Oh bullshit. Every layer of abstraction costs you.
The fact that desktop pc's are 5-20% utilized is why you can just claim another layer of abstraction won't hurt you.
Amzaing how some people can be so passionate yet know so little
we are talking about the concept here...not the individual implementations...ther are OO implementations (ie kde) that abstract out without preformance hits
I've backed up my home directory, all my software devlopment stuff..and docs...totaling about 650 megs after bzip...i gpg it with a 4096 bit key...then name it blade2.dvd.rip.avi and share it on kazza...ii did that 2 months ago and when i do a search for it i still find it on peoples shared folders..for some stupid reason people just dont delete stuff that turns out to be bad more often than not.
It really could be one of the next big things, considering the advent of Object oriented methods of handeling information it realistically could be a viable Object oriented model.
With The realitivly recent move of object oriented Programming, you could think of this as just the next level of abstraction, abstracting your objects out to a broader system level as apposed to an implemenatation level.
In Any event it would be a good scheme for many things that need distributed systems....such as cryptographic reaseach and other things that need to be distributed
The concept behind social softwareis very legitimate...But its also becoming one of those buzzwords like 'realtime' or 'high preformance computing' The definition of realtime is to place a deadline on a proccess...and kill it if it has not completed by that time....and high preformance computing is the structuring of algorithims to crunch numbers faster
Yet Microsoft says windows XP does both.
If you ever needed more proof that these are no more than overused buzzwords...thats it!
Similarly, social software is a very real concept, but it just seems to have one of those sexy...media friendly names....every time i turn around now i hear a devloper talking about the next generation of 'social software'. Please.... its not some magical philosiphy that software devlopers are using to better society...we do what makes money...hence our software follows social trends....boom...social software
Its not so strange to have to translate klingon...if you want to find a devloper who can read ircd code AND kernel code.....chances are your gonna be looking for a translater too
Just make sure its not a woman...most of these people havent left the basement in 5 years and the only woman they have seen is on the porn sites...a real one might cause a penial explosion:)
this could turn out to be quite a cool conference....I'm planning on attending..there is a few problems with wi-fi right now that need to be addressed....such as the lack of security....I have driven thru downtown boston with a laptop and a wi-fi card....and roamed thru about 30 networks, getting on all of them...and succsfully emailing the sysadmins from them too.
There are certian issues, such as security, transmitability and frequency collisions wich need to be addressed, Supposivly the conference plans on addressing these....I'm curious to see what they have.
I hope this isnt yet another broken jdk....jdk 1.3.1 wasnt the best thing in the world..it was pretty slow..the implementations sucked....but there was no Real broken stuff in it.
JDK 1.4.x is very broken...for example...if you make more than 10,000 rand calls...you will actually push the main thread out of sync with the garbage collection thread...and alot of your variables will dissapear. I've actually had this problem...and the problem of the VM just outright seg-ving on me all the time.
Also, list iterators are broken with the checkConcurencey method of iterator, parts of the JDK 1.4.x wont even compile...even with all the.so files in their proper places....and literllay hundreds of other errors i have stubmeled across.
This has lead me to have to completley re-implement anything from the jdk on my own in production code. Its just to unstable for me to use it in anything that goes into production.
Not to mention its as slow as dog shit...and if you eve read the implementation of the jdk....your left going What the fuck? the implementations are very poor in desgin and code...its no wonder they fail.
Hopefully they will fix this in jdk 1.5..at least bring themselves back to were they were with jdk 1.3...i have to say after working with jdk 1.4.1 and several of the betas.....you really start to understand were the concept of Euogenitcs comes from.
All of this has lead be to use the Blackdown JVM..and JDK...they actually work...still quite slow...but double the speed of sun's VM...and the JDK dosnt break. Howeever, since there is no windows version of Blackdown VM, it really can mainstream...so were left with Sun's pice of shit. Hopefully, with JDK 1.5, I can at least use a JDK that will at least work.
