Hey, if you think you can get those numbers, go ahead. I haven't seen anything other than a skyhook that does $100/kg. Also, once you have 2 skyhooks, you can build 20 while lifting cargo.
Even if the economy gets a lot better, they aren't going to suddenly give you a 20 or 30% raise for the same or similar job you've been doing for much less.
So jump ship - it's not like the next company knows what you've been making in your current job.
$450/wk wouldn't help me very much, especially if I get docked for 100% of any cash I manage to make; better to dock for 30% so that I have the impetus to go get a consulting gig and pull in a grand or two a month while I set up something permanent.
A few days later I got an email from Kathy. She was a little distressed that I took the effort to debunk the contents of her email...embarrassing her in the process.
That's how I got my mother to stop sending me right wing diatribes - Reply-all and tell her how each and every point was false. I got an indirect reply from some old catlady saying that I was too young to understand, but hey - no more diatribes.
If it's not exposed to the internet then nobody can access it externally.
VPNs work pretty well.
An email server can be hardened much more easily.
Exchange does have public folders for this.
How do you keep a conversation private and then open it up to other people as needed? Discussion boards with per topic passwords? Sounds really awkward.
Start with email, then post a digest to the webboard.
WTF? A defect went from being a nuclear reactor going into a meltdown into something that we'll not fix, but send employees to the client site for a couple of weeks, spending several hundred thousand to fix the defect with major KLUDGES in the busieness logic to work around a bug that could be fixed for EVERY client at one fell swoop for about $20K?
Well yeah, it went from someone else's fault to the CEO's fault. You can't expect him to hold himself to the same standards, can you?
you take pains to keep your social site stuff disjoint - I don't care if someone correlates my plaxo/linkedin profiles - both are my real name, but a myspace profile will have no coworkers on it. I can just talk to them, anyway.
That's what happens when you can't get the budget for a failover server - it costs too much money. Meanwhile, 50 people sitting on their thumbs for half a day is apparently free.
Thta said, though, having worked with IT people, the annoying, snotty, you-are-so-stupid-because-you-can't-fix-your-own-computer attitude and cynicism that seems to be common is... well, annoying.
Depends on what they're fixing - if it's some secretary who's installed bonzi buddy for the third time, then damn right the IT drone will be condescending.
Of course they test at 1920x1200 - that's how you can stress the card. It also avoids the problem of getting ridiculous framerates because you tested on a reasonable resolution.
You know, I learned to drive from watching my mother (when I was 6). I knew enough to start the car, drive and steer, but my feet didn't reach the pedals. Also, I wasn't a little shit that would go joyriding in mom's car.
no, it's easy: configure the router to proxy to proxy all requests to the slashdot domain. Since the AJAX trick is strictly client side, it will present as consistent with the regular traffic. Slashadmins would need to grab a separate domain for their proxy poison.
2) Block anonymous proxies. If you ever look at your logs, slashdot will sometimes request a file when you're not logged in and post (http://slashdot.org/ok.txt) from you to see if your IP is an anonymous proxy. IF they get their own file from your IP, they block you.
Huh, If I were a nefarious dude (and I am the Fulcrum of Evil), I'd implement proxying at the router, so that sort of thing would show me as living at some specified IP.
Blocking login attempts after 5 different *userids* from the same source might work, but then you have to define what a source is.
That's easy - you don't have to be perfect, just limit damage; a 15 minute timeout (even a silent one) after enough failures is innocuous enough that you can accept some false positives, so define source as IP, with whitelists for known trusted sources and perhaps AOL (lots of people on one IP). Once you've pinched the largest offenders, look at your remaining kiddie traffic, and define a couple more sources to reduce those numbers further, until you get to an acceptable level.
I like CC gun laws just fine, but... they don't really affect crime rates either way. That's more a function of economic opportunity and culture than anything else.
On topic, while I see the good side of pointing out security holes, any time it goes to actively pentesting a site, the perpetrators need to be prosecuted; sure, they don't mean to break things, but a well intentioned idiot can cause a lot of damage, and what would it solve anyway? People who don't care about security won't change just because they know about a problem, they'll only secure things when forced.
Slashdot Mirror
Hey, if you think you can get those numbers, go ahead. I haven't seen anything other than a skyhook that does $100/kg. Also, once you have 2 skyhooks, you can build 20 while lifting cargo.
Sure, nobody wants to lift cargo at the current price point. Try cutting it by 90% and see what happens.
Idiots out themselves in multiple ways - best if they don't cause a major disruption while doing it :)
Even if the economy gets a lot better, they aren't going to suddenly give you a 20 or 30% raise for the same or similar job you've been doing for much less.
