Agreed, great advice. Always do a specific application letter, maybe even a seperate CV/resume highlighting stuff more relevant for that one position.
Basically if you don't even bother with the application then that company isn't going to expect you to bother with the job and you'll be lucky to see any interviews. They don't need to read your other applications to see this, they have probably already binned 1000s of others almost identical , You know the standard applying for jobs crap, would you give someone a job on the strength of being able to carbon copy that and replace their name?.
Read the job description, carefully, read a bit about the company/department you're applying for, what they do, what they do well, what they don't get involved in etc. Now think of yourself as the person reading through all the applications or doing the interviews and imagine what you'd be looking for.
Simple, obvious, ignored by a large amount of applicants. Do this one thing and you're already ahead.
Since all he has done is exploit a mixture of luck and technical ignorance by the mass population to make himself a global monopoly of questionable aims and to earn lots of cash, why exactly does he deserve a knighthood anyway? Was it the subtly forced upgrade paths? Perhaps the insecure webservers that keep getting infected. Maybe that out of billions in R&D they only manage to spend about $1million on any kind of superficial security in order to keep pushing said upgrade paths.
It seems the parent is right, they really are handing them out to anyone these days. Probably because 3/4 of them seem to be getting handed straight back at the moment unaccepted.
As a Brit all I can say is that this one should never have been handed out in the first place. Aren't knighthoods supposed to be about service to society and/or humanity? How does forcing our most advanced technologies into the dark ages so you can constantly skin us for another $200 on updates each year for the rest of eternity count as a service to humanity.
Not really, no security measure is absolute, i.e. no single step will guarantee absolute security.
Tunnelling over HTTP is only useful if the remote system is capable of stripping HTTP headers then forwarding the data to the desired service, you couldn't connect direct to an ssh server like that. Setting this up is a bit beyond "the non-technical PC user", although its certainly not an impossible task. It would stop 99% of people right there.
HTTP application layer firewalls are not just used for blocking outgoing stuff, you can run them infront of webservers to protect against a variety of exploits/overflows. I'd say application layer firewalls are incredibly useful for this, being able to block attacks by signature/regexp before they even reach the servers is not something to be sniffed at.
I'd hardly say the stenographic community is made up of average "non-technical" PC users either. You are quite correct that HTTP filtering in itself is not a means to absolute security, but you're underestimating it as a useful layer to add to your security.
We need to start making "democratic" phones using the bluetooth adapters. If a room has 10 people with mobiles, and 7 of them are set on silent, the others should be forced onto silent by some kind of broadcast signal and not allowed to be used for speech or any other noise generation (except calling 999/911).
You could even force people to send SMS, instead of "incoming call" they'd get "someone called, but nobody else in the room wants to hear your conversation, text them instead or walk outside.".
Unfortunately history has proven that you cannot really trust *people* (in general) with anything. Expecting the masses to be polite or even remotely considerate with something as "technical" as a mobile phone is a waste of time frankly.
Er, you're killing the functionality of your mailserver doing that, it's not advisable unless you're under such a heavy worm flood your server will die if you don't reduce the load.
If you have more than one SMTP user who isn't on a static IP address that method quickly becomes useless. If you ever want to receive mail from anyone other than the two legit.mailhost.com servers that method is useless.
So no good for anyone except those with home SMTP servers who don't mind only receiving mail relayed through a 3rd party really (if you want to receive mail from anywhere without using a 3mb long ipf ruleset), and even they would probably be better off filtering attachments somehow.
In these days of broadband connections the best bet is probably to filter it on the mail client. Well, the best bet would be to get rid of crappy insecure software that is purposely kept insecure to force upgrade paths to the cost of every single responsible internet user everytime one of these worms comes out.
Sounds like its standard practise as they don't know what will be behind the next door they knock.
All a by-product of IT ignorance and calling all "hackers" terrorists regardless if they just hack their own system or download some code or break into the CIA, its all the same to someone with no computer knowledge (ie the police/security services).
O/T. I had a friend once in the UK (so police never have guns unless its serious) who lived in a shared house. The gasman came to check the meter one day and noticed a firearm on the sofa. Of course it was a plastic model...My friend was sat smoking up in his front room when the door was knocked by 8 policemen with guns asking about "a firearm". He instantly realised what it was, said "ah you mean this", went to pick it up and promptly got jumped on by 5 armed police who thought they were about to get blown away. All got happily sorted in the end, I'd imagine had he been in America he wouldn't be around to tell that tale.
