Ebay does not have a/robots.txt. Pretty silly that they don't because then I think that most of the community would agree with the rest of your stated position.
www.ebay.com and search.ebay.com don't, but listings.ebay.com does.
As far as ebay...I kind of side with them and kind of don't...if you are posting content, expect it to be viewed. I don't know if copyright can be involved in this or not? Repackaging information from places has been around for awhile.
It's been around, yes. Several people here have pointed out search engines, but there's a big difference: AltaVista/Google/etc. honor robots.txt. According to some posters here BiddersEdge appears not to have honored it. That changes everything.
In law there's a concept of intent. By not honoring robots.txt, BE demonstrated at best deplorable ignorance of the generally accepted responsibilities of spider-users, and at worst an intent to circumvent measures taken against services such as theirs.
The article doesn't go into detail but from BE's stated position it's not hard to imagine that even if eBay blocked their address block, that BE would shell out the relatively nominal money to buy, say, a bunch of dial-up accounts.
What eBay has done is analogous to me running, say, a playground and kicking off somebody who appears to be using it for purposes I don't agree with. I'm not required to do any more than ask that they leave (robots.txt) before I'm entitled to call the police to assist.
A lot of people have called eBay a "public" service. That's a term that should be used with extreme caution. Not everything that's public is a "common carrier". "Public" services that aren't common carriers still have most of the property rights of a private entity. There are exceptions, such as anti-discrimination laws, but outside of those "protected" conditions, a business owner can kick you out over anything he wants. Or he can just kick you out for no reason at all. Abridging that right in the name of "freedom" will do more to hurt the Internet than any site denying access ever could.
Government-franchised monopoly utilities/services (cable, phone, power, etc.) usually are classed as common carriers. Check out your state/locality's regulations regarding common carriers and then ask yourself if you'd want to operate a large website under those restrictions. I'm sure it's different in other places, but here in Virginia, state-franchised monopolies have to get approval from the state before they can raise their rates, not something most site owners want to (or should) be subject to.
It may be that I don't know what I'm talking about, but the government seems to be doing more about E-Mail spam than Snail Mail Spam. Not to mention deleting E-Mail spam is easier than deleting Snail Mail Spam. Doesn't make much sense to me.
Many people don't realize it, but the USPS has confirmed that the rates companies pay on snail spam actually subsidize part of the cost of first-class mail. Translation: if companies quit sending it, your mail rates would go up.
I pay half my bills online these days anyway, but there it is.
Besides that you can recycle snail spam as firelighters:)
I honestly don't see the privacy concerns so many have mentioned, unless people are concerned about legitimate "spam" being mistaken for the real thing and small companies getting mistakenly raided with all those attendant privacy concerns.
There are several things that make real spam easily identifiable:
1. Fishing. They always want me to buy or send something. I've gotten spam that's non-commercial, but it's very very rare.
2. Forgery. Forged headers are practically a defining characteristic. Again, I've gotten spam with non-forged headers, but rarely.
3. Fraud. Just about every one I get is MAKE.MONEY.FAST in a new form, or else it's selling black-market herbs/medicines/whatever.
The biggest problem I have with HR 3113 is that by saying "this spam is bad" it's implicitly saying "this other spam is good."
The real problem, of course, is that SMTP is largely unauthenticated. What's needed is a "secure-net" of SMTP servers that do things like verify the forward and reverse lookups on the address of a sending host, strip out bogus Received headers, and so on. Basically eliminating the trust that allows spammers to get away with their nasty tricks. Sucks, I know, but these days paranoia is the rule rather than the exception (see the Slashdot DDoS discussion for plenty more on that subject).
Would it violate the relevant RFCs for an ISP to set up an SMTP server to strip Received headers on messages coming from its dialup pool? That'd take care of about 90% of the spam right there -- they can run, but they can't cover their tracks. If stripping wouldn't be allowed, maybe there could be an additional header somewhere, an X-header containing the first "known-good" Received line, and that would always be stripped if a message comes from the ISP's subnet(s) with it already present unless other arrangements have been made with the customer.
To those who say it would be too much effort to coordinate, I say open relay used to be the default and now it's fairly rare on servers that have been up for any length of time. This could be accomplished by peer pressure if the major sites jump on it.
Machines are cheaper than people. It's easier to configure N+1 machines all the same than to configure N machines one way and one machine a different way.
It's cheaper still not to secure the machines in the first place. But that would be stupid, wouldn't it?
