Yes probably not accurate. But made it's way onto the main page of Slashdot and people started commenting about it.
This is good proof of the irrational fear of MS in these circles. There is plenty of rational things to not like about them, but it seems like a lot of slashdotters might as well be calling them "reds" or "japs".
So please, just because there is negative news about Microsoft doesn't mean it should make it to the front page.
Sure HTML and Javascript have gotten us a long way. But even the best DHTML/JS tree control, tabs, slider panel, etc run slower then native widgets, Silverlight, Flash/Flex.
Get the source code for Firefox and read the code in the parser directory if you can...try not to throw up. HTML parsing is just old school...time for a real f'ing GUI library for application development. Sure slashdot and fark can get by with HTML and it's got life left, but I think there are better ways of creating a portable GUI.
Sharepoint is a decent at storing word documents and making them searchable. Many companies are using it.
So why don't we write something simliar for Open Office that does the same thing as google apps. Yah it sucks to have to setup a server, but if it's open and runs on linux then it won't be.
I think this represents a major issue with open source...it's for developers. We need developers to stop caring about themselves and think about avergage business uers...a hard boring thing to do I know.
I have my Google apps hooked up to Outlook via IMAP. If their servers are down I can at least get to my older emails. Forward the emails to another box as well if you're really worried about it.
There are a lot of comments out there saying that Exchange has really bad uptime. I've used it a lot with pretty good results. Yah it might go down, but it might only effect a relatively small amount of people and maybe even smaller if you have your mailboxes spread out. Also, there are solutions out there that have real time failover and other options so having business hour uptime is probably pretty dang good. Sure you have to take it offline on a weekend or something for an upgrade, but a company I do work for (knock on wood) has had essentially 100% business hour Exchange uptime for years now. Plus if the internet is down you can still send interoffice emails, you own the data, you can archive it for legal reasons, you can snoop if you need to, and lots of other good things that having an in house solution is great for.
The point is that Exchange or other internal email solutions are not as evil as you'd like to believe. For a small startup company I think Google apps is great. My company has 3 employees right now...so it doesn't make sense to have Exchange. When we get to 20+ we will start to seriously consider going back to an internal system.
And I would also point out that GMail is a massive system. The more complicated it gets the more chances are it will fail. Having a variety of simpler setups does have some advantage.
My father in law once told me the debt is like a mortage. Being my father in law I didn't correct him, but here...hey it's the internet.
A mortage usually grows in value and you also are paying part of the principal. Neither seems to be true with the debt. I suppose the GDP does grow and with inflation, but I think that's a bit different.
Last time I checked the interest payments on our debt where over 400 billion. That coming close to our highest budgetary item...our defense.
At our current rate our interest payments will be our highest payment. Something we can't even cut. This is like a credit card with your minimum payment being higher then you can even afford.
We have to raise taxes on someone. Sorry to the right wingers...but it can't be helped. We have to pay our way out of this. Even with drastic spending cuts we still have to. The cold hard facts are we have to do both. I'm not a politician, so I can say this. Time we start to listen to reason and not what make us feel good here in the U.S.
Imagine what we could do with that 400 billion every year. It's time to bring it down even if it means a few years of less then average growth. It's time to start thinking about our children. Not in some "make me feel better about my self" fashion, but just in general. I think in the long run it is what's best.
Cloud computing is a buzzword. It comes in different flavors and will evolve over time.
Amazon is just a server you can turn on and off...largely used for large processing needs, not real time apps.
Google's app engine is more of a step in the right direction, but it is probably overly "Googlish".
What we really need is a LAMP like setup for rent from the likes of Rackspace or some smaller hosting firm...something where we can just add PHP servers, Ruby servers, Python servers, etc to the mix. The database server is "yours" albeit it hosted offsite. Once this techs get really easy to add an configure via web apps it'll give them more appeal. IMHO getting an Amazon server up is a bit overly compilcated.
As far as things like Gmail I totally agree that using this for corporate email is a bad idea. For personal email I don't see a problem with it....just hook it up to Outlook or some other email client vai IMAP so you have a local database....but at least you can get to it anywhere from any computer which is an advantage that really does trump the priavacy thing. Of course using OWA(outlook web access) on an Exchange is a way to get the best of both worlds...internet access...and an Exchange server in your local server space. Replace Exchange and OWA with your favorite email server and Web access layer.
If you really do have privacy concerns you're probably already using a different solution...the rest of us can take advantage of the convienance. If I do something wrong I do have faith in the FBI to get enough evidence regardless:)
I'm a little late to this conversation, but I think we are thinking about carbon dating incorrectly.
