JWs are easily dealt with. All you have to do is start quoting John 1 for them in Greek and translating on the fly. They go away quickly.
(For those who don't know Greek, the beginning of John 1 is a very simple passages to translate, the equivalent in Greek of Dick and Jane in English. But it reveals sizeable holes in JW doctrine that are impossible to explain away except by misdirection. It also works for Mormons. The first three verses are plenty; in a pinch, verse 1 alone will just about do. On the off chance they don't know who the Word refers to (usually they do) you can point that out from verses 14-15 in English. They'll go away in short order, and the same ones won't come back and bother you again.)
Just quoting John 1 in English won't do, because the JWs have their own translation (and the Mormons their own interpretation) that alters the meaning, and they've been taught answers for the passage in English. But they are not taught answers for the Greek, so they'll leave you alone.
Bugzilla is worth listing, because it makes the browser more usable. (I don't mean just indirectly; the browser is more useful to me because I can follow requests for new features and bugfixes that matter to me, and upgrade when they land, rather than at arbitrary times.)
However, more items on that list are filler than just the ones you give. For example, XUL and skinnability are listed separately, but XUL _provides_ skinnability. (Yes, it also provides the ability to have things like the preferences toolbar, which would be worth listing on its own if it were included rather than being a separate download, but still, XUL is one feature, not two.) Some of the other TLA buzzwords too, like RDF, are not meaningful features in their own right at this time (though they could be in the future). They are implementation details, and they don't matter enough to the user to really deserve a place on the list. If we trimmed off things like that, I think we could bring the list down to perhaps 80 or so.
Still, I can pick five entries on the list that when combined are so meaningful as to render any browser that doesn't have them _useless_ as far as I'm concerned. Tabbed browsing is on the top of that list; Microsoft needs to buy out either crazybrowser or one of the other tabbed browsing extensions for IE and include it in IE7. Popup blocking is on the list too, and is a sufficiently compelling feature that if IE had it, Netscape would be forced to put the UI for it back into their commercial tree.
> (Microsoft tells them to go take a flying leap.)
Right, but that's where it'll go wrong, because Microsoft has a lot of corporate weasels who can write stuff like "Microsoft is working closely with select partners on an initiative to ensure that the needs of Taiwan with respect to custom firewalls are securely met in a trusted computing framework by leveraging the added value of shared source to customize the secure computing environment for effectiveness in the kinds of scenerios that the government of Taiwan faces. We have committed software and security experts who will establish open communications with the Taiwanese government IT departments in order to establish more definitely their security needs and establish an infrastructure to allow these needs to be met. Microsoft is fully committed to helping Taiwan to fulfill all of its requirements for secure software on the Windows platform.
So, as I said upthread, nothing meaningful will come of this.
I can generally make a fair rendering of corporate weaselese into English. I can even translate postmodernist writings into English, and can do a fair job translating Koine Greek into English if I'm allowed to use a lexicon and a couple of paradigm charts. Chinese, however, is a language I can't translate. Some of the more intense lawyerese is beyond me also.
So, which language did you mean when you said "gibberish"? Let's see a sample of it, and see if I can have a go...
> I still find it funny that a communist country like China can claim > to be the "Peoples Republic of China"
The adjective "People's", in communist countries, doesn't mean the same thing that it means in (for example) the US. To us, "people" is the plural of "person", and "People's" is possessive plural, indicating that the item is owned by a group of individuals who are each a person. It doesn't mean that in China. Rather, it means something along the lines of "controlled by the state that governs the People", where "the People" is a collective term that refers not to individuals but to the entire populace as a nation. (The simple plural people, meaning a number of individual people, is also used, but you can tell the difference from context.)
I seem to have left the word "leveraging" out of my statement. It should read, "work with select partners to ensure that this need is met within a trusted computing framework by leveraging the shared source initiative..."
Anyway, my point is that nothing meaningful will come of it.
Oh, sure. Well, sort of. Microsoft will probably work with select partners to ensure that this need is met within a trusted computing architecture via the shared source initiative, or somesuch. (When translated into English, this rougly means they'll allow half a dozen NDA-bound persons from the government in question to peek for a couple of minutes at copies of what they claim is the requested source code, with strict provisions in place to ensure no useful information ever comes of it to anyone. The government of Taiwan will be pacified by this just enough that nothing more interesting will come of the matter.)
> I've even had bounces because my mail, with a Yahoo return > address, was sent via my Hong Kong ISP's SMTP
This is not surprising. Your Hong Kong ISP's SMTP server probably fits the following profile:
* Resides in the APNIC block.
