I try to protect against future outbreaks with pro-active configuration steps and then I only patch if I need to.
Also remember that in Linux you only need to reboot if you patch the kernel. I felt confident that the few local users wouldn't exploit any local exploits and that the other configuration steps would keep remote users from getting access to try local exploits. Because of that I kept the same kernel for the entire uptime.
An example of configuration vs patching would be an old Windows NT machine I had on the network serving.asp under IIS. I removed all non-essential mappings for.shtml and the like and I added a mapping for.exe and.dll files so that they would be handled by a program that did nothing.
While everyone else was scrambling to patch each time a new exploit came out that got through IIS and accessed Windows.exe or.dll files I did nothing and still managed to keep the machine operational and un-compromised for about a year until it was de-commissioned.
I am sure that patching is necessary in most environments but there is no substitute for pro-active secure configurations.
I did hire an elephant once. He remembered everything and worked for peanuts. We never had a second problem with a computer if he troubleshot the first one. Amazing what a good stomp will do to a system.
Yes. This post is a redundant copy of my previous post. Darn unreliable Slashdot code on Linux returned a 500 error the first time so I didn't think it posted.
They got to do what they got to do but my results have been much different.
My server machines regularly run for a year or two without rebooting. About that time I invariably decide it needs more memory or some other hardware upgrade that requires a reboot.
They got to do what they got to do but my results have been much different.
My server machines regularly run for a year or two without rebooting. About that time I invariably decide it needs more memory or some other hardware upgrade that requires a reboot.
It is no different than requiring that all conversations in the US be done in unobfuscated English so that the police will not have a hard time decoding the intent of the "bad people". There is no constitutional justification for such a requirement.
My justification for referring to the 1st amendment is the requirement that conversations pass through tappable channels rather than through untappable ones, therefore limiting the speech to government approved channels.
The 4th amendment would apply to the actual act of getting a phone tap and using the information in court.
This type of research will probably be refuted with "you meanie. I can't believe you said such a thing. no sex for you." And will be followed by a follow-up study showing that women are brilliant and chocolate is a wonderful diet aid.
IQ Testing only really looks at pattern recognition. There are a million other skills out there that are necessary on a daily basis. The high IQ people I know aren't any more talented in life than other people. It seems like most high IQ people work for other people who get rich from them being smart instead of becoming rich and famous. How smart is that?
Absolutely! Don't get stuck in the bubble when it pops.
Although you should probably use Google to determine which hills and Google maps to see how the hills look before you head out there.
Re:Email is mostly broken
on
Ending Spam
·
· Score: 1
efficient and streamlined means of allowing a user to configure automatic settings saying "Don't send me commercial spam".
Easily added into the SMTP protocol.
C: mail from: <commercial.sender@example.com> S: 200 OK C: rcpt to: <joe.schmoe@example.org> S: 200 OK C: mail type: <commercial(closeout,electronics)> S: 500 User rejects commercial email in these categories or S: 200 OK C: data
or something like that. On incompatible servers the "mail type" line will generate an error that will be ignored and on compatible servers the end user's preferences will be checked.
In the movie "Chain Reaction" Keanu Reeves managed to separate the hydrogen out of the water using electricity and his sampling keyboard.
Obviously the new technique is more advanced as it doesn't seem to require the keyboard. Probably good because Keanu's method accidently destroyed eight city blocks.
Region coding is really more of a price-fixing scheme than a copy protection scheme. For a single user it is easy to circumvent by just buying a 2nd dvd player but it screws things up for someone wanting to import the Korean version of Star Wars Episode 3.5: A Nude Dope for sale in the US.
It allows the sellers of DVDs to sell high in countries with money but to sell low (still at a profit, of course) in countries with less money.
The map serves as a warning when someone is listed there. It does not serve as an all-clear if no one is listed.
Small time violent felons give more warning signs than child molesters. You see them being mean to animals or other people before they would erupt. Take a look at
chainsaw boy from the recent border crossing story and tell me there is any chance you might trust him with your children.
On the other hand, serial killer types don't need a list of where they might be. Either they haven't been caught yet or they're locked up and never getting out.
Sexual predators are singled out because they, like serial killers, may not give out signals that they are dangerous until it is too late, but unlike serial killers, their sentences are fairly short.
You use all the tools available to you. You don't read the stupid inaccurate list and go 'no child molesters here kids, go have fun'.
You do read the list, notice the guy across the street is listed (since his picture is on the site you know that one entry is listed and correct).