Carbon is not decaying by itself. I thought carbon dating had more to do with particles colliding with carbon atoms producing a different atomic weight. This was a fairly rare event and so you could estimate the amount of time based on how common the collisions where.
Now I always thought that carbon dating wasn't perfect and that you should back it up with other evidence anyways.
Okay so the flash ad just copies something to the clipboard in a loop. Closing the tab or browser stops this. I suppose if you are running your browser in the background this would be very annoying and you wouldn't know.
Today firefox and IE prompt if you want to use the clipboard from javascript, but it used to not be this way. I'm sure Adobe will patch this soon enough.
This is like old popups...and oversight that is being exploited by the annoying "internet bully". It's like getting a wet willing or you head stuffed in a toilet.
The issue is here that both Flash and the underlying operating system don't have any kind of cut and paste protection. X, Mac OS X, and XP/Vista should not allow a program to copy and paste the same dam string to the clipboard over and over. Really kind of annoying that we have to spend so many human hours fixing "problems" like this...but such is life I suppose.
So yell at Dell, IBM, etc. These people could easily bundle Opera and Firefox.
Microsoft can't and shouldn't in my opinion. If they bundle it they are somehow indicating that they should support it.
So now if I'm IBM or Dell should I bundle Firefox and then support it myself. Lets think, I can just bundle Internet Explorer and Ms will support it or at least help me support it.
IBM and Dell could easily remove all the shortcuts. I imagine if you renamed iexplorer.exe things would probably break.
Firefox offers free chat support, but it requires a browser. Microsfot could be contacted by phone. Opera likely has some sort of support. So there isn't really a reason for IBM or Dell not to bundle Firefox. So won't don't they...yell at the OEMs not Microsoft. IE might suck to you, but it is free...should no Linux distribution comes with Firefox on the CD?
From what little I can get from the article this seems like just another cross site scripting attack.
Although this can "help" an attacker steal information the end user still has to click a link provided by the attacker that tricks the user into thinking they are on someone elses site and seeing content that site generated.
Cross site scripting attacks are not to laughed off, but they do tend to get over exagerated. When is the last time you clicked on an email link sent to you out of the blue...and then stuck in your user name and password.
People could just as easily fall for attacks like this that don't even change the URL. Not to mention that this has to upload the payload to a server. Meaning you can steal people's information, but it has to go to an IP somewhere. Maybe if law enforcement would get off their behinds and go after this f'ers it wouldn't be such a big issue.
All the anti-flash posts need to get down voted. I could easily say that Jscript sucks because of all the various security issues it has had over the years, but it isn't useful or productive. Flash is what flash is...you don't like it...don't install it and shutup and let the rest of us use it.
So much bickering about the term brick. I'm rarely one to say stop staring at pixels and go get layed...but jc. It is not like someone called an apple and orange here. The term brick is a funny term that has been associated with a device that is pretty much dead...but repairable. A computer virus is not a virus at all....it only somewhat resembles one. A brick of hardware is not clay, it simply is an analogy.
What do you call a device that is absolutely not repairable?... garbage...or a collection of atoms.
Lastly I saw a post that said users can't call a harddrive memory...like it or not a harddrive is memory. Persistant memory versus RAM which is volatile. A user is not wrong to call a harddrive memory...it is just against general methodology...but not wrong. Language is a funny thing..no:)
A common problem in the enterprise world is data auditing. By auditing I mean keeping a record of data as it changes.
I've implemented various solutions, usually consisting of copying the row into another table, slapping some sort of version id on it, and the updating the row with new values.
When a new column is added to a table you typically have to add one to your auditing table. Then there is the concept of who made the change. I've implemented a solution using triggers and generic table to hold the changes, but it wasn't as fast as I'd like. Even with triggers I typically regenerated the code when a new column was added. I did not analyze database meta-data during trigger execution.
This can be useful from a governance standpoint all the way down to a debugging standpoint. I've been able to concretely identify how data corruption occurred more times then I can count with these systems.
Have you ever thought of baking this into the database server. Perhaps having MySQL automatically create an auditing table and update it as records are updated. Deletes could be handled the same way, by simple marking the last row in the audit table as such.
Isn't making the plants that grow from the seeds produce seeds that are sterile good enough?
If I buy a seed I should be able to plant it as far away from when I bought it as I'd like.
If you explain to the farmer that the plant cannot be used for seed it is up to the farmer and the open market to decide if that is the right approach. If the farmer cannot afford the seed then they will have to use non engineered seed and the companies will have to decide if it is worth it.