* A tracert from anywhere in the western hemisphere will
pass through southern California.
* The last router the tracert passes through in southern
CA (on the way to the SMTP server in question) will be
the last node on the route that can be looked up via
reverse DNS. Almost _nothing_ in APNIC provices reverse
domain lookup (i.e., in-addr.arpa). (Whereas, in the
the western world almost all IP addresses are reversible,
so you can at least look up who registered the domain.)
* Therefore, tracking down who controls the mail server
in question is highly impractical. You'd have to find
out who APNIC sublets the block to that contains the IP,
then find out who _that_ outfit (a highly-uncooperative
Asian backbone provider) sublets to, then find out
whether that ISP owns the mail server or is subletting
that part of the IP block further (and you are taking
their word for it), and so on. That way lies madness.
* A significant amount of spam is sent using that mail
server. Not by you, but by other customers of your
ISP, or perhaps by people who are using it as a relay,
if it's open to that.
In other words, it's not a good mail server to use for your outgoing mail. I sympathize, because I imagine it's next to impossible, living in your area, to find an ISP that will provide you with an account on a decent mail server, and it could be hard to justify the added expense of a separate account on a mail server elsewhere.
Nice. I'm already filtering ks_c stuff, but this catches some Korean spam that slips through by using utf8 or just plain not specifying a character set. Thanks!
That's interesting, considering Microsoft's privacy policy clearly states that they may reveal your identifying information to select business associates in order to provide value-added services, or some such legalese for "we will sell your address".
> Now, you may say that giving out SSN is more dangerous than giving > out e-mail
*I* wouldn't say so. I give out my email address (everywhere: on slashdot, on usenet, on my own website,... everywhere), but I know the fire I'm playing with and am prepared to deal with the deluge. (I use Gnus, so filtering can be arbitrarily elaborate. Some day, I'll set up my own mail server and do the filtering server-side with SMTP rejects, as this guy has done... but for now the client-side filtering is getting me by. Only about 80 messages got past my filters so far since last night... and of course they all landed in my inbox, where almost none of my legitimate mail ever goes, because it gets sorted into various folders by subject and sender and by To: field (mailing lists) and so on. Legitimate mail is much easier to filter than spam. I get _way_ more legit mail than spam, and way less of it lands in my inbox for manual sorting.
> I wouldn't mind trying GNU/Hurd.. but there aren't any screen shots > to tempt me
The visual interface would be your bog-standard Gnome, so about a third of the "Linux" screenshots out there look exactly like they would look if the same shot had been taken on a Hurd system, instead of a Linux system. Hurd and Linux wouldn't _look_ any different, in terms of graphical screenshots. All the differences would be the under-the-hood kind.
Asking for screenshots of a kernel is like asking for photographs of thunder.
Yes, I did. sendmail listens on a port, for connections from the internet. It needs to handle the data coming in from there safely, _regardless_ of permissions on the local filesystem.
Incidentally, I checked, and the fs permissions issue I was talking about was actually / being group-writable -- i.e., members of the wheel group can put stuff in the root directory. The fact that sendmail cares about that at all is a symptom of the fact that it runs as root, which is generally considered to be a really really really bad idea for anything that listens on a port for connections from the internet and handles data that comes in from random people "out there".
I don't happen to know exactly _what_ vulnerabilty we're not supposed to blame sendmail for if / is group-writable, but frankly it's none of sendmail's business. sendmail should be conducting its business in ~sendmail and shouldn't care about/, other than to be able to traverse it to find its binaries in/usr/bin or whereever. Apparently there are a number of things we can put in the DontBlameSendmail environment variable to get sendmail to run without complaining if various things that are none of its business aren't to its liking. It's a symptom. sendmail cares about stuff it shouldn't need to care about, because it's running as root, which is inherently dangerous and completely unnecessary, a legacy of the LONG gone era when people got their mail by logging into the mail server directly and using an mbox file. (For this reason sendmail wants to be root, so it can store mail in each user's own home directory, rather than in a subtree of sendmail's home directory where it ought to be.)
Yes, but Burger King doesn't have McNuggets (per se), and when they advertise their Big King, people flock to McDonald's for Big Macs. It's all about consumer perception. McDonald's doesn't have the same market share as Microsoft and Coca-Cola, but they're only a couple of notches shy of it, and so far ahead of BK there's no comparison. Why? Mostly, their advertising is darned good. (There are other factors too. McDonald's always chooses effective locations, for example. But the advertising is a huge part of it.)
> If that things running 9.1 Yep, that's what it came with.
