The largest reason DX10 will not be on XP is because of the new driver model. For more information about how it is substantially different than the driver model in XP, please see this MDSN blog:
I believe the intent of the question is that he wants to place the terms that people look for into his own web page or job listing so that he may easily be found. After all, if you're going to market yourself, wouldn't you want to know how people would look for you if they had to?
While I don't have any tips on what search words to use, I do know what I would look for in a technical writer.
Must be smart. I don't care how good you are at MS word, if you can't take a screenshot you're not getting hired.
Must be able to work with technical people. This means being able to put up with idiosyncratic behaviors, communicating at a technical level, and having a basic understanding of progamming and how developers work. Having had some programming courses in college could help.
Must be self-motivated. I don't have time to hold your hand so you can figure out how to use the software you're documenting. You need to be able to figure it out on your own. You may even need read-only access to the source code repository so you could look things up for yorself.
Must be a good writer. Typos and bad grammar are not to be tolerated.
Have a sense of style. It doesn't matter how good your documentation is, if it doesn't look good it's worthless.
Know your limits. When you find it's impossible to figure something out the software you're documenting, or if it would take way too much time to work out all of the cases, then you can approach the developers. Developer time (particularly uninterrupted developer time) is a vital resource not to be wasted.
Memory allocation is a black art, and fiddling with it is best left up to the wizards.
That said, the first article linked to gives some good recommendations on memory allocation. But I would go one step further and say that coding the app using malloc then analyzing the behavior is your best bet.
For example, code the application using just malloc but tag each block of memory with an identifier so you can figure out where the memory was allocated from. Next, wrap the malloc/free calls with timing code that samples at fixed intervals to evaluate the overall performance of the allocator. After running the app for a representative interval, break in with the debugger and check your stats. If malloc is taking a long time or if the heap is fragmented, determine your most commonly allocated items and see about making an allocator specifically for them.
Fragmented heaps are a bad thing, so if I'm going to be allocating lots of objects of the same size I usually write a custom block allocator for them with a free block list. Makes allocation fast and keeps the fragmentation low.
It's called a filing cabinet. It's got full text search and an easy to use index. Although it has 99.9999% availability (it's blocked by crap stacked in front of it the other 0.00001%), it's a bit difficult to make backups without access to the office copier, two toner cartriges and 20 boxes of paper.
So this is what gets modded as 4 Insightful on/. these days? Hz and ms are easily converted from one to the other (e.g. 60Hz approx. = 16 ms, 85Hz approx. = 12ms). And while there are some puny 19" LCDs that can do 10-12ms refresh, those of us who run at 1600x1200 resoltion or larger would be "stuck" buying LCDs at 20"+ that are incapable of such speeds.
The problem is ad revenue. Advertisers pay ABC to produce the show and ABC affiliates receive funding during such programming because more eyes are watching it. If popular programmes are being downloaded from the Internet, this may not hurt ABC per se, but this certainly cuts into affiliate revenues.
You have to remember, there are many people making money on the current television distribution system, from the people who make the programs to the guys who carry the video to the broadcast booth, all the way down to the local TV stations that get syndication revenues (which is why old popular TV shows are not already available for download).
As usual, the answer to the question is 'follow the money'.
I don't think that holding people accountable for security related bugs in
feasible; security is up to the person who has something they want to
protect. There's no reason that anyone sufficiently paranoid cannot run
every application in its own virtual machine on a computer behind a
firewall or, better yet, not connected to a newtwork. Security is what you
pay for. Guarnateeing a certain level of security would price most
software outside normal users wallet.
That is not to say, however, that bugs that intentionally or
unintentionally causes phyiscal damage or data loss should not be
prosecutable as fraud. If the software manufacturer makes claims as to the
application's functionality and the application does not deliver on said
promises, that's fraud. Software development companies probably should be
held liable for those kinds of bugs.
The black holes at the centers of galaxies, as far as just gravity is concerned, are dynamically unimportant to the outer parts of the galaxies.
