus. Of course we are (and we will be for the next 10 years at least) - we're fighting for the freedom of the Iraqis and Afgans. Unless of course we're not, and we're fighting for oil and ego, in which case we probably don't have time for human rights...but I'd like to believe this isn't why the US went to war.
All that said, I would love to see the Navy at a LGBT event singing "In the Navy" by the Village People to try to attract gay recruits. :)
Don't pursue is not part of the old (pre-yesterday) law. It was proposed to be, but was defeated in congress, leaving us with just the don't ask and don't tell parts.
The military has strict rules against personal relationships - including heterosexual ones, since many units have men and women - and obviously having a relationship between two soldiers in battle can cause divided loyalties. The problem won't be any different with gay soldiers, and, fortunately, the regulation can handle it. Sometimes these are ignored (STDs are the Navy's biggest health concern - with straight guys who are hooking up at port with "less than honorable" women), but generally the military has a way of "encouraging" compliance with thier rules.
Part of managing a professional organization is to carry the expectation of professional behavior by the members. If you don't expect them to be professional, they probably won't be. No matter how many big-brother laws you make. I personally think the military - who we trust to only kill the "right" people - can probably handle a gay or two in their unit.
Just like other militaries that allow openly gay soldiers. Such as Israel (which I would hardly call non-professional).
Trash it (well, recycle it anyhow). Nobody wants the junk. Seriously.
The idea that some third world country is grateful to get insecure, unstable, junk computer equipment...well, that's offensive. Rather than shipping your toxic (literally) junk halfway around the world, if you want to support computers in third world countries (hint: more than 802.11b access points, they need things like water and sewage), simply donate MONEY to an organization that is involved in these things. If education and improving the world is your goal, I'd recommend Unicef.
Also, 802.11b uses radio, which means it needs to comply with whatever country's laws you send it to. US channels are not necessarily the third world's channels, and it's best to actually work with the government rather than assuming "They should be grateful weather or not is compatible with their usage of radio spectrum - Look at me, the rich person, doing nothing about their hunger, but giving them my trash I'm too cheap to recycle!"
I've worked for non-profits, the other suggestion here. We had lots of people offer us worthless junk for tax write-off purposes. Apparently our mission was not important enough to have reliable computer equipment (we only fed the hungry, so we apparently, unlike business, didn't need a computer with things like a warranty). Anytime you have "free" equipment, if you don't have a plan in place to replace/repair it when it breaks, it's not worth having - because you will end up depending on the equipment, which will be a disaster when it fails (and you have no money to fix it).
Sure, it should not ignore robots.txt. And if that's true, there's a problem - but I'd like MS's side of the story before assuming that it ignores robots.txt - who knows, maybe the robots.txt is malformed.
I'd also like to know what user agent string is the crawler using.
But all that said, this is not exactly news worthy. I've run large, dynamic internet sites for years. I've had problems with many, many different kinds of crawlers, from many companies (including companies like Google). There's a ton of bots out there that do ignore robots.txt (there was a few hundred bots that scanned the site I used to run, back in 2001, that ignored robots.txt). So it's something a programmer really needs to be ready to deal with.
Yes, these bots are rude, abusive, and inconsiderate of the site owners (go figure - most of the companies running them, the small bots, are pretty much unethical anyhow - anything for a buck). But it's on the internet, just like spam and a bunch of other things we all get annoyed with. You have to deal with it.
I suggest applications like mod_bwshare to even out this type of behavior, traffic shaping at the network layer for known abusers you don't just want to block, etc. Those are the tactics I use.
Just maybe, perhaps, this will give MS a way of going after spyware and malware authors - on the basis of patent infringement.
It might not be a patent that they intend to use, except in the courts...anything that gets rid of Windows malware helps Microsoft, after all.
First, this just screws customers of Novell - typically big organizations which can afford Windows licenses, but have been starting to implement Linux (from Novell, among others) on the basis of Linux's merits (instead of just it's cost). If you're a customer of Novell, you can read this as:
FSF is looking at making you change all of your systems relatively shortly because FSF doesn't agree with Novell's business model. You're going to have to find a new vendor.
That new vendor is going to be Microsoft. They are going to say, "Why should some long hairs from Massachussets be able to disrupt my data center? I rely on my service contract with Novell. Well, I'm done with them. I'm going to go with a product where there are market forces in place to give me some stability." They aren't going to see this as a Novell issue, they are going to see this as a LINUX and FSF issue.
But FSF has different goals than most of the Linux community. FSF's goal is that no one sells code. Most of the Linux community want to see their software running as many places as possible. Often these goals are compatible (free of cost means it is easier to get people to install!), but sometimes they are not. This is an example of "not".