So jump ship - it's not like the next company knows what you've been making in your current job.
$450/wk wouldn't help me very much, especially if I get docked for 100% of any cash I manage to make; better to dock for 30% so that I have the impetus to go get a consulting gig and pull in a grand or two a month while I set up something permanent.
Since when is that the proper procedure? Lock down who's allowed to send to huge lists and you're done.
A few days later I got an email from Kathy. She was a little distressed that I took the effort to debunk the contents of her email...embarrassing her in the process.
That's how I got my mother to stop sending me right wing diatribes - Reply-all and tell her how each and every point was false. I got an indirect reply from some old catlady saying that I was too young to understand, but hey - no more diatribes.
Where do you host the webboard?
internally.
If it's not exposed to the internet then nobody can access it externally.
VPNs work pretty well.
An email server can be hardened much more easily.
Exchange does have public folders for this.
How do you keep a conversation private and then open it up to other people as needed? Discussion boards with per topic passwords? Sounds really awkward.
Start with email, then post a digest to the webboard.
Or you could, you know, restrict who's allowed to post on the 'everyone' list.
WTF? A defect went from being a nuclear reactor going into a meltdown into something that we'll not fix, but send employees to the client site for a couple of weeks, spending several hundred thousand to fix the defect with major KLUDGES in the busieness logic to work around a bug that could be fixed for EVERY client at one fell swoop for about $20K?
Well yeah, it went from someone else's fault to the CEO's fault. You can't expect him to hold himself to the same standards, can you?
you take pains to keep your social site stuff disjoint - I don't care if someone correlates my plaxo/linkedin profiles - both are my real name, but a myspace profile will have no coworkers on it. I can just talk to them, anyway.
That's what happens when you can't get the budget for a failover server - it costs too much money. Meanwhile, 50 people sitting on their thumbs for half a day is apparently free.
Thta said, though, having worked with IT people, the annoying, snotty, you-are-so-stupid-because-you-can't-fix-your-own-computer attitude and cynicism that seems to be common is ... well, annoying.
Depends on what they're fixing - if it's some secretary who's installed bonzi buddy for the third time, then damn right the IT drone will be condescending.
They can't be that good if they've never used the phrase "risk mitigation".
Of course they test at 1920x1200 - that's how you can stress the card. It also avoids the problem of getting ridiculous framerates because you tested on a reasonable resolution.
You know, I learned to drive from watching my mother (when I was 6). I knew enough to start the car, drive and steer, but my feet didn't reach the pedals. Also, I wasn't a little shit that would go joyriding in mom's car.
no, it's easy: configure the router to proxy to proxy all requests to the slashdot domain. Since the AJAX trick is strictly client side, it will present as consistent with the regular traffic. Slashadmins would need to grab a separate domain for their proxy poison.
Exa is an SI prefix, while Exabyte is 2^60 bytes. Simple.
yeah, missed one.
At first I was like :-D, but then I serious'd.
Note this is a bit different than the current ssl scheme where the same public key can be used for many different users.
No, it's a client cert, done poorly. Use client certs if that's what you want, but don't expect twitterheads to figure that out.
2) Block anonymous proxies. If you ever look at your logs, slashdot will sometimes request a file when you're not logged in and post (http://slashdot.org/ok.txt) from you to see if your IP is an anonymous proxy. IF they get their own file from your IP, they block you.
Huh, If I were a nefarious dude (and I am the Fulcrum of Evil), I'd implement proxying at the router, so that sort of thing would show me as living at some specified IP.
Blocking login attempts after 5 different *userids* from the same source might work, but then you have to define what a source is.
That's easy - you don't have to be perfect, just limit damage; a 15 minute timeout (even a silent one) after enough failures is innocuous enough that you can accept some false positives, so define source as IP, with whitelists for known trusted sources and perhaps AOL (lots of people on one IP). Once you've pinched the largest offenders, look at your remaining kiddie traffic, and define a couple more sources to reduce those numbers further, until you get to an acceptable level.
There has to be someway for a server to archive it all while allowing him access via a blackberry. Even if he has to lean on RIM for a custom server.
A corporate email service archiving mail? Whodathunkit?
I like CC gun laws just fine, but... they don't really affect crime rates either way. That's more a function of economic opportunity and culture than anything else.
On topic, while I see the good side of pointing out security holes, any time it goes to actively pentesting a site, the perpetrators need to be prosecuted; sure, they don't mean to break things, but a well intentioned idiot can cause a lot of damage, and what would it solve anyway? People who don't care about security won't change just because they know about a problem, they'll only secure things when forced.