It is statements like that these that make me shake my head in disbelief. This is almost like saying that the guy at the front in a game of 'crack the whip'[0] has no impact on the guy at the end. If you look merely at the distance between the black hole and star at the edge of a galaxy, then, yes, there is not much of an impact. But the gravitational forces of that black hole do impact nearby stars, which impact other nearyby stars further towards the rim and so forth until you reach the very edge of the galaxy. Looking at it this way, the black hole has a tremendous impact on far away stars, it just takes a long time to get there through many intermediates.
[0] Crack the Whip, for those not in the know, is a game where you get a group of people all holding hands in a line and the person at the front runs and drags a person behind him and whips him around in an attempt to get people further down the line to lose their grip, thus breaking the chain. The person at the very end usually gets whipped around with such feriocity that broken limbs are not an uncommon occurance. Fun!
Implicit in many other posts is that it takes energy to move a car; if you're not getting it from gas you're simply getting it from somewhere else. If you really want to cut down on your energy consumption, drive less. Probably the largest energy savings you can get would be to live closer to where you work.
But perhaps the best solution is getting your local government to support mixed use zoning. New Urbanism is a great start, but not if these end up as islands in a sea of suburbia -- you'd just end up driving to get to them, sort of like a Universal Studio's City Walk. Relaxation of zoning and land-use laws in suburban areas would help even more. The ability to open a cafe on the corner of your subdivision -- or even in your own house -- would be a great way to create more local services that obviate the need for driving.
At any time in the past, Microsoft could have initiated 'Genuine Advantage' checks, particularly after the appears of key generators on the net. The question is, why now?
I believe it is because Microsoft knows that the OS market has been saturated. Many people feel that 2K/XP are 'good enough' and feel no need to upgrade. This is particularly true for corporations. So one way of trying to squeeze out the last drops of cash is by enforcing licensing. People who buy computers from shady shops will either have to buy a license when they try to get updates or fight for some kind of refund from the retailer. Companies that might have had a few unlicensed windows installs will now have to buy those extra licenses so they can keep computers secure to comply with Sarbanes-Oxley.
I see this as the first step in moving Microsoft customers to a subscription model. Once you've hooked people with the 'Genuine Advantage' and provide an easy way to pay for a license over the web, it's only a few more steps to charging their credit card $20/month for the right to use Windows.
Yessirree, Quake 1 (or WinQuake if you don't want to use the original DOS-extender version). Set it up for 10 minute sessions and frag your friends to death. My friends and I used to play it on 200MHz machines in 320x240 software rendered with really good frames, although you could probably still find glquake if your machines have even a minimum of 3d rendering capability.
I'd also recommend modding the game (really easy to do) or finding a mod that reduces the amount of rocket damage. I find the rockets to be too powerful since they can gib you with one hit. That can be fun for a little while, but it seems somewhat less satisfying than hunting and combating your enemy.
I tried the switch myself, and found it impossible to use vi. I'm sorry, but no matter it doesn't matter how good your keyboard layout is, it's worthless if I can't use vi. Using the HJKL keys for cursor navigation was horrible!
While I did start programming at an early age, I only really got good at it in college while using a DEC VT 4x0. Man did I love those keyboards. The picture linked is a little different from the one I used, though --- the ESC key was where F11 is. That made vi awesome to use as both hands were very useful. Plus, the fact that the CTRL and SHIFT keys were farther to the left really reduced stress on the left hand.
I bought a VT for $20 at an acution and loved using it for programming. When the monitor ate itself, I held a funeral for my VT. *sniff*.
I had no idea that Smalltalk implemented the GUI on the Alto, and all I can say is "wow". That has got to be the most powerful programming concept ever. You've got all the introspection and application-hooking capabilities you can imagine to customize every feature of every application, including the window manager! Of course there was probably no memory protection nor access controls, making it totally useless for today's desktop. But, damn! it would be cool to play with.
I bought one as soon as it was available. I was going on a summer trip to England and I wanted to bring my own tunes with me. The damned thing cost me $750 USD, but I'm still using it today with the same battery that came with it. I had to replace the headphones, though, as the batting crumbled to dust. TCO so far comes out to $100/year, but it's getting cheaper by the day!