I haven't seen an rationale for a firewall which is any better than "Well, we're too stupid and lazy to lock down N Unix hosts, so we're going to lock down one. Somehow we will become less stupid and lazy because there is only one machine."
A firewall is no more nor less than acknowledgement that humans are not perfect. I've said before that a firewall is not an excuse for running insecure hosts. But it lessens the chance that if you have one inadvertently insecure host, your entire network can be compromised (unless that host is your firewall, in which case the firewall admin is in the hot seat).
If they're in public services, you're toast *anyway*, because your firewall is letting those services through. If they're in private services, then why for God's sake did you bind them to a public IP address???
Most of the things that people are using firewalls to protect against can be solved by using non-routable IP addresses and some small amount of filtering on your router.
You mean... a firewall? Gasp!
Like it or not, just using non-routable IPs is still not much of a defense. If your router is compromised, your network is then just as vulnerable as if you used routable IPs on an exposed network. And believe it or not, many public services are in fact run on non-routable subnets using port forwarding of one kind or another.
Routers and hosts do different things, and a firewall has aspects of both. On balance having a host do the routing functions is easier than trying to have a router do the (admittedly minimal) hosting functions that a firewall admin might want. Remember it was only fairly recently that routers got the ability to do ssh (IOS 12.05 I think for Cisco gear). Also the more layers of security you have, the better your defense in depth can be. Not necessarily is, but can be.
Modern military command uses the concept of defense in depth. The essence of this is trading space for time.
The simplest case is building two small walls instead of one humongous wall. If you build a humongous wall, it takes a long time to get through... unless the enemy finds a single weak point -- then you're screwed. Two walls each take less time to get through, but if they're well-built using different techniques, the enemy may not get through to begin with and if they breach the first they lose time covering ground and then adapting. They're also very obvious as they traverse the open ground between barriers.
Network security can benefit from the same concept. Others have already mentioned heterogeneous "airgap" systems -- one of the most common and least excusable faux pas by so-called "security admins" is a single firewall protecting a herd of boxen. Second to that is identical airgap firewalls.
Of course real defense doesn't end with the walls. Even services running behind an airgap should be structured with an eye toward reasonable security, as others have pointed out. Many companies think their firewalls make them safe; come the day those firewalls are breached and the attackers make off with everything stored on the NT intranet server before wiping the drive, they'll find out differently.
Any server, no matter how well shielded, should start life in a lockdown configuration and then be made less secure only as needed ("do we really need to enable daytime on this box?"). Admittedly I haven't kept up with developments in secure distros, but does anyone make a "locked-down by default" distro based off Red Hat/Debian/*BSD? It'd be a real service to admins and if not it's something I might consider starting a project for. I know of Bastille Linux but that's (as far as I know) not so much a distro as a set of scripts to tighten up Red Hat.
The only thing we have yet to figure out is how to effectively make systems under attack "shoot back". The most they can do at the moment is call in an airstrike (i.e. alert the admins). Any return-fire capability would only be as good as the intermediate links let it be. It might not even be a good idea, as it would increase network traffic and make the attack that much more severe.
A practical point of view would not smash the status bar just for the sake of being annoyingly cute.
A practical point of view would not use absolute pixel sizes that render a site unreadable on hi-res monitors.
A practical point of view would not do that annoying "look at me! look at me! I'm an intro graphic! look at me!" idiocy on the first page.
Nothing that degrades usability for anyone is being done from a practical point of view.
This web site's behavior with respect to its stated purpose is akin to employers searching for a Unix admin, then asking him for a resume in Word format.
Web designers still haven't caught on that there is no such thing as a "static" page. It may be viewed in a variety of resolutions, color depths, window size, and font combinations, and any site that assumes any of those is a static factor is going to have egg on its face every time somebody comes along who (shock, horror!) doesn't have MS Comic Sans installed.
One of the more interesting design challenges is to do a page all in shades of gray and still make it look good. I wonder if this guy could do that. I've taken a stab at it and it actually didn't look awfully bad, although I'd probably nix the small-caps hack if I did it over again. I'd probably dim the whiteness of the text a bit too -- it's a little glare-y.
Here in Charlottesville, VA, our biggest ISP was using this method. It actually may be illegal to do that here, as Virginia is one of the states that grants "de jure" recognition of monopoly status to, for example, Virginia Power and various ILECs. They (the utilities) have to go through a bunch of red tape to change prices and such, and they have to do it in accordance with the "tariffs" for a service, which detail what product you're providing, what it's for and what prices you can charge.
