If you are doing builds, you will be gaining a lot out of that CPU if you do multi-threaded compiling. I wouldn't mind using your machine to build binaries for my box, it should build a lot more faster.
I am well aware of the extra functionality presented by SQL and I make liberal use of them, which is why I use that in the first place. However, I don't need the database to pretend it can be really smart about certain things unless I told it to, and as Blakey Rat's (99501) sentiment, the more I used MySQL, the more I hate it.
As for my dumb/smart comment, I only want my database to be smart at what it was supposed to do, and only do what I want it to do, not guessing what I might want to do also and mess up the output and resulting database dump.
As I understand it, the problem arises from the fact that mysqldump uses utf8 for character encoding while, more often than not, mysql tables default to latin1 character encoding. (If you were smart enough to manually set the character encoding to utf8, then you'll have no problems - everyone running mysql 4.0 or early will be using latin1 since it didn't support any other encodings.) So lets say we have a database named example_db with tables that have varchar and text columns. If you have special characters that are really UTF-8 encoded characters stored in the db, it works just fine until you try to move the db to another server.
That bit me one time when one of my live servers crashed and I had to load the data on the backup onto a different server. I remember wondering to myself, when was the good old days when a database was a dumb (smart, depending your POV) engine that only worries about a string of bytes (chars). Seriously, it only should become smarter and start talking in unicode only when I want it to.
Issues with using unicode is not just limited to MySQL, as Python have similar issues. However they are almost always caused by poor programmers who mixes usage between the two, or not doing type checking on the proper type (basestring).
It's quite weird, but to think that 5 years ago I paid $450 for a 3.1 megapixel camera and another $150 for a 256 Mb memory stick, and just 6 months ago I paid $500 for a slider phone with a 3.1 megapixel camera (I got it when it just came out, if I had waited till now to get it, it would have been $350) and $50 for a 1 Gb MicroSD memory card. Comparing the physical dimension is yet another distinction, as the camera is about 2.25 times thicker than the phone but about the same size, and the footprint of the memory storage device is over a factor of 20x in terms of physical volume. As for the quality of the photographs, they are both about the same, unless you want to take a snapshot of a fast moving object (or looking out from a fast moving object), then the camera phone wouldn't be fast enough.
As for other functionality, the camera phone can play higher quality video with its bigger screen, acts as an mp3 player, plays games, text messages and of course acts as a mobile phone. The camera just takes photos and short videos, plays them back (can't even attach headphones), that's about it.
I am just impressed at how in a few short years, so much advances have happened.
I know what Design by Contract (played with it while at school), but as the poster of the article and other comments have pointed out, there isn't much real language support out there. However, unit testing is something I've been told to do; rather than having informal test cases, I wound up writing a fairly formal testsuite for a library I have written that tests every code path a few times. While doing them, I uncovered some funny results that I might not have otherwise saw, which is great, because it formalizes things and there is a proof that it works.
Quality. What makes you think most projects don't need that kind of quality? You realize how much crap code is out there? If I got an XML/RDF parser I expect it to parse things correctly and tell me when something is not right with the file, and not silently miss/omit something which makes me question my own code and wasting my time because it's not in my code. If I have a multimedia file encoder I want the files generated fits the spec so it can be played by other players that follow the same standard. If I have a web browser I expect it to render things right and not have any security violations. Web applications - I expect all inputs to be checked, no SQL injection or cross site scripting permissible. If you say there are many projects that don't require that kind of quality, how about giving some examples.
Right, cost and time issues. Sure, it makes development potentially twice as long therefore twice the cost, but wouldn't not having customers coming back saying the code doesn't work, or it broke, translate into savings? For open source stuff, why not spend time to make things correct and have a proof of it to increase your reputation? There are no good reasons not to have some sort of unit testing in place in any code (or binary - test cases for the code that created the binary) that is to be released for public consumption.
Agreed, like how AIGLX+Beryl isn't covered. However that is still considered beta currently, despite of that, I use it and it does more than what Windows Vista does in terms of eye-candy usability, and it hasn't quite crashed on me once yet if I don't push it (VT-switching causes it to blackscreen for me, but the desktop can be restored by restarting Beryl (try restarting just the windows manager on Windows - you can't).
For those who don't know, AIGLX+Beryl has the window thumbnail and alt-tab zoom like OS X, yet the alt-tab has a live thumbnail of what the window is currently showing unlike OS X (not sure about the latest version of OS X). AIGLX+Beryl also has 3D window stack similar to Vista when the desktop cube is under rotation. I don't think it would be hard to implement that window stacking feature without the Desktop cube. Also multiple workspaces on the 4 sides of the cube, which I don't think neither supports natively.
