The number of people who don't know how to lock down a database astounds me. Whitelist IPs, use low privilege users, never re-use users between applications.
If you screw up your injection scrubbing, and someone sends in a "Drop tables" injection on a user who doesn't have those permissions, there's no issue. Likewise, lock the user down so it only has access to specific data...Never give a user the ability to touch a system table if they're used for a public app.
I don't allow deletions most times, I just add a delete flag to the record, and use an account running locally to do the deletes later...Someone tries to delete a whole table, row by row, and I can catch it before it happens.
Securing your code is necessary, but it shouldn't be your primary line of defense. Start at the server and work your way back.
There is plenty of value, it's just not the majority of the data. The secret is to be able to separate the good stuff from the dross, which is just another analytics problem.
The question is whether or not that's a viable revenue stream, and whether or not the users will stand to be data-mined in that fashion.
Yea, the intrinsic value is a whopping huge bill for servers and bandwidth and employees. I wouldn't pay 50 bucks for Twitter, because I'd go broke long before I figured out how to monetize it.
Having a zillion page views is nothing but a liability if no-one wants to pay for ads or services.
That's about a third of the cost of a T1 line, not counting all the other stuff. Just in terms of available bandwidth it often makes sense to go with a professional host, because they have the resources to go with multiple redundant connections, and most private parties don't.
I understand the issues, regarding capital. If you've already got enough pipe to run the site, then you don't have to worry about that. Even if you need another line in the future, it's not connected to the website, it's just "the building needs more internets."
Still, you'll get more bang for your buck, going offsite.
VMs are like a bullet-proof vest for your hardware.
If a virtual machine takes it in the ass and crashes, the system can spawn a new one without missing a beat, whereas the same crash on the actual machine might cause it to crash.
It's also a good strategy to provide for future growth...If your machines are already virtual, you can host them on any hardware that's appropriate, and you can run as many as you need.
For a small site, your FTP is going to be limited by your bandwidth LONG before it's going to be limited by your hardware, so as your consecutive downloads increase, the load on your system will decrease as the available bandwidth gets eaten up.
I've seen FTP sites that ran a thousand concurrent connections on repurposed desktops. FTP is very lightweight in terms of processing. Your limitation is always bandwidth.
Well, there you have it. Mr MBA has solved the entire case, and we can all go home.
Re:1996 nothing...
on
Jurassic Web
·
· Score: 5, Interesting
You remember the MIT coffee pot cam? Some joker who worked upstairs put a digital camera next to the coffee pot so he could point his browser at the link and see if there was any coffee made, without having to get his ass up and walk to the pot.
Now that was entertainment. I knew people who didn't even go to MIT who checked that thing ALL THE TIME.
Nope, it's that Wall-Wart is too close to our conditioned recognition of Wal-Mart. Your brain has too much crap to do to read every letter of every word, and try to puzzle things out...It uses a sort of constant shape/context interpolation. That's why misspelled words don't prevent you from understanding what the word is supposed to be.
If they'd spelled it correctly (e.g. "wall wart") without the caps and hyphen, it wouldn't have fallen into the same framework, and everyone wouldn't have read it and gone, "Linux Wal-Mart? WTF?"
One of the very few states that have FOIA attorney provisions? Not including the Federal Goverment of course. Publicly viewing the documents? Sure, why not drive 5 hours out of my way to have cases of documents brought to me, so I can figure out what I need? Better bring money for a hotel room.
FOIA is a crap tool. The fucking government should release that stuff in a digital format for the asking. It shouldn't be buried in a warehouse full of other paper, where you can only see it after threatening litigation. And they will stonewall you forever. They will send you the wrong stuff, they will take the maximum amount of time to respond.
It's like you've never filed one before. Or you're a lawyer.
I work at a newspaper, I'm married to a reporter. I know what the fuck I'm talking about.
You, on the other hand, haven't read anything above if you're equating "independent" to "non-partisan".
Independent in this context means private citizens, doing journalism on their own, without the backing of a major news organization. It doesn't mean a regular news organization with an unbiased point of view. It doesn't mean the random blogging of a full time journalist.