It seems like it would be pretty easy for the Anti-virus vendors and other anti-malware vendors to tap into the javascript engine and detect these sorts of things.
So you go to www.somecrappysite.com and it tries to run jscript. Then the tool you are running does some analysis and says...hmmm...that seems strange. If it knows it is an attack it stops the page from loading and blocks the page straight up. If it is unsure it can ask the user if they want to continue AND ask the user if they can upload the information for analysis.
I think we should keep IE and Firefox patched up, but realtime analysis seems like a better idea.
I'd rather see a device like this that is a tap based IDS or IPS system.
You can buy taps and redirect copies of network traffic into a snort or other IDS, but I'd rather have a small all encompassing device I could take on the road.
Wouldn't work for wireless, but I'd rather hop on a wired connection at a hotel anyways. Half the time wireless is shotty or the signal is weak.
If I just plug the ethernet into one port and then plug my laptop into the other that would be great. It could then block traffic on non standard ports, and look for signatures and block that traffic and/or the orginating IP all together.
I have to agree here. Mainly becuase I've had to have my computer desk in a guest bedroom before. When the in-laws came over it was annoying to have to unplug everything.
A Linksys router intended for home use generally has too many LEDs, that quite frankly don't do anything...unless you are monitoring. Think of all the electricity that is being wasted by the very computer you are typing on. The little send receieve blinking telling you nothing...because you are not looking at it..it might even be obstructed.
Yes you can tape them over and all sorts of things, but it is fairly tacky. I'd rather these devices have a "black mode" where a single button push can turn off al LED. How these things look are less important then their functionality, but not harm in making them look better to.
Another grype is devices that do not have power switches. Most cable/dsl routers and modems have no power switch. This is not only annoying when you want to reset the things, but means you can't easly turn off the LEDs. When my monitor is switched off it should not have it's LED on... I don't need a "it's plugged into the wall" indicator.
Time after time in developing an applications I have to remind individuals that a business plan or a non-virtual simulation of most things are possible and should be done first. Most of the things we do in computers at one time where done on paper. Email is just the digital form of snail mail. Instead of writing something and putting it in a mailbox I send it via SMTP servers. Even a game could be played out via a board game or in real life essentially. Life simulators could definately.
So if I was in a more traditional setting and I left an annoymous note next to a teenager and she/he opened it and it had sexually explicit content targeted at that individual I would get in trouble.
The biggest difference is that you are unable to see the individual you are targeting. If I walked up to a character in MMORPG and asked if they where a teenager, and they said yes, and then I went about chatting them sexually I would be breaking the law. If they lied to me and said they where not, and then I went about my business I would have a defense.
We had this argument for years when it came to annoymous posts, even on Slashdot, Slashdot is not responsible, the end user is. The same holds true for online play. The game compnay can take steps to protect their players if the players demand it, but they are not. The post office does not get in trouble when someone sends a bomb threat thru the mail... Second Life should work with the authroites to give as much context to the story if possible ( if it even happened ) and then find out the people involved and the intent. If the perp was in fact targeting teenagers to get off he should be punished the same as if he where doing it in public.
I do have a major problem calling it rape. Rape is physical, straight up. It is harrasment. The same laws that apply if I walked up to a teenager and started talking to him/her sexually should apply. We do not need new laws.
Lastly, I think that game companies should be responsible and not allow for sexual interaction in these sorts of games. Not chatting, but actually being able to sleep with another character. They are just asking for trouble. If I could go up to someone in a game and actually rape them if I choose ( a real person not a AI character ) I think the game company should be held responsible.
Many studuents in the U.S. take higher level math. Not nearly the numbers, but many do. Some of us actually enjoy it and get it. For those that do not "get it" we don't provide an avenue.
When we all got to be 11-14 we stopped caring about school as much...not all of us of course, but many of us start to think about all the other things. From which clothes to wear to sex. School becomes and after thought for many. Then when we get to high school and need to start focusing we've already screwed ourselves.
Part of this I think is to the inadequacy of 1st thru 7th grades. We learn basic arthimetic, how to spell ( I didn't do so hot ), and some stupid life sciences. It is so general and does nothign to prepare us for the harder stuff.
Would it be so hard in the first grade when we propose _ + 7 = 11...fill in the blank to instead say X + 7 = 11. What should X be. When the kid says 4 why not then show them 4 = 11 - 7...x = 11 - 7. Basic algebra is not that much harder then the math we learn in the first and second grades, but we wait till the 7th grades when most boys are getting boners looking at their teachers.