In the end, it's a very short article and doesn't provide a very comprehensive picture of security for a home user. You may think its news that Mr. Markoff decided to push people away from Microsoft but he's only telling you the facts about the numbers. You won't have as many problems with Linux but there's no way your daughter's iPod will work with iTunes Music Store on your computer anymore. If he wanted to make this a notable article, he should have delved into trade offs and better coverage of issues.
While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.
I have my own site, I wrote my own blogging engine and I have total control over it. I am sure most slashdotters can program and code their own site like me, even though we might be the only user on our sites, it wouldn't matter because it's not like we have a life outside of our mother's basement.
Isn't this anti-trust and an abuse of the virtual monopoly position on the desktop market? Let me guess, the American government is going to let this one slide again.
Not so for a default Gentoo installation. I was wondering why I couldn't access a local box behind a network on a system I recently set up, only to find that it decided to pick the wrong AP. I am glad I don't live in Singapore, I mean, it's illegal to chew gum there until recently.
Not only pop music is crap, I can't use it as background music for work, nor just listen to it. Why waste time searching and downloading such music?
However, during my visit to Auckland, I found a somewhat small CD/DVD store that is more for music enthusiasts. They had listening booths, and through that I found an indie artist's CD published by a local company. Listened to it, loved it, plopped down NZD$30 because it's not crap,not to mention over there, they are not influenced by RIAA, especially its independant status. Yes, it was ~USD$20, but it was a single CD packed full to 74 minutes of good music in 13 different tracks, not like the popular culprits that have a CD with 10 tracks and 30 minutes of crap. A little while before that I also brought some other CDs by independant artists published by their own record labels. I pay good money for good music, and only if those good money go to the artists themselves. If only RIAA and its members learned sooner.
Also, streamripper with a good online radio station means not searching/downloading from P2P, and I can listen to music later.
... which can be stolen, or replicated by a card reader/writer.
Watch out for unscrupulous cashiers that might double-swipe your bank card, once to send it to the bank, then the cashier's card reader... then s/he watches you enter in the pin. What happens next is quite predictable.
I had a professor who left the files on there, and when I tried to access it, I got:
403 Forbidden
Of course, if they were accessible, it might have been a test of honesty. If you are questioning ethics, that's a whole different subject. I only covered removal of uri to get to the parent directory, not changing the uri itself.
In the end, don't post what you don't want people to see on the Internet, and if you must, properly secure the files so it only gets to the intended reciepients.
That particular word only has meaning in English, and to make tightening up restrictions harder than opening items up, it's exactly like giving someone a safe with the key attached (safe = website, key = restricted=true). Your example is just bad programming.
Session ids are usually much longer than 5 characters, and of a fixed length (such as a hexadecimal digit 32 bytes in length), not easily guessed. Most cases if there's a match, a more sophisticated method (say, gained from an XSS attack) is used to acquire it. Therefore your example of removing items do not exactly apply, nice try.
Both your examples come down to poorly written code, and the programmers responsible for that should be sacked.
I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL?
It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wrong hands.
However, an SQL attack and spoofing session ID usually requires knowing more than going to the parent directory, as in, instead of removing what was already given (turning something given in the form of http://example.com/private/directory/page into http://example.com/private/), the 'attacker' (I dislike your use of this term) would have to add something that they were not given (http://example.com/private/directory/page?sid=123 45, or http://example.com/private/directory/page?login=ha cker&pass='%20or%20true. Anything after 'page?' was not given to the user in the first place). That's the main difference.
Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.
The directory was not random, it was the path given. Server directory listing is not an attack, it's relatively easy to search for open directories (server directory listings) with a search engine. They did not trick the server or anything, all they did was go up a directory. How would you define "knowing" what files are not authorized for access? The server did not return 403 Forbidden, the server gave them the user the files.
Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).
I lived in Toronto for 13 years, and I decided to go to New Zealand to visit some friends and see how the place is like for a longer term basis. Quickest way to get from Toronto, Canada to Auckland, New Zealand is probably take a flight from Toronto to LA, then from LA to Auckland. Seeing how soem of my muslim friends got treated in the US (more like his parents, who are elderly), me being "non-white", more tech savvy (I brought my computer along, I love my Shuttle box), I don't want to take the chance of having dealing with American customs and risk having my data inspected, so I took the long way, went to Hong Kong (I was born there), which was nice because I got to see my relatives and do some shopping, before leaving for Auckland a week later. My return journey will be the same, and I will never step foot in America again, even as a stop over (aside from the Anchorage technical stopover, but we never were allowed to get off the plane, which is fine with me).
