While MS Software sucks ass, I have to admit that I do like their hardware. I have a Microsoft trackball that has given me nothing but solid performance. And before I started spending all my time working on my computer instead of playing games, I liked the solid feel and mechanics behind a MS joystick.
So many companies have tackled the tablet PC problem in the past and failed. I just can't see that this format works, even if MS pushes it hard.
It's made me actually figure out, and start using, PGP. Before the recent spate of laws, I was quite content to rely on just being boring to preserve my privacy. But now with so much more money available for intrusive government tapping and much less regulation to stop them, I am being more proactive with guarding my private life. In this small way, the terrorists have succeeded, I have less freedom and I trust my own government less.
The right questions baby. Give them a problem from your production environment and see what questions they ask. Are they looking at how the product will be used by end-users (identifying the audience), can they reliably identify what other technologies will impact the project (defining the environment), can they break down the project into component parts that can be tackled in a sane way (modularizing the problem). These are the biggies, IMHO. This is what being a good programmer is all about. And poetry. -oakbox
Okay, what's to keep one company from slandering another company without any proof? What if Corp A announces that they have found a very destructive hole in Corp B's software, rendering it totally open to attack, but Corp A cannot release this information because of the DMCA.
Stay with me here: What if there is no vulnerability? Even if Corp B asks Corp A to do so, Corp A can (correctly) claim that they are not allowed to release the information under DMCA. Corp B can't find the vulnerability to fix it. Corp B cannot effectively defend its reputation because the exact charges are not known.
- oakbox
Note, I don't think there is a way around this problem.
I don't think it's a problem. I LIKE persistence of data, it keeps me (and you) honest in this medium. Google is keeping track of documents that YOU have made public. If you don't want information public, don't put it on the web.
I do agree with an earlier poster, that while having cached versions of my public documents is okay, I don't like the information available to a determined looker through my credit records, DMV, and other databases that should be private. There is a line between things I choose to make public about me and information that corps release about me without my permission.
I initially had some trouble with my move of three domains away from Verisign (aka Network Solutions). They rejected my move request three times. In the end, it took a 2000 word short essay on how they are killing themselves and comparing them to early Prodigy (in terms of Customer Support) that made it happen. Verisign, as a company, sucks, but you can sometimes communicate with actual human beings if you push very hard.
If the project is good enough, you can make a commercial venture of it by offering service contracts. Or bundling your software in some way to add value to it. (Look at Snort, MySQL, and IBM).
If the project is good enough and important enough, companies will be willing to shell out some cash to have the extra security of a support contract. IBM is making a pile of money supporting Open Source software. And contributing to the code base at the same time because better software makes it an easier sell for them to clients.
Free (as in Beer) software is a good way to get a user base for your product. Then you can find out where the value added money can give you a revenue stream.
Also look at how Bitstream works. They use their 'free' users as a great big beta testing group that gives them a faster development cycle and more users familiar with their product when it comes time to make a recommendation to the boss.
Point is, there are models that work, and right now, we are trying to find ones that work. I Don't think that an ad-supported OS is one of those answers. oakbox
Just a few days ago, a paper was linked describing how to attack a P2P network using just this kind of tactic.
I commented on that story saying that corporations could do this kind of attack without fear of legal reprisals. I think the Senator is just saying, "Here is a GUARANTEE that we won't come after you if you do this, mister Sony."
I was at a hacker meeting where one of the participants was describing how he made an online game community operator's life a living hell. It was a constant battle between the admin's building walls and this guy breaking through them.
I *think* that all the admin really had to do was call up the FBI and tell them about the attack on his systems. The hacker would have to be very VERY good to hide his information deep enough that server logs wouldn't eventually yield a name.
The whole of the internet works because most of us play nice online. There are a few trouble makers out here, but, in the main, not that many bad guys.
What I'm saying is, when the activity being worked against is illegal (I'm leaving the arguments about right and wrong for another thread), then there is no one to complain to. If you are a company or individual doing something legitimate, you have legal recourse against the attackers. And, thanks to the DMCA, a very BIG stick.
Isn't that the point though? You can't go to court suing Sony because they created a lot of damaged versions of their songs. How does this sound?
"I was trying to download an illegal copy of their copyrighted music and it was damaged!"