Its not FUD and the apps can break. Off the top of my head I can remember these things breaking:
Various issues with session variables being registered globally. Register globals. Safe Mode (oh, you wanted to create directories? hope you have the same gid as the webserver and write access to php.ini). Pass by Reference. Running MySQL queries inside fetch_array loops. One version suddenly wouldn't allow $array['key'], had to be $array["key"], this got fixed shortly after release.
The 2 latter didn't have config options and were just suddenly borked, needing app re-write. Most of the others still exist but the warnings can be ignored from php.ini, although they aren't by default.
Don't get me wrong, I still use PHP for my stuff, but don't start claiming backwards compatibility as their "strong" points. Ask any ISP who host PHP how much they enjoy upgrading it and the effects it has on their users sites. At least it appears to have grown out of this stage, that or the roadmap is just more clearly defined now PHP5 is started.
It seems to work fine on apache2 for me, I'm running it on my devel box with no problems and could name a few hosting companies that do too.
He was a standup comedian for years and is still going with it so he does do a few other things.
It's meant to make you cringe, thats the point of it really. They deliberatly avoid obvious gags, its not that kind of show. I guess you could see it as one of those shows thats main point is to make you feel better about your own life because its not as bad as theirs, although I have worked in offices with worse bosses & atmospheres so I could be wrong on that.
I'd say its a very individual thing as to whether you find it incredibly funny or just annoying as hell, and perhaps a very thin line. For years I just thought the former, now I'm hooked. My girlfriend hates it and cannot sit for more than 30 seconds with it on the tv.
If you do appreciate their humour then it is hysterical, they are more down-to-earth than most other comedies on the TV so it seems a fair statement. It wouldn't have run for 2 series plus xmas special if nobody liked it either.
...whats the bit below it marked as CIA2 wall, godamnit!
Re:PHP books *are* needed, just not all of them
on
Core PHP Programming
·
· Score: 1
I'd have to agree I've found a few problems that I end up unsure if its a language issue or an fault with the way I do things.
It seems to me that these issues seem to crop up less and less as time goes on, hopefully thats all part of PHP maturing and we won't see that kinda problem again..... *crosses fingers*
Re:PHP books *are* needed, just not all of them
on
Core PHP Programming
·
· Score: 1
What you're trying to say is if you're 'learning programming', books are invaluable.
If you're just 'learning PHP' (ie from another language before) then the online manual is plenty.
Having been a fulltime developer using PHP for a while I'd say that the one major thing with PHP, the main reason why the PHP online manual should be used over books, that doesn't apply so much to perl/java/tcl etc. PHP breaks major functions in minor version increments, you may think I'm trolling but its the truth. One good example is the passing of objects by reference, another is register globals if you want to go back that far.
Basically PHP is likely to change in large ways, if your PHP knowledge comes from a 6 month old book don't expect it to be anywhere near complete. Its all relative though, if you're just learning for the sake of making your own homepage then its not a problem. Anyone doing development even semi-seriously using PHP needs to be checking out the manual rather than books, although as you state books are often a great compliment to the manual depending on the individual.
Theres also no mod throttle for apache 2 so its not so suitable if you need these functions, such as limiting bandwidth per virtual host and giving custom responses when sites have used all their traffic.
Incidently if anyone knows of a good alternative that works on apache 2 can they post it.
The bcm5700 driver comes from broadcoms site and isn't included in the default kernel. It's GPL'd though so hopefully will be soon. Works fine here although it's only used on a switched home LAN so probably isn't pushed too hard.
There is the pear DB module, but I see your point. A "PDBC" or similar would be a good move.
Personally I use a tiny SQL class that can be changed to allow different db to be used. Seems a tidier solution since the class is only about 20 lines.
Can't argue that register globals was a bad idea in the first place, but allowing users to still run older software needing it is a good idea. Shame they keep breaking other major functions in minor version increments though really, kinda makes keeping the stupid functions in redundant.
Much the same here, my ISP recently had to bring in 1gb/day 5gb/week caps since they oversold their bandwidth so badly.
I'd be happy if they set reasonable limits and just charged per gb over that if their charges were similar to those from most hosting companies around here.
They don't seem to though, perhaps they only have a small % of heavy users and its not profitable for them to setup the traffic billing system and easier to just tell those users to f~ off.
If you just want it to show in moz/firebird rather than having to find the link and leech it first, use the mplayerplug-in and quicktime will display in the browser.
What part of "Not wishing to start a flame war" was it that went rocketing over your head. All of it along with the rest of the post apparently.
DB quoting/filtering should be left to the Database API.
What like using seperate commands for differentdatabases. You can look the rest up yourself, I'm bored of reading the PHP manual for other people.