Even the act of calling these classes harder is creating the problem. Why is algebra harder...it really isn't if presented right. Calculas is a bit tricky I'll admit, but I think if kids had a better foundation it wouldn't be that hard.
The same is true with science. I don't remember a dang thing I learned in the 7th grade about science. I think the teacher was boring me with the scientific method or something. Looking back to the thrid grade I don't even think science was on the menu. Shouldn't we have diagrams of atoms on the class and tell kids this is what everything is made of. Our minds where like sponges and we where being hand fead.
The importance of younger and younger education is becoming appartent...if you don't like to learn by the time you hit 10th grade and don't have parents pushing you to anyways you probably are not going to make it. Instead of testing kids we need to determine how much they are enjoying class.
Don't get me started on the A-F grading system:) I don't have the answers to replace it, but I think we should start talking about it.
Mozzila has no design flaws?Apache, Linux, all the open source file systems, all the various packages all have flawless designs? Kde and Gnome and X itself all designed flawlessly? Of course not...humans write most lines of code after all.
Re-use of code like allowing an.ANI file to be played in a browser and everywhere else is a good design. It might cause secrutity issues, but having a consistent standard is great for many reasons. Even if in this case animated cursors which would seem to have no purpose to us power using command line freaks. It is more of the fluff that some people really like, who am I to say it is unneeded.
This came down to two things. Sloppy code by someone opening up a file. In this day and age you have to assume that people are going to try and break the system with every know file type out there. Two, the ability for the system to load data out of a "data file" and execute it. Buffer overflows are inherient design flaws in computer science across the board. We should be much more careful about where "jmp" can go.
If this was a callback thing, where the file type had the ability to call a function after it was loaded...that was poor design, but not having a reusable feature or library widely used throughout a system.
Why does the disto seem to matter so much. I'm a developer and I get the idea of linking to some extent, but why is that I can have a Windows app that was desinged for 95 that still runs fine in 2003, but when I get a binary of for an older version of Linux I have to recompile it for newer other distros.
We recently wanted to run Snort, but we didn't want to use a support distro. We ended up recompiling the code, but it seems like a bit much to me.
Part of Windows draw is the installers. I know the RPM and Debian packages are a favorite amoungst Linux advocates, but installers still have their advantage in being accessible.
Why is it that Oracle neeeds to be worry so much about the distro's it will support.
We need a mixture of the two. We need a setup of buttons, nobs, etc that the developer can tweek.
In a lot of car stereo's have a control where you change the bass and some other feature like fade by depressing a turn nob.
Give me a simpler nob, and then let me change what I'm changing on the flat screen by picking volumes settings versus picking surround sound settings versus some other set of settings.
The default up and down control will be the temperature, but a simple change on the touch screen will make it fan control...a little off road practice and you won't have to look down much.
Funny aside, as a programmer I do understand how complicated the browser is as a whole, but it is composed of much simpler parts. And in fact utilizes many OS level functions...which is what caused this..not really the browser. If I was coding it I would have assumed I could safely load a mouse cursor.
That is the point of this time in computing history. We can't assume even these simple little things anymore. We all fall pray. I bet most of us have created security holes, but not in a major OS where millions would want to exploit it. After all Windows is written by guys and gals who likely love computers as much as this whole site. Bill and the rest of the jerks up in managment are not writing the security holes. That said I think MS has to be made accountable because they are willing to market security. Macs do too, and they can have holes as well.
Firefox is not effected by this because they must not support.ani files, or they have their own parser and tool to display those cursors...my guess would be they don't support them. That is different then not being susceptable...it just doesn't apply. Sorry for not having the time to research if Firefox implements CSS cursors...hell I didn't even think about IE supporting them.
The issue here is that Windows didn't check a file format. After the image file fiasco you think they would have gone through every single file type they support and look at the base code that opens up the file. Maybe they did...maybe this exploit isn't as easy to envision as we'd all like to think. It might be super easy to use it, but it might have taken several security engineers hours and hours to have imagined in the first place. If it is as bone headed as just making the header longer then it should be, then MS needs to get some better code scanners.
Better yet we need to be things like this with some type of protection. If the code was Java this wouldn't have happened. Am I saying to use Java, of course not, but I think we have enough wasted cycles to do some more out of bounds checking in the compiled code.
Slashdot Mirror
Yes probably not accurate. But made it's way onto the main page of Slashdot and people started commenting about it.