Yes, it costs money to do quality reporting. Not some times, all the time. Phone bills, mileage, fucking pens and notebooks, internet, computers. Overseas? Shit! Buy your own plane tickets. Buy your own goddamn body armor! Pay for your own meals! And get paid by the story from some wire service that can cut you lose at a moments notice.
Independent. Right. Mention Rupert Fucking Murdoch, the king of corporate media, in the same sentence with "independence."
Not this month, unless you bought your digital converter.
Anyway, that's not free. The only way they can pull that off is because they had a virtual TV monopoly for decades, and can buy up exclusive content and aggressively market ads with it, and that's on top of what the cable companies who carry those channels pay them.
You pathetic little hypocrite. That blog has, on its front page, an unsourced link to an article from the New York Times and you have the shit-eating audacity to point to that as a proof that independent journalism is alive and well.
I pay far more for my newspaper than it takes to pay a newspaper delivery person...
Respectfully...No, you don't. You know how they pay newspaper people? They don't. Those people buy however many copies of the paper they need from the company, and then they deliver them. If the customers don't all go nuts and claim they lost their paper, the delivery person gets a refund that is more than the newspapers cost them, and less than the newspapers cost the customer.
From that, they have to take out their own fuel and car costs. Running one route is a break even job. Running 5 routes...You make some decent money. However, the ability to run 5 routes depends very much on your location. If the houses are too spread out, the route is too marginal to attract a good carrier. Little Jimmy might be able to deliver 200 papers, at 3:00am, on a route that's 15 miles long...But don't bet on it.
The days of the neighborhood paperboy delivering the paper at 7:00am are long gone. People start calling and screaming at 5:00am if their papers haven't arrived yet...It's still dark for most of the year at 5:00am.
A lot of them very well may fold, and it's easy not to care, because you don't see what you get. But if you don't have a local paper keeping check on your local politicians, all hell will break loose. Government without oversight is piss-poor government, and you can't trust them to watch themselves.
And then the aggregators will aggregate...What, exactly?
I think the pay model is making a comeback, as it becomes clear that the ad-supported model is a pipe-dream. Give our hugungous recession credit for one thing: now no one wants to base their revenue stream on ads.
The interesting question is how to collect? That's the part that still has to be solved. The reason that it's been free for so long is that there has been no method to collect.
What I think is that they have nothing to lose. Oh noes, no one will get their content for free!?! Who does that hurt? Them? No. It hurts everyone else.
Traditional media is hitting the point where they can't afford to give it away for free anymore. The problem is, there is no one else who can afford to do what they do for free either.
Far from being the death of news, what you're hearing is the death-knell of the free-as-in-beer news content on the internet. And that heralds the death of the free-as-in-beer Web 2.0 never-have-to-make-a-profit sites on the internet.
Did you really think that "free as in beer" was a sustainable business model?
Some newspapers are still free. It's not a revenue model that supports things like actual news, however. Take that from someone who has run a free-as-in-beer paper; you're talking a bare handful of employees, unskilled stringers who write the articles for less than minimum wage, pirated software on out-of-date computers, and shit for profit.
Now a big for-money paper, on the other hand, has a huge chunk of it's profit eaten up by the physical product. A free paper will print maybe 30 pages, once a week, with maybe 2 pages of color. A for-profit paper probably has 6-10 color pages (true!), printed 7 days a week, and they pay people to take it to your house...They don't just drop off a few dozen at your favorite coffee house.
They also have the money to pay good salaries to people who spend their days going to extremely boring government meetings, and calling people on the phone, and threatening people with the law...all in an attempt to get confirmed news that they can then put in the paper...A far cry from the minimum wage weenie writing a grammar free review of his favorite indie band.
I've been ranting against ads for half the thread, but I agree with this.
The problem is shit like doubleclick; they got in early and now they, and services like them, run the bulk of web advertising. They're getting rich, and everyone else is getting shit.
If the traditional media got off its ass, and started selling its own online ad space to it's local advertisers, then they would be able to command much higher prices and much better ads.