Even though the whole journey is about 8 hours longer in total flight time, it's worth it for me. Cathay Pacific gets my business also because they are one of the best airlines in the world. The price was right too, my mom's travel agent was able to secure the flight I took (round trip) for only CND$2200, which is definitely unbeatable. My parents told me they recently took a flight with Air Canada from Toronto to Vancover, they said the service was appalling and the staff did not know what to do, and the food and flight was expensive (CND$800 per person). It's absolutely disgraceful that North American airlines are completely backwards and behind in terms of service (given the cost) compared to their Asian counterparts.
Did it ever occured to you that stuff written onto hard disk will usually stay there for a while even if the file is unlinked? I think Firefox only unlinks history and cookie files by default (and not shred them), and even shreding a file may not be secure if so happens that the sectors mapped by the hard disk got changed (because of bad sector). For a browser to be completely 'traceless' on the local machine (ISP, webservers log users anyway, but using Tor can mask that), it must use only RAM for storage and cache, and it must not swap into an unencrypted swap file. I am not aware of a browser that does that.
Not to mention the security issues that will need to be dealt with. Writing a browser from scratch is hard in this day and age.
Education tax dollars, hard at work. Funny how you got modded off-topic with this statement. Those are the very cash RIAA will be seeking, and if their past behaviors are any indication, those are the funds they would like use to convince government and school board to use to counter 'school-yard piracy'. I won't be surprised if they strong arm their way into schools to make music copying via this method as severe as dealing drugs on school property. At the very least, we will likely be seeing more education campaigns against copyright infringement and equating that with theft in the near future.
Slashdot Mirror
Or according to Einstein (and Google):
868 billion kilowatt hours = 3.1248 × 1018 joules
(3.1248 × (10 ** 18) joules) / (c ** 2) = 34.768089 kilograms
So keeping the current Internet running requires turning nearly 35 kilograms of mass into electricity.
Nah, we need a more common enemy of the public than that. Try this:
i let_paper_1_roll.html
http://www.jinx.com/other_swag/other/geek/riaa_to
If you are doing builds, you will be gaining a lot out of that CPU if you do multi-threaded compiling. I wouldn't mind using your machine to build binaries for my box, it should build a lot more faster.
I am well aware of the extra functionality presented by SQL and I make liberal use of them, which is why I use that in the first place. However, I don't need the database to pretend it can be really smart about certain things unless I told it to, and as Blakey Rat's (99501) sentiment, the more I used MySQL, the more I hate it.
As for my dumb/smart comment, I only want my database to be smart at what it was supposed to do, and only do what I want it to do, not guessing what I might want to do also and mess up the output and resulting database dump.
That bit me one time when one of my live servers crashed and I had to load the data on the backup onto a different server. I remember wondering to myself, when was the good old days when a database was a dumb (smart, depending your POV) engine that only worries about a string of bytes (chars). Seriously, it only should become smarter and start talking in unicode only when I want it to.
Issues with using unicode is not just limited to MySQL, as Python have similar issues. However they are almost always caused by poor programmers who mixes usage between the two, or not doing type checking on the proper type (basestring).
It's quite weird, but to think that 5 years ago I paid $450 for a 3.1 megapixel camera and another $150 for a 256 Mb memory stick, and just 6 months ago I paid $500 for a slider phone with a 3.1 megapixel camera (I got it when it just came out, if I had waited till now to get it, it would have been $350) and $50 for a 1 Gb MicroSD memory card. Comparing the physical dimension is yet another distinction, as the camera is about 2.25 times thicker than the phone but about the same size, and the footprint of the memory storage device is over a factor of 20x in terms of physical volume. As for the quality of the photographs, they are both about the same, unless you want to take a snapshot of a fast moving object (or looking out from a fast moving object), then the camera phone wouldn't be fast enough.
As for other functionality, the camera phone can play higher quality video with its bigger screen, acts as an mp3 player, plays games, text messages and of course acts as a mobile phone. The camera just takes photos and short videos, plays them back (can't even attach headphones), that's about it.
I am just impressed at how in a few short years, so much advances have happened.