> and has 64MB or less, it's going to run like a cow. Yes it does. Maybe that's the problem. My PII/233 came with 32MB originally, but it does currently have a bit more than that (512MB). I don't _hear_ the hard drive swapping on the iMac, but maybe it is.
> for another 128 MB, that iMac will be much happier. I'll have to keep that in mind, come recommendation time.
Okay, but Solaris, like Linux, doesn't have to be reloaded all that often, does it? It's not like Windows 98, that has to be rebooted every day just on principle. You can just turn off the monitor when you go home at night (or, if it's at home, when you leave for work), and back on when you return.
Same with Emacs. You don't need to exit it. In fact, there's very little point in doing that. You just leave it running. If you once in a while need to use something else (Mozilla or the Gimp, probably), you can just minimize Emacs and come back to it afterward.
Five (or 10-15, on my PII/233) extra seconds after each power outage is just not a big deal to me. The load time of Emacs _did_ annoy me when I was using Windows. Since I swithed to a stable OS, it no longer bothers me. (I now leave my web browser open for days and days; sometimes I put off upgrading to new Mozilla milestones for up to a day or two after I download them, in order to get around to finishing reading and closing all those tabs I had open...)
Sendmail likes to _blame_ things on the OS that are really (at least partly) sendmail's fault. For example, being insecure if/usr is group-readable. That's just silly; there's nothing inherently insecure about having/usr be group-readable. (If it were world writable, that would be something else.) (It was/usr, wasn't it? It's the thing you have to change in the filesystem to get sendmail to be secure on OS X.) IMO there's no excuse for sendmail to blame that on the OS; in the first place, sendmail should be secure regardless of the filesystem permissions, and in the second place if it doesn't need to read such places it should run as a user with fewer permissions (e.g., with its own group like Apache does). qmail, for all the complaints you can make about its license, at least takes responsibility for its own vulnerabilities.
Are weaknesses in the OSes _partially_ responsible for some of those vulnerabilities? Well, sure, but the weakness is exploited through sendmail and does not have an impact on competing implementations; that makes it sendmail's problem in my book, and blaming it on the OS is just a way of shirking responsibility. Do you report the vulnerability in the OS? Heck, yes, but you also fix your app to not be exploitable through it. The sendmail people need to drop the "don't blame sendmail" attitude and write secure software. I know it's hard being the leading server software in a particular market, but when openssl can be exploited because of an issue in certain kernels, they patch openssl. When the openssl issue causes some Apache installations to be vulnerable, the Apache people release an advisory. It shouldn't be about placing blame; it should be about _fixing the problem_. The sendmail people are more interested in pointing fingers.
Not that there aren't things you _can't_ work around, that have to be fixed at the OS level. Keeping unauthorized local users out of the data on a system without filesystem permissions (e.g., Win98), for example, is not something that can be fixed by the app, at least not easily. But at some point a line is crossed where the problem _should_ be fixed in the app. Especially if it's an app that listens on ports or otherwise receives data from random entities on the net. sendmail has a long history of being vulnerable -- way worse than BIND, right up there with IIS and Outlook. And it's going to continue to be that way for as long as they keep wanting to blame their issues on the OS.
> The Windows versions of edit.com is vastly improved over the edit.com > in older MS operating systems, allowing you to open 9 files at once
Ooooh, nine files at once. It's not as if the editor I used in the days of DOS 3 allowed me to open nine files at once and switch between them quickly, and split the screen between two of them, and copy lines, ranges, or regtangular blocks back and forth between them...
> not to mention the ability to open fairly large files Wow, now I'm certainly impressed.
> You should check it out. Believe me, I'm already quite familiar with the pain of working with it. Pretty much every time I have to reinstall Windows on one of the PCs at work, I end up using edit.com for something or another, usually to get Windows to see the CD-ROM drive (WHY does Windows 9x need drivers for an ATAPI CD-ROM? They're all the _same_...) so I can install the drivers for the network card so I can download a decent text editor and browser and drivers so I can finish the installation. If it's a system I'll barely ever have to touch, I just install PFE as a drop-in replacement for notepad. If it's a system I'm going to have to use with any frequency at all, I also install Emacs. If it's a system I'm going to use a _lot_, I install several megabytes of sitelisp.
> If you want to make money..., you first find something that people > want, and then develop products to fill that need.