It hasn't happened yet, but it's one of the things that has to happen to see traditional media become profitable online.
Not actually true, in the case of newspapers. The bulk of their money comes from subscription payments...If we're talking bread and butter, the subscriptions are the bread.
The ads are the butter on top (in a good year, they can be butter and a bit of jam as well) that allows them to expand, do in-depth coverage, etc. As the former has contracted, the latter has ceased to be entirely butter, and started being part of the bread.
That's where the whole "decline in modern journalism" comes in. When you're not flush with butter, you have to cut back.
Government controlled media is government controlled news, and it should be scary...Even if the government is hands off, there is only so much biting you can do vis a vis the hand that feeds you.
Internet advertising is teh suck. From the perspective of a finance geek at a newspaper that basically owns their market, and has the biggest web presence, it only amounts to about 3% of our overall revenue...Chickenfeed. An ad that costs 1,100 dollars to put in the paper for 2 days can go online for a month for 50 bucks more...A fucking pittance.
Independent journalism is a myth. If you want to cover a car wreck, maybe. If you want to get information from the government? Don't bet on it.
To write a real piece of investigative journalism, you need time, you need clout, and you need money.
As an independent, your FOIA requests will be largely ignored: what are you going to do, sue them? With what money? Big corporate newspapers hardly sue anymore because their margins are shrinking. Let me repeat: companies that make millions of dollars don't make enough money to pursue lawsuits that they can't help but win. What hope does an independent have?
To keep from suing all the time, you need power and prestige. You need the government to know that you mean something, that you represent a large group with deep pockets, and that you will grind them under your boot if they fuck with you. To put this in terms you understand: if a newspaper sells less than 75,000 copies a day...That's 75,000 paid page views...even your state government won't give you the time of day. Translate that into web traffic, and imagine how big the site would have to be. This site gets tons of page views: when was the last time you saw them do something besides link to an article someone else wrote?
Now money. You know what you get from the government if you FOIA request some data and they don't make you sue for it? The motherfuckers make you pay 25 cents a page plus shipping and they'll bulk up the document with everything they can find. You request some piece of information, better be ready to shell out a few hundred dollars in "copying costs." That's perfectly legal, they do that all the time.
Without being able to demand information from the government, what do you have? What kind of journalism can you do? Seriously. And who'd pay for it? Since everything is free right? When the indie journalists go out and break the next Watergate, paying for their own lawyers the whole way, how are they going to get compensated? You gonna buy a t-shirt?
What a fucking joke. Traditional media has it's warts, but no new media has stepped up to the plate...All they do is leech of the old media. And the only winners are the government, who make out like bandits with less oversight.
Who pays for AP? Newspapers. Who prints most of the AP? Newspapers. Who provides most of the content for AP? Newspapers.
That you think that you not viewing the AP for free online is going to hurt them one tiny little bit, shows how little you know about them. Web service they provide at a loss to drive their brand.
Lets just toss the AP for a second. You think that the newspapers not putting their content on line would hurt them? Bullshit. It's not a significant revenue stream for them, even now. Too much of the revenue they do make online is eaten up by the bullshit sites they use to aggregate their ad traffic.
But newspapers not putting their content online would destroy a lot of online sites. Fark, Google News, Yahoo News. Even Slashdot would feel the effects.
So deal. If they pull it all offline it'll be a big deal, and a lot of properties are thinking the same. Free distribution can't pay for in-depth coverage.//Yes, I work in news. Yes, I know more about this than I'd ever want to.
Eh. I think education is essential for many reasons (mind you, I also think our current educational system is appalling). But I do think that this game will benefit science education, and that, to me, is worth the paltry sum it's costing to develop.
A lot more is spent on things I think less worthy.
It's not fickle, it just can't be quantified. If it can't be quantified, it can't be monitized, if it can't be monitized, you'll have everyone who makes even a penny off of advertising sales paying for studies that show that word of mouth is just like stealing.
Slashdot Mirror
The number of people who don't know how to lock down a database astounds me. Whitelist IPs, use low privilege users, never re-use users between applications.