Register globals is there to allow backwards compatibility. Everyone, especially php.net, shout from the hills about how insecure it is and how it shouldn't be used.
Magically sticking backslashes in front of everything is stupid for nontrivial apps and is likely to corrupt data.
You must be in management, argueing with me by repeating what I said re-worded. As I said if you do filter your input then magic quotes GPC gets annoying, good job its simple to turn off really.
The fact that PHP programmers are commenting here about the joys of addslashes vs SQL injection
Well pedantically they should be talking about mysql_escape_strings or whichever for the database they're using. Unpedantically, nobody apart from you is under the illusion that addslashes is the only way to escape SQL strings. Coming from an ODBC background by any chance?
You do seem to be suggesting that escaping SQL strings is a bad thing (tm), care to explain why?
Also, please can you actually specify some preference of alternative language so we can get a proper flame war going instead of just flirting about like this:-)
I'm not sure why he even mentions ATM, or QoS for that matter. I assume he has read the various flame-wars about the header/cell overheads with ATM and taken them to heart.
Since ATM was primarily developed by its users, the big ISPs/Carriers, it turned out to be exactly what they wanted. Which is why they're using it right now, which was why they (industry) developed it.
As for QoS, does he still think the world revolves around token ring? Has he forgotten RTP? Since ethernet has no service guarantee, you need QoS to carry any time dependant protocols with real guarantees (I appreciate excess bandwidth can solve this, but it doesn't provide any guarantee which is the entire point).
Not wishing to start a flame war but for PHP users, turn on safe mode. That blocks exec() and similar "dangerous" functions. If needed you can turn them back on in <Directory> statements in apache config.
Of courses none of these are a replacement for good programming practises in the first place. magic_quotes can get annoying if you do filter input properly as it's easy to end up with double escaped strings (e.g \\\'test\\\' instead of \'test\').
Generally speaking if your app breaks running under safe mode or without register globals its not very safe anyway and you need to read the PHP manual to update your coding.
If your main concern is paying the rent you probably would want to work for them. As other posters state many don't have the luxury of that kind of choice.
I think you're right though, any interviewer is going to realise that a programmer/sysadmin/etc from SCO had nothing to do with management decisions.
Slashdot Mirror
Agreed, great advice. Always do a specific application letter, maybe even a seperate CV/resume highlighting stuff more relevant for that one position.
Basically if you don't even bother with the application then that company isn't going to expect you to bother with the job and you'll be lucky to see any interviews. They don't need to read your other applications to see this, they have probably already binned 1000s of others almost identical , You know the standard applying for jobs crap, would you give someone a job on the strength of being able to carbon copy that and replace their name?.
Read the job description, carefully, read a bit about the company/department you're applying for, what they do, what they do well, what they don't get involved in etc. Now think of yourself as the person reading through all the applications or doing the interviews and imagine what you'd be looking for.
Simple, obvious, ignored by a large amount of applicants. Do this one thing and you're already ahead.
Since all he has done is exploit a mixture of luck and technical ignorance by the mass population to make himself a global monopoly of questionable aims and to earn lots of cash, why exactly does he deserve a knighthood anyway? Was it the subtly forced upgrade paths? Perhaps the insecure webservers that keep getting infected. Maybe that out of billions in R&D they only manage to spend about $1million on any kind of superficial security in order to keep pushing said upgrade paths.
It seems the parent is right, they really are handing them out to anyone these days. Probably because 3/4 of them seem to be getting handed straight back at the moment unaccepted.
As a Brit all I can say is that this one should never have been handed out in the first place. Aren't knighthoods supposed to be about service to society and/or humanity? How does forcing our most advanced technologies into the dark ages so you can constantly skin us for another $200 on updates each year for the rest of eternity count as a service to humanity.
Not really, no security measure is absolute, i.e. no single step will guarantee absolute security.
Tunnelling over HTTP is only useful if the remote system is capable of stripping HTTP headers then forwarding the data to the desired service, you couldn't connect direct to an ssh server like that. Setting this up is a bit beyond "the non-technical PC user", although its certainly not an impossible task. It would stop 99% of people right there.
HTTP application layer firewalls are not just used for blocking outgoing stuff, you can run them infront of webservers to protect against a variety of exploits/overflows. I'd say application layer firewalls are incredibly useful for this, being able to block attacks by signature/regexp before they even reach the servers is not something to be sniffed at.
I'd hardly say the stenographic community is made up of average "non-technical" PC users either. You are quite correct that HTTP filtering in itself is not a means to absolute security, but you're underestimating it as a useful layer to add to your security.