I know what Design by Contract (played with it while at school), but as the poster of the article and other comments have pointed out, there isn't much real language support out there. However, unit testing is something I've been told to do; rather than having informal test cases, I wound up writing a fairly formal testsuite for a library I have written that tests every code path a few times. While doing them, I uncovered some funny results that I might not have otherwise saw, which is great, because it formalizes things and there is a proof that it works.
Quality. What makes you think most projects don't need that kind of quality? You realize how much crap code is out there? If I got an XML/RDF parser I expect it to parse things correctly and tell me when something is not right with the file, and not silently miss/omit something which makes me question my own code and wasting my time because it's not in my code. If I have a multimedia file encoder I want the files generated fits the spec so it can be played by other players that follow the same standard. If I have a web browser I expect it to render things right and not have any security violations. Web applications - I expect all inputs to be checked, no SQL injection or cross site scripting permissible. If you say there are many projects that don't require that kind of quality, how about giving some examples.
Right, cost and time issues. Sure, it makes development potentially twice as long therefore twice the cost, but wouldn't not having customers coming back saying the code doesn't work, or it broke, translate into savings? For open source stuff, why not spend time to make things correct and have a proof of it to increase your reputation? There are no good reasons not to have some sort of unit testing in place in any code (or binary - test cases for the code that created the binary) that is to be released for public consumption.
Power corrupts; absolute power corrupts absolutely.
So losing that power really is a good thing.
Agreed, like how AIGLX+Beryl isn't covered. However that is still considered beta currently, despite of that, I use it and it does more than what Windows Vista does in terms of eye-candy usability, and it hasn't quite crashed on me once yet if I don't push it (VT-switching causes it to blackscreen for me, but the desktop can be restored by restarting Beryl (try restarting just the windows manager on Windows - you can't).
For those who don't know, AIGLX+Beryl has the window thumbnail and alt-tab zoom like OS X, yet the alt-tab has a live thumbnail of what the window is currently showing unlike OS X (not sure about the latest version of OS X). AIGLX+Beryl also has 3D window stack similar to Vista when the desktop cube is under rotation. I don't think it would be hard to implement that window stacking feature without the Desktop cube. Also multiple workspaces on the 4 sides of the cube, which I don't think neither supports natively.
Then they will give a discount on offending copies, problem solved.
While we all want people to run Free Software (at least a Free OS) all the time, it's just not practical right now. His advice could mean, use a Mac, which is what I have been recommending to people I've fixed computers for, despite the fact that Linux/BSD/GNU may be better for the long run. iTunes works with Mac, so does quite some other programs (not talking about DirectX games). The common sentimental for people who switched from Windows XP to OS X is usually, why did I used that crap before? Especially when they went to a Windows based computer for whatever reason. I recently got my mother set up on a computer (who never used one before) and I installed Linux, and she thought it was easy enough to use. For a non-power user who just casually browse the web, email, maybe Skype for VoIP, Linux is good enough. For people who are used to proprietary software and not wanting to change, OS X might be a better choice.
I have my own site, I wrote my own blogging engine and I have total control over it. I am sure most slashdotters can program and code their own site like me, even though we might be the only user on our sites, it wouldn't matter because it's not like we have a life outside of our mother's basement.
Isn't this anti-trust and an abuse of the virtual monopoly position on the desktop market? Let me guess, the American government is going to let this one slide again.
Not so for a default Gentoo installation. I was wondering why I couldn't access a local box behind a network on a system I recently set up, only to find that it decided to pick the wrong AP. I am glad I don't live in Singapore, I mean, it's illegal to chew gum there until recently.
... in terms of power consumption.
Only issue is, those diamonds will be locked in De Beers warehouses to keep supply low.
Not only pop music is crap, I can't use it as background music for work, nor just listen to it. Why waste time searching and downloading such music?
However, during my visit to Auckland, I found a somewhat small CD/DVD store that is more for music enthusiasts. They had listening booths, and through that I found an indie artist's CD published by a local company. Listened to it, loved it, plopped down NZD$30 because it's not crap,not to mention over there, they are not influenced by RIAA, especially its independant status. Yes, it was ~USD$20, but it was a single CD packed full to 74 minutes of good music in 13 different tracks, not like the popular culprits that have a CD with 10 tracks and 30 minutes of crap. A little while before that I also brought some other CDs by independant artists published by their own record labels. I pay good money for good music, and only if those good money go to the artists themselves. If only RIAA and its members learned sooner.