I think this is one case where they could simply set up some distributed PC's (different IP's in different class C's) and just have P2P clients serving 'bad' versions of their own copyrighted music. Set up a little consortium of several different records companies, and it becomes DAMN hard to apply an effective filter.
You might counter by setting up a central key list of 'correct' MD5 checksums, but then THAT list becomes a target of litigation from the RIAA.
I don't like it, but it is an elegant solution. Use the power of P2P against itself. Anonymity works both ways.
I'm assuming that your web server is sitting somewhere else. That you are using some kind of hosting service. Your public box gets the CC and processes it for validation/billing through your CC service (I used PayflowPro from Verisign).
Your public server stores has it's own secret key and your public RSA key. Encrypt using that pair and store to database. Do not store your secret key on the web server AT ALL. Later on, you need to re-bill that number or need to access the card number for some reason. Set up a script that dumps the encrypted information to a file and you scp that file from your public box to a box in your internal office. (Don't scp from your public box to your private box, because then your public box will in some way know the private box's password information). If your internal users just ABSOLUTELY HAVE TO HAVE a web interface to this data, set up that interface on your internal box, lock down the IP addresses that can use it, disable every service that is not absolutely essential etc etc etc. The theory here is, it is much harder to harden a box on the public internet that must serve pages than it is to secure a box in your internal network sitting next to you on the floor of your office. You can keep your secret key- server public key on this box, or better yet, keep them on a some kind of removable media. Power down this internal box when not in use, do not keep the removable media attached to this internal box when not being used specifically for CC reading. Be REALLY PARANOID about your internal box. Using this model, the security of your CC numbers rests on the security of your internal box, not your public web server. And, again, it's much easier to harden a box sitting next to you on the floor. You can just unplug the network cable:)
I've got to disagree with that one. Most techs would NOT make good managers. Management is a 'soft' skill. Interacting with people. Communications, understanding drives, delegation, politics (good and bad), motivating others, etc etc etc. These things are on the ABSOLUTE other end of the personality profile from most programmers.
Dilbert has been mentioned a few times. I remember one where a really great programmer is moved up into management and ends up calling a help line because he can't figure out how Manager Clothing works.
> If they can combine the story of the books with the depth of their Dune series, this could be a great watch
This is some kind of joke, right? SciFi's handling of Dune was attrocious. I wouldn't let them near another sacred cow with a 30 meter miter.
They should just stick to playing Star Trek spinoffs.
-oakbox
I'm 'merican. I'm pretty friggin' proud of that. But though I like my country, I'm also really aware that the Government of the United States doesn't really give a damn about anything but its own perpetuation. The US government lies to its citizens on a regular basis about . . . well, just about everything. But MOST citizens tolerate this because they just don't want to know the truth. Whatever else is the case, the Shitty Foreign Policies mean that back in the heartland of the good ole US of A, things are rosy and fluffy and happy. And as long as the SFP's keep it that way, the government can do just about anything it wants to. That is the "WHY" in your general US citizen's double-think. "My government lies to me." - "My government is looking out for me."
Now, having said all that. I think the German government is on the Up and Up. I don't, personally, think that every government in the world is as corrupt as the USA's.
Way back in the stone-ages (1994), IBM was trying to build a news-reader called 'infoSage'. After waffling and not doing a very good job for many months, they finally threw up their hands and said, "Can't do it". Or rather, "Can't do it well enough to charge for it." Even now, 6 years later, I can't see this happening. The net is just too big, and natural language parsing is too obfuscated, for a computer system to do what it needs to do in this area. XML, (and self-describing data in general) looked like a step in the right direction, but it ultimately relies on a human being properly defining just what the hell the data IS. I think that in the short term (and I'm not going to put a date on this, because I'm not THAT smart) our best connection with news content on the web is going to be Google (which would mean that you would have to know what you are looking for in the first place) and topic-specific sites like Slashdot, Meerkat, etc. Just my two centavos. FIRST perfect language parsing, THEN have computers try to sift through the universe for the stories. Until then, too much noise to trust a machine.
Yeah, I thought that this was discussed at the 95 Hacker-con in Washington DC. The story was that the FBI has/had a device that could 'read' your screen for up to a kilometer away by looking at your light/RF CRT emissions. Anyone else remember something about this?
No, you can't absolutely control someone else's production because the controllers inevitably become corrupt.