Another problem takes the form of weak habits of the average user out there. The concept of security is so absent as to be unknown. Almost every person I used to talk to about security always said the same thing: "Why would anyone break into my computer? There's nothing important on it!" Thankfully, today, most of the people I talk to who have ANY contact with tech are more prone to ask me "Can you give me any tips on how to make my computer safer?".
I wouldn't say it is weak security habits per se, rather that most people believe that the information the computer contains is the only thing of value. If you think of a computer as a specialied television, then that type of thinking make sense in a way; a television has no innate value other than in the information/entertainment it provides. A computer is not a television, however, because it has things of value other than information: CPU cycles and network bandwidth. Until "normal" people start to think of these things as having value (which they intrinsically have, otherwise you wouldn't be paying for them in electricity costs and access fees), security is never going to get any better.
Just keep in mind that 16ms is 60Hz refresh (i.e. 1/60 = 0.016). If you're a hard core gamer with whom frames matter, you'd probably want an LCD a 12ms (~75Hz) refresh.
According to a recent Science News article (subscribers only), the universe may actually be older than the aforementioned 13.7 billion years.
The evidence comes from the fact that older stars must fuse carbon, nitrogen and oxygen into helium, unlike their younger bretheren that fuse pure hydrogen. The slowest part of the carbon-nitrogen-oygen reaction comes during the collision of a proton with a nitrogen-14 nucleus. Using particle accelerators to mimic the interior of older stars they have determined that the reaction occurs half as fast as estimated.
Two research teams, one from the National Institute for Nuclear Physics in Padova, Italy, and the other from the University of North Carolina at Chapel Hill, have performed nearly identical experiments and their prelimiary results agree, although their findings have not yet been published.
As has been stated previously,/.ers don't know jack about average customers.
The best solution is to provied tiered services for residential customers. The default (and bottom) tier is to firewall the bad ports. Those people who want to run basic services (such as web and mail) should be able to sign up for the second tier. This would provide basic firewalling and leave open the ports for web and mail. The third tier would be an open pipe and the end-user claims all responsibility for the use of that pipe. Third tier users would be on their own network separate from tiers 1 and 2 in case their IP ranges get placed onto RTBLs or some such thing.
The common consumer just wants cheap internet access and will pay for the bottom tier and get the benefits of protection. Cocky/.ers would pay for the top tier (probably at a premium) to get what they want. Then they can shoot themselves in the foot.
I sent in an article about Road Runner blocking HTTP port 80 about a year ago (rejected), when I noticed I couldn't get to my web server on my home machine anymore. Good or bad, one of the side effects was that the Code Red worm could no longer sread on Road Runner's network. My daily logs dropped dropped from over a meg to a respectable 100K. Plus, I just relocated my web server to a higher port.
Management is a necessary evil. One recent experience made that ultimately clear when I started working for a newly opened branch of [company name]. Upper management told us to find our own work then yelled at us for not being billable. They finally hired (suckered?) an ex-military R&D manager for us (a very cool guy) who made me realize just how good he was -- he had vision, knew how to use the employees, and fought upper management when they made bone-headed decisions. In the end, they closed the branch just before out options matured.
Customers are very often like bad management -- they have no clearly defined vision, and they tell you how to do your job when they have no (or worse, little) clue -- so I will lump them together.
Here's my Cliff's Notes(TM) Guide to Happiness in the Workplace:
Your job is not your life. Anybody who thinks otherwise is a fool. I know this sounds trite and cliche, but it true. The sooner you realize this, the sooner you're on the road to happiness.
Diplomacy is your friend. I define diplomacy as a "smoothing of feathers"; politics, on the other hand, is antagonistic and manipulative. Politics usually reigns at the work-place because most people forget to check their emotional baggage at the door. The axiom "Nothing personal...It's just Business" couldn't be more true.
It is not your place to make decisions. If you have a manager, it is your manager's responsibility to manage your time.
As a programmer, it is your responsibility to train management on how to work with technical people. You have to remind them (diplomatically) that they should only be giving you requirements and not telling you how to do your job.