As the above poster pointed out, DSL emits imperial buttloads (bigger than your puny metric buttload!) of RF. Our ILEC is Sprint; after CStone had about a half-dozen of these "DSL" installs, Sprint figured it out and told them it was a service outside the tariff specs, it was causing noise on other lines in the same sheath, and they wouldn't be doing any more dry-pair installs for CStone as a result. There was a bunch of other maeuvering but I can't go into detail as it was specified that it was all "off the record" during the conversations I had.
My personal opinion is yes, it causes quality problems, but Sprint came down hard on it not because of the quality (which they manifestly don't care about, judging by my experiences with them) but because they realized they were missing out (they had several months yet until their own DSL service was launched).
CStone was recently bought by a regional CLEC/ISP/cableco, so theoretically they might get to slap their brand on CFW-provided DSL at some point. CFW's been doing DSL here since March of last year and (apart from various incompetence with actually getting an install tech out!) I love it to death. 768K for $70.00/mo. (384K for $50) -- my friends in Northern Virginia hate me:-)
Some so-called "scientists" need a refresher course in Laboratory Science 101:
"However, most scientists believe that such anti-gravity research is fundamentally flawed. It goes against what we know about the physical Universe and is therefore impossible, they say."
These would probably be the spiritual descendants of the "scientists" who claimed that traveling at greater than 60 MPH would cause the blood to boil and was therefore impossible. It's also incredibly arrogant to claim that something that would contradict existing science is impossible; it's tantamount to claiming that we already know all that can be known, in which case science can just pack it in, we don't need you guys any more, don't forget your hat.
Sagan has noted several times that the "old guard" often hampers progress in science. It threatens the importance of their own discoveries. Nobody wants his carefully-researched theory noted in textbooks as "a useful first approximation" or to carry, even if only in his own head, the stigma of your life's work being derived from "second-class" measurements.
One great example is chaos theory. Nobody wanted to admit that a perfectly spherical world with constant illumination and rotation could generate weather. It totally went against what we knew of physics. When it was found that the divergences resulted from rounding effects of the computer simulation a lot of scientists wanted to just dismiss the whole thing right there as "experimental error", instead of admitting that microscopic errors having macro-scale results represented a new fundamental truth about the world.
See also the Henrietta Lacks debacle, where a concerted effort was made by researchers and the journals they published in to save face by trying to cover up the fact that their results were contaminated.
And see also Velikovsky. In the 60s and 70s, his Worlds in Collision was hotly debated and a lot of scientists, rather than actually refute his conclusions, preferred to take the lazy route of trying to suppress publication of his ideas. Slashdotters know how futile that can be.
A lot of employers seem to have a two-faced policy about this. You're required to get overtime approved to get paid for it, but you're not allowed to just not work if it's not. If you're not in the office for all of 9-5, you're a slacker even if you're never doing anything for the first 4 hours of the day but meeting after meeting after meeting. But God forbid you should put in the required face time and expect that to be enough when a fire-drill happens at 5:00 on Friday afternoon. And if you're on salary, forget about overtime at all, unless you're willing to fight the company over whether you're actually exempt (many peons are not, simply because they're peons).
(If you're on a salary and working significant overtime, start keeping a log of the hours you work -- you will want it after you leave so you can pursue a back-pay claim with the Wage and Hour Division of OSHA. Don't worry about contract provisions -- most of them are illegal if they attempt to limit your legal right to be paid for work and OSHA will be happy to tell you which are and aren't applicable to you.)
The company I work for pretty much doesn't care if I come in at 9:30 or 11:30, as long as I'm in before noon (I rarely see my manager before 11:00). But I've been put on notice by the department head that I'll soon be moving to a high-profile project and other considerations mean it has go from zero to code-freeze by April 30. That's right, ten weeks from now a mission-critical project that hasn't even started yet must be essentially complete. This means a strict 40 hours a week will mark me as a slacker as it has in other places when I tried to defend my free time from the encroachment of work.
You know what we need more than anything? A retribution-free workplace. Imagine how much less stress you'd have if you could just say "Bob, I'm spending half my day doing [insert unproductive things here] and having to work overtime to get my real work done. Is there any way you can cut me loose from a couple of [unproductive things] so I can go home on time?" Wouldn't that be great? And it'll happen sometime around the day pigs fly.
It's entering the end of its life cycle as a technology. Now I'm waiting for the complete birth of Usenet II. The rules may seem fascist, but more than one newsadmin has wished the original Usenet had them.