That works if you want to make a reasonable amount of money, but if you want to make trainloads of money, you have to find something you can produce in large quantities cheaply, that other corporations will be unable to exactly duplicate. That's the hard part. Then you hire a bunch of marketing people to make everyone WANT this product, and you're all set. Whether the product was something people really wanted before your marketing people got to them is of only partial importance. It does make the marketing job easier, but its impact is not nearly as significant as you might think. With the right marketing campaign, you can sell anything. I'm convinced you could sell used dental floss with the right marketing. (That would not be a useful business strategy, of course, because other companies could readily produce lots of their own used dental floss to sell, driving down the price to next-to-nothing, and then you could no longer afford to pay your marketing people. The trick is to find something nobody else can produce, so you can set the price where you want it.)
And BTW, when I originally came up with that explanation, I was not thinking of MS. I was thinking of McDonalds. There are other fast food joints, yes, but McDs employs creative use of trademarks and customer perception to make sure that none of the competitors can really deliver quite exactly the same product in the eyes of the consumer. That said, Microsoft is another example of the same phenomenon.
To stop a non-bandwidth bogus-request attack,
you just turn on syncookies and that's that. This module is designed to stop a different kind of attack, wherein the clients are completing entire transactions too many times and thus consuming
your bandwidth. There are other types of DOS
attacks too -- reflection attacks (where you get
a ton of ACK packets from all over the internet,
using up all your bandwidth), for example, have to
be stopped at the router level upstream, which
prevents the server from completing any
transactions as a client (over the internet; it
can still get through over the LAN, of course).
Err, no. The adoption of English as the foremost language of international trade was pretty much a done deal by 1900. Of course, this has changed before, and may change again, but the wars in the twentieth century have pretty much nothing to do with it.
Anyway, I don't think it matters what _languages_ these fonts do or don't support, as long as they have all the needed symbols to support MathML. That means Latin and Greek alphabets at minimum, plus aleph (from Hebrew), and of course all the various non-letter symbols.
> Won't most of these new non-alphanumeric symbols just be ignored by > google's search tokenizer anyway?
If so, it would be trivial to design a math-oriented search engine. Getting everything out there switched over to MathML from the various horrible hacks (make the whole equation an enormous image, use a thousand <font> tags and tell the user to either install the sixteen fonts you found your symbols in or go away, do the entire paper in Unportable Document Format, make images for each of the various symbols and use RHNTLFTP (Really Horrific Nested Table Layout From The Pit), or whatever else you can dream up that somehow gets the thing to look almost right on the screen...) is the hard part of that problem.
Once the documents use clean and consistent markup, searching becomes somewhat easier.
I still want the ability to link to certain positions in other peoples' web pages where they didn't think to put a named anchor... Then again, I want too much. I'm horrible that way. Our library's catalog automation software vendor asked us at a convention once what features we'd like to see added, and the first thing that popped out of my mouth was the ability to search the full text of all the books in the library. (Thing is, I was serious. I want that feature.)
Indeed, I got the error too, but upon closer inspection I discovered that the "JavaScript" checkbox on my prefs toolbar was unchecked. I turned it back on, and Excite works fine. Mozilla 1.2 beta.
> >Why do you need to remove IE to use another browser? > > Oh... that one isn't so hard.
Actually, you don't have to remove it per se, but you do need to upgrade it to at least 6.0, select Custom install, click the Advanced button, and tell it not to make itself the default browser.
You upgrade to the alpha or beta builds only if there's a compelling new feature that you really want, or if you just want to help with testing. (In my case, I can no longer stand the backward-closing tabs of the 1.0 era, so I use 1.2 beta. It's funny what I can no longer stand, that I thought was so wonderful when I was comparing it to something a bit older.)
Then there are the nightlies; you use those when you're really really desparate for a new feature that just hit, or if you need to stay current for testing purposes. During the 0.9.5 days I was using the nightlies because the tabbed browsing stuff was improving constantly.
There was a time, during the 0.9.9/1.0RC era, when you could actually improve your stability in some cases by jumping to a nightly build. I imagine we'll see a repeat of that during the buildup toward 2.0. But during the 1.x dev cycles, more of the work being done is feature work, and if you want stability you go with 1.0.1
Speaking of stability... 1.0.1 still has some stability issues with printing certain types of malformed pages. (Sure, we can all say the pages are malformed, but while that's an excuse for rendering them differently than intended, it's no excuse for crashing.) I hope during the 1.x cycle that can get cleaned up enough that the 2.0.x series can be really truly rock solid.
JWs are easily dealt with. All you have to do is start quoting
John 1 for them in Greek and translating on the fly. They go away
quickly.
(For those who don't know Greek, the beginning of John 1 is a very
simple passages to translate, the equivalent in Greek of Dick and
Jane in English. But it reveals sizeable holes in JW doctrine that
are impossible to explain away except by misdirection. It also works
for Mormons. The first three verses are plenty; in a pinch, verse 1
alone will just about do. On the off chance they don't know who the
Word refers to (usually they do) you can point that out from verses
14-15 in English. They'll go away in short order, and the same ones
won't come back and bother you again.)