For lack of a better phrase, cover your ass. I don't mean shred the evidence that you fucked up. You have to show management what will happen when they make decisions (schedule slip, cost overruns).
Interpersonal skills are a must. Anyone who says they want to program in isolation is a moron. Management is not a one-way street. You have to be able to clearly (if simply) describe to management what you are doing so they can make the appropriate decisions. Is most cases I find that when I can get management/customers to understand what I am doing and why I made certain design decisions they end up agreeing with me 100%.
Perhaps the hardest thing to do is what I call Requirements Mining. It's a dirty, hard, labor- and mental-intensive process whereby you extract the vision from management/clients. This process can take lots of time and meetings. You have to be able to listen to what management says and, more importantly, to listen to what they're not saying. After mining, you have to cut and polish the gems to present back to management for further review.
Permit me a brief example:
Boss come to you and says "build me X". You have no idea what "X" is, so you schedule a meeting to find out: 1) what is the status quo, 2) what is the problem, and 3) what is the proposed solution. You write up a report with rough sketches and schedule another meeting. More people attend, the vision is further refined. You ask direct and pointed questions. Repeat two or three times till you can come up with a solid understanding and schedule. Present your proposal (design, schedule, estimated cost (if applicable)) to management. Include some options in there to make management feel important but try to convince them that they should pick the one you already decided was the correct one. (After all, you should know your job better than they, no?)
The project is proceeding smoothly with regularly scheduled meetings to display progress. Suddenly, a boss (not your immediate manager) comes to you and says he needs "feature Y because it was promised by sales, so we have to have it." First, redirect him to your immediate supervior. Second, come up with the cost (schedule slip) and inform your manager of the consequences of his choice. Document (even if it's via e-mail) that you told him what would happen when the choice was made and do whatever it is that is decided.
It doesn't matter that the project is now four months late due to feeping creaturism. Why? Because you've already documented the consequences of other people's poor decisions on choices that were never your to make in the first place. You can go home at the end of the day with a clear conscience.
I spent $28000 to get my CS degree to learn to program. I spend $600/mo for my apartment and $300/mo for my car. I own a small software business with 8 employees. The company pays $1500/mo for 7000 square feet of office space, and $200/mo for an Internet connection. My employees make between $30K and $40K per year. Approximately 23% of their salaries goes to taxes. Mine are higher since I own a business. I also have to provide health insurance at $350/mo per employee. Add to that unemployment costs of 5% of the employee's salary that goes to the state. Then the company has to pay taxes on all equipment (chairs, desks, computers, office plants) each year. Add to that other operating expenses such as toner cartridges, phones, books, supples, legal services, accounting, janitoral, etc.
And you want me to give my software away for free?
I've noticed that IDE devices under Windows 2000 are hot-swappable. As long as you're not pulling out your main HD, Win2k seems okay with that.
Here's how I do it:
Start -> Settings -> Control Panel -> System -> Hardware -> Advanced -> Device Manager
Disable or remove the IDE device in question
Pull the power plug from the device
Pull the data cable
Remove device
Reverse procedure for new device
When you put the power plug on the device, Windows will automatically detect the device and load the driver. It's awesome! I was swapping out CD-ROMs and testing them all day without a hitch.
Many people claim that one can run services on any port they choose, so port filtering is not the same thing as service filtering. True, but if people ran anything on any port we would have no concept of well-known-services at specific ports. Moving web traffic from port 80 makes almost no sense because that's where everyone is going to look for it by default. There is a high probability, then, that filtering on specific ports will filter specific services.
Network administrators, by default, are highly suspicious and paranoid people. They don't even trust the people they work with, and for good reason. If they could force everyone to use pine or mutt for e-mail reading, I'm sure they would since it is less succeptible to Outlook-born viruses. If development teams would communicate with and seek advice from the security team when developing applications I'm sure there wouldn't be as much hostility to opening a port as there is when approached with "We just wrote an application. Can we have a free port?"[1]. In the latter case, the security team has no idea what the application does or how it was developed and is certainly not inclined to open a port to untrusted software.