The only thing that worries me is, it looks like it might be a breech birth, full of extra pain and difficulty. At least one major ISP has announced it has no plans to participate. Also complicating the transition will be the fact that Usenet II requires a valid e-mail address to post, meaning that spammers with read access can still do what they do.
Then again, in its early days, Usenet was often an unauthorized service provided by site admins while management turned a blind eye.
I think you're thinking of the one where he's buying a new computer. The salesman shows him the newest "mini-micro" -- "you glue chips to your fingernails, and it automatically senses where your fingers are at all times." In the final panel the salesdroid says "Of course, you may not want your computer to know where your fingers are at all times." At which point his own finger-top pipes up and says "Dave, about last night..."
The trouble here is, although I have all the sympathy in the world for blind folks who can't read AOL's homepage, some people seem to be confused about access and benefits.
The ADA mandates equal access to facilities. That means things like wheelchair ramps, larger bathroom stalls with handrails, elevators, and so on. However, one you have access, the responsibilities of a business vis-a-vis the ADA end.
An art museum can be required to install wheelchair ramps, but it cannot be required to make Braille versions of the paintings. A steak restaurant can be required to have handicapped-access bathrooms, but I think few would argue that they should be required to have vegetarian dishes for those not allowed to eat red meat.
Blind people have access to the AOL website through whatever software they're using (and if they don't, it's not AOL's responsibility to provide such software), but any benefits they may or may not derive from that site are not covered under the ADA. Access can be legislated, but benefits cannot.
I have never seen a kid getting carded when they bought one of the games marked "mature".
There's a good reason for that: it's not illegal for them to do so.
For that matter, it's not illegal for a 9-year-old to see an R-rated movie. The only thing that gives R ratings any force is the theater chain's contract with the distributor. And the theater chains are required to place those restrictions by their agreement with the MPAA.
I won't get into the "kiss-of-death" phenomenon but suffice it to say that I don't think game ratings are actually enforced by contract, they're just there as an advisory, like the "explicit lyrics" stickers on CDs. And IMHO giving them any more force than they already have would start a "kiss of death" in the gaming market.
I think this provides enough material for a domain owners' class-action lawsuit. This would fall under criminal negligence, putting literally billions of dollars' worth of assets at risk. Another might be misappropriation of property -- arguably use of an entity's registration info, like use of their phone number, belongs to that entity, and NSI's legal blather at the top of WHOIS queries could be seen as an illegal effort to restrict an entity's use of their own property.
Anybody want to start a mailing list? If we can get about 1,000 subscribers I think we might have something here.
More to the point, no computer will represent today's date as 9999 internally. Two digits are needed for month and day, yes? So that would be 090999. And there's no "all 9's" magic quality to this number. This is truly a non-event from the code's point of view.
It's not the representation, but the input pattern that's of concern. I personally worked at one place where we were told -- for accounts that were never supposed to "come due" -- to just put in "9 9 99" for the due date. The software converts this internally to 090999 of course. But the point is, the accounts still (assuming they're still using this system) come due today, regardless of how it's represented internally.
The whole "end-of-file marker" thing was a big bunch of FUD, but accounting "shortcuts" like this could indeed cause headaches.
And don't say "but nobody would be that dumb." I had a boss who drove the accountant nuts one month. We mis-billed a bunch of credit cards (~1000 or so), ran the credits back when we found out, and then re-billed correctly. So my boss "helpfully" deleted the original invoices and credits and replaced them with the corrected invoices and credits. (Accountants in the audience may now proceed to the front for a stiff shot of whiskey. Move slowly to avoid sudden collapse...)
Even if Nostradamus's "Centuries" do predict the future, they're pretty useless because nobody understands what they mean. Personally, I think he deliberatly wrote a book of giberish poetry, knowing how gullible people are.
The quatrains are a lot like inkblots. Everybody sees something different, and if you give a person a quatrain and tell them it predicts [insert anything at all here], most people will go "Oh yeah, I can see that."
It's like those "biorhythm" charts or whatnot. One debunker, as a demonstration, gave a woman a biorhythm chart for a completely wrong birthdate. She wrote back praising him for his skill at predicting her rhythms. He wrote back and (deliberately) enclosed a second wrong chart, with a note of apology saying the first one was miscalculated.
Her reply was yet more praise about how the new chart was even more accurate than the old one!
(Source: Martin Gardner, Mathematical Games)
As much as I hate to say it, we live in a world where marketing to the "stupid segment" is not only possible but highly profitable.
Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.
Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.
The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.
1) The GPL forbids restrictions on the software recipient's right to copy modify, and redistribute the software.
2) RMS says he does not oppose commercial distribution of software.
So how exactly am I supposed to write a piece of software for economic gain? If somebody decides they don't like me, they can redistribute my software for free and kill my income (I'm assuming for the moment that software income is separate from any support or subscription fees I might charge).
Well, maybe great minds just think alike. But about six months ago I posted these web pages to my website.
I never linked those pages from anywhere else or posted URLs anywhere that I recall. It's exactly the same idea he's got. I wonder if I said something to somebody and it got back to Kasparov? That would somehow be incredibly cool.
Slashdot Mirror
Ebay does not have a /robots.txt. Pretty silly that they don't because then I think that most of the community would agree with the rest of your stated position.
www.ebay.com and search.ebay.com don't, but listings.ebay.com does.
As far as ebay...I kind of side with them and kind of don't...if you are posting content, expect it to be viewed. I don't know if copyright can be involved in this or not? Repackaging information from places has been around for awhile.
It's been around, yes. Several people here have pointed out search engines, but there's a big difference: AltaVista/Google/etc. honor robots.txt. According to some posters here BiddersEdge appears not to have honored it. That changes everything.
In law there's a concept of intent. By not honoring robots.txt, BE demonstrated at best deplorable ignorance of the generally accepted responsibilities of spider-users, and at worst an intent to circumvent measures taken against services such as theirs.
The article doesn't go into detail but from BE's stated position it's not hard to imagine that even if eBay blocked their address block, that BE would shell out the relatively nominal money to buy, say, a bunch of dial-up accounts.
What eBay has done is analogous to me running, say, a playground and kicking off somebody who appears to be using it for purposes I don't agree with. I'm not required to do any more than ask that they leave (robots.txt) before I'm entitled to call the police to assist.
A lot of people have called eBay a "public" service. That's a term that should be used with extreme caution. Not everything that's public is a "common carrier". "Public" services that aren't common carriers still have most of the property rights of a private entity. There are exceptions, such as anti-discrimination laws, but outside of those "protected" conditions, a business owner can kick you out over anything he wants. Or he can just kick you out for no reason at all. Abridging that right in the name of "freedom" will do more to hurt the Internet than any site denying access ever could.
Government-franchised monopoly utilities/services (cable, phone, power, etc.) usually are classed as common carriers. Check out your state/locality's regulations regarding common carriers and then ask yourself if you'd want to operate a large website under those restrictions. I'm sure it's different in other places, but here in Virginia, state-franchised monopolies have to get approval from the state before they can raise their rates, not something most site owners want to (or should) be subject to.
Perhaps it would be a more economical idea to use *gasp* batteries or *gasp* AC?
It's all about flywheels!
Then again I like the idea of burning Anonymous Cowards who post nothing but flamebait, to power my webserver.
http://thomas.loc.gov/cgi-bin/bdquery/z?d106:h.r.0 3113:
That's the 106th Congress, not the 105th.
It may be that I don't know what I'm talking about, but the government seems to be doing more about E-Mail spam than Snail Mail Spam. Not to mention deleting E-Mail spam is easier than deleting Snail Mail Spam. Doesn't make much sense to me.
Many people don't realize it, but the USPS has confirmed that the rates companies pay on snail spam actually subsidize part of the cost of first-class mail. Translation: if companies quit sending it, your mail rates would go up.
I pay half my bills online these days anyway, but there it is.
Besides that you can recycle snail spam as firelighters :)
There are several things that make real spam easily identifiable:
1. Fishing. They always want me to buy or send something. I've gotten spam that's non-commercial, but it's very very rare.
2. Forgery. Forged headers are practically a defining characteristic. Again, I've gotten spam with non-forged headers, but rarely.
3. Fraud. Just about every one I get is MAKE.MONEY.FAST in a new form, or else it's selling black-market herbs/medicines/whatever.
The biggest problem I have with HR 3113 is that by saying "this spam is bad" it's implicitly saying "this other spam is good."
The real problem, of course, is that SMTP is largely unauthenticated. What's needed is a "secure-net" of SMTP servers that do things like verify the forward and reverse lookups on the address of a sending host, strip out bogus Received headers, and so on. Basically eliminating the trust that allows spammers to get away with their nasty tricks. Sucks, I know, but these days paranoia is the rule rather than the exception (see the Slashdot DDoS discussion for plenty more on that subject).