My god...this just never ends, he stole the domain...i dont know what ever possesed him to think he would get away with it...he got canned (big suprised) and hit with a lawsuit (wich he deserved) I hope the judge rules that he has to pay....and they both have to shut up about the whole thing. This has been going on far to long now
this is true, however, anyone running red hat who installed with kde 3.0 and wants to update to kde 3.1 may as well re install red hat 9.0...lord knows that that is easier than trying to get kde 3.0 out and compiling and installing 3.1 (or doing it from rpm) trust me, ports makes life much easier
This could be a very good for linux....it provides a very large scale devlopment enviornment for linux...and lead to more submissions, and review of code...not to mention more discoverys of bad design and security holes...
maybe redhat will find out that by having everything tunred on by defaut, and having to work for 2 hours to turn it all off really pisses off sysadmins.
I've been finding redhat to be a progressivly more and more annyoing linux distro, but this could be their chance to turn things around. Personally i opt for gentoo....small, secure, and works very well. With the amount of attention they will get from devlopment with this, Red hat could follow that line.
at the very least i hope they will get rid of the "rpm hell" that people go thru when you go to upgrade major components.
You obviously dont have fucking clue what your talking about....so lets lay down a few facts first that arnt biased by your knowledge/experience (or lack there of) or my urge to find you and slap you first before we draw any conclusions.
Security is not an overrated field...its a field worth hundrends of billons of dollars a year....no its not overrated...when you have a field were consultants can bill upwards of 1000 dollars an hour...no its not overrated to have a community behind it. Security is a field in wich hundreds of thousands of people in North America alone work in proffesionally....all day every day...not just doing codeing, but doing research, and research that has changed many aspects of the internet over the past 10 years.
Real security that is done by large firms, is not code dependant, in fact, codeing only makes upa bout 10% of the time a proffesional consultant spends on average working a contract.The security we talk about here, and the security wich is regarded when people talk about the security community is very real and very importnat, and involves very little coding. its not a code monkey job. And it requires much more skill, and experience to do than just a random coder can.
Security is not about thwarting scumbag employees or script kiddys, these people use known exploits that a patch gets coded for and then a few millons systems get patched.
The security that we are talking about here involves the use of bugs, explits and holes in system design that are not known and not readily visible. The people who find these, and are smart enough to find these are usally black hat hackers, they are the people the security community is after, since you obviously dont know about this, i'l have to define it for you like i have to with everyone who donst know what goes on past their desktop
A black hat hacker is being paid by one person to get information from another hacker. Fourtune 500 companies do this often. They send hackers after their most threatining competion, in an effort to get design specfications, or other documents that could give them the edge over the company. Other black hat hackers are running billon dollar credit card or other line of credit scams, they go after major companies accounts recivables, they take the credit information, and exploit those credit lines for as much as they are worth...then take the money and run.
These hackers use techniques that they devlop, and the rest of the world dosnt know about, so proffesionals (ie - security people that you were just calling "code monkies") have to constantly look for possible ways that software could, ina hypathetical scenario, be broken. And then generalise these breaks into a more general type of attack (ie buffer overflow attacks) and then design a general methodoligy to countery them, this is what gets handed off to indivudal coders to code solutions for individula applications. The actual security community doesnt do a whole lot fo coding. Yet by your definition, we are all code monkeys.
Is it boring? Not generally, but that depends who you talk to. Is it a Coding Job? is it something that is done by random CS students or code monekys? No. It isnt. Unfortunalty before making your post you didnt bother to actually consult the facts. Perhaps if you were able to understand what goes on in the security industry you would understand why you are so wrong.
This isnt by any means groundbreaking but it is something that is a psdo-event in the security industry...this is not a random firm, it is a leading New York City firm...that being said, no they are not an national/international authority on the subject. This wouldnt be on the scale as something like phil zimmerman having an online chat about asyncronus encryption.
However, it is an oppertunity for smaller people in the security community, and people who arnt even in the security industry to talk to someone who is, at least, a successful member of the community. A Business execuitive Will pay $5,000 to find out they need a linux box with a NAT'ing firewall...i know...i've charged companies that much to just to tell them that. So for some people, this is a major event to get free advice.