Finally, on to the subject of my article, Apache (or whatever server you're running) is the inetd of the future. Look at the facts:
both listen on one or more ports for requests
when a request comes in it is dispatched to the correct subsystem
most security (ssl, https, tcpwrappers) is handled by the daemon before it gets to the service handler
the service handler can perform further accouting or security checks
the daemon handles all the networking details on behalf of the subsystem
Add to this the fact that this is all multiplexed on a single port, and configuring your firewall should be a breeze. Virtually anything you can do with inetd you can do with a good web server.
Paradoxically, network admins appear less paranoid about their web servers than other inetd-based or standalone services. Some guy codes up a web app and, with little fuss, gets it deployed on the server. No code review, no hassle, no problem! There are only two reasons I can think of for this behavior: 1) The administrator inherently trusts the web server, or 2) the web server box is in a DMZ. I would be suspicious of administrators in the former case.
Despite the security advantages of a DMZ, it is still necessary for application developers to communicate with security people. Say, for example, that a web application is deployed on server in a DMZ and that the machine is later compromized. If the application had a configuration file with passwords for a database, the database should now be considered compromized.
Damage can be reduced or prevented by correct configuration of the database (providing write access only to a specific table rather than the whole database), but you should check with the security people before actual deployment.[2]
[1] The standard answer to this question is "No". Note that the administrator only answers the question asked. If you want to be more successful in the future, present a full document detailing what the software does, how it works, and maybe provide the admin with a code review, THEN ask for a port. I know this is a lot of work, but it is necessary to maintain the security of the network. You may not take security seriously, but your administrator does.
[2] Yes, I know that there are moron security people out there. My comment assumes you have good to excellent security people working in your company.
Slashdot Mirror
The largest reason DX10 will not be on XP is because of the new driver model. For more information about how it is substantially different than the driver model in XP, please see this MDSN blog:
/ 04/02/566767.aspx
http://blogs.msdn.com/greg_schechter/
This post in particular is particularly of interest as it explains the interaction of the new window manager with the new driver model:
http://blogs.msdn.com/greg_schechter/archive/2006
I take umbrage to your comment, sir.
As a programmer, it is my job to every day reinvent the wheel!
I believe the intent of the question is that he wants to place the terms that people look for into his own web page or job listing so that he may easily be found. After all, if you're going to market yourself, wouldn't you want to know how people would look for you if they had to?
While I don't have any tips on what search words to use, I do know what I would look for in a technical writer.
Hopefully you might find some of that useful.
Memory allocation is a black art, and fiddling with it is best left up to the wizards.
That said, the first article linked to gives some good recommendations on memory allocation. But I would go one step further and say that coding the app using malloc then analyzing the behavior is your best bet.
For example, code the application using just malloc but tag each block of memory with an identifier so you can figure out where the memory was allocated from. Next, wrap the malloc/free calls with timing code that samples at fixed intervals to evaluate the overall performance of the allocator. After running the app for a representative interval, break in with the debugger and check your stats. If malloc is taking a long time or if the heap is fragmented, determine your most commonly allocated items and see about making an allocator specifically for them.
Fragmented heaps are a bad thing, so if I'm going to be allocating lots of objects of the same size I usually write a custom block allocator for them with a free block list. Makes allocation fast and keeps the fragmentation low.
It's called a filing cabinet. It's got full text search and an easy to use index. Although it has 99.9999% availability (it's blocked by crap stacked in front of it the other 0.00001%), it's a bit difficult to make backups without access to the office copier, two toner cartriges and 20 boxes of paper.
So this is what gets modded as 4 Insightful on /. these days? Hz and ms are easily converted from one to the other (e.g. 60Hz approx. = 16 ms, 85Hz approx. = 12ms). And while there are some puny 19" LCDs that can do 10-12ms refresh, those of us who run at 1600x1200 resoltion or larger would be "stuck" buying LCDs at 20"+ that are incapable of such speeds.
That is why I buy CRTs.
The problem is ad revenue. Advertisers pay ABC to produce the show and ABC affiliates receive funding during such programming because more eyes are watching it. If popular programmes are being downloaded from the Internet, this may not hurt ABC per se, but this certainly cuts into affiliate revenues.
