Can somebody tell me how long will it take to hack into this box and reuse the code in some PC apps? It's not even built yet !! No, we can't tell you. How long is a piece of string ?;)
I have some sympathy for her.. after all, she can't have been that bad at her job if she managed to survive 28 years. In fact, she's probably quite competent.. It's a sad state of affairs that there is so much stock held in a piece of paper that basically states "I can commit to memory a certain amount of data given several years". How many of us have been to a job interview, that you breeze the aptitude tests they give you, you wow the boss with your skill and depth of knowledge, but you get a sorry from the HR person "It's company policy to only hire people with degrees.. sorry". It's no wonder that people lie on their CV's to get in the door and past these narrow minded policies. Come to think of it, every technically brilliant person that I've worked with either dropped out of university, or never went at all. Every few years or so we'll bump into one another whilst I'm contracting somewhere, and these companies that did 'take a risk' and employed them without a degree treasure them immensely.
So, an outage affecting a core part of the buisiness was caused by a 'non-critical' upgrade. Someone needs to redefine what non-critical actually is. As far as my experience goes (mostly in mission critical datacentres), most of the testing was actually done by the engineers installing and fixing on-the-fly. Engineers are more likely to look in the right places to find a bug, due to hands-on real life experience.
Marketing and persuasion always wins out in the end. How many tech guys have tried to convince a boss that whatever solution they are going with is not in the interest of the company. Even if you make an objective flow-chart/business impact plan.. their mind is made up. Dick from marketing has personality-brainwashed him. He took him to lunch, he couldn't possibly be like the other salesmen.. nice chap.
Just as accepting invitations to drive off with my car because I left it unlocked on my drive is a crime.. Just as when someone leaves chips on a card table and doesn't ask someone to keep an eye on them.. well that's an 'invitation' also..
There is no 'invitation'. When you use someone elses bandwidth, you deprive them of a commodity that they have paid money for. So yes, it ought to be a crime.
To put statistics into perspective, you need to consider the following (for arguments sake). Say 98% lived with this new tech. What percentage lived without it ? Maybe 94%. You can't infer that the previous methods of detection/avoidance were mediocre just because the new method has a high success rate. The article certainly gives no comparisons.
how would it stand in court if you had a wireless access point that was open. Just claim that someone else used your network without authorisation to download the offending files (assume that the authorities did not find evidence on your storage mediums).
Hardly new ! We were doing this way back in the warez scene on the Amiga. Whip out your favorite dissasembler, change a few bne.w instructions to jump to the "it's authenticated!" code. Myself and a colleague even did this on the Palm Pilot. (Anyone remember that monkey that you fed crack pipes to on this ?)
The local populace do not want this.. things were ok the way they were.. "Woman ! I'm just going to the local internet cafe.. see you in a few hours." Down the road, a few stops at the local shebeens, and the man comes home with a glint in his eye. It's been like this the world over since time began.
From the article linked:- ...the most significant change to working with device drivers for the 2.6 Linux kernel are the changes in the build process described in the next section
The only difference in the skeleton modules described in the article is a MODULE_LICENSE("GPL"); and a "return 0;".
Breathtakingly difficult ! In fact, the only 'hard' part seems to be changing how (if at all) your module interacts with other kernel components ! If you wrote a module that utilises these aspects of the kernel, moving to a new API would not be that difficult.
Trust us Brits to come up with this - we had a news article on TV a while back about getting the ashes of your cremated loved ones turned into yellow diamonds ! The coloration comes from the nitrogen content of the ashes apparently.
Unfortunately, the model breaks down as soon as the core group involved in a project or distribution decides to corrupt the source, because they simply won't make the corrupted version public.
So.... it's not Open Source then. Way to let the hot air out of your puffed-up argument.
There are a handful of ways that malicious code can make its way into open source and avoid detection during security testing
Let's see.. the most (un)likely way is that someone hacks a host server, mods the code and then updates the MD5 sums. Stupid. All major Open Source software know how to protect their codebases by holding offline checksums and isolated codebases. This is too unrealistic to happen these days, if you actually care about verifying what you just downloaded and are about to compile.
Instead, the security breach will be placed into the open source software from inside, by someone working on the project.
Laughable. Aboslutely ridiculous !! Can this not happen in closed source environments ? A disgruntled employee perhaps ? I'm sure the article writer would say "but there is quality control, peer review.." I suppose that never happens in Open Source.. I mean, how can we actually review the code when it's publicly available. Oh, that's right.. we can. Open Source peer review is brutal at the best of times !