We need to start making "democratic" phones using the bluetooth adapters. If a room has 10 people with mobiles, and 7 of them are set on silent, the others should be forced onto silent by some kind of broadcast signal and not allowed to be used for speech or any other noise generation (except calling 999/911).
You could even force people to send SMS, instead of "incoming call" they'd get "someone called, but nobody else in the room wants to hear your conversation, text them instead or walk outside.".
Unfortunately history has proven that you cannot really trust *people* (in general) with anything. Expecting the masses to be polite or even remotely considerate with something as "technical" as a mobile phone is a waste of time frankly.
I believe it uses p0f to passively detect the remote OS.
If you have more than one SMTP user who isn't on a static IP address that method quickly becomes useless. If you ever want to receive mail from anyone other than the two legit.mailhost.com servers that method is useless.
So no good for anyone except those with home SMTP servers who don't mind only receiving mail relayed through a 3rd party really (if you want to receive mail from anywhere without using a 3mb long ipf ruleset), and even they would probably be better off filtering attachments somehow.
In these days of broadband connections the best bet is probably to filter it on the mail client. Well, the best bet would be to get rid of crappy insecure software that is purposely kept insecure to force upgrade paths to the cost of every single responsible internet user everytime one of these worms comes out.
Heres iptables version anyway:
good point, no arguing with that, france? :-)
Sounds like its standard practise as they don't know what will be behind the next door they knock.
All a by-product of IT ignorance and calling all "hackers" terrorists regardless if they just hack their own system or download some code or break into the CIA, its all the same to someone with no computer knowledge (ie the police/security services).
O/T. I had a friend once in the UK (so police never have guns unless its serious) who lived in a shared house. The gasman came to check the meter one day and noticed a firearm on the sofa. Of course it was a plastic model...My friend was sat smoking up in his front room when the door was knocked by 8 policemen with guns asking about "a firearm". He instantly realised what it was, said "ah you mean this", went to pick it up and promptly got jumped on by 5 armed police who thought they were about to get blown away. All got happily sorted in the end, I'd imagine had he been in America he wouldn't be around to tell that tale.
Its not FUD and the apps can break. Off the top of my head I can remember these things breaking:
Various issues with session variables being registered globally.
Register globals.
Safe Mode (oh, you wanted to create directories? hope you have the same gid as the webserver and write access to php.ini).
Pass by Reference.
Running MySQL queries inside fetch_array loops.
One version suddenly wouldn't allow $array['key'], had to be $array["key"], this got fixed shortly after release.
The 2 latter didn't have config options and were just suddenly borked, needing app re-write. Most of the others still exist but the warnings can be ignored from php.ini, although they aren't by default.
Don't get me wrong, I still use PHP for my stuff, but don't start claiming backwards compatibility as their "strong" points. Ask any ISP who host PHP how much they enjoy upgrading it and the effects it has on their users sites. At least it appears to have grown out of this stage, that or the roadmap is just more clearly defined now PHP5 is started.
It seems to work fine on apache2 for me, I'm running it on my devel box with no problems and could name a few hosting companies that do too.
here are some david brent quotes, good to gauge if you'll love or hate this show.
David Brent: Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them.
He was a standup comedian for years and is still going with it so he does do a few other things.
It's meant to make you cringe, thats the point of it really. They deliberatly avoid obvious gags, its not that kind of show. I guess you could see it as one of those shows thats main point is to make you feel better about your own life because its not as bad as theirs, although I have worked in offices with worse bosses & atmospheres so I could be wrong on that.
I'd say its a very individual thing as to whether you find it incredibly funny or just annoying as hell, and perhaps a very thin line. For years I just thought the former, now I'm hooked. My girlfriend hates it and cannot sit for more than 30 seconds with it on the tv.
If you do appreciate their humour then it is hysterical, they are more down-to-earth than most other comedies on the TV so it seems a fair statement. It wouldn't have run for 2 series plus xmas special if nobody liked it either.
...whats the bit below it marked as CIA2 wall, godamnit!
I'd have to agree I've found a few problems that I end up unsure if its a language issue or an fault with the way I do things.
It seems to me that these issues seem to crop up less and less as time goes on, hopefully thats all part of PHP maturing and we won't see that kinda problem again..... *crosses fingers*
What you're trying to say is if you're 'learning programming', books are invaluable.
If you're just 'learning PHP' (ie from another language before) then the online manual is plenty.
Having been a fulltime developer using PHP for a while I'd say that the one major thing with PHP, the main reason why the PHP online manual should be used over books, that doesn't apply so much to perl/java/tcl etc. PHP breaks major functions in minor version increments, you may think I'm trolling but its the truth. One good example is the passing of objects by reference, another is register globals if you want to go back that far.