This is good proof of the irrational fear of MS in these circles. There is plenty of rational things to not like about them, but it seems like a lot of slashdotters might as well be calling them "reds" or "japs".
So please, just because there is negative news about Microsoft doesn't mean it should make it to the front page.
Sure HTML and Javascript have gotten us a long way. But even the best DHTML/JS tree control, tabs, slider panel, etc run slower then native widgets, Silverlight, Flash/Flex.
Get the source code for Firefox and read the code in the parser directory if you can...try not to throw up. HTML parsing is just old school...time for a real f'ing GUI library for application development. Sure slashdot and fark can get by with HTML and it's got life left, but I think there are better ways of creating a portable GUI.
Sharepoint is a decent at storing word documents and making them searchable. Many companies are using it.
So why don't we write something simliar for Open Office that does the same thing as google apps. Yah it sucks to have to setup a server, but if it's open and runs on linux then it won't be.
I think this represents a major issue with open source...it's for developers. We need developers to stop caring about themselves and think about avergage business uers...a hard boring thing to do I know.
I have my Google apps hooked up to Outlook via IMAP. If their servers are down I can at least get to my older emails. Forward the emails to another box as well if you're really worried about it.
There are a lot of comments out there saying that Exchange has really bad uptime. I've used it a lot with pretty good results. Yah it might go down, but it might only effect a relatively small amount of people and maybe even smaller if you have your mailboxes spread out. Also, there are solutions out there that have real time failover and other options so having business hour uptime is probably pretty dang good. Sure you have to take it offline on a weekend or something for an upgrade, but a company I do work for (knock on wood) has had essentially 100% business hour Exchange uptime for years now. Plus if the internet is down you can still send interoffice emails, you own the data, you can archive it for legal reasons, you can snoop if you need to, and lots of other good things that having an in house solution is great for.
The point is that Exchange or other internal email solutions are not as evil as you'd like to believe. For a small startup company I think Google apps is great. My company has 3 employees right now...so it doesn't make sense to have Exchange. When we get to 20+ we will start to seriously consider going back to an internal system.
And I would also point out that GMail is a massive system. The more complicated it gets the more chances are it will fail. Having a variety of simpler setups does have some advantage.
Then just leave the windows open.
My father in law once told me the debt is like a mortage. Being my father in law I didn't correct him, but here...hey it's the internet.
A mortage usually grows in value and you also are paying part of the principal. Neither seems to be true with the debt. I suppose the GDP does grow and with inflation, but I think that's a bit different.
Last time I checked the interest payments on our debt where over 400 billion. That coming close to our highest budgetary item...our defense.
At our current rate our interest payments will be our highest payment. Something we can't even cut. This is like a credit card with your minimum payment being higher then you can even afford.
We have to raise taxes on someone. Sorry to the right wingers...but it can't be helped. We have to pay our way out of this. Even with drastic spending cuts we still have to. The cold hard facts are we have to do both. I'm not a politician, so I can say this. Time we start to listen to reason and not what make us feel good here in the U.S.
Imagine what we could do with that 400 billion every year. It's time to bring it down even if it means a few years of less then average growth. It's time to start thinking about our children. Not in some "make me feel better about my self" fashion, but just in general. I think in the long run it is what's best.
Just make SSL cert cheaper and get rid of all the multiple server licensing and crap.
Make the damn thing ran by a non-profit organization and cut the cost.
Cloud computing is a buzzword. It comes in different flavors and will evolve over time.
Amazon is just a server you can turn on and off...largely used for large processing needs, not real time apps.
Google's app engine is more of a step in the right direction, but it is probably overly "Googlish".
What we really need is a LAMP like setup for rent from the likes of Rackspace or some smaller hosting firm...something where we can just add PHP servers, Ruby servers, Python servers, etc to the mix. The database server is "yours" albeit it hosted offsite. Once this techs get really easy to add an configure via web apps it'll give them more appeal. IMHO getting an Amazon server up is a bit overly compilcated.
As far as things like Gmail I totally agree that using this for corporate email is a bad idea. For personal email I don't see a problem with it....just hook it up to Outlook or some other email client vai IMAP so you have a local database....but at least you can get to it anywhere from any computer which is an advantage that really does trump the priavacy thing. Of course using OWA(outlook web access) on an Exchange is a way to get the best of both worlds...internet access...and an Exchange server in your local server space. Replace Exchange and OWA with your favorite email server and Web access layer.
If you really do have privacy concerns you're probably already using a different solution...the rest of us can take advantage of the convienance. If I do something wrong I do have faith in the FBI to get enough evidence regardless :)
I'm a little late to this conversation, but I think we are thinking about carbon dating incorrectly.