But I've never thought GPL was "free". If your software is free, let me do whatever I want with it. Seriously. Don't tie in clauses preventing certain uses that go against your morals. If it's free, let it be free. Otherwise call it what it is, but don't use the word "free" to do that, since it's clearly not free in a "free to use however you want" way. I think the BSD (especially new form of the license) is an example of a truly free license. It's also possible for mere mortals to understand the BSD license (that's another part of being "free" - I have to know what rights I have and don't have).
I administer a decently sized storage subsystem connected to about 10 servers (half database servers, 1/4 large storage space but low speed requirement, 1/4 backup/tape/etc server).
For a single server, a FC system seems like overkill to me. Buy a direct attached SCSI enclosure and be done with it.
For 10 or more servers, sharing disk space, a SAN (FC IMHO, although iSCSI is acceptible if your servers all share the same security requirements - I.E. are all on the same port of your firewall) is the way to go.
Here's what I see the benefits of a FC SAN as (if you don't need these benefits, you'll waste your money on the SAN if you buy it):
1) High availability
2) Good fault monitoring capability (me and my vendor both get paged if anything goes down, even as simple as a disk reporting errors)
3) Good reporting capability. I can tell you how many transactions a second I process on which spindles, find sources of contention, know my peak disk activity times, etc.
4) Typically good support by the vendor (when one of the two redundant storage processors simply *rebooted* unexepectedly, rather than my vendor saying, "Ah, that's a fluke, we're not going to do anything about it unless it comes back in again", they had a new storage processor to me within one hour)
5) Can be connected to a large number of servers
6) Good ones have good security systems (so I can allow servers 1 & 2 to access virtual disk 1, server 3 to access virtual disk 2, with no server seeing other servers' disks)
7) Ease of adding disks. I can easily add 10 times the current capacity to the array with no downtime.
8) LAN-free backups. You can block-copy data between the SAN and tape unit without ever touching the network.
9) Multi-site support. You can run fiber channel a very long way, between buildings, sites, etc.
10) Ability to snapshot and copy data. I can copy data from one storage system to antoher connected over the same FC fabric with a few mouse clicks. I can instantly take a snapshot of the data (for instance, prior to installing a Windows service pack or when forensic analysis is required) without the hosts even knowing I did it.
Note that "large amounts of space" and "speed" aren't in the 10 things I thought of above. Really, that's secondary for most of my apps, even large databases, as in real use I'm not running into speed issues (nor would I on direct attached disks, I suspect). It's about a whole lot more than speed and space.
As for proprietary drives, why would you test a drive today?
If I start getting soft errors, hard errors, warning lights, etc, on a disk drive, I replace it. Period. I have 4 hour support with Dell. They can test the drive AFTER replacing mine. It takes me 4 hours to get the drive, 2 minutes to swap it (I have to walk down a flight of stairs). If the data is sensitive, then I say I want to keep my drive when I buy the server if it should fail (doesn't cost much). I then find a way of destroying it (such as a bonded company that specializes in drive destruction).
Now, why would I want to put a server drive into another computer to see if it works? I could be optimizing my databases, tuning monitoring systems, helping users, architecting new systems, etc, rather then dinking around with hardware. All these things affect the bottom line much more then whether or not the disk is *really* bad.
RTFM!
This has been default resolver behavior on Unix (including Mac OS X and Linux, IIRC) since early versions of the resolver libraries.
I am NOT talking about the DNS server itself, rather the client libraries.
On a Linux machine (at least RH9), look at
"man 3 resolver".
Note the "RES_DNSRCH" option:
"If set, res_search() will search for host names in the current domain and in parent domains. This option is used by gethostbyname(3). [Enabled by default]."
Note also that it is enabled unless someone turns it off in the code of the calling application.
Note that "gethostbyname" is the common way in Unix C programming to find out the IP address of a DNS name. And gethostbyname() *is* using this option.
If someone wants to disagree with this, I'm going to say "read the source" and then post that source to disprove this.
In this case, when google.com returned NXDOMAIN, the resolver (accessed by gethostbyname on OS X and Linux) then looks up google.com.localdomain.tld. It then looks up google.com.tld. So, if your local domain was "example.net", it would try google.com.example.net followed by google.com.net - exactly the behavior we saw yesterday. It also explains why some people got "page not found" instead (there is no "google.com.com" - no DNS wildcard under com.com)
I'm sorry, but "important" email being sent to a free email account?
If you get important email, I suggest paying for an account that provides support as part of the price. "Free" doesn't typically mean "great support", not even in the case of Google.
Yes, IE does do some bizare stuff on its own, but this is a RESOLVER issue.