The big fool is one who ignores the list and goes on their own faulty sensibility that the listed person is a nice person when it has been established that that isn't so.
"Mommy, can I go play with the nice man across the street?" "Sure little one, studies show he's less likely to re-offend than the car stereo thieves"
or, without the lists or maps,
"Mommy, can I go play with the nice man across the street?" "Sure little one, he seems to really like little children and that monkey of his seems friendly."
That's quite a stretch to say that "people who use Linux" and "Linux user" are not equivalent.
Linux isn't Windows, thank goodness. I believe there are 2 logically separate pieces of a computing system:
1. Base system. Kernel, essential system tasks, networking interfaces, peripheral interfaces. These must be solid and stable.
2. User interface. Unlike other interfaces (TCPIP, keyboard, hard drive) which can implement strict rules, the user interface is much more variable and intuitive for the user.
Traditional *nix isn't built for interfacing with users as much as it is built for executing computing and networking functions.
Personally I'd like to see the Windows user interface or the OSX user interface run on Linux and the BSD variants. I might still use KDE but I would like that choice.
The 30+ years of *nix wisdom are great and should be taken advantage of. But it would take a lot of stretching to claim that *nix has any edge in the user interface realm.
One more thing, since you "know this stuff better than the great unwashed masses" perhaps you could put up a web site, perhaps something like unixnetworking.net, and share the knowledge.
If you are a good interface developer it is important to get this into your program. When management says "how long will it take to implement feature 'x'?" and you need to update the user interface on feature 'y' you include a little 'y' time in your estimate for 'x'.
That way management feels good because they know when 'x' will be ready and you feel good because you know the users will actually be able to use 'x' and 'y' without excessive head scratching. And, of course, the end user feels good because they actually have something usuable.
TV receiver: plugs into standalone monitor. pulls in all manner of cable programming
MP3/Radio replacement: using stored mp3s or streaming
Desktop computer: plugs into standalone monitor, keyboard, and mouse.
Mini-projector: maybe you don't need the standalone monitor
Remote car starter, garage door opener, house key: A certificate exchange system with challenge response could allow you to set up your phone to communicate with and control various wireless devices.
Remote control for your car: It worked for James Bond
When you are getting paid lots of money to make sure the servers are up on time you don't mind looking a little rude. And if you are doing your job well then the servers generally don't go down.
Weddings: If it is your own you have no excuse to leave. Otherwise you leave quietly.
Funerals: If it is your own then the servers aren't coming back up anyway. If it is a close relative or loved one you have to stay. Otherwise leave quietly.
Dinner parties: Explain, apologize, and leave quietly. If they cannot forgive you for it then they aren't your friends anyway.
Movies: Leave quietly. Download it and watch the rest of it while you finish working on the server.
Hikes: Hike to somewhere where you can drive back to your servers. Move through the leaves quietly.
Religious services: Ask everyone to pray for your servers, then leave quietly.
Heart to heart conversations: Depending on the intensity of the conversation you may be able to explain that you love the other person very much and want to have many more heart to heart conversations and so you need to get the servers up and running so you can keep the clients so you can continue to get paid so you and your loved ones can continue to be well provided for and spend quality time together. If your loved one is an english teacher you will get the run-on sentence lecture. If you are rude about it and it seems that the servers are more important than your loved one then while you are gone they will leave quietly.
(If you're the minion and the alternative is getting fired, then you have an excuse. This guy is the owner. No excuse.) Getting fired as an owner is called "losing the account". Trust me, it has the same negative effect on the bank balance that getting fired does.
Yep. They call it "server" or "enterprise" or some such thing. Virtually the same software with the "server" bit set on. No word on whether they remember to set the "evil" bit.
Possibility 1: He wrote the code with the full knowledge of his company. They therefore approved the project and must abide by the GPL, meaning releasing his source code.
Possibility 2: He wrote the code without the full knowledge of his company. They would need to treat this the same as if he had, say, modified some source code for something they do not own. For example, say he downloaded the Windows source code and created "SuperWindows" they would not be able to sell that product without the consent of Microsoft (the original authors).
In his case, they would either need to arrange to get permission from all the original authors to release the new product as closed source or stick with the licence the authors so generously provided that allows them to use and modify the code (the GPL).
In neither case can they just claim the code as their own. They have to deal with the IP issues involved.
Slashdot Mirror
I try to protect against future outbreaks with pro-active configuration steps and then I only patch if I need to.
.asp under IIS. I removed all non-essential mappings for .shtml and the like and I added a mapping for .exe and .dll files so that they would be handled by a program that did nothing.