Just quoting John 1 in English won't do, because the JWs have their
own translation (and the Mormons their own interpretation) that
alters the meaning, and they've been taught answers for the passage
in English. But they are not taught answers for the Greek, so
they'll leave you alone.
Bugzilla is worth listing, because it makes the browser more usable.
(I don't mean just indirectly; the browser is more useful to me
because I can follow requests for new features and bugfixes that
matter to me, and upgrade when they land, rather than at arbitrary
times.)
However, more items on that list are filler than just the ones you
give. For example, XUL and skinnability are listed separately, but
XUL _provides_ skinnability. (Yes, it also provides the ability to
have things like the preferences toolbar, which would be worth
listing on its own if it were included rather than being a separate
download, but still, XUL is one feature, not two.) Some of the
other TLA buzzwords too, like RDF, are not meaningful features in
their own right at this time (though they could be in the future).
They are implementation details, and they don't matter enough to
the user to really deserve a place on the list. If we trimmed off
things like that, I think we could bring the list down to perhaps
80 or so.
Still, I can pick five entries on the list that when combined are
so meaningful as to render any browser that doesn't have them
_useless_ as far as I'm concerned. Tabbed browsing is on the top
of that list; Microsoft needs to buy out either crazybrowser or
one of the other tabbed browsing extensions for IE and include it
in IE7. Popup blocking is on the list too, and is a sufficiently
compelling feature that if IE had it, Netscape would be forced to
put the UI for it back into their commercial tree.
> (Microsoft tells them to go take a flying leap.)
Right, but that's where it'll go wrong, because Microsoft has a lot
of corporate weasels who can write stuff like "Microsoft is working
closely with select partners on an initiative to ensure that the
needs of Taiwan with respect to custom firewalls are securely met in
a trusted computing framework by leveraging the added value of shared
source to customize the secure computing environment for effectiveness
in the kinds of scenerios that the government of Taiwan faces. We
have committed software and security experts who will establish open
communications with the Taiwanese government IT departments in order
to establish more definitely their security needs and establish an
infrastructure to allow these needs to be met. Microsoft is fully
committed to helping Taiwan to fulfill all of its requirements for
secure software on the Windows platform.
So, as I said upthread, nothing meaningful will come of this.
I can generally make a fair rendering of corporate weaselese into
English. I can even translate postmodernist writings into English,
and can do a fair job translating Koine Greek into English if I'm
allowed to use a lexicon and a couple of paradigm charts. Chinese,
however, is a language I can't translate. Some of the more intense
lawyerese is beyond me also.
So, which language did you mean when you said "gibberish"? Let's see
a sample of it, and see if I can have a go...
> I still find it funny that a communist country like China can claim
> to be the "Peoples Republic of China"
The adjective "People's", in communist countries, doesn't mean the
same thing that it means in (for example) the US. To us, "people" is
the plural of "person", and "People's" is possessive plural,
indicating that the item is owned by a group of individuals who
are each a person. It doesn't mean that in China. Rather, it
means something along the lines of "controlled by the state that
governs the People", where "the People" is a collective term that
refers not to individuals but to the entire populace as a nation.
(The simple plural people, meaning a number of individual people,
is also used, but you can tell the difference from context.)
I seem to have left the word "leveraging" out of my statement. It
should read, "work with select partners to ensure that this need is
met within a trusted computing framework by leveraging the shared
source initiative..."
Anyway, my point is that nothing meaningful will come of it.
Oh, sure. Well, sort of. Microsoft will probably work with select
partners to ensure that this need is met within a trusted computing
architecture via the shared source initiative, or somesuch. (When
translated into English, this rougly means they'll allow half a
dozen NDA-bound persons from the government in question to peek for
a couple of minutes at copies of what they claim is the requested
source code, with strict provisions in place to ensure no useful
information ever comes of it to anyone. The government of Taiwan
will be pacified by this just enough that nothing more interesting
will come of the matter.)
> I've even had bounces because my mail, with a Yahoo return
> address, was sent via my Hong Kong ISP's SMTP
This is not surprising. Your Hong Kong ISP's SMTP server probably
fits the following profile:
* Resides in the APNIC block.
* A tracert from anywhere in the western hemisphere will
pass through southern California.
* The last router the tracert passes through in southern
CA (on the way to the SMTP server in question) will be
the last node on the route that can be looked up via
reverse DNS. Almost _nothing_ in APNIC provices reverse
domain lookup (i.e., in-addr.arpa). (Whereas, in the
the western world almost all IP addresses are reversible,
so you can at least look up who registered the domain.)