If these people were put that Citicorp and Bank Of America on their list of clients, and they wernt clients, there would at least be a public announcment from them that they do not have any affilation....worst case...possibly a lawsuit.
Also, dont expect alot on a proffesional security firm's website....a website for a proffessional security firm has one purpose....attract clients...not divulge information...any firm is not going to want any random script kiddy or a black hat hacker scouting the security surrounding their target to be able to find out weather or not they are a compentent firm, or what areas of security they focus on. Personally, i consider it a disservice to clients to put loads of security infromation up onto a public website. The legitmite people who can deal with this data, and offer intelligent disscusion on it, are going to find out and do it in the many security circles that exist.
Moreover, many firms dont even divulge big things they have discovered to anyone. Thats how they stay on top...they may be a security frim...but they are also a business...they dont exist to make the security world a better place...they are going to want to devlop methods that no one else knows...they are then less likely to be broken...or copied by other firms...all of wich lead to more money for the current firm. That being said, this would really only cover big things....for example, if iptables was found to have a vaunerablility to exploit, and a firm found it and patched it, they would most likely not divulge this, they can make alot more money by not divulging it than by running out in the open about it.
And finaly...who cares? well alot of people...personally, I am going to attend the chat just to listen and maybe do a little talking...its an interesting thing for many people in the security industry....certianly worthy of front page of slashdot.
This "alliance" makes me a little nervous, i didnt trust aol or microsoft on their own, but allied together, that kinda makes me nervous.
There really isnt much a Windows user can do about spam on the client end, so i can understand the need.
personally, I run my own mailserver, and suc every 4 hours with a databse to update my body checks on incoming mail, between that and some cool rules in KMail I havent seen any spam in my inbox in about 6 months since i set the stuff up.
as for browsing, i use phonex with pop up stopping enabled, then i turn on my squid web proxy and implement the ad-zapper module (wich also syncs with a database every 4 hours) to filter websites. All in all, i havent seen an ad on my local box in over 5 months now. So spam dosnt bother me.
If larger isps would implement a similar solution, and contribute to the online spammer database at the same time, i am pretty sure we could crush most of the spam out there. The trick is, is to implement these body checks, and html filtering at higher, route levels. Wich is more less what AOL is doing.
Its not a matter of "new and innovative solutions" its a matter of finding ways to get spammer information into online databses faster, and then getting major routes to sync with those databases more often. then its a matter of http filtering and smtp body checks at a route level, and spam could probably be stopped in its tracks.
The kinda scary apart about that is if they can filter spam like that, major routes could just start pushing information they dont like into the databases and boom, we have internet wide censorship.
Kinda a double edged sword, but i cant think of any other effective way to fight spam
void rant { These are problems you *can* have with any linux or Unix distro. However, they are annyoing, and very commenplace in many distros unfortunatly. There IS alot of information on just about everything out there, but the problem is it amounts to a hudge mountain of information that you have to sift thru to find what you need. Which i agree...is annyoing.
The problem here is SuSE and Redhat, and other distros like them arnt really that targetted to users who want to do advnaced things in them.you can do these advanced things, but compared to distros like gentoo, or BSD (freeBSD or openBSD) its like climbing a mountian!.
i actually left redhat for Gentoo, and I've moved alot of my clients off of SuSE to gentoo for those reasons.
If your looking to stick with the linux kernel, but want something that "just works" I'd have to say gentoo. The website gentoo.org provides great instructions that you can just follow and get the job done. And with ports, i've never had a problem compilign configureing and installing a pice of software since i went gentoo. Even compiling things like kde 3.1 went like clockwork. If your looking for stuff that will just work gentoo is probably what your looking for, i type energe then walk away and have a coffee and come back and its working. (or in the event its something major like X or KDE go to bed and wake up the next morning).moreover, i have a crontab with one line: emerge rsync && emerge -u world that runs every night, and all the software on my box is checked and updated if there is a newer version avialable, and the results are mailed to me so i can read up on what got installed overnight. its great!