If you screw up your injection scrubbing, and someone sends in a "Drop tables" injection on a user who doesn't have those permissions, there's no issue. Likewise, lock the user down so it only has access to specific data...Never give a user the ability to touch a system table if they're used for a public app.
I don't allow deletions most times, I just add a delete flag to the record, and use an account running locally to do the deletes later...Someone tries to delete a whole table, row by row, and I can catch it before it happens.
Securing your code is necessary, but it shouldn't be your primary line of defense. Start at the server and work your way back.
There is plenty of value, it's just not the majority of the data. The secret is to be able to separate the good stuff from the dross, which is just another analytics problem.
The question is whether or not that's a viable revenue stream, and whether or not the users will stand to be data-mined in that fashion.
Yea, the intrinsic value is a whopping huge bill for servers and bandwidth and employees. I wouldn't pay 50 bucks for Twitter, because I'd go broke long before I figured out how to monetize it.
Having a zillion page views is nothing but a liability if no-one wants to pay for ads or services.
That's about a third of the cost of a T1 line, not counting all the other stuff. Just in terms of available bandwidth it often makes sense to go with a professional host, because they have the resources to go with multiple redundant connections, and most private parties don't.
I understand the issues, regarding capital. If you've already got enough pipe to run the site, then you don't have to worry about that. Even if you need another line in the future, it's not connected to the website, it's just "the building needs more internets."
Still, you'll get more bang for your buck, going offsite.
VMs are like a bullet-proof vest for your hardware.
If a virtual machine takes it in the ass and crashes, the system can spawn a new one without missing a beat, whereas the same crash on the actual machine might cause it to crash.
It's also a good strategy to provide for future growth...If your machines are already virtual, you can host them on any hardware that's appropriate, and you can run as many as you need.
For a small site, your FTP is going to be limited by your bandwidth LONG before it's going to be limited by your hardware, so as your consecutive downloads increase, the load on your system will decrease as the available bandwidth gets eaten up.
I've seen FTP sites that ran a thousand concurrent connections on repurposed desktops. FTP is very lightweight in terms of processing. Your limitation is always bandwidth.
Well, there you have it. Mr MBA has solved the entire case, and we can all go home.
You remember the MIT coffee pot cam? Some joker who worked upstairs put a digital camera next to the coffee pot so he could point his browser at the link and see if there was any coffee made, without having to get his ass up and walk to the pot.
Now that was entertainment. I knew people who didn't even go to MIT who checked that thing ALL THE TIME.
Nope, it's that Wall-Wart is too close to our conditioned recognition of Wal-Mart. Your brain has too much crap to do to read every letter of every word, and try to puzzle things out...It uses a sort of constant shape/context interpolation. That's why misspelled words don't prevent you from understanding what the word is supposed to be.
If they'd spelled it correctly (e.g. "wall wart") without the caps and hyphen, it wouldn't have fallen into the same framework, and everyone wouldn't have read it and gone, "Linux Wal-Mart? WTF?"
One of the very few states that have FOIA attorney provisions? Not including the Federal Goverment of course. Publicly viewing the documents? Sure, why not drive 5 hours out of my way to have cases of documents brought to me, so I can figure out what I need? Better bring money for a hotel room.
FOIA is a crap tool. The fucking government should release that stuff in a digital format for the asking. It shouldn't be buried in a warehouse full of other paper, where you can only see it after threatening litigation. And they will stonewall you forever. They will send you the wrong stuff, they will take the maximum amount of time to respond.
It's like you've never filed one before. Or you're a lawyer.
I work at a newspaper, I'm married to a reporter. I know what the fuck I'm talking about.
You, on the other hand, haven't read anything above if you're equating "independent" to "non-partisan".
Independent in this context means private citizens, doing journalism on their own, without the backing of a major news organization. It doesn't mean a regular news organization with an unbiased point of view. It doesn't mean the random blogging of a full time journalist.
Yes, it costs money to do quality reporting. Not some times, all the time. Phone bills, mileage, fucking pens and notebooks, internet, computers. Overseas? Shit! Buy your own plane tickets. Buy your own goddamn body armor! Pay for your own meals! And get paid by the story from some wire service that can cut you lose at a moments notice.