* Therefore, tracking down who controls the mail server
in question is highly impractical. You'd have to find
out who APNIC sublets the block to that contains the IP,
then find out who _that_ outfit (a highly-uncooperative
Asian backbone provider) sublets to, then find out
whether that ISP owns the mail server or is subletting
that part of the IP block further (and you are taking
their word for it), and so on. That way lies madness.
* A significant amount of spam is sent using that mail
server. Not by you, but by other customers of your
ISP, or perhaps by people who are using it as a relay,
if it's open to that.
In other words, it's not a good mail server to use for your
outgoing mail. I sympathize, because I imagine it's next to
impossible, living in your area, to find an ISP that will
provide you with an account on a decent mail server, and it
could be hard to justify the added expense of a separate
account on a mail server elsewhere.
Nice. I'm already filtering ks_c stuff, but this catches some Korean
spam that slips through by using utf8 or just plain not specifying
a character set. Thanks!
> Using Hotmail alone doesn't get you spammed.
That's interesting, considering Microsoft's privacy policy clearly
states that they may reveal your identifying information to select
business associates in order to provide value-added services, or
some such legalese for "we will sell your address".
> Now, you may say that giving out SSN is more dangerous than giving
... everywhere), but I know
> out e-mail
*I* wouldn't say so. I give out my email address (everywhere: on
slashdot, on usenet, on my own website,
the fire I'm playing with and am prepared to deal with the deluge.
(I use Gnus, so filtering can be arbitrarily elaborate. Some day,
I'll set up my own mail server and do the filtering server-side with
SMTP rejects, as this guy has done... but for now the client-side
filtering is getting me by. Only about 80 messages got past my
filters so far since last night... and of course they all landed in
my inbox, where almost none of my legitimate mail ever goes, because
it gets sorted into various folders by subject and sender and by To:
field (mailing lists) and so on. Legitimate mail is much easier to
filter than spam. I get _way_ more legit mail than spam, and way
less of it lands in my inbox for manual sorting.
> I wouldn't mind trying GNU/Hurd.. but there aren't any screen shots
> to tempt me
The visual interface would be your bog-standard Gnome, so about a
third of the "Linux" screenshots out there look exactly like they
would look if the same shot had been taken on a Hurd system, instead
of a Linux system. Hurd and Linux wouldn't _look_ any different, in
terms of graphical screenshots. All the differences would be the
under-the-hood kind.
Asking for screenshots of a kernel is like asking for photographs
of thunder.
Yes, I did. sendmail listens on a port, for connections from the
/, other than /usr/bin or
internet. It needs to handle the data coming in from there safely,
_regardless_ of permissions on the local filesystem.
Incidentally, I checked, and the fs permissions issue I was talking
about was actually / being group-writable -- i.e., members of the
wheel group can put stuff in the root directory. The fact that
sendmail cares about that at all is a symptom of the fact that it
runs as root, which is generally considered to be a really really
really bad idea for anything that listens on a port for connections
from the internet and handles data that comes in from random people
"out there".
I don't happen to know exactly _what_ vulnerabilty we're not
supposed to blame sendmail for if / is group-writable, but frankly
it's none of sendmail's business. sendmail should be conducting
its business in ~sendmail and shouldn't care about
to be able to traverse it to find its binaries in
whereever. Apparently there are a number of things we can put
in the DontBlameSendmail environment variable to get sendmail to
run without complaining if various things that are none of its
business aren't to its liking. It's a symptom. sendmail cares
about stuff it shouldn't need to care about, because it's running
as root, which is inherently dangerous and completely unnecessary,
a legacy of the LONG gone era when people got their mail by logging
into the mail server directly and using an mbox file. (For this
reason sendmail wants to be root, so it can store mail in each
user's own home directory, rather than in a subtree of sendmail's
home directory where it ought to be.)
Yes, but Burger King doesn't have McNuggets (per se), and when they
advertise their Big King, people flock to McDonald's for Big Macs.
It's all about consumer perception. McDonald's doesn't have the same
market share as Microsoft and Coca-Cola, but they're only a couple of
notches shy of it, and so far ahead of BK there's no comparison. Why?
Mostly, their advertising is darned good. (There are other factors
too. McDonald's always chooses effective locations, for example.
But the advertising is a huge part of it.)
> If that things running 9.1
Yep, that's what it came with.
> and has 64MB or less, it's going to run like a cow.