Mind you, gentoo moves closer to traditional unix that most distros, so its really only appropriate for power users or sys admins.
The problem with distros like SuSE and Redhat, is not that they are "bad" distros, but they are targeted at a different audience. Judging by your experience, I'd say SuSE is not the distro for you.
The thing about linux is there isnt one "ideal" distro. Invariably everyone is going to find a particular distro they like, depending on what they do with the box. They can all be made to do the same things, but some have to be kciked in the pants a bit to do some things, while others will just make them work on their own. Your experience with SuSE dosnt make it a bad distro, but i know i didnt like it for what i was doing, and chances are you need to find a new distro for what your doing:) return; }
Re:OK, so maybe I'll give this "Linux" thing a try
on
Review of SuSE 8.2
·
· Score: 1
I was a microsoft devloper, and a hardcore microsoft beliver for years, I have almost every microsoft cert you can imagine (even those ones with the fancy +i on the end!) And after using windows and devloping in windows for years, it took 48 hours to get me hooked on Linux.
Mind you linux is a very steep learning curve if its your first *inx operating system. It took me about 2 weeks of 18 hour days to figure out the OS when i started. So its not for the faint of heart.
However, the good news is the learning curve is lograthmic....once the inital pain is over, it gets more fun.
Bottom line, its useful to know linux, its a fast growing operating system. Its not going to burn you to learn it. Linux is pretty fun because once you know it inside out you can do pretty much anything you want with it.
Personally i started with a redhat distro, and then moved to a Gentoo distro after a few months. You may Want to consider starting with a SuSE distro until you have a good fel for the os.
Like i said you can Do just about anythingwith linux once you figure it out, however, your going to have to learn it first, knowing how to code is defiantly an advantage for prospective linux users, but not a requirement. Once you get the feel for the enviornment,and a feel for the Enviornment, and the tools used in the enviornment, you will be able to devolp windows programs AND run them (when you learn the ins and outs of wine and vmware) However, like i said, this knowledge is gonna coast you some hair if this is your first *inx enviornment.
However, personally, i started in Linux about 8 months ago, and I now have some code in the iptables conntrak modules. So its not going to take you years to learn linux by any means. But you may want to bring a few cases of beer home on nights were your trying to sift thru the vast online forums lookng for an answer to your question, or just trying to figure something out.
Another problem is the people who use Linux advance fairly quickly, to he point were after a year or two, many people forget what its like learning linux for the first time. I've personally found myself malicly typing RTFM! a few times. If it was for my recent initation into linux i proably wouldnt have thought twice about it.
That being said, linux is a powerful and fun os once you know it, its costly to learn, but there are big payoffs depending on what your doing. If your a devloper, understanding the unix side of devlopment is going to help you in your current devlopment. We have also seen an increasing number of unix tools being ported (some might say ripped off) to windows. So you may have an advantage there as well.
Bottom line, weather Linux is going to be worth learning for you is a decision that only you can make. For me, learning it set my carrer and my skills ahead a good 10 years in a matter of months. But for some people the pain of learning linux dosnt pay of. Weather or not its going to be worth it is ultimatly a decision only you can make.
are possibly responsible for 45% of traffic on some networks is the quote you were misquoting.
They keywords here are possibly and some networks
On some networks, it is 45% of the traffic, if you happen to be running a m$ network, its probably more like 70%. Then agian on other networks, such as government and acadamia, 95% of the traffic is porn.
Its good they finally got it to boot...but still...i think there are far to many bugs in printk. I've had the 2.5's barf on me quite a bit because of this, and it only seems to get worse as it spans out over more proccessors. I think we need to proritize here. The kernel devlopers should be focusing more on stablilzing the 2.5.x kernels rather than adding loads and loads of new features. The recent benchmarks show the 2.5.x kernels are lagging way behind 2.4 and even 2.3 kernels. I think we need to stop loaded all the pretty new features for a minute and focus on getting what we have right now to work. I still have problems with ntfs writing out malformed blocks:|
There is alot of cool stuff in the new 2.5.x kernels i will admit, and i look forward to using it, but as it stands i cant put a 2.5 kernel anyweres but on my home machine because once it hits a production envoirnment it craps itself. I know its just a devlopment release, but lets get it speed up a little before we start working on features for distrubted systems:)
We were truly excited to bring this particular ATX PowerPC Linux product to market.
