There's no way to stop filesharing except at the endpoints of communication. Unless the users stop wanting to use filesharing, there will always be workarounds for all the filtering and blocking you can think of. The next step is encrypted connections below tcp level, aka ad hoc virtual private networks. Since there's a heap of good reasons why one would want all traffic (even the "non-shady") encrypted anyway, universities will most likely refrain from blocking the necessary protocols. Once the traffic becomes opaque to the transport, there goes the ability to filter based on contents or protocols.
What can be done is this: Restrict bandwith or volume of data. That however will limit certain promising aspects of network development like freenet and other decentralized protocols. That's why especially universities which are supposed to be interested in innovation should think twice before crippling network access.
Rapid prototyping is a great aid in finding the requirements and the overall structure of the code, no more, no less. After that, you document what you have found, throw the prototype away (keep it for reference maybe, but it should not be used in production) and code the real thing. The sad thing is, in real life pointy haired people jump in after the prototype has settled and cut the rest of the development because "it's already good enough".
I guess this is just the online version of magazines which never give a bad rating in a review if the manufacturer advertises in the same mag. They'll learn to conceal this better over time.
That's a good approach because it helps the programmer understand what the part of the program he is working on is supposed to do. We are not talking about comments like // add 1 to x
here. The downside is that sometimes the code needs to take a different approach compared to what was planned before. At that point the documentation easily becomes inconsistent, because it is there already, so it won't be noticed that something is missing. It takes discipline to avoid that trap.
Writing documentation is a tiresome and, what's worse, an unglorious job. Rarely do people talk about how great the documentation was and how much it helped them in succeeding. Everybody loves the programmer who adds a feature. Nobody knows the writer who explained it. If we want better documentation, that has got to change. I know I was very eager to create even better documentation when I received compliments about it.
Re:OK, let's kill soldiers instead.
on
The Drone War
·
· Score: 1
I guess it was very moral to fly some jets into skyscrapers then. The relation of enemies killed to friends killed was fantastic from El Caida's point of view. Ok, it backfired, but I'm sure you thought about that when you called killing enemies a moral thing.
Re:You Believe This??
on
The Drone War
·
· Score: 2, Insightful
How far out of the loop is demonstrated by enclosing the word war in quotes. A war of drones is still going to affect human lives, including casualties as a result, even if it were possible to restrict combat to arenas. Take a look at third world countries which are constantly at war and thus fail to feed their populace. War is about making others to accept your demands. As long as there are conflicts, people will suffer from war, no matter how it is fought.
For safety's sake you might want to avoid that too, but forgiveness is only bound to the promise that you won't write about creating energy in the context of thermdynamics comments.
From the review: The password for the DSL access was in plain text in an unprotected file.
The provider password is probably the most valuable information on the firewall, second only to full backdoor access. I have not yet verified that it is actually the secrets file itself which has the wrong permissions, but since c't has a reputation to lose, they wouldn't let an obvious misperception as mistaking a link for the file slip through.
There are many ways an attacker could gain inside access to the firewall. Most involve security vulnerabilities, others rely on uneducated users. Anyway, if the cgi-bins which are used to configure the firewall are not 100% secure, a buffer overflow in one of them could potentially be used to read any file which is accessible to the cgi-bins user. That's why file permissions do matter. Seeing how many people defend the "only root can log in anyway" statement, do you think they have really taken the necessary steps to avoid such a vulnerability by implementing several layers of security?
Now aren't you in deep shit already if an attacker can use your inside systems to connect to the firewall? Of course you are. But think about this: Anti-Virus tools will eventually detect backdoors on your user system(s), but not on the firewall. An undetected attacker can easily cause much more damage by actively destroying your data or just abusing your connection for his purposes over a long time. And who would suspect a backdoor on a rock-solid, completely secure firewall? That's why a false sense of security is worse than no security.
A false sense of security is worse than no security.
Even if no users other than root should ever be able to log in to the firewall, there is a reason to carefully set file permissions: Just like on a server, the services running should do so under their private username. That is to prevent a security related bug (aka vulnerability) from compromising the whole system. This is obviously less important on a router/firewall where services are only provided to the inside, but the attitude shown by the authors of Smoothwall certainly destroys my confidence in their general ability to provide a secure system.