BUT, allowing an individual (or corporation) absolute freedom in the name of 'capitalism' is equally bankrupt. Go back a little to the lie-to-children that you learned in school. Person A's freedom to swing his fist stops where Person B's face begins. Microsoft has caused HARM by the ABUSE of its position. I think we all agree that if Microsoft was just publishing the best software on the planet and there was no competition because all the other stuff was crap, we wouldn't be having this conversation. But that's not the case.
Microsoft is being sued as a monopoly because they are a BAD MONOPOLY. We are in a consensual reality here. Society was formed to give us some rules so that we are forced to play nice together and move forward as a civilization. Saying that Microsoft is OKAY because (perhaps you believe) they are not breaking the rules doesn't cut it. They are causing HARM to our society. This should be stopped.
So, just because I broke the law and destroyed dozens of companies (Netscape was only one of a whole slew) it's okay because it was 10 WHOLE YEARS AGO? Come on. And don't tell me that we should drop the case because Microsoft will make it too expensive, it's a hollow argument. This is akin to saying that once a company reaches a certain critical mass/bankroll that they can do anything they want to without fear of reprisals. While the US legal system has its flaws, and I will admit that money does by the best lawyers, throwing up your hands and just letting them walk away is the wrong wrong wrong.
Antitrust is all about making sure that, within our financial/legal system, might does NOT confer rightness. Microsoft isn't just a company that the government 'decided' to pick on. They are a criminal organization and a pack of ruthless bullies. Covering our eyes isn't going to make it all better.
I also majored in Electronic Engineering, it's what my diploma says that I have a Bachelor's of Science in. I take out the diploma and look at it from time to time, just for funsies. I heard many times, and found it to be true, that the only thing a college degree proves is that you can finish college.
You really have no way of knowing where your life will go. At one point, early in my 'career', I was offered a position in technical support in a BANK after a manager saw me on stage hosting a Poetry Slam!
The best thing you can do for yourself is finish the EE degree, but take the time to enroll in a few classes outside your major. Try philosophy, history, hell, even Broadcast Journalism. Anything that makes you a more well-rounded person makes you more attractive to companies (and to the sex of your choice:).
Oh yeah, and NETWORK with PEOPLE. I think Harvard even teaches that in their business program. 'How to Network 101' or something.
- Oakbox
Even if your job is finding needles in haystacks, some smart-ass will eventually come along with an electromagnet and make you obsolete . . . diversify!
Slashdot Mirror
So many companies have tackled the tablet PC problem in the past and failed. I just can't see that this format works, even if MS pushes it hard.
It's made me actually figure out, and start using, PGP. Before the recent spate of laws, I was quite content to rely on just being boring to preserve my privacy. But now with so much more money available for intrusive government tapping and much less regulation to stop them, I am being more proactive with guarding my private life.
In this small way, the terrorists have succeeded, I have less freedom and I trust my own government less.
The right questions baby. Give them a problem from your production environment and see what questions they ask. Are they looking at how the product will be used by end-users (identifying the audience), can they reliably identify what other technologies will impact the project (defining the environment), can they break down the project into component parts that can be tackled in a sane way (modularizing the problem).
These are the biggies, IMHO. This is what being a good programmer is all about.
And poetry.
-oakbox
Okay, what's to keep one company from slandering another company without any proof? What if Corp A announces that they have found a very destructive hole in Corp B's software, rendering it totally open to attack, but Corp A cannot release this information because of the DMCA.
Stay with me here: What if there is no vulnerability? Even if Corp B asks Corp A to do so, Corp A can (correctly) claim that they are not allowed to release the information under DMCA. Corp B can't find the vulnerability to fix it. Corp B cannot effectively defend its reputation because the exact charges are not known.
- oakbox
I don't think it's a problem. I LIKE persistence of data, it keeps me (and you) honest in this medium. Google is keeping track of documents that YOU have made public. If you don't want information public, don't put it on the web.
I do agree with an earlier poster, that while having cached versions of my public documents is okay, I don't like the information available to a determined looker through my credit records, DMV, and other databases that should be private. There is a line between things I choose to make public about me and information that corps release about me without my permission.