Yes it does. Maybe that's the problem. My PII/233 came with 32MB
originally, but it does currently have a bit more than that (512MB).
I don't _hear_ the hard drive swapping on the iMac, but maybe it is.
> for another 128 MB, that iMac will be much happier.
I'll have to keep that in mind, come recommendation time.
Okay, but Solaris, like Linux, doesn't have to be reloaded all that
often, does it? It's not like Windows 98, that has to be rebooted
every day just on principle. You can just turn off the monitor when
you go home at night (or, if it's at home, when you leave for work),
and back on when you return.
Same with Emacs. You don't need to exit it. In fact, there's very
little point in doing that. You just leave it running. If you once
in a while need to use something else (Mozilla or the Gimp, probably),
you can just minimize Emacs and come back to it afterward.
Five (or 10-15, on my PII/233) extra seconds after each power outage
is just not a big deal to me. The load time of Emacs _did_ annoy
me when I was using Windows. Since I swithed to a stable OS, it no
longer bothers me. (I now leave my web browser open for days and
days; sometimes I put off upgrading to new Mozilla milestones for
up to a day or two after I download them, in order to get around to
finishing reading and closing all those tabs I had open...)
Sendmail likes to _blame_ things on the OS that are really (at least /usr is /usr be group-readable. (If it were world /usr, wasn't
partly) sendmail's fault. For example, being insecure if
group-readable. That's just silly; there's nothing inherently
insecure about having
writable, that would be something else.) (It was
it? It's the thing you have to change in the filesystem to get
sendmail to be secure on OS X.) IMO there's no excuse for sendmail
to blame that on the OS; in the first place, sendmail should be
secure regardless of the filesystem permissions, and in the second
place if it doesn't need to read such places it should run as a user
with fewer permissions (e.g., with its own group like Apache does).
qmail, for all the complaints you can make about its license, at
least takes responsibility for its own vulnerabilities.
Are weaknesses in the OSes _partially_ responsible for some of those
vulnerabilities? Well, sure, but the weakness is exploited through
sendmail and does not have an impact on competing implementations;
that makes it sendmail's problem in my book, and blaming it on the
OS is just a way of shirking responsibility. Do you report the
vulnerability in the OS? Heck, yes, but you also fix your app to
not be exploitable through it. The sendmail people need to drop the
"don't blame sendmail" attitude and write secure software. I know
it's hard being the leading server software in a particular market,
but when openssl can be exploited because of an issue in certain
kernels, they patch openssl. When the openssl issue causes some
Apache installations to be vulnerable, the Apache people release
an advisory. It shouldn't be about placing blame; it should be
about _fixing the problem_. The sendmail people are more interested
in pointing fingers.
Not that there aren't things you _can't_ work around, that have to
be fixed at the OS level. Keeping unauthorized local users out of
the data on a system without filesystem permissions (e.g., Win98),
for example, is not something that can be fixed by the app, at least
not easily. But at some point a line is crossed where the problem
_should_ be fixed in the app. Especially if it's an app that listens
on ports or otherwise receives data from random entities on the net.
sendmail has a long history of being vulnerable -- way worse than
BIND, right up there with IIS and Outlook. And it's going to
continue to be that way for as long as they keep wanting to blame
their issues on the OS.
> The Windows versions of edit.com is vastly improved over the edit.com
> in older MS operating systems, allowing you to open 9 files at once
Ooooh, nine files at once. It's not as if the editor I used in the
days of DOS 3 allowed me to open nine files at once and switch
between them quickly, and split the screen between two of them, and
copy lines, ranges, or regtangular blocks back and forth between them...
> not to mention the ability to open fairly large files
Wow, now I'm certainly impressed.
> You should check it out.
Believe me, I'm already quite familiar with the pain of working
with it. Pretty much every time I have to reinstall Windows on
one of the PCs at work, I end up using edit.com for something or
another, usually to get Windows to see the CD-ROM drive (WHY does
Windows 9x need drivers for an ATAPI CD-ROM? They're all the
_same_...) so I can install the drivers for the network card so
I can download a decent text editor and browser and drivers so I
can finish the installation. If it's a system I'll barely ever
have to touch, I just install PFE as a drop-in replacement for
notepad. If it's a system I'm going to have to use with any
frequency at all, I also install Emacs. If it's a system I'm
going to use a _lot_, I install several megabytes of sitelisp.
> If you want to make money..., you first find something that people
> want, and then develop products to fill that need.