Also, streamripper with a good online radio station means not searching/downloading from P2P, and I can listen to music later.
... which can be stolen, or replicated by a card reader/writer.
Watch out for unscrupulous cashiers that might double-swipe your bank card, once to send it to the bank, then the cashier's card reader... then s/he watches you enter in the pin. What happens next is quite predictable.
I had a professor who left the files on there, and when I tried to access it, I got:
403 Forbidden
Of course, if they were accessible, it might have been a test of honesty. If you are questioning ethics, that's a whole different subject. I only covered removal of uri to get to the parent directory, not changing the uri itself.
In the end, don't post what you don't want people to see on the Internet, and if you must, properly secure the files so it only gets to the intended reciepients.
That particular word only has meaning in English, and to make tightening up restrictions harder than opening items up, it's exactly like giving someone a safe with the key attached (safe = website, key = restricted=true). Your example is just bad programming.
Session ids are usually much longer than 5 characters, and of a fixed length (such as a hexadecimal digit 32 bytes in length), not easily guessed. Most cases if there's a match, a more sophisticated method (say, gained from an XSS attack) is used to acquire it. Therefore your example of removing items do not exactly apply, nice try.
Both your examples come down to poorly written code, and the programmers responsible for that should be sacked.
It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wrong hands.
However, an SQL attack and spoofing session ID usually requires knowing more than going to the parent directory, as in, instead of removing what was already given (turning something given in the form of http://example.com/private/directory/page into http://example.com/private/), the 'attacker' (I dislike your use of this term) would have to add something that they were not given (http://example.com/private/directory/page?sid=123 45, or http://example.com/private/directory/page?login=ha cker&pass='%20or%20true. Anything after 'page?' was not given to the user in the first place). That's the main difference.
The directory was not random, it was the path given. Server directory listing is not an attack, it's relatively easy to search for open directories (server directory listings) with a search engine. They did not trick the server or anything, all they did was go up a directory. How would you define "knowing" what files are not authorized for access? The server did not return 403 Forbidden, the server gave them the user the files.
Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).
You are right on the money.
I lived in Toronto for 13 years, and I decided to go to New Zealand to visit some friends and see how the place is like for a longer term basis. Quickest way to get from Toronto, Canada to Auckland, New Zealand is probably take a flight from Toronto to LA, then from LA to Auckland. Seeing how soem of my muslim friends got treated in the US (more like his parents, who are elderly), me being "non-white", more tech savvy (I brought my computer along, I love my Shuttle box), I don't want to take the chance of having dealing with American customs and risk having my data inspected, so I took the long way, went to Hong Kong (I was born there), which was nice because I got to see my relatives and do some shopping, before leaving for Auckland a week later. My return journey will be the same, and I will never step foot in America again, even as a stop over (aside from the Anchorage technical stopover, but we never were allowed to get off the plane, which is fine with me).
Even though the whole journey is about 8 hours longer in total flight time, it's worth it for me. Cathay Pacific gets my business also because they are one of the best airlines in the world. The price was right too, my mom's travel agent was able to secure the flight I took (round trip) for only CND$2200, which is definitely unbeatable. My parents told me they recently took a flight with Air Canada from Toronto to Vancover, they said the service was appalling and the staff did not know what to do, and the food and flight was expensive (CND$800 per person). It's absolutely disgraceful that North American airlines are completely backwards and behind in terms of service (given the cost) compared to their Asian counterparts.
Did it ever occured to you that stuff written onto hard disk will usually stay there for a while even if the file is unlinked? I think Firefox only unlinks history and cookie files by default (and not shred them), and even shreding a file may not be secure if so happens that the sectors mapped by the hard disk got changed (because of bad sector). For a browser to be completely 'traceless' on the local machine (ISP, webservers log users anyway, but using Tor can mask that), it must use only RAM for storage and cache, and it must not swap into an unencrypted swap file. I am not aware of a browser that does that.
Not to mention the security issues that will need to be dealt with. Writing a browser from scratch is hard in this day and age.
Education tax dollars, hard at work. Funny how you got modded off-topic with this statement. Those are the very cash RIAA will be seeking, and if their past behaviors are any indication, those are the funds they would like use to convince government and school board to use to counter 'school-yard piracy'. I won't be surprised if they strong arm their way into schools to make music copying via this method as severe as dealing drugs on school property. At the very least, we will likely be seeing more education campaigns against copyright infringement and equating that with theft in the near future.
Sure they do, in fact, they have so many with names that end with .jpg.