.exe or .dll files I did nothing and still managed to keep the machine operational and un-compromised for about a year until it was de-commissioned.
Also remember that in Linux you only need to reboot if you patch the kernel. I felt confident that the few local users wouldn't exploit any local exploits and that the other configuration steps would keep remote users from getting access to try local exploits. Because of that I kept the same kernel for the entire uptime.
An example of configuration vs patching would be an old Windows NT machine I had on the network serving
While everyone else was scrambling to patch each time a new exploit came out that got through IIS and accessed Windows
I am sure that patching is necessary in most environments but there is no substitute for pro-active secure configurations.
Qualified admins are never cheap.
I've never hired a dog that was an MCSE.
I did hire an elephant once. He remembered everything and worked for peanuts. We never had a second problem with a computer if he troubleshot the first one. Amazing what a good stomp will do to a system.
Yes. This post is a redundant copy of my previous post. Darn unreliable Slashdot code on Linux returned a 500 error the first time so I didn't think it posted.
They got to do what they got to do but my results have been much different.
My server machines regularly run for a year or two without rebooting. About that time I invariably decide it needs more memory or some other hardware upgrade that requires a reboot.
They got to do what they got to do but my results have been much different.
My server machines regularly run for a year or two without rebooting. About that time I invariably decide it needs more memory or some other hardware upgrade that requires a reboot.
It is no different than requiring that all conversations in the US be done in unobfuscated English so that the police will not have a hard time decoding the intent of the "bad people". There is no constitutional justification for such a requirement.
My justification for referring to the 1st amendment is the requirement that conversations pass through tappable channels rather than through untappable ones, therefore limiting the speech to government approved channels.
The 4th amendment would apply to the actual act of getting a phone tap and using the information in court.
Of course IANAL
The secret police are there to protect you from the "bad people". We should all support their efforts.
I assume this means we continue to have the constitutionally guaranteed freedom of speech, as long as it is OK with law enforcement. (hmmm)
This type of research will probably be refuted with "you meanie. I can't believe you said such a thing. no sex for you." And will be followed by a follow-up study showing that women are brilliant and chocolate is a wonderful diet aid.
IQ Testing only really looks at pattern recognition. There are a million other skills out there that are necessary on a daily basis. The high IQ people I know aren't any more talented in life than other people. It seems like most high IQ people work for other people who get rich from them being smart instead of becoming rich and famous. How smart is that?
Absolutely! Don't get stuck in the bubble when it pops.
Although you should probably use Google to determine which hills and Google maps to see how the hills look before you head out there.
efficient and streamlined means of allowing a user to configure automatic settings saying "Don't send me commercial spam".
Easily added into the SMTP protocol.
C: mail from: <commercial.sender@example.com>
S: 200 OK
C: rcpt to: <joe.schmoe@example.org>
S: 200 OK
C: mail type: <commercial(closeout,electronics)>
S: 500 User rejects commercial email in these categories
or
S: 200 OK
C: data
or something like that. On incompatible servers the "mail type" line will generate an error that will be ignored and on compatible servers the end user's preferences will be checked.
I would post a response if I had the energy to do so.
In the movie "Chain Reaction" Keanu Reeves managed to separate the hydrogen out of the water using electricity and his sampling keyboard.
Obviously the new technique is more advanced as it doesn't seem to require the keyboard. Probably good because Keanu's method accidently destroyed eight city blocks.
Region coding is really more of a price-fixing scheme than a copy protection scheme. For a single user it is easy to circumvent by just buying a 2nd dvd player but it screws things up for someone wanting to import the Korean version of Star Wars Episode 3.5: A Nude Dope for sale in the US.
It allows the sellers of DVDs to sell high in countries with money but to sell low (still at a profit, of course) in countries with less money.
The map serves as a warning when someone is listed there. It does not serve as an all-clear if no one is listed.
Small time violent felons give more warning signs than child molesters. You see them being mean to animals or other people before they would erupt. Take a look at chainsaw boy from the recent border crossing story and tell me there is any chance you might trust him with your children.
On the other hand, serial killer types don't need a list of where they might be. Either they haven't been caught yet or they're locked up and never getting out.
Sexual predators are singled out because they, like serial killers, may not give out signals that they are dangerous until it is too late, but unlike serial killers, their sentences are fairly short.
You use all the tools available to you. You don't read the stupid inaccurate list and go 'no child molesters here kids, go have fun'.
You do read the list, notice the guy across the street is listed (since his picture is on the site you know that one entry is listed and correct).