Carbon is not decaying by itself. I thought carbon dating had more to do with particles colliding with carbon atoms producing a different atomic weight. This was a fairly rare event and so you could estimate the amount of time based on how common the collisions where.
Now I always thought that carbon dating wasn't perfect and that you should back it up with other evidence anyways.
Okay so the flash ad just copies something to the clipboard in a loop. Closing the tab or browser stops this. I suppose if you are running your browser in the background this would be very annoying and you wouldn't know.
Today firefox and IE prompt if you want to use the clipboard from javascript, but it used to not be this way. I'm sure Adobe will patch this soon enough.
This is like old popups...and oversight that is being exploited by the annoying "internet bully". It's like getting a wet willing or you head stuffed in a toilet.
The issue is here that both Flash and the underlying operating system don't have any kind of cut and paste protection. X, Mac OS X, and XP/Vista should not allow a program to copy and paste the same dam string to the clipboard over and over. Really kind of annoying that we have to spend so many human hours fixing "problems" like this...but such is life I suppose.
So yell at Dell, IBM, etc. These people could easily bundle Opera and Firefox.
Microsoft can't and shouldn't in my opinion. If they bundle it they are somehow indicating that they should support it.
So now if I'm IBM or Dell should I bundle Firefox and then support it myself. Lets think, I can just bundle Internet Explorer and Ms will support it or at least help me support it.
IBM and Dell could easily remove all the shortcuts. I imagine if you renamed iexplorer.exe things would probably break.
Firefox offers free chat support, but it requires a browser. Microsfot could be contacted by phone. Opera likely has some sort of support. So there isn't
really a reason for IBM or Dell not to bundle Firefox. So won't don't they...yell at the OEMs not Microsoft. IE might suck to you, but it is free...should no Linux distribution comes with Firefox on the CD?
From what little I can get from the article this seems like just another cross site scripting attack.
Although this can "help" an attacker steal information the end user still has to click a link provided by the attacker that tricks the user into thinking they are on someone elses site and seeing content that site generated.
Cross site scripting attacks are not to laughed off, but they do tend to get over exagerated. When is the last time you clicked on an email link sent to you out of the blue...and then stuck in your user name and password.
People could just as easily fall for attacks like this that don't even change the URL. Not to mention that this has to upload the payload to a server. Meaning you can steal people's information, but it has to go to an IP somewhere. Maybe if law enforcement would get off their behinds and go after this f'ers it wouldn't be such a big issue.
All the anti-flash posts need to get down voted. I could easily say that Jscript sucks because of all the various security issues it has had over the years, but it isn't useful or productive. Flash is what flash is...you don't like it...don't install it and shutup and let the rest of us use it.
So much bickering about the term brick. I'm rarely one to say stop staring at pixels and go get layed...but jc. It is not like someone called an apple and orange here. The term brick is a funny term that has been associated with a device that is pretty much dead...but repairable. A computer virus is not a virus at all....it only somewhat resembles one. A brick of hardware is not clay, it simply is an analogy.
:)
What do you call a device that is absolutely not repairable?... garbage...or a collection of atoms.
Lastly I saw a post that said users can't call a harddrive memory...like it or not a harddrive is memory. Persistant memory versus RAM which is volatile. A user is not wrong to call a harddrive memory...it is just against general methodology...but not wrong. Language is a funny thing..no
Dont' worry, but happy now.
A common problem in the enterprise world is data auditing. By auditing I mean keeping a record of data as it changes.
I've implemented various solutions, usually consisting of copying the row into another table, slapping some sort of version id on it, and the updating the row with new values.
When a new column is added to a table you typically have to add one to your auditing table. Then there is the concept of who made the change. I've implemented a solution using triggers and generic table to hold the changes, but it wasn't as fast as I'd like. Even with triggers I typically regenerated the code when a new column was added. I did not analyze database meta-data during trigger execution.
This can be useful from a governance standpoint all the way down to a debugging standpoint. I've been able to concretely identify how data corruption occurred more times then I can count with these systems.
Have you ever thought of baking this into the database server. Perhaps having MySQL automatically create an auditing table and update it as records are updated. Deletes could be handled the same way, by simple marking the last row in the audit table as such.
Any thoughts?
Isn't making the plants that grow from the seeds produce seeds that are sterile good enough?
If I buy a seed I should be able to plant it as far away from when I bought it as I'd like.