You have to remember, there are many people making money on the current television distribution system, from the people who make the programs to the guys who carry the video to the broadcast booth, all the way down to the local TV stations that get syndication revenues (which is why old popular TV shows are not already available for download).
As usual, the answer to the question is 'follow the money'.
I don't think that holding people accountable for security related bugs in feasible; security is up to the person who has something they want to protect. There's no reason that anyone sufficiently paranoid cannot run every application in its own virtual machine on a computer behind a firewall or, better yet, not connected to a newtwork. Security is what you pay for. Guarnateeing a certain level of security would price most software outside normal users wallet.
That is not to say, however, that bugs that intentionally or unintentionally causes phyiscal damage or data loss should not be prosecutable as fraud. If the software manufacturer makes claims as to the application's functionality and the application does not deliver on said promises, that's fraud. Software development companies probably should be held liable for those kinds of bugs.
It is statements like that these that make me shake my head in disbelief. This is almost like saying that the guy at the front in a game of 'crack the whip'[0] has no impact on the guy at the end. If you look merely at the distance between the black hole and star at the edge of a galaxy, then, yes, there is not much of an impact. But the gravitational forces of that black hole do impact nearby stars, which impact other nearyby stars further towards the rim and so forth until you reach the very edge of the galaxy. Looking at it this way, the black hole has a tremendous impact on far away stars, it just takes a long time to get there through many intermediates.
[0] Crack the Whip, for those not in the know, is a game where you get a group of people all holding hands in a line and the person at the front runs and drags a person behind him and whips him around in an attempt to get people further down the line to lose their grip, thus breaking the chain. The person at the very end usually gets whipped around with such feriocity that broken limbs are not an uncommon occurance. Fun!
But perhaps the best solution is getting your local government to support mixed use zoning. New Urbanism is a great start, but not if these end up as islands in a sea of suburbia -- you'd just end up driving to get to them, sort of like a Universal Studio's City Walk. Relaxation of zoning and land-use laws in suburban areas would help even more. The ability to open a cafe on the corner of your subdivision -- or even in your own house -- would be a great way to create more local services that obviate the need for driving.
I believe it is because Microsoft knows that the OS market has been saturated. Many people feel that 2K/XP are 'good enough' and feel no need to upgrade. This is particularly true for corporations. So one way of trying to squeeze out the last drops of cash is by enforcing licensing. People who buy computers from shady shops will either have to buy a license when they try to get updates or fight for some kind of refund from the retailer. Companies that might have had a few unlicensed windows installs will now have to buy those extra licenses so they can keep computers secure to comply with Sarbanes-Oxley.
I see this as the first step in moving Microsoft customers to a subscription model. Once you've hooked people with the 'Genuine Advantage' and provide an easy way to pay for a license over the web, it's only a few more steps to charging their credit card $20/month for the right to use Windows.
I'd also recommend modding the game (really easy to do) or finding a mod that reduces the amount of rocket damage. I find the rockets to be too powerful since they can gib you with one hit. That can be fun for a little while, but it seems somewhat less satisfying than hunting and combating your enemy.
While I did start programming at an early age, I only really got good at it in college while using a DEC VT 4x0. Man did I love those keyboards. The picture linked is a little different from the one I used, though --- the ESC key was where F11 is. That made vi awesome to use as both hands were very useful. Plus, the fact that the CTRL and SHIFT keys were farther to the left really reduced stress on the left hand.
I bought a VT for $20 at an acution and loved using it for programming. When the monitor ate itself, I held a funeral for my VT. *sniff*.
I had no idea that Smalltalk implemented the GUI on the Alto, and all I can say is "wow". That has got to be the most powerful programming concept ever. You've got all the introspection and application-hooking capabilities you can imagine to customize every feature of every application, including the window manager! Of course there was probably no memory protection nor access controls, making it totally useless for today's desktop. But, damn! it would be cool to play with.