Basically PHP is likely to change in large ways, if your PHP knowledge comes from a 6 month old book don't expect it to be anywhere near complete. Its all relative though, if you're just learning for the sake of making your own homepage then its not a problem. Anyone doing development even semi-seriously using PHP needs to be checking out the manual rather than books, although as you state books are often a great compliment to the manual depending on the individual.
Hrm that only seems to do bandwidth limiting which can be also be accomplished (arguably more easily) using tools like iproute/tc and ipfw.
Looking more for something to limit actual traffic totals over time and take custom action when that total is exceeded.
Theres also no mod throttle for apache 2 so its not so suitable if you need these functions, such as limiting bandwidth per virtual host and giving custom responses when sites have used all their traffic.
Incidently if anyone knows of a good alternative that works on apache 2 can they post it.
The bcm5700 driver comes from broadcoms site and isn't included in the default kernel. It's GPL'd though so hopefully will be soon. Works fine here although it's only used on a switched home LAN so probably isn't pushed too hard.
The DNS held up it was the cert revocation server at crl.verisign.com that died.
There is the pear DB module, but I see your point. A "PDBC" or similar would be a good move.
Personally I use a tiny SQL class that can be changed to allow different db to be used. Seems a tidier solution since the class is only about 20 lines.
Can't argue that register globals was a bad idea in the first place, but allowing users to still run older software needing it is a good idea. Shame they keep breaking other major functions in minor version increments though really, kinda makes keeping the stupid functions in redundant.
Much the same here, my ISP recently had to bring in 1gb/day 5gb/week caps since they oversold their bandwidth so badly.
I'd be happy if they set reasonable limits and just charged per gb over that if their charges were similar to those from most hosting companies around here.
They don't seem to though, perhaps they only have a small % of heavy users and its not profitable for them to setup the traffic billing system and easier to just tell those users to f~ off.
If you just want it to show in moz/firebird rather than having to find the link and leech it first, use the mplayerplug-in and quicktime will display in the browser.
What part of "Not wishing to start a flame war" was it that went rocketing over your head. All of it along with the rest of the post apparently.
:-)
DB quoting/filtering should be left to the Database API.
What like using seperate commands for different databases. You can look the rest up yourself, I'm bored of reading the PHP manual for other people.
Register globals is there to allow backwards compatibility. Everyone, especially php.net, shout from the hills about how insecure it is and how it shouldn't be used.
Magically sticking backslashes in front of everything is stupid for nontrivial apps and is likely to corrupt data.
You must be in management, argueing with me by repeating what I said re-worded. As I said if you do filter your input then magic quotes GPC gets annoying, good job its simple to turn off really.
The fact that PHP programmers are commenting here about the joys of addslashes vs SQL injection
Well pedantically they should be talking about mysql_escape_strings or whichever for the database they're using. Unpedantically, nobody apart from you is under the illusion that addslashes is the only way to escape SQL strings. Coming from an ODBC background by any chance?
You do seem to be suggesting that escaping SQL strings is a bad thing (tm), care to explain why?
Also, please can you actually specify some preference of alternative language so we can get a proper flame war going instead of just flirting about like this
I'm not sure why he even mentions ATM, or QoS for that matter. I assume he has read the various flame-wars about the header/cell overheads with ATM and taken them to heart.
Since ATM was primarily developed by its users, the big ISPs/Carriers, it turned out to be exactly what they wanted. Which is why they're using it right now, which was why they (industry) developed it.
As for QoS, does he still think the world revolves around token ring? Has he forgotten RTP? Since ethernet has no service guarantee, you need QoS to carry any time dependant protocols with real guarantees (I appreciate excess bandwidth can solve this, but it doesn't provide any guarantee which is the entire point).
Article: -1 troll.
Not wishing to start a flame war but for PHP users, turn on safe mode. That blocks exec() and similar "dangerous" functions. If needed you can turn them back on in <Directory> statements in apache config.
Good time to mention magic_quotes_gpc and register globals as well.
Of courses none of these are a replacement for good programming practises in the first place. magic_quotes can get annoying if you do filter input properly as it's easy to end up with double escaped strings (e.g \\\'test\\\' instead of \'test\').
Generally speaking if your app breaks running under safe mode or without register globals its not very safe anyway and you need to read the PHP manual to update your coding.
If your main concern is paying the rent you probably would want to work for them. As other posters state many don't have the luxury of that kind of choice.
I think you're right though, any interviewer is going to realise that a programmer/sysadmin/etc from SCO had nothing to do with management decisions.