Let's say you have a domain called "example.com". Let's say you have a host called "foo.example.com". What happens, with the common configuration, when you telnet to "foo.example.com" from a machine called "bar.example.com"? Well, if your resolve.conf contains search example.com, it will try to look up foo.example.com, then foo.example.com.example.com, then foo.example.com.com. The relevant section from resolv.conf (5) on my RH9 box:
IE has a different broken component, but that doesn't come into effect until AFTER the resolver does its thing - it appends a bunch of TLDs to the name, not just ones in your search path. But IE does show you the proper URL when *it* (instead of the resolver) does this.
Yes, this all is very dangerous behavior and some systems have learned "Only append the primary domain, not each subdomain". I think Windows is one of these systems actually. That's why if you are quux.baz.example.com, a Window's machine can't telnet to foo.example.com by simply typing in "telnet foo". This was a departure from the Unix resolver rules for security reasons - a good idea IMHO. (if a user typed "secureexampleintrant", you wouldn't want a phisher out there to have set up secureexampleintrant.com so your user unknowingly goes there instead of secureexampleintranet.example.com). Of course I am of the opinion that these "DNS shortcuts" are bad in general and the search kewyord in BIND needs to go away. Let people type the whole URL.
A little DNS knowledge is a dangerous thing indeed, though, as there is all sorts of FUD with this. This is DEFINATELY not a browser problem.
It supports branching (a must if you ever plan on releasing a V2 of anything), which, although CVS claims to, CVS does it very badly.
It is quick.
It is EASY from an administration standpoint. Easier then VSS. Other then checking your backups once in a while, you never mess with it. It really is "install and forget".
It allows the possibility for work to continue despite network problems, although I admit this is a bit ugly.
It has atomic changelists. Unlike CVS, where each file is submitted independently, all files are submitted and succeed or fail as a group. So an entire feature either gets there or doesn't. This also lets you remove the entire feature with one command, and lets your QA department know exactly what has changed (They can ask the developper who submitted the change, "What does this do?" rather then having to ask that for every file that was part of the change - MUCH less work).
It is cross-platform, on just about anything you'll need it on (including Linux).
It even has MS Office integration if you want that.
It has a valid security model, at least when compared to VSS (which has absolutely no security IMHO - yes, you can set passwords and protections and such, but changing a few bytes in the client will nullify those protections!).
I can't recommend it highly enough. It isn't cheap, but neither is VSS.
DOS had a utility (not included with it, of course) called "LIST" which let you change colors and bookmark (IIRC). It didn't let you change fonts, but I have read lots of manuals with the program. It was basically "less" on steroids.
What about .NET Server
It is perfectly legal to carry an air-band radio transmitter onto a plane. I've done it several times. It's not legal to use on the plane unless the Captain agrees (and he usually defers to the company's rules - that is, he says "no"). But it is a good point, since you could transmit over many navigational signals with one, including things like ILS (Instrument Landing System). In theory, loss of any of those systems (it would be very hard to give false readings, as you would have to not jam but maliciously interfeer with multiple systems - you could break it, not make it give false data) would only result in the pilots implementing their emergency procedures...
Of course anyone who has used a radio transmitter near a computer knows that it ain't good for the computer. A sufficiently powerful transmitter will cause computer problems. I have no idea how that would affect an aircraft fly-by-wire system, nor do I know what kind of transmitter would be needed to get through the shielding...
Actually, both sides of a TCP connection generate independant sequence numbers. Thus, you DO need to guess sequence numbers. The only exception to this is TTCP, which, AFAIK, is not used by web servers.
If the IP you picked when you spoofed is alive and receiving packets, then it will send a RST packet whenever it receives a connected packet that makes no sense. That will close the connection.
To the other people who talked about how easy TCP spoofing is: I stand behind my words that this is difficult to do today. I propose a challenge - execute a spoofing attack against a W2K server (the easiest of the modern operating systems to spoof) and post the exploit. Put your code where your mouth is. This code should work against a W2K box with modest activity on it. It should not involve sniffing packets on the Windows 2000 side of the LAN.
It isn't spoofing if you are on the same wire, either. It is just picking another technically (although not necessarily politically) legitimate IP.
Sure, you can do proxies, but there are only a few thousand of them. So FAST has to check them out, record them as proxies, and move on. Not a big deal. You can also do it with 802.11b and open LANs. But, once again, this community probably doesn't have access to more then a few thosand of them. When they get bogus links, it will take them a few seconds to figure out they are bogus and block the IP/subnet they were sent from in the case of massive spoofing.
Wouldn't it be easier just to get an AOL account and do it there? They won't want to block all AOL addresses.
Of course I don't think I have a problem with people getting busted for piracy, either, so I don't have a problem with FAST. I own the commercial software I use. (I would love to see the Post-Microsoft world that would happen if every user of Windows actually had to pay what MS thinks Windows is worth - some people would figure out that it isn't worth it)
It probably uses TCP. Contrary to popular opinion, spoofing TCP is very difficult. It's about as hard as factoring 1024 bit prime numbers - you can factor 1024 bit numbers "off-line", but you have to guess sequence numbers "real-time" to do TCP spoofing.