I bought one as soon as it was available. I was going on a summer trip to England and I wanted to bring my own tunes with me. The damned thing cost me $750 USD, but I'm still using it today with the same battery that came with it. I had to replace the headphones, though, as the batting crumbled to dust. TCO so far comes out to $100/year, but it's getting cheaper by the day!
I wouldn't say it is weak security habits per se, rather that most people believe that the information the computer contains is the only thing of value. If you think of a computer as a specialied television, then that type of thinking make sense in a way; a television has no innate value other than in the information/entertainment it provides. A computer is not a television, however, because it has things of value other than information: CPU cycles and network bandwidth. Until "normal" people start to think of these things as having value (which they intrinsically have, otherwise you wouldn't be paying for them in electricity costs and access fees), security is never going to get any better.
Just keep in mind that 16ms is 60Hz refresh (i.e. 1/60 = 0.016). If you're a hard core gamer with whom frames matter, you'd probably want an LCD a 12ms (~75Hz) refresh.
The evidence comes from the fact that older stars must fuse carbon, nitrogen and oxygen into helium, unlike their younger bretheren that fuse pure hydrogen. The slowest part of the carbon-nitrogen-oygen reaction comes during the collision of a proton with a nitrogen-14 nucleus. Using particle accelerators to mimic the interior of older stars they have determined that the reaction occurs half as fast as estimated.
Two research teams, one from the National Institute for Nuclear Physics in Padova, Italy, and the other from the University of North Carolina at Chapel Hill, have performed nearly identical experiments and their prelimiary results agree, although their findings have not yet been published.
The best solution is to provied tiered services for residential customers. The default (and bottom) tier is to firewall the bad ports. Those people who want to run basic services (such as web and mail) should be able to sign up for the second tier. This would provide basic firewalling and leave open the ports for web and mail. The third tier would be an open pipe and the end-user claims all responsibility for the use of that pipe. Third tier users would be on their own network separate from tiers 1 and 2 in case their IP ranges get placed onto RTBLs or some such thing.
The common consumer just wants cheap internet access and will pay for the bottom tier and get the benefits of protection. Cocky /.ers would pay for the top tier (probably at a premium) to get what they want. Then they can shoot themselves in the foot.
I sent in an article about Road Runner blocking HTTP port 80 about a year ago (rejected), when I noticed I couldn't get to my web server on my home machine anymore. Good or bad, one of the side effects was that the Code Red worm could no longer sread on Road Runner's network. My daily logs dropped dropped from over a meg to a respectable 100K. Plus, I just relocated my web server to a higher port.
http://www.joelonsoftware.com/articles/fog00000003 56.html
Management is a necessary evil. One recent experience made that ultimately clear when I started working for a newly opened branch of [company name]. Upper management told us to find our own work then yelled at us for not being billable. They finally hired (suckered?) an ex-military R&D manager for us (a very cool guy) who made me realize just how good he was -- he had vision, knew how to use the employees, and fought upper management when they made bone-headed decisions. In the end, they closed the branch just before out options matured.
Customers are very often like bad management -- they have no clearly defined vision, and they tell you how to do your job when they have no (or worse, little) clue -- so I will lump them together.
Here's my Cliff's Notes(TM) Guide to Happiness in the Workplace:Interpersonal skills are a must. Anyone who says they want to program in isolation is a moron. Management is not a one-way street. You have to be able to clearly (if simply) describe to management what you are doing so they can make the appropriate decisions. Is most cases I find that when I can get management/customers to understand what I am doing and why I made certain design decisions they end up agreeing with me 100%.
Perhaps the hardest thing to do is what I call Requirements Mining. It's a dirty, hard, labor- and mental-intensive process whereby you extract the vision from management/clients. This process can take lots of time and meetings. You have to be able to listen to what management says and, more importantly, to listen to what they're not saying. After mining, you have to cut and polish the gems to present back to management for further review.
Permit me a brief example:
Boss come to you and says "build me X". You have no idea what "X" is, so you schedule a meeting to find out: 1) what is the status quo, 2) what is the problem, and 3) what is the proposed solution. You write up a report with rough sketches and schedule another meeting. More people attend, the vision is further refined. You ask direct and pointed questions. Repeat two or three times till you can come up with a solid understanding and schedule. Present your proposal (design, schedule, estimated cost (if applicable)) to management. Include some options in there to make management feel important but try to convince them that they should pick the one you already decided was the correct one. (After all, you should know your job better than they, no?)