Then there is the false discrimination between inside and outside: Especially when you deal with "non-techie" users you have to expect their systems to become infected by the latest worms and viruses. This opens the possibility of attacks from the inside which really are attacks from the outside. Granted, that is a remote possibility and if it happens, you have bigger problems than firewall file permissions, but it is still not understandable how an easy to fix thing like this is completely ignored. The german review makes it quite clear that the attitude of the firewall authors played a big part in the thumbs-down.
Please note that there is no moderation option "wrong" or "didn't read the article". The moderators seem to have a hard time making their minds up about this comment. While it clearly contains hints that the author didn't read or completely understand the linked webpage, it also raises the question about anti-spammers becomming self-righteous and starting unnecessarily harsh games with clearly inferior spammers. I don't agree with that notion but it's an interesting addition to the discussion, even if only to make others point out what's wrong with that impression. I would rate this an "interesting troll", in other words +0. You however are calling him ignorant, which deserves -1, flaimbait.
This is leading to "he killed while he was drunk, so he can't be held responsible for his actions". While that is a consideration, others still need to be protected from such an incident being repeated.
Spammers deliberately hide behind the fact that most spam recipients have no way of knowing for sure how many other victims there are and who they are. That makes the ever-so-annoying "Oops, sorry, made a mistake" a viable excuse. Every once in a while, when a truly obnoxious spammer hits the wrong people, an example like this reminds people that you can't walk around ignoring all the rules and expect to be treated politely.
I seriously doubt that Shifman can't control himself in the sense that he needs psychological help. He's just trying to avoid the consequences of his spamming and because he has no legal leg to stand on he resorts to empty threats. He's just not used to dealing with professional anti-spam people, which makes him look stupid in this comedy. I suspect his tactics work just fine when used against less experienced people.
The right thing to do is double-opt-in. I've received a good share of spam mails claiming that I've at one time subscribed to a service or a list. This is almost always complete bullshit. I am tracking subscriptions and the address on which these mails appear hasn't been used to subscribe to anything for years. Also, don't join, split or rename lists without notifying all recipients of the change and don't blame it on "business people" if you don't keep the recipients up-to-date about their subscription status. You probably didn't do this, but just in case: Don't sell lists to other entities at all. Such a move should always require the users to resubscribe.
Spammers are sending their junk to a large number of recipients to increase the number of positive replies. The downside of this approach is that they are also pissing a lot of people off. Now only four of those pissed off people teamed up on a decidedly uncooperative and aggressive spammer. What makes you think the spammer should be defended against such an "onslaught"?
So "targeted" doesn't imply that you are trying to aim your mails at a reasonable target? Shifman claims to be computer literate. If that is not complete bullshit, he should be able to at least sort out addresses who earned him complaints to his provider. Besides, if an email is unsolicited and sent to many recipients, it fits the term UBE. The U is "unsolicited", not "untargeted".
There are enough indications that shifman did not carefully select the recipients of his resume. That would have involved checking wether the recipients are likely to be interested in receiving his mail, making it "solicited". The most obvious indication is that he sent his mail to Neil after being told not to.
The mails were not sent to addresses posted on the websites of target COMPANIES in at least one case. They were also not directed at companies Shifman wanted to work for. That is obvious from some of the replies to his solicitations. Companies in the IT business are also much more likely to act against spam because they do recognize what it is and what problems it causes. Thus you shouldn't assume that Shifman's mails were targeted at all, just because you don't see counteractions by non-IT businesses. And after all, he sent the same spam to Neil after being told it wasn't welcome at all the first time. If that is not spam, what is?
You must be one of them. Not only is "one hundreth of one percent" just a wild guess, it is also not 0.001 but 0.0001. The real reason spammers are still spamming is that they *think* it works because people like you are telling them it works. Why would anyone trick someone into believing that spam works? Easy, to sell the tools and the lists. The only spam which works (as in earns-you-money) is the "Buy millions of verified email addresses" spam.
So the bandwith hogs pay some external usenet provider to stop using internal bandwith and start using external bandwith. Most access providers are trying to get the huge bandwith eating servers as close to the users as possible. Capping use of your own internal servers doesn't look like an intelligent move to me...
Slashdot Mirror
There's no way to stop filesharing except at the endpoints of communication. Unless the users stop wanting to use filesharing, there will always be workarounds for all the filtering and blocking you can think of. The next step is encrypted connections below tcp level, aka ad hoc virtual private networks. Since there's a heap of good reasons why one would want all traffic (even the "non-shady") encrypted anyway, universities will most likely refrain from blocking the necessary protocols. Once the traffic becomes opaque to the transport, there goes the ability to filter based on contents or protocols.