Would it violate the relevant RFCs for an ISP to set up an SMTP server to strip Received headers on messages coming from its dialup pool? That'd take care of about 90% of the spam right there -- they can run, but they can't cover their tracks. If stripping wouldn't be allowed, maybe there could be an additional header somewhere, an X-header containing the first "known-good" Received line, and that would always be stripped if a message comes from the ISP's subnet(s) with it already present unless other arrangements have been made with the customer.
To those who say it would be too much effort to coordinate, I say open relay used to be the default and now it's fairly rare on servers that have been up for any length of time. This could be accomplished by peer pressure if the major sites jump on it.
Machines are cheaper than people. It's easier to configure N+1 machines all the same than to configure N machines one way and one machine a different way.
It's cheaper still not to secure the machines in the first place. But that would be stupid, wouldn't it?
I haven't seen an rationale for a firewall which is any better than "Well, we're too stupid and lazy to lock down N Unix hosts, so we're going to lock down one. Somehow we will become less stupid and lazy because there is only one machine."
A firewall is no more nor less than acknowledgement that humans are not perfect. I've said before that a firewall is not an excuse for running insecure hosts. But it lessens the chance that if you have one inadvertently insecure host, your entire network can be compromised (unless that host is your firewall, in which case the firewall admin is in the hot seat).
If they're in public services, you're toast *anyway*, because your firewall is letting those services through. If they're in private services, then why for God's sake did you bind them to a public IP address???
Most of the things that people are using firewalls to protect against can be solved by using non-routable IP addresses and some small amount of filtering on your router.
You mean... a firewall? Gasp!
Like it or not, just using non-routable IPs is still not much of a defense. If your router is compromised, your network is then just as vulnerable as if you used routable IPs on an exposed network. And believe it or not, many public services are in fact run on non-routable subnets using port forwarding of one kind or another.
Routers and hosts do different things, and a firewall has aspects of both. On balance having a host do the routing functions is easier than trying to have a router do the (admittedly minimal) hosting functions that a firewall admin might want. Remember it was only fairly recently that routers got the ability to do ssh (IOS 12.05 I think for Cisco gear). Also the more layers of security you have, the better your defense in depth can be. Not necessarily is, but can be.
The simplest case is building two small walls instead of one humongous wall. If you build a humongous wall, it takes a long time to get through... unless the enemy finds a single weak point -- then you're screwed. Two walls each take less time to get through, but if they're well-built using different techniques, the enemy may not get through to begin with and if they breach the first they lose time covering ground and then adapting. They're also very obvious as they traverse the open ground between barriers.
Network security can benefit from the same concept. Others have already mentioned heterogeneous "airgap" systems -- one of the most common and least excusable faux pas by so-called "security admins" is a single firewall protecting a herd of boxen. Second to that is identical airgap firewalls.
Of course real defense doesn't end with the walls. Even services running behind an airgap should be structured with an eye toward reasonable security, as others have pointed out. Many companies think their firewalls make them safe; come the day those firewalls are breached and the attackers make off with everything stored on the NT intranet server before wiping the drive, they'll find out differently.
Any server, no matter how well shielded, should start life in a lockdown configuration and then be made less secure only as needed ("do we really need to enable daytime on this box?"). Admittedly I haven't kept up with developments in secure distros, but does anyone make a "locked-down by default" distro based off Red Hat/Debian/*BSD? It'd be a real service to admins and if not it's something I might consider starting a project for. I know of Bastille Linux but that's (as far as I know) not so much a distro as a set of scripts to tighten up Red Hat.
The only thing we have yet to figure out is how to effectively make systems under attack "shoot back". The most they can do at the moment is call in an airstrike (i.e. alert the admins). Any return-fire capability would only be as good as the intermediate links let it be. It might not even be a good idea, as it would increase network traffic and make the attack that much more severe.
A practical point of view would not use absolute pixel sizes that render a site unreadable on hi-res monitors.
A practical point of view would not do that annoying "look at me! look at me! I'm an intro graphic! look at me!" idiocy on the first page.
Nothing that degrades usability for anyone is being done from a practical point of view.
This web site's behavior with respect to its stated purpose is akin to employers searching for a Unix admin, then asking him for a resume in Word format.
Web designers still haven't caught on that there is no such thing as a "static" page. It may be viewed in a variety of resolutions, color depths, window size, and font combinations, and any site that assumes any of those is a static factor is going to have egg on its face every time somebody comes along who (shock, horror!) doesn't have MS Comic Sans installed.