Eliminate all the possibilities that something could go wrong and make your company look inept, after all, you know the link works, so just assign a likely-looking IP address to the loopback interface, alias 'ifconfig' to one of your scripts that hides this fact, and voila ! You could even say "hmm.. it's faster than we thought.. we'll have to increase charges accordingly":-)
If 'programmers' adhered to well documented standards, and stopped trying to make eye candy by biting on the non-standard hooks in IE, then you'd find that the problem of choking would pretty much vanish.
It is a very clever strategy of microsoft to release a non-standard adhering browser, since as they currently control the vast majority on desktop machines, they puppet 'programmers' into doing their dirty work for them (keeping people on the MS platform).
The less tech-savvy of us will of course assume "this browser sucks, it can't render this page correctly", when it is the page itself that can't be rendered properly within standards guidelines.
bah.. I remember when VRML was all the rage, and this sort of tripe was bandied around as the "Next Big Thing". Seems no-one learned the lessons back then that this kind of defeats the point of shopping !
I mean, look on the street - how many people are actually clothing co-ordinated ? Those folks from Queer Eye would have a field day in the UK. What is important about shopping, especially clothes shopping is the feel of the garment, the feel of the fit etc. And if going by what my girlfriend does, impulse buying features heavily in the pain
All say 'aye' those who would gladly welcome providers blocking annoying ring tones and overly loud 'SMS received' beeps ! Never mind innapropriate content, these social nuisances are enough to make you kiiiilllll !
Grandma really shouldn't be upgrading ! How many people used Win9x long after ME/NT/XP/2000 came out before upgrading ? More than you'd like to admit. How many people asked their computer-literate friend to upgrade for them, because they couldn't / didn't want to for fear of breaking something because they didn't understand the concepts ?
Just because an upgrade comes out, doesn't mean you have to upgrade !! But I understand the psycology behind it (something new and shiny, or will I be 'missing out' ?)
If you have ever worked or contributed in any way to a KDE project / KDE application, then you get some idea of just how dedicated the key people are. My own opinion of this phenomenon is that developers know (feel) that KDE is the best desktop suite we have, and we want it to be better.
Also, with tools like QT Designer, and KDevelop, making applications for KDE is actually quite a pleasant experience (and this is from someone who loathes GUI programming).
Well done chaps !
Slashdot Mirror
What ?? Windows ?? threads ?? How dare these two words be uttered in the same sentence !
I have some sympathy for her.. after all, she can't have been that bad at her job if she managed to survive 28 years. In fact, she's probably quite competent.. It's a sad state of affairs that there is so much stock held in a piece of paper that basically states "I can commit to memory a certain amount of data given several years". How many of us have been to a job interview, that you breeze the aptitude tests they give you, you wow the boss with your skill and depth of knowledge, but you get a sorry from the HR person "It's company policy to only hire people with degrees.. sorry". It's no wonder that people lie on their CV's to get in the door and past these narrow minded policies. Come to think of it, every technically brilliant person that I've worked with either dropped out of university, or never went at all. Every few years or so we'll bump into one another whilst I'm contracting somewhere, and these companies that did 'take a risk' and employed them without a degree treasure them immensely.
So, an outage affecting a core part of the buisiness was caused by a 'non-critical' upgrade. Someone needs to redefine what non-critical actually is. As far as my experience goes (mostly in mission critical datacentres), most of the testing was actually done by the engineers installing and fixing on-the-fly. Engineers are more likely to look in the right places to find a bug, due to hands-on real life experience.
Marketing and persuasion always wins out in the end. How many tech guys have tried to convince a boss that whatever solution they are going with is not in the interest of the company. Even if you make an objective flow-chart/business impact plan.. their mind is made up. Dick from marketing has personality-brainwashed him. He took him to lunch, he couldn't possibly be like the other salesmen.. nice chap.
Just as accepting invitations to drive off with my car because I left it unlocked on my drive is a crime.. Just as when someone leaves chips on a card table and doesn't ask someone to keep an eye on them.. well that's an 'invitation' also..
There is no 'invitation'. When you use someone elses bandwidth, you deprive them of a commodity that they have paid money for. So yes, it ought to be a crime.
To put statistics into perspective, you need to consider the following (for arguments sake).
Say 98% lived with this new tech. What percentage lived without it ? Maybe 94%. You can't infer that the previous methods of detection/avoidance were mediocre just because the new method has a high success rate. The article certainly gives no comparisons.
how would it stand in court if you had a wireless access point that was open. Just claim that someone else used your network without authorisation to download the offending files (assume that the authorities did not find evidence on your storage mediums).
'course it had AREXX. Just that you wouldn't use it for dissasembling an executable and setting breakpoints etc.
hmm.. no. Either devpac or argasm. And I meant the name of the monkey ! (On a side note, the action replay box was fantastic for reverse engineering).