Independent. Right. Mention Rupert Fucking Murdoch, the king of corporate media, in the same sentence with "independence."
Not this month, unless you bought your digital converter.
Anyway, that's not free. The only way they can pull that off is because they had a virtual TV monopoly for decades, and can buy up exclusive content and aggressively market ads with it, and that's on top of what the cable companies who carry those channels pay them.
Oh wow, guess I should have kept reading. The previous articles are from: LA times, Reuters, Christian Science Monitor, the fucking Voice of America. This is in order, motherfucker! Wall Street Journal, and Newsweek! Not one fucking article that wasn't written by an old school media outlet!
Independent journalism my ass.
You pathetic little hypocrite. That blog has, on its front page, an unsourced link to an article from the New York Times and you have the shit-eating audacity to point to that as a proof that independent journalism is alive and well.
That's the most pathetic thing I've ever seen.
I pay far more for my newspaper than it takes to pay a newspaper delivery person...
Respectfully...No, you don't. You know how they pay newspaper people? They don't. Those people buy however many copies of the paper they need from the company, and then they deliver them. If the customers don't all go nuts and claim they lost their paper, the delivery person gets a refund that is more than the newspapers cost them, and less than the newspapers cost the customer.
From that, they have to take out their own fuel and car costs. Running one route is a break even job. Running 5 routes...You make some decent money. However, the ability to run 5 routes depends very much on your location. If the houses are too spread out, the route is too marginal to attract a good carrier. Little Jimmy might be able to deliver 200 papers, at 3:00am, on a route that's 15 miles long...But don't bet on it.
The days of the neighborhood paperboy delivering the paper at 7:00am are long gone. People start calling and screaming at 5:00am if their papers haven't arrived yet...It's still dark for most of the year at 5:00am.
A lot of them very well may fold, and it's easy not to care, because you don't see what you get. But if you don't have a local paper keeping check on your local politicians, all hell will break loose. Government without oversight is piss-poor government, and you can't trust them to watch themselves.
And then the aggregators will aggregate...What, exactly?
I think the pay model is making a comeback, as it becomes clear that the ad-supported model is a pipe-dream. Give our hugungous recession credit for one thing: now no one wants to base their revenue stream on ads.
The interesting question is how to collect? That's the part that still has to be solved. The reason that it's been free for so long is that there has been no method to collect.
Do I think that? Did I say that?
What I think is that they have nothing to lose. Oh noes, no one will get their content for free!?! Who does that hurt? Them? No. It hurts everyone else.
Traditional media is hitting the point where they can't afford to give it away for free anymore. The problem is, there is no one else who can afford to do what they do for free either.
Far from being the death of news, what you're hearing is the death-knell of the free-as-in-beer news content on the internet. And that heralds the death of the free-as-in-beer Web 2.0 never-have-to-make-a-profit sites on the internet.
Did you really think that "free as in beer" was a sustainable business model?
Some newspapers are still free. It's not a revenue model that supports things like actual news, however. Take that from someone who has run a free-as-in-beer paper; you're talking a bare handful of employees, unskilled stringers who write the articles for less than minimum wage, pirated software on out-of-date computers, and shit for profit.
Now a big for-money paper, on the other hand, has a huge chunk of it's profit eaten up by the physical product. A free paper will print maybe 30 pages, once a week, with maybe 2 pages of color. A for-profit paper probably has 6-10 color pages (true!), printed 7 days a week, and they pay people to take it to your house...They don't just drop off a few dozen at your favorite coffee house.
They also have the money to pay good salaries to people who spend their days going to extremely boring government meetings, and calling people on the phone, and threatening people with the law...all in an attempt to get confirmed news that they can then put in the paper...A far cry from the minimum wage weenie writing a grammar free review of his favorite indie band.
I've been ranting against ads for half the thread, but I agree with this.
The problem is shit like doubleclick; they got in early and now they, and services like them, run the bulk of web advertising. They're getting rich, and everyone else is getting shit.