One of the more interesting design challenges is to do a page all in shades of gray and still make it look good. I wonder if this guy could do that. I've taken a stab at it and it actually didn't look awfully bad, although I'd probably nix the small-caps hack if I did it over again. I'd probably dim the whiteness of the text a bit too -- it's a little glare-y.
As the above poster pointed out, DSL emits imperial buttloads (bigger than your puny metric buttload!) of RF. Our ILEC is Sprint; after CStone had about a half-dozen of these "DSL" installs, Sprint figured it out and told them it was a service outside the tariff specs, it was causing noise on other lines in the same sheath, and they wouldn't be doing any more dry-pair installs for CStone as a result. There was a bunch of other maeuvering but I can't go into detail as it was specified that it was all "off the record" during the conversations I had.
My personal opinion is yes, it causes quality problems, but Sprint came down hard on it not because of the quality (which they manifestly don't care about, judging by my experiences with them) but because they realized they were missing out (they had several months yet until their own DSL service was launched).
CStone was recently bought by a regional CLEC/ISP/cableco, so theoretically they might get to slap their brand on CFW-provided DSL at some point. CFW's been doing DSL here since March of last year and (apart from various incompetence with actually getting an install tech out!) I love it to death. 768K for $70.00/mo. (384K for $50) -- my friends in Northern Virginia hate me :-)
Summary: Don't abuse it or you'll lose it.
"However, most scientists believe that such anti-gravity research is fundamentally flawed. It goes against what we know about the physical Universe and is therefore impossible, they say."
These would probably be the spiritual descendants of the "scientists" who claimed that traveling at greater than 60 MPH would cause the blood to boil and was therefore impossible. It's also incredibly arrogant to claim that something that would contradict existing science is impossible; it's tantamount to claiming that we already know all that can be known, in which case science can just pack it in, we don't need you guys any more, don't forget your hat.
Sagan has noted several times that the "old guard" often hampers progress in science. It threatens the importance of their own discoveries. Nobody wants his carefully-researched theory noted in textbooks as "a useful first approximation" or to carry, even if only in his own head, the stigma of your life's work being derived from "second-class" measurements.
One great example is chaos theory. Nobody wanted to admit that a perfectly spherical world with constant illumination and rotation could generate weather. It totally went against what we knew of physics. When it was found that the divergences resulted from rounding effects of the computer simulation a lot of scientists wanted to just dismiss the whole thing right there as "experimental error", instead of admitting that microscopic errors having macro-scale results represented a new fundamental truth about the world.
See also the Henrietta Lacks debacle, where a concerted effort was made by researchers and the journals they published in to save face by trying to cover up the fact that their results were contaminated.
And see also Velikovsky. In the 60s and 70s, his Worlds in Collision was hotly debated and a lot of scientists, rather than actually refute his conclusions, preferred to take the lazy route of trying to suppress publication of his ideas. Slashdotters know how futile that can be.
(If you're on a salary and working significant overtime, start keeping a log of the hours you work -- you will want it after you leave so you can pursue a back-pay claim with the Wage and Hour Division of OSHA. Don't worry about contract provisions -- most of them are illegal if they attempt to limit your legal right to be paid for work and OSHA will be happy to tell you which are and aren't applicable to you.)
The company I work for pretty much doesn't care if I come in at 9:30 or 11:30, as long as I'm in before noon (I rarely see my manager before 11:00). But I've been put on notice by the department head that I'll soon be moving to a high-profile project and other considerations mean it has go from zero to code-freeze by April 30. That's right, ten weeks from now a mission-critical project that hasn't even started yet must be essentially complete. This means a strict 40 hours a week will mark me as a slacker as it has in other places when I tried to defend my free time from the encroachment of work.
You know what we need more than anything? A retribution-free workplace. Imagine how much less stress you'd have if you could just say "Bob, I'm spending half my day doing [insert unproductive things here] and having to work overtime to get my real work done. Is there any way you can cut me loose from a couple of [unproductive things] so I can go home on time?" Wouldn't that be great? And it'll happen sometime around the day pigs fly.
The only thing that worries me is, it looks like it might be a breech birth, full of extra pain and difficulty. At least one major ISP has announced it has no plans to participate. Also complicating the transition will be the fact that Usenet II requires a valid e-mail address to post, meaning that spammers with read access can still do what they do.