Hardly new ! We were doing this way back in the warez scene on the Amiga. Whip out your favorite dissasembler, change a few bne.w instructions to jump to the "it's authenticated!" code. Myself and a colleague even did this on the Palm Pilot. (Anyone remember that monkey that you fed crack pipes to on this ?)
The local populace do not want this.. things were ok the way they were.. "Woman ! I'm just going to the local internet cafe.. see you in a few hours." Down the road, a few stops at the local shebeens, and the man comes home with a glint in his eye. It's been like this the world over since time began.
The only difference in the skeleton modules described in the article is a MODULE_LICENSE("GPL"); and a "return 0;".
Breathtakingly difficult ! In fact, the only 'hard' part seems to be changing how (if at all) your module interacts with other kernel components ! If you wrote a module that utilises these aspects of the kernel, moving to a new API would not be that difficult.
Trust us Brits to come up with this - we had a news article on TV a while back about getting the ashes of your cremated loved ones turned into yellow diamonds ! The coloration comes from the nitrogen content of the ashes apparently.
So.... it's not Open Source then. Way to let the hot air out of your puffed-up argument.
Let's see.. the most (un)likely way is that someone hacks a host server, mods the code and then updates the MD5 sums. Stupid. All major Open Source software know how to protect their codebases by holding offline checksums and isolated codebases. This is too unrealistic to happen these days, if you actually care about verifying what you just downloaded and are about to compile.
Instead, the security breach will be placed into the open source software from inside, by someone working on the project.
Laughable. Aboslutely ridiculous !! Can this not happen in closed source environments ? A disgruntled employee perhaps ? I'm sure the article writer would say "but there is quality control, peer review.." I suppose that never happens in Open Source.. I mean, how can we actually review the code when it's publicly available. Oh, that's right.. we can. Open Source peer review is brutal at the best of times !
I bag the 'go-faster' stripes on the case !
Eliminate all the possibilities that something could go wrong and make your company look inept, after all, you know the link works, so just assign a likely-looking IP address to the loopback interface, alias 'ifconfig' to one of your scripts that hides this fact, and voila ! You could even say "hmm.. it's faster than we thought.. we'll have to increase charges accordingly" :-)
If 'programmers' adhered to well documented standards, and stopped trying to make eye candy by biting on the non-standard hooks in IE, then you'd find that the problem of choking would pretty much vanish.
It is a very clever strategy of microsoft to release a non-standard adhering browser, since as they currently control the vast majority on desktop machines, they puppet 'programmers' into doing their dirty work for them (keeping people on the MS platform).
The less tech-savvy of us will of course assume "this browser sucks, it can't render this page correctly", when it is the page itself that can't be rendered properly within standards guidelines.
This is clearly a blatant cash-in on the already successful 'flubber' invented by Walt Disney !
1.2 Install updated modutils, binutils etc, which are incompatibile with old ones, so there's no easy way of return
:-
./configure --prefix=/opt/modutils-2.6
Building source is your friend here
tar xvf modutils.tar.bz
cd modutils
make
make install
Pretty simple.
bah.. I remember when VRML was all the rage, and this sort of tripe was bandied around as the "Next Big Thing". Seems no-one learned the lessons back then that this kind of defeats the point of shopping !
I mean, look on the street - how many people are actually clothing co-ordinated ? Those folks from Queer Eye would have a field day in the UK. What is important about shopping, especially clothes shopping is the feel of the garment, the feel of the fit etc. And if going by what my girlfriend does, impulse buying features heavily in the pain
All say 'aye' those who would gladly welcome providers blocking annoying ring tones and overly loud 'SMS received' beeps ! Never mind innapropriate content, these social nuisances are enough to make you kiiiilllll !
Grandma really shouldn't be upgrading ! How many people used Win9x long after ME/NT/XP/2000 came out before upgrading ? More than you'd like to admit. How many people asked their computer-literate friend to upgrade for them, because they couldn't / didn't want to for fear of breaking something because they didn't understand the concepts ?
Just because an upgrade comes out, doesn't mean you have to upgrade !! But I understand the psycology behind it (something new and shiny, or will I be 'missing out' ?)
If you have ever worked or contributed in any way to a KDE project / KDE application, then you get some idea of just how dedicated the key people are. My own opinion of this phenomenon is that developers know (feel) that KDE is the best desktop suite we have, and we want it to be better. Also, with tools like QT Designer, and KDevelop, making applications for KDE is actually quite a pleasant experience (and this is from someone who loathes GUI programming). Well done chaps !