If the traditional media got off its ass, and started selling its own online ad space to it's local advertisers, then they would be able to command much higher prices and much better ads.
It hasn't happened yet, but it's one of the things that has to happen to see traditional media become profitable online.
Not actually true, in the case of newspapers. The bulk of their money comes from subscription payments...If we're talking bread and butter, the subscriptions are the bread.
The ads are the butter on top (in a good year, they can be butter and a bit of jam as well) that allows them to expand, do in-depth coverage, etc. As the former has contracted, the latter has ceased to be entirely butter, and started being part of the bread.
That's where the whole "decline in modern journalism" comes in. When you're not flush with butter, you have to cut back.
Fuck me! I'm agreeing with Smidge!
Government controlled media is government controlled news, and it should be scary...Even if the government is hands off, there is only so much biting you can do vis a vis the hand that feeds you.
Internet advertising is teh suck. From the perspective of a finance geek at a newspaper that basically owns their market, and has the biggest web presence, it only amounts to about 3% of our overall revenue...Chickenfeed. An ad that costs 1,100 dollars to put in the paper for 2 days can go online for a month for 50 bucks more...A fucking pittance.
Independent journalism is a myth. If you want to cover a car wreck, maybe. If you want to get information from the government? Don't bet on it.
To write a real piece of investigative journalism, you need time, you need clout, and you need money.
As an independent, your FOIA requests will be largely ignored: what are you going to do, sue them? With what money? Big corporate newspapers hardly sue anymore because their margins are shrinking. Let me repeat: companies that make millions of dollars don't make enough money to pursue lawsuits that they can't help but win. What hope does an independent have?
To keep from suing all the time, you need power and prestige. You need the government to know that you mean something, that you represent a large group with deep pockets, and that you will grind them under your boot if they fuck with you. To put this in terms you understand: if a newspaper sells less than 75,000 copies a day...That's 75,000 paid page views...even your state government won't give you the time of day. Translate that into web traffic, and imagine how big the site would have to be. This site gets tons of page views: when was the last time you saw them do something besides link to an article someone else wrote?
Now money. You know what you get from the government if you FOIA request some data and they don't make you sue for it? The motherfuckers make you pay 25 cents a page plus shipping and they'll bulk up the document with everything they can find. You request some piece of information, better be ready to shell out a few hundred dollars in "copying costs." That's perfectly legal, they do that all the time.
Without being able to demand information from the government, what do you have? What kind of journalism can you do? Seriously. And who'd pay for it? Since everything is free right? When the indie journalists go out and break the next Watergate, paying for their own lawyers the whole way, how are they going to get compensated? You gonna buy a t-shirt?
What a fucking joke. Traditional media has it's warts, but no new media has stepped up to the plate...All they do is leech of the old media. And the only winners are the government, who make out like bandits with less oversight.
Who pays for AP? Newspapers. Who prints most of the AP? Newspapers. Who provides most of the content for AP? Newspapers.
That you think that you not viewing the AP for free online is going to hurt them one tiny little bit, shows how little you know about them. Web service they provide at a loss to drive their brand.
Lets just toss the AP for a second. You think that the newspapers not putting their content on line would hurt them? Bullshit. It's not a significant revenue stream for them, even now. Too much of the revenue they do make online is eaten up by the bullshit sites they use to aggregate their ad traffic.
But newspapers not putting their content online would destroy a lot of online sites. Fark, Google News, Yahoo News. Even Slashdot would feel the effects.
So deal. If they pull it all offline it'll be a big deal, and a lot of properties are thinking the same. Free distribution can't pay for in-depth coverage. //Yes, I work in news. Yes, I know more about this than I'd ever want to.
Eh. I think education is essential for many reasons (mind you, I also think our current educational system is appalling). But I do think that this game will benefit science education, and that, to me, is worth the paltry sum it's costing to develop.
A lot more is spent on things I think less worthy.
It's not fickle, it just can't be quantified. If it can't be quantified, it can't be monitized, if it can't be monitized, you'll have everyone who makes even a penny off of advertising sales paying for studies that show that word of mouth is just like stealing.