Oakbox
I initially had some trouble with my move of three domains away from Verisign (aka Network Solutions). They rejected my move request three times. In the end, it took a 2000 word short essay on how they are killing themselves and comparing them to early Prodigy (in terms of Customer Support) that made it happen. Verisign, as a company, sucks, but you can sometimes communicate with actual human beings if you push very hard.
If the project is good enough and important enough, companies will be willing to shell out some cash to have the extra security of a support contract. IBM is making a pile of money supporting Open Source software. And contributing to the code base at the same time because better software makes it an easier sell for them to clients.
Free (as in Beer) software is a good way to get a user base for your product. Then you can find out where the value added money can give you a revenue stream.
Also look at how Bitstream works. They use their 'free' users as a great big beta testing group that gives them a faster development cycle and more users familiar with their product when it comes time to make a recommendation to the boss.
Point is, there are models that work, and right now, we are trying to find ones that work. I Don't think that an ad-supported OS is one of those answers.
oakbox
I commented on that story saying that corporations could do this kind of attack without fear of legal reprisals. I think the Senator is just saying, "Here is a GUARANTEE that we won't come after you if you do this, mister Sony."
oakbox
I was at a hacker meeting where one of the participants was describing how he made an online game community operator's life a living hell. It was a constant battle between the admin's building walls and this guy breaking through them.
I *think* that all the admin really had to do was call up the FBI and tell them about the attack on his systems. The hacker would have to be very VERY good to hide his information deep enough that server logs wouldn't eventually yield a name.
The whole of the internet works because most of us play nice online. There are a few trouble makers out here, but, in the main, not that many bad guys.
What I'm saying is, when the activity being worked against is illegal (I'm leaving the arguments about right and wrong for another thread), then there is no one to complain to. If you are a company or individual doing something legitimate, you have legal recourse against the attackers. And, thanks to the DMCA, a very BIG stick.
Isn't that the point though? You can't go to court suing Sony because they created a lot of damaged versions of their songs. How does this sound?
"I was trying to download an illegal copy of their copyrighted music and it was damaged!"
I think this is one case where they could simply set up some distributed PC's (different IP's in different class C's) and just have P2P clients serving 'bad' versions of their own copyrighted music. Set up a little consortium of several different records companies, and it becomes DAMN hard to apply an effective filter.
You might counter by setting up a central key list of 'correct' MD5 checksums, but then THAT list becomes a target of litigation from the RIAA.
I don't like it, but it is an elegant solution. Use the power of P2P against itself. Anonymity works both ways.
Slashdot.org should be on the list as a great anthropology site.
I'm assuming that your web server is sitting somewhere else. That you are using some kind of hosting service.
:)
Your public box gets the CC and processes it for validation/billing through your CC service (I used PayflowPro from Verisign).
Your public server stores has it's own secret key and your public RSA key. Encrypt using that pair and store to database. Do not store your secret key on the web server AT ALL.
Later on, you need to re-bill that number or need to access the card number for some reason. Set up a script that dumps the encrypted information to a file and you scp that file from your public box to a box in your internal office. (Don't scp from your public box to your private box, because then your public box will in some way know the private box's password information).
If your internal users just ABSOLUTELY HAVE TO HAVE a web interface to this data, set up that interface on your internal box, lock down the IP addresses that can use it, disable every service that is not absolutely essential etc etc etc.
The theory here is, it is much harder to harden a box on the public internet that must serve pages than it is to secure a box in your internal network sitting next to you on the floor of your office. You can keep your secret key- server public key on this box, or better yet, keep them on a some kind of removable media. Power down this internal box when not in use, do not keep the removable media attached to this internal box when not being used specifically for CC reading.
Be REALLY PARANOID about your internal box. Using this model, the security of your CC numbers rests on the security of your internal box, not your public web server. And, again, it's much easier to harden a box sitting next to you on the floor. You can just unplug the network cable
[oakbox]
Dilbert has been mentioned a few times. I remember one where a really great programmer is moved up into management and ends up calling a help line because he can't figure out how Manager Clothing works.
[oakbox]
This is some kind of joke, right? SciFi's handling of Dune was attrocious. I wouldn't let them near another sacred cow with a 30 meter miter.
They should just stick to playing Star Trek spinoffs. -oakbox
I'm 'merican. I'm pretty friggin' proud of that. But though I like my country, I'm also really aware that the Government of the United States doesn't really give a damn about anything but its own perpetuation. The US government lies to its citizens on a regular basis about . . . well, just about everything.