What can be done is this: Restrict bandwith or volume of data. That however will limit certain promising aspects of network development like freenet and other decentralized protocols. That's why especially universities which are supposed to be interested in innovation should think twice before crippling network access.
If you build it, they will come. Now that they built it, they wish they hadn't come.
Planned obsoletion? You could always say the cooling failed, so the chip caught fire and sorry, it's out of warranty.
Rapid prototyping is a great aid in finding the requirements and the overall structure of the code, no more, no less. After that, you document what you have found, throw the prototype away (keep it for reference maybe, but it should not be used in production) and code the real thing. The sad thing is, in real life pointy haired people jump in after the prototype has settled and cut the rest of the development because "it's already good enough".
I guess this is just the online version of magazines which never give a bad rating in a review if the manufacturer advertises in the same mag. They'll learn to conceal this better over time.
That's a good approach because it helps the programmer understand what the part of the program he is working on is supposed to do. We are not talking about comments like
// add 1 to x
here. The downside is that sometimes the code needs to take a different approach compared to what was planned before. At that point the documentation easily becomes inconsistent, because it is there already, so it won't be noticed that something is missing. It takes discipline to avoid that trap.
Writing documentation is a tiresome and, what's worse, an unglorious job. Rarely do people talk about how great the documentation was and how much it helped them in succeeding. Everybody loves the programmer who adds a feature. Nobody knows the writer who explained it. If we want better documentation, that has got to change. I know I was very eager to create even better documentation when I received compliments about it.
I guess it was very moral to fly some jets into skyscrapers then. The relation of enemies killed to friends killed was fantastic from El Caida's point of view. Ok, it backfired, but I'm sure you thought about that when you called killing enemies a moral thing.
(nobody looks good when they kill civilians.)
Just don't tell anyone. Kinda works.
How far out of the loop is demonstrated by enclosing the word war in quotes. A war of drones is still going to affect human lives, including casualties as a result, even if it were possible to restrict combat to arenas. Take a look at third world countries which are constantly at war and thus fail to feed their populace. War is about making others to accept your demands. As long as there are conflicts, people will suffer from war, no matter how it is fought.
For safety's sake you might want to avoid that too, but forgiveness is only bound to the promise that you won't write about creating energy in the context of thermdynamics comments.
Forgiven, if you promise not to do it again in a reply to a comment which refers to the laws of thermodynamics.
You can GENERATE power?
From the review: The password for the DSL access was in plain text in an unprotected file.
The provider password is probably the most valuable information on the firewall, second only to full backdoor access. I have not yet verified that it is actually the secrets file itself which has the wrong permissions, but since c't has a reputation to lose, they wouldn't let an obvious misperception as mistaking a link for the file slip through.
There are many ways an attacker could gain inside access to the firewall. Most involve security vulnerabilities, others rely on uneducated users. Anyway, if the cgi-bins which are used to configure the firewall are not 100% secure, a buffer overflow in one of them could potentially be used to read any file which is accessible to the cgi-bins user. That's why file permissions do matter. Seeing how many people defend the "only root can log in anyway" statement, do you think they have really taken the necessary steps to avoid such a vulnerability by implementing several layers of security?
Now aren't you in deep shit already if an attacker can use your inside systems to connect to the firewall? Of course you are. But think about this: Anti-Virus tools will eventually detect backdoors on your user system(s), but not on the firewall. An undetected attacker can easily cause much more damage by actively destroying your data or just abusing your connection for his purposes over a long time. And who would suspect a backdoor on a rock-solid, completely secure firewall? That's why a false sense of security is worse than no security.
A false sense of security is worse than no security.
Even if no users other than root should ever be able to log in to the firewall, there is a reason to carefully set file permissions: Just like on a server, the services running should do so under their private username. That is to prevent a security related bug (aka vulnerability) from compromising the whole system. This is obviously less important on a router/firewall where services are only provided to the inside, but the attitude shown by the authors of Smoothwall certainly destroys my confidence in their general ability to provide a secure system.
Then there is the false discrimination between inside and outside: Especially when you deal with "non-techie" users you have to expect their systems to become infected by the latest worms and viruses. This opens the possibility of attacks from the inside which really are attacks from the outside. Granted, that is a remote possibility and if it happens, you have bigger problems than firewall file permissions, but it is still not understandable how an easy to fix thing like this is completely ignored. The german review makes it quite clear that the attitude of the firewall authors played a big part in the thumbs-down.