The project is proceeding smoothly with regularly scheduled meetings to display progress. Suddenly, a boss (not your immediate manager) comes to you and says he needs "feature Y because it was promised by sales, so we have to have it." First, redirect him to your immediate supervior. Second, come up with the cost (schedule slip) and inform your manager of the consequences of his choice. Document (even if it's via e-mail) that you told him what would happen when the choice was made and do whatever it is that is decided.
It doesn't matter that the project is now four months late due to feeping creaturism. Why? Because you've already documented the consequences of other people's poor decisions on choices that were never your to make in the first place. You can go home at the end of the day with a clear conscience.
It's only a job.
And you want me to give my software away for free?
I've noticed that IDE devices under Windows 2000 are hot-swappable. As long as you're not pulling out your main HD, Win2k seems okay with that.
Here's how I do it:
- Start -> Settings -> Control Panel -> System -> Hardware -> Advanced -> Device Manager
- Disable or remove the IDE device in question
- Pull the power plug from the device
- Pull the data cable
- Remove device
- Reverse procedure for new device
When you put the power plug on the device, Windows will automatically detect the device and load the driver. It's awesome! I was swapping out CD-ROMs and testing them all day without a hitch.I just wish Linux could do that....
A couple of rebuttals if I may.
Many people claim that one can run services on any port they choose, so port filtering is not the same thing as service filtering. True, but if people ran anything on any port we would have no concept of well-known-services at specific ports. Moving web traffic from port 80 makes almost no sense because that's where everyone is going to look for it by default. There is a high probability, then, that filtering on specific ports will filter specific services.
Network administrators, by default, are highly suspicious and paranoid people. They don't even trust the people they work with, and for good reason. If they could force everyone to use pine or mutt for e-mail reading, I'm sure they would since it is less succeptible to Outlook-born viruses. If development teams would communicate with and seek advice from the security team when developing applications I'm sure there wouldn't be as much hostility to opening a port as there is when approached with "We just wrote an application. Can we have a free port?"[1]. In the latter case, the security team has no idea what the application does or how it was developed and is certainly not inclined to open a port to untrusted software.
Finally, on to the subject of my article, Apache (or whatever server you're running) is the inetd of the future. Look at the facts:
- both listen on one or more ports for requests
- when a request comes in it is dispatched to the correct subsystem
- most security (ssl, https, tcpwrappers) is handled by the daemon before it gets to the service handler
- the service handler can perform further accouting or security checks
- the daemon handles all the networking details on behalf of the subsystem
Add to this the fact that this is all multiplexed on a single port, and configuring your firewall should be a breeze. Virtually anything you can do with inetd you can do with a good web server.Paradoxically, network admins appear less paranoid about their web servers than other inetd-based or standalone services. Some guy codes up a web app and, with little fuss, gets it deployed on the server. No code review, no hassle, no problem! There are only two reasons I can think of for this behavior: 1) The administrator inherently trusts the web server, or 2) the web server box is in a DMZ. I would be suspicious of administrators in the former case.
Despite the security advantages of a DMZ, it is still necessary for application developers to communicate with security people. Say, for example, that a web application is deployed on server in a DMZ and that the machine is later compromized. If the application had a configuration file with passwords for a database, the database should now be considered compromized. Damage can be reduced or prevented by correct configuration of the database (providing write access only to a specific table rather than the whole database), but you should check with the security people before actual deployment.[2]
[1] The standard answer to this question is "No". Note that the administrator only answers the question asked. If you want to be more successful in the future, present a full document detailing what the software does, how it works, and maybe provide the admin with a code review, THEN ask for a port. I know this is a lot of work, but it is necessary to maintain the security of the network. You may not take security seriously, but your administrator does.
[2] Yes, I know that there are moron security people out there. My comment assumes you have good to excellent security people working in your company.