But MOST citizens tolerate this because they just don't want to know the truth. Whatever else is the case, the Shitty Foreign Policies mean that back in the heartland of the good ole US of A, things are rosy and fluffy and happy. And as long as the SFP's keep it that way, the government can do just about anything it wants to. That is the "WHY" in your general US citizen's double-think. "My government lies to me." - "My government is looking out for me."
Now, having said all that. I think the German government is on the Up and Up. I don't, personally, think that every government in the world is as corrupt as the USA's.
John Q. Americano
Way back in the stone-ages (1994), IBM was trying to build a news-reader called 'infoSage'. After waffling and not doing a very good job for many months, they finally threw up their hands and said, "Can't do it".
Or rather, "Can't do it well enough to charge for it." Even now, 6 years later, I can't see this happening. The net is just too big, and natural language parsing is too obfuscated, for a computer system to do what it needs to do in this area. XML, (and self-describing data in general) looked like a step in the right direction, but it ultimately relies on a human being properly defining just what the hell the data IS.
I think that in the short term (and I'm not going to put a date on this, because I'm not THAT smart) our best connection with news content on the web is going to be Google (which would mean that you would have to know what you are looking for in the first place) and topic-specific sites like Slashdot, Meerkat, etc.
Just my two centavos.
FIRST perfect language parsing, THEN have computers try to sift through the universe for the stories. Until then, too much noise to trust a machine.
- oakbox
Yeah, I thought that this was discussed at the 95 Hacker-con in Washington DC. The story was that the FBI has/had a device that could 'read' your screen for up to a kilometer away by looking at your light/RF CRT emissions. Anyone else remember something about this?
-oakbox
No, you can't absolutely control someone else's production because the controllers inevitably become corrupt.
BUT, allowing an individual (or corporation) absolute freedom in the name of 'capitalism' is equally bankrupt. Go back a little to the lie-to-children that you learned in school. Person A's freedom to swing his fist stops where Person B's face begins. Microsoft has caused HARM by the ABUSE of its position. I think we all agree that if Microsoft was just publishing the best software on the planet and there was no competition because all the other stuff was crap, we wouldn't be having this conversation. But that's not the case.
Microsoft is being sued as a monopoly because they are a BAD MONOPOLY. We are in a consensual reality here. Society was formed to give us some rules so that we are forced to play nice together and move forward as a civilization. Saying that Microsoft is OKAY because (perhaps you believe) they are not breaking the rules doesn't cut it. They are causing HARM to our society. This should be stopped.
-oakbox
So, just because I broke the law and destroyed dozens of companies (Netscape was only one of a whole slew) it's okay because it was 10 WHOLE YEARS AGO? Come on. And don't tell me that we should drop the case because Microsoft will make it too expensive, it's a hollow argument. This is akin to saying that once a company reaches a certain critical mass/bankroll that they can do anything they want to without fear of reprisals. While the US legal system has its flaws, and I will admit that money does by the best lawyers, throwing up your hands and just letting them walk away is the wrong wrong wrong.
Antitrust is all about making sure that, within our financial/legal system, might does NOT confer rightness. Microsoft isn't just a company that the government 'decided' to pick on. They are a criminal organization and a pack of ruthless bullies. Covering our eyes isn't going to make it all better.
-oakbox
I also majored in Electronic Engineering, it's what my diploma says that I have a Bachelor's of Science in. I take out the diploma and look at it from time to time, just for funsies. I heard many times, and found it to be true, that the only thing a college degree proves is that you can finish college.
You really have no way of knowing where your life will go. At one point, early in my 'career', I was offered a position in technical support in a BANK after a manager saw me on stage hosting a Poetry Slam!
The best thing you can do for yourself is finish the EE degree, but take the time to enroll in a few classes outside your major. Try philosophy, history, hell, even Broadcast Journalism. Anything that makes you a more well-rounded person makes you more attractive to companies (and to the sex of your choice:).
Oh yeah, and NETWORK with PEOPLE. I think Harvard even teaches that in their business program. 'How to Network 101' or something.
- Oakbox
Even if your job is finding needles in haystacks, some smart-ass will eventually come along with an electromagnet and make you obsolete . . . diversify!