If you explain to the farmer that the plant cannot be used for seed it is up to the farmer and the open market to decide if that is the right approach. If the farmer cannot afford the seed then they will have to use non engineered seed and the companies will have to decide if it is worth it.
It seems like it would be pretty easy for the Anti-virus vendors and other anti-malware vendors to tap into the javascript engine and detect these sorts of things.
So you go to www.somecrappysite.com and it tries to run jscript. Then the tool you are running does some analysis and says...hmmm...that seems strange. If it knows it is an attack it stops the page from loading and blocks the page straight up. If it is unsure it can ask the user if they want to continue AND ask the user if they can upload the information for analysis.
I think we should keep IE and Firefox patched up, but realtime analysis seems like a better idea.
I'd rather see a device like this that is a tap based IDS or IPS system.
You can buy taps and redirect copies of network traffic into a snort or other IDS, but I'd rather have a small all encompassing device I could take on the road.
Wouldn't work for wireless, but I'd rather hop on a wired connection at a hotel anyways. Half the time wireless is shotty or the signal is weak.
If I just plug the ethernet into one port and then plug my laptop into the other that would be great. It could then block traffic on non standard ports, and look for signatures and block that traffic and/or the orginating IP all together.
I thought the shark christ had finally come.
I have to agree here. Mainly becuase I've had to have my computer desk in a guest bedroom before. When the in-laws came over it was annoying to have to unplug everything.
A Linksys router intended for home use generally has too many LEDs, that quite frankly don't do anything...unless you are monitoring. Think of all the electricity that is being wasted by the very computer you are typing on. The little send receieve blinking telling you nothing...because you are not looking at it..it might even be obstructed.
Yes you can tape them over and all sorts of things, but it is fairly tacky. I'd rather these devices have a "black mode" where a single button push can turn off al LED. How these things look are less important then their functionality, but not harm in making them look better to.
Another grype is devices that do not have power switches. Most cable/dsl routers and modems have no power switch. This is not only annoying when you want to reset the things, but means you can't easly turn off the LEDs. When my monitor is switched off it should not have it's LED on... I don't need a "it's plugged into the wall" indicator.
Time after time in developing an applications I have to remind individuals that a business plan or a non-virtual simulation of most things are possible and should be done first. Most of the things we do in computers at one time where done on paper. Email is just the digital form of snail mail. Instead of writing something and putting it in a mailbox I send it via SMTP servers. Even a game could be played out via a board game or in real life essentially. Life simulators could definately.
So if I was in a more traditional setting and I left an annoymous note next to a teenager and she/he opened it and it had sexually explicit content targeted at that individual I would get in trouble.
The biggest difference is that you are unable to see the individual you are targeting. If I walked up to a character in MMORPG and asked if they where a teenager, and they said yes, and then I went about chatting them sexually I would be breaking the law. If they lied to me and said they where not, and then I went about my business I would have a defense.
We had this argument for years when it came to annoymous posts, even on Slashdot, Slashdot is not responsible, the end user is. The same holds true for online play. The game compnay can take steps to protect their players if the players demand it, but they are not. The post office does not get in trouble when someone sends a bomb threat thru the mail... Second Life should work with the authroites to give as much context to the story if possible ( if it even happened ) and then find out the people involved and the intent. If the perp was in fact targeting teenagers to get off he should be punished the same as if he where doing it in public.
I do have a major problem calling it rape. Rape is physical, straight up. It is harrasment. The same laws that apply if I walked up to a teenager and started talking to him/her sexually should apply. We do not need new laws.
Lastly, I think that game companies should be responsible and not allow for sexual interaction in these sorts of games. Not chatting, but actually being able to sleep with another character. They are just asking for trouble. If I could go up to someone in a game and actually rape them if I choose ( a real person not a AI character ) I think the game company should be held responsible.
Many studuents in the U.S. take higher level math. Not nearly the numbers, but many do. Some of us actually enjoy it and get it. For those that do not "get it" we don't provide an avenue.
:) I don't have the answers to replace it, but I think we should start talking about it.
When we all got to be 11-14 we stopped caring about school as much...not all of us of course, but many of us start to think about all the other things. From which clothes to wear to sex. School becomes and after thought for many. Then when we get to high school and need to start focusing we've already screwed ourselves.
Part of this I think is to the inadequacy of 1st thru 7th grades. We learn basic arthimetic, how to spell ( I didn't do so hot ), and some stupid life sciences. It is so general and does nothign to prepare us for the harder stuff.