Then again, in its early days, Usenet was often an unauthorized service provided by site admins while management turned a blind eye.
I think you're thinking of the one where he's buying a new computer. The salesman shows him the newest "mini-micro" -- "you glue chips to your fingernails, and it automatically senses where your fingers are at all times." In the final panel the salesdroid says "Of course, you may not want your computer to know where your fingers are at all times." At which point his own finger-top pipes up and says "Dave, about last night..."
The ADA mandates equal access to facilities. That means things like wheelchair ramps, larger bathroom stalls with handrails, elevators, and so on. However, one you have access, the responsibilities of a business vis-a-vis the ADA end.
An art museum can be required to install wheelchair ramps, but it cannot be required to make Braille versions of the paintings. A steak restaurant can be required to have handicapped-access bathrooms, but I think few would argue that they should be required to have vegetarian dishes for those not allowed to eat red meat.
Blind people have access to the AOL website through whatever software they're using (and if they don't, it's not AOL's responsibility to provide such software), but any benefits they may or may not derive from that site are not covered under the ADA. Access can be legislated, but benefits cannot.
I have never seen a kid getting carded when they bought one of the games marked "mature".
There's a good reason for that: it's not illegal for them to do so.
For that matter, it's not illegal for a 9-year-old to see an R-rated movie. The only thing that gives R ratings any force is the theater chain's contract with the distributor. And the theater chains are required to place those restrictions by their agreement with the MPAA.
I won't get into the "kiss-of-death" phenomenon but suffice it to say that I don't think game ratings are actually enforced by contract, they're just there as an advisory, like the "explicit lyrics" stickers on CDs. And IMHO giving them any more force than they already have would start a "kiss of death" in the gaming market.
"Internet Capital"? Like "Internet Money"? Perhaps they mean "Internet C@pitol" instead? Sheesh! Can't the State even spell?
We can spell just fine, thank you. A "capitol" is a building. A "capital" is a place.
Anybody want to start a mailing list? If we can get about 1,000 subscribers I think we might have something here.
More to the point, no computer will represent today's date as 9999 internally. Two digits are needed for month and day, yes? So that would be 090999. And there's no "all 9's" magic quality to this number. This is truly a non-event from the code's point of view.
It's not the representation, but the input pattern that's of concern. I personally worked at one place where we were told -- for accounts that were never supposed to "come due" -- to just put in "9 9 99" for the due date. The software converts this internally to 090999 of course. But the point is, the accounts still (assuming they're still using this system) come due today, regardless of how it's represented internally.
The whole "end-of-file marker" thing was a big bunch of FUD, but accounting "shortcuts" like this could indeed cause headaches.
And don't say "but nobody would be that dumb." I had a boss who drove the accountant nuts one month. We mis-billed a bunch of credit cards (~1000 or so), ran the credits back when we found out, and then re-billed correctly. So my boss "helpfully" deleted the original invoices and credits and replaced them with the corrected invoices and credits. (Accountants in the audience may now proceed to the front for a stiff shot of whiskey. Move slowly to avoid sudden collapse...)
Oh, right. Carry on.
Even if Nostradamus's "Centuries" do predict the future, they're pretty useless because nobody understands what they mean. Personally, I think he deliberatly wrote a book of giberish poetry, knowing how gullible people are.
The quatrains are a lot like inkblots. Everybody sees something different, and if you give a person a quatrain and tell them it predicts [insert anything at all here], most people will go "Oh yeah, I can see that."
It's like those "biorhythm" charts or whatnot. One debunker, as a demonstration, gave a woman a biorhythm chart for a completely wrong birthdate. She wrote back praising him for his skill at predicting her rhythms. He wrote back and (deliberately) enclosed a second wrong chart, with a note of apology saying the first one was miscalculated.
Her reply was yet more praise about how the new chart was even more accurate than the old one!
(Source: Martin Gardner, Mathematical Games)
As much as I hate to say it, we live in a world where marketing to the "stupid segment" is not only possible but highly profitable.
Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.
The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.
2) RMS says he does not oppose commercial distribution of software.
So how exactly am I supposed to write a piece of software for economic gain? If somebody decides they don't like me, they can redistribute my software for free and kill my income (I'm assuming for the moment that software income is separate from any support or subscription fees I might charge).
I feel like I'm missing something here.
I never linked those pages from anywhere else or posted URLs anywhere that I recall. It's exactly the same idea he's got. I wonder if I said something to somebody and it got back to Kasparov? That would somehow be incredibly cool.