The big fool is one who ignores the list and goes on their own faulty sensibility that the listed person is a nice person when it has been established that that isn't so.
"Mommy, can I go play with the nice man across the street?" "Sure little one, studies show he's less likely to re-offend than the car stereo thieves"
or, without the lists or maps,
"Mommy, can I go play with the nice man across the street?" "Sure little one, he seems to really like little children and that monkey of his seems friendly."
That's quite a stretch to say that "people who use Linux" and "Linux user" are not equivalent.
Linux isn't Windows, thank goodness. I believe there are 2 logically separate pieces of a computing system:
1. Base system. Kernel, essential system tasks, networking interfaces, peripheral interfaces. These must be solid and stable.
2. User interface. Unlike other interfaces (TCPIP, keyboard, hard drive) which can implement strict rules, the user interface is much more variable and intuitive for the user.
Traditional *nix isn't built for interfacing with users as much as it is built for executing computing and networking functions.
Personally I'd like to see the Windows user interface or the OSX user interface run on Linux and the BSD variants. I might still use KDE but I would like that choice.
The 30+ years of *nix wisdom are great and should be taken advantage of. But it would take a lot of stretching to claim that *nix has any edge in the user interface realm.
One more thing, since you "know this stuff better than the great unwashed masses" perhaps you could put up a web site, perhaps something like unixnetworking.net, and share the knowledge.
If you are a good interface developer it is important to get this into your program. When management says "how long will it take to implement feature 'x'?" and you need to update the user interface on feature 'y' you include a little 'y' time in your estimate for 'x'.
That way management feels good because they know when 'x' will be ready and you feel good because you know the users will actually be able to use 'x' and 'y' without excessive head scratching. And, of course, the end user feels good because they actually have something usuable.
TV receiver: plugs into standalone monitor. pulls in all manner of cable programming
MP3/Radio replacement: using stored mp3s or streaming
Desktop computer: plugs into standalone monitor, keyboard, and mouse.
Mini-projector: maybe you don't need the standalone monitor
Remote car starter, garage door opener, house key: A certificate exchange system with challenge response could allow you to set up your phone to communicate with and control various wireless devices.
Remote control for your car: It worked for James Bond
When you are getting paid lots of money to make sure the servers are up on time you don't mind looking a little rude. And if you are doing your job well then the servers generally don't go down.
Weddings: If it is your own you have no excuse to leave. Otherwise you leave quietly.
Funerals: If it is your own then the servers aren't coming back up anyway. If it is a close relative or loved one you have to stay. Otherwise leave quietly.
Dinner parties: Explain, apologize, and leave quietly. If they cannot forgive you for it then they aren't your friends anyway.
Movies: Leave quietly. Download it and watch the rest of it while you finish working on the server.
Hikes: Hike to somewhere where you can drive back to your servers. Move through the leaves quietly.
Religious services: Ask everyone to pray for your servers, then leave quietly.
Heart to heart conversations: Depending on the intensity of the conversation you may be able to explain that you love the other person very much and want to have many more heart to heart conversations and so you need to get the servers up and running so you can keep the clients so you can continue to get paid so you and your loved ones can continue to be well provided for and spend quality time together. If your loved one is an english teacher you will get the run-on sentence lecture. If you are rude about it and it seems that the servers are more important than your loved one then while you are gone they will leave quietly.
(If you're the minion and the alternative is getting fired, then you have an excuse. This guy is the owner. No excuse.) Getting fired as an owner is called "losing the account". Trust me, it has the same negative effect on the bank balance that getting fired does.
When peanut butter and jelly sandwiches are outlawed, only outlaws will have peanut butter and jelly sandwiches.
Yep. They call it "server" or "enterprise" or some such thing. Virtually the same software with the "server" bit set on. No word on whether they remember to set the "evil" bit.
Possibility 1: He wrote the code with the full knowledge of his company. They therefore approved the project and must abide by the GPL, meaning releasing his source code.
Possibility 2: He wrote the code without the full knowledge of his company. They would need to treat this the same as if he had, say, modified some source code for something they do not own. For example, say he downloaded the Windows source code and created "SuperWindows" they would not be able to sell that product without the consent of Microsoft (the original authors).
In his case, they would either need to arrange to get permission from all the original authors to release the new product as closed source or stick with the licence the authors so generously provided that allows them to use and modify the code (the GPL).
In neither case can they just claim the code as their own. They have to deal with the IP issues involved.
I knew I remembered this from somewhere.
When will they release the DVDs of That's Incredible? I miss that show.