Would it be so hard in the first grade when we propose _ + 7 = 11...fill in the blank to instead say X + 7 = 11. What should X be. When the kid says 4 why not then show them 4 = 11 - 7...x = 11 - 7. Basic algebra is not that much harder then the math we learn in the first and second grades, but we wait till the 7th grades when most boys are getting boners looking at their teachers.
Even the act of calling these classes harder is creating the problem. Why is algebra harder...it really isn't if presented right. Calculas is a bit tricky I'll admit, but I think if kids had a better foundation it wouldn't be that hard.
The same is true with science. I don't remember a dang thing I learned in the 7th grade about science. I think the teacher was boring me with the scientific method or something. Looking back to the thrid grade I don't even think science was on the menu. Shouldn't we have diagrams of atoms on the class and tell kids this is what everything is made of. Our minds where like sponges and we where being hand fead.
The importance of younger and younger education is becoming appartent...if you don't like to learn by the time you hit 10th grade and don't have parents pushing you to anyways you probably are not going to make it. Instead of testing kids we need to determine how much they are enjoying class.
Don't get me started on the A-F grading system
Mozzila has no design flaws?Apache, Linux, all the open source file systems, all the various packages all have flawless designs? Kde and Gnome and X itself all designed flawlessly? Of course not...humans write most lines of code after all.
.ANI file to be played in a browser and everywhere else is a good design. It might cause secrutity issues, but having a consistent standard is great for many reasons. Even if in this case animated cursors which would seem to have no purpose to us power using command line freaks. It is more of the fluff that some people really like, who am I to say it is unneeded.
Re-use of code like allowing an
This came down to two things. Sloppy code by someone opening up a file. In this day and age you have to assume that people are going to try and break the system with every know file type out there. Two, the ability for the system to load data out of a "data file" and execute it. Buffer overflows are inherient design flaws in computer science across the board. We should be much more careful about where "jmp" can go.
If this was a callback thing, where the file type had the ability to call a function after it was loaded...that was poor design, but not having a reusable feature or library widely used throughout a system.
Kind of off topic, but related.
Why does the disto seem to matter so much. I'm a developer and I get the idea of linking to some extent, but why is that I can have a Windows app that was desinged for 95 that still runs fine in 2003, but when I get a binary of for an older version of Linux I have to recompile it for newer other distros.
We recently wanted to run Snort, but we didn't want to use a support distro. We ended up recompiling the code, but it seems like a bit much to me.
Part of Windows draw is the installers. I know the RPM and Debian packages are a favorite amoungst Linux advocates, but installers still have their advantage in being accessible.
Why is it that Oracle neeeds to be worry so much about the distro's it will support.
We need a mixture of the two. We need a setup of buttons, nobs, etc that the developer can tweek.
In a lot of car stereo's have a control where you change the bass and some other feature like fade by depressing a turn nob.
Give me a simpler nob, and then let me change what I'm changing on the flat screen by picking volumes settings versus picking surround sound settings versus some other set of settings.
The default up and down control will be the temperature, but a simple change on the touch screen will make it fan control...a little off road practice and you won't have to look down much.
Funny aside, as a programmer I do understand how complicated the browser is as a whole, but it is composed of much simpler parts. And in fact utilizes many OS level functions...which is what caused this..not really the browser. If I was coding it I would have assumed I could safely load a mouse cursor.
.ani files, or they have their own parser and tool to display those cursors...my guess would be they don't support them. That is different then not being susceptable...it just doesn't apply. Sorry for not having the time to research if Firefox implements CSS cursors...hell I didn't even think about IE supporting them.
That is the point of this time in computing history. We can't assume even these simple little things anymore. We all fall pray. I bet most of us have created security holes, but not in a major OS where millions would want to exploit it. After all Windows is written by guys and gals who likely love computers as much as this whole site. Bill and the rest of the jerks up in managment are not writing the security holes. That said I think MS has to be made accountable because they are willing to market security. Macs do too, and they can have holes as well.
Firefox is not effected by this because they must not support
The issue here is that Windows didn't check a file format. After the image file fiasco you think they would have gone through every single file type they support and look at the base code that opens up the file. Maybe they did...maybe this exploit isn't as easy to envision as we'd all like to think. It might be super easy to use it, but it might have taken several security engineers hours and hours to have imagined in the first place. If it is as bone headed as just making the header longer then it should be, then MS needs to get some better code scanners.
Better yet we need to be things like this with some type of protection. If the code was Java this wouldn't have happened. Am I saying to use Java, of course not, but I think we have enough wasted cycles to do some more out of bounds checking in the compiled code.