Unless of course you are planning on injecting false BGP routes into the backbone - well above the capabilities of most people.
I'm actually getting tired of hearing how easy it is to spoof IPs. For ICMP/UDP? Sure. Old SunOS, Windows, and Linux? Sure. But if you are using modern operating systems, it is nearly impossible to spoof TCP.
Okay, you want to write your own key generator.
My advice:
1) Use RECOGNIZED encryption & hashing algorithms. Do NOT invent your own!
2) Don't shorten the result from a hash. I recommend at least 128 bits of entropy in the key (if you use Base64 to represent your key, you need 22 characters)
3) Use public key encryption to prevent giving away your secrets.
An example protocol:
User sends his name (case sensitive) and the current timestamp (both of which the client stores to use in future validation) to the "authentication server" which also takes his credit card number. After receiving payment and validating the timestamp, it generates the registration code as follows:
1) Take the username, timestamp, and a secret symetric string (which will be embedded into the client, but, thus, vulnerable to attack). Concatenate them together with some sort of seperator (like a NUL character).
2) Take this new concatenated string and do some bit scrambling if needed. Take the MD5 hash of this new string and use for the next step.
3) Using RSA and a PRIVATE KEY (*NOT* embedded in your application!), encrypt this hash. Send the encrypted hash value in Base64 to the user. Remember he may need the timestamp as well to re-enter this value. The timestamp can be simply a day/month/year string.
To VALIDATE a registration string,
1) Decrypt the encrypted hash string using the PUBLIC KEY (embedded in your application). Because it is a public key, it doesn't matter if anyone knows it.
2) Verify that that hash equals the value of a hash constructed on a client using the user's name, his registration timestamp, and the shared secret embedded in the application.
Really, this isn't a secret science. But every game designer seems to think he is more creative then hundreds of experts on encryption. This is basically no different then a FFI (Friend or Foe Identification) system used on a military aircraft.
It can be very secure.
I don't know what they mean by "polynomials", but a public key algorithm would avoid any realistic possibility of a key generator. You would have to crack the codes a different way.
My recommendation is to buy a few CHEAP laptops.
:)
Don't spend a lot of money, because you are going to destroy these.
Sure, you can buy marine laptops, but, as you know, anything with the word "marine" in it immediately costs 5x what it should. If you can buy enough laptops to last the life of a marine laptop at the cost of one marine laptop, you are doing better then fussing about marine certified laptops. Besides, you'll want a new one in a couple of years anyhow!
You might even consider used laptops.
This is especially an option if boating for you means "going out on the weekends" versus "sailing around the world." If you sail around the world, then, yes, it probably is worth the money to buy a hardened laptop. Otherwise, spend your money on other parts of your boat!
I would definatly recommend AGAINST desktops, as other posters have mentioned.
The responses here, at least the ones along the lines of "But collaboration is allowed in the real world" sicken me. I would (and HAVE) fired programmers who couldn't program simple stuff on thier own. The collaboration in industry is not anywhere near the level of syntax and elementry algorithm design.
A University degree is supposed to signify that you demonstrated knowledge in certain areas.
Cheating is not demonstrating knowledge.
Undergraduate level programming assignments do not require even consultation with other students, IMHO. They are too simple. If you can't code an undergraduate programming project without extensive "consulting", then you can't program. Period.
I am sickened by the number of people with CS degrees only because of "teamwork" and "consulting". I would guess, from my experience, 95% of people with CS degrees can't write a sort routine. Widespread use of these kinds of programs might fix some of this. As would harsher grading. In the real world, you don't get partial credit for a program that only dumps core or doesn't meet any of the design objectives. (in my opinion, any program which doesn't properly run a set of tests, provided to the students in the project instructions, should receive an "F" grade)
No wonder the software industry is such a mess. I've seem CS *GRADUATE* students who couldn't use malloc(). Note that I did not say "who use malloc() wrong - no, these students could not even figure out how to call malloc() nor explain what it did. There's something strange happening (I call it cheating) when someone can graduate with a CS degree yet never use dynamic memory allocation knowingly...
S/MIME is an Internet Standard. I know that Outlook, Outlook Express, and Netscape Mail all support it. Others probably do, too. I can send a signed message to an Outlook user today and they can respond with an encrypted one. With PGP, that isn't usually possible today.
The other problem with PGP is that it is nearly impossible to securely exchange keys, unless you luck out and trust someone who has signed it (not likely!). You end up having to call them up on the phone and read the fingerprint or trust that your mail was secure (in which case, why are you encrypting?). S/Mime relys mostly on certificates, which although they have many problems, do solve the majority of key distribution problems.