Have a look:
http://rubloff.com/building/lvbuild/2828bur.htm
http://www.bestagents.net/sweethome/listings4.htm
You are right: #402 is on the 4th floor. #420 is available:
2828 N. BURLING #420 1 Bedroom / 1 Bath $189,000 Assessment: $142 / Taxes: $2,181
No need to rely on wetware memory:
http://rubloff.com/building/lvbuild/2828bur.htm
http://www.bestagents.net/sweethome/listings4.htm
You can move in on the same floor as Bernie(#402)! #420 is available...
Please note that there is no moderation option "wrong" or "didn't read the article". The moderators seem to have a hard time making their minds up about this comment. While it clearly contains hints that the author didn't read or completely understand the linked webpage, it also raises the question about anti-spammers becomming self-righteous and starting unnecessarily harsh games with clearly inferior spammers. I don't agree with that notion but it's an interesting addition to the discussion, even if only to make others point out what's wrong with that impression. I would rate this an "interesting troll", in other words +0. You however are calling him ignorant, which deserves -1, flaimbait.
This is leading to "he killed while he was drunk, so he can't be held responsible for his actions". While that is a consideration, others still need to be protected from such an incident being repeated.
Spammers deliberately hide behind the fact that most spam recipients have no way of knowing for sure how many other victims there are and who they are. That makes the ever-so-annoying "Oops, sorry, made a mistake" a viable excuse. Every once in a while, when a truly obnoxious spammer hits the wrong people, an example like this reminds people that you can't walk around ignoring all the rules and expect to be treated politely.
I seriously doubt that Shifman can't control himself in the sense that he needs psychological help. He's just trying to avoid the consequences of his spamming and because he has no legal leg to stand on he resorts to empty threats. He's just not used to dealing with professional anti-spam people, which makes him look stupid in this comedy. I suspect his tactics work just fine when used against less experienced people.
The right thing to do is double-opt-in. I've received a good share of spam mails claiming that I've at one time subscribed to a service or a list. This is almost always complete bullshit. I am tracking subscriptions and the address on which these mails appear hasn't been used to subscribe to anything for years. Also, don't join, split or rename lists without notifying all recipients of the change and don't blame it on "business people" if you don't keep the recipients up-to-date about their subscription status. You probably didn't do this, but just in case: Don't sell lists to other entities at all. Such a move should always require the users to resubscribe.
Spammers are sending their junk to a large number of recipients to increase the number of positive replies. The downside of this approach is that they are also pissing a lot of people off. Now only four of those pissed off people teamed up on a decidedly uncooperative and aggressive spammer. What makes you think the spammer should be defended against such an "onslaught"?
So "targeted" doesn't imply that you are trying to aim your mails at a reasonable target? Shifman claims to be computer literate. If that is not complete bullshit, he should be able to at least sort out addresses who earned him complaints to his provider. Besides, if an email is unsolicited and sent to many recipients, it fits the term UBE. The U is "unsolicited", not "untargeted".
There are enough indications that shifman did not carefully select the recipients of his resume. That would have involved checking wether the recipients are likely to be interested in receiving his mail, making it "solicited". The most obvious indication is that he sent his mail to Neil after being told not to.
The mails were not sent to addresses posted on the websites of target COMPANIES in at least one case. They were also not directed at companies Shifman wanted to work for. That is obvious from some of the replies to his solicitations. Companies in the IT business are also much more likely to act against spam because they do recognize what it is and what problems it causes. Thus you shouldn't assume that Shifman's mails were targeted at all, just because you don't see counteractions by non-IT businesses. And after all, he sent the same spam to Neil after being told it wasn't welcome at all the first time. If that is not spam, what is?
You must be one of them. Not only is "one hundreth of one percent" just a wild guess, it is also not 0.001 but 0.0001. The real reason spammers are still spamming is that they *think* it works because people like you are telling them it works. Why would anyone trick someone into believing that spam works? Easy, to sell the tools and the lists. The only spam which works (as in earns-you-money) is the "Buy millions of verified email addresses" spam.
So the bandwith hogs pay some external usenet provider to stop using internal bandwith and start using external bandwith. Most access providers are trying to get the huge bandwith eating servers as close to the users as possible. Capping use of your own internal servers doesn't look like an intelligent move to me...