That works if you want to make a reasonable amount of money, but if
you want to make trainloads of money, you have to find something you
can produce in large quantities cheaply, that other corporations will
be unable to exactly duplicate. That's the hard part. Then you hire
a bunch of marketing people to make everyone WANT this product, and
you're all set. Whether the product was something people really
wanted before your marketing people got to them is of only partial
importance. It does make the marketing job easier, but its impact
is not nearly as significant as you might think. With the right
marketing campaign, you can sell anything. I'm convinced you could
sell used dental floss with the right marketing. (That would not
be a useful business strategy, of course, because other companies
could readily produce lots of their own used dental floss to sell,
driving down the price to next-to-nothing, and then you could no
longer afford to pay your marketing people. The trick is to find
something nobody else can produce, so you can set the price where
you want it.)
And BTW, when I originally came up with that explanation, I was not
thinking of MS. I was thinking of McDonalds. There are other fast
food joints, yes, but McDs employs creative use of trademarks and
customer perception to make sure that none of the competitors can
really deliver quite exactly the same product in the eyes of the
consumer. That said, Microsoft is another example of the same phenomenon.
To stop a non-bandwidth bogus-request attack, you just turn on syncookies and that's that. This module is designed to stop a different kind of attack, wherein the clients are completing entire transactions too many times and thus consuming your bandwidth. There are other types of DOS attacks too -- reflection attacks (where you get a ton of ACK packets from all over the internet, using up all your bandwidth), for example, have to be stopped at the router level upstream, which prevents the server from completing any transactions as a client (over the internet; it can still get through over the LAN, of course).
> The USA won WWII
Err, no. The adoption of English as the foremost language of
international trade was pretty much a done deal by 1900. Of course,
this has changed before, and may change again, but the wars in the
twentieth century have pretty much nothing to do with it.
Anyway, I don't think it matters what _languages_ these fonts do
or don't support, as long as they have all the needed symbols to
support MathML. That means Latin and Greek alphabets at minimum,
plus aleph (from Hebrew), and of course all the various non-letter
symbols.
> Won't most of these new non-alphanumeric symbols just be ignored by
...) is the hard part of
> google's search tokenizer anyway?
If so, it would be trivial to design a math-oriented search engine.
Getting everything out there switched over to MathML from the various
horrible hacks (make the whole equation an enormous image, use a
thousand <font> tags and tell the user to either install the sixteen
fonts you found your symbols in or go away, do the entire paper in
Unportable Document Format, make images for each of the various
symbols and use RHNTLFTP (Really Horrific Nested Table Layout From
The Pit), or whatever else you can dream up that somehow gets the
thing to look almost right on the screen
that problem.
Once the documents use clean and consistent markup, searching becomes
somewhat easier.
I still want the ability to link to certain positions in other
peoples' web pages where they didn't think to put a named anchor...
Then again, I want too much. I'm horrible that way. Our library's
catalog automation software vendor asked us at a convention once
what features we'd like to see added, and the first thing that popped
out of my mouth was the ability to search the full text of all the
books in the library. (Thing is, I was serious. I want that feature.)
Indeed, I got the error too, but upon closer inspection I discovered
that the "JavaScript" checkbox on my prefs toolbar was unchecked. I
turned it back on, and Excite works fine. Mozilla 1.2 beta.
> >Why do you need to remove IE to use another browser?
>
> Oh... that one isn't so hard.
Actually, you don't have to remove it per se, but you do need to
upgrade it to at least 6.0, select Custom install, click the Advanced
button, and tell it not to make itself the default browser.
> I got lots and lots of stuff breaking with 1.2
Yes. The most stable version is still 1.0.1.
You upgrade to the alpha or beta builds only if there's a compelling
new feature that you really want, or if you just want to help with
testing. (In my case, I can no longer stand the backward-closing tabs
of the 1.0 era, so I use 1.2 beta. It's funny what I can no longer
stand, that I thought was so wonderful when I was comparing it to
something a bit older.)
Then there are the nightlies; you use those when you're really really
desparate for a new feature that just hit, or if you need to stay
current for testing purposes. During the 0.9.5 days I was using the
nightlies because the tabbed browsing stuff was improving constantly.
There was a time, during the 0.9.9/1.0RC era, when you could actually
improve your stability in some cases by jumping to a nightly build.
I imagine we'll see a repeat of that during the buildup toward 2.0.
But during the 1.x dev cycles, more of the work being done is feature
work, and if you want stability you go with 1.0.1
Speaking of stability... 1.0.1 still has some stability issues
with printing certain types of malformed pages. (Sure, we can all
say the pages are malformed, but while that's an excuse for rendering
them differently than intended, it's no excuse for crashing.) I hope
during the 1.x cycle that can get cleaned up enough that the 2.0.x
series can be really truly rock solid.