You get excited over that and you think the halting of the atx PPC is your biggest problem?
PPC is great in theory, troble is in the real world its just so damn expensive you may as well go the x86 route. its actually so much cheaper that the cost of having the architechure fail is balenced by the fact you can go down the street and buy a replacement. I like PPC, its a nice archatechure, but its exensive, and its still coming out of the old propietary days. I'll be interested to see if it survives to become at least a little mainstream
Its not a machine...its an outhouse....lets keep that in mind as we read this article.
"They really screwed it for the rest of us," says Derek Miebers, a one-time temp who believes that the lawsuit claimants contributed toward an even more negative work environment for future Microsoft contingent staff.
well duh, they are microsoft, they have been screwing the world for 20 years, that little dump they took out in the outhouse that they packaged and called windows.
"They basically encourage a culture that devalues the contributions of these employees because of their status as contractors,"
look at their products, do you really want to be assoicated with that?
One current contractor goes so far as to describe the deliberate distinctions between full timers and contractors as a sort of "caste system" with clear signifiers that show who belongs to the high Brahmin class and who are the outcasts.
One current contractor goes so far as to describe the deliberate distinctions between full timers and contractors as a sort of "caste system" with clear signifiers that show who belongs to the high Brahmin class and who are the outcasts.
they have a castle system? and outcasts? oh jesus, no wonder windows blows so much, these people are so busy trying to become king of the castle that they dont have time to devlop software. Micrsoft management really needs to get a fucking life....wel, i suppose all they have is their status, after all, they certinally cant brag about their quality assurance, or custmer service. Hell, they cant even brag about their product without at least some snickiering.
..., a policy center dedicated to temporary workers' rights. "It's very bad for morale.
if it were me, just working for microsoft would bring down my morale
I gotta be honest, i got a little over half way thru this article and just stopped reading it. It just gets more and more retarded. These people are suppose to be devloping software and all they are doing is sitting around flinging shit at each other like monkeys with cucumbers up their ass.
no wonder windows sucks so much, i doubt with the big struggle of the peseants they have any time to work on it.
I kind of like this idea. It moves more towards having a seperate enviornment from the operating system enviornment. Wich i like because i like to keep my http users as far away from the system as possible.
Using grsecurity kernel patch, i can use trusted path execution and take execution privlages away from the apache group, and set its gid = 1005 (or whatever you specified under trusted path execution for the untrusted group in the grsecurity options) and then only give apache execute rights on specific things...(ie pearl, java...etc). Howrever, this way, i only need to give apache execute rights on basically just apache, and run everything else from within the chroot. It makes my life much simplier. Not having to go and find all the intpretures that it needs access to, or the vms, giving them those rights, and then playing around with the directory structure to make sure apache cant just freely roam the system.
It does take more space, but i think its worth it. When i set up a webserver for a client, my biggest worrys are not known exploits, i can write a script to go and patch that for me. Hell in gentoo i write a line of bash and put it in my crontab and i never worry about known exploits agian. What i am more worried about is someone hitting me with a exploit that is not known. So if some sort of bufer overflow happens. At worst, i will lose the http service. But i can have a replication service running if its really a concern. So thats not much of an issue. However, what is an issue is people getting outside of the http service with buffer overflows. the grsecurity kernel patch, enforcing non executable pages and stacks, is nice, and does a good job at stopping buffer overflows, however, this chroot thing i find intergrates nicely into the extra levels of security i put in.
Well alot of the various linux distros really blow hard.
The only one that dosnt, is gentoo. Its actually on a pretty level playingfield as freeBSD.
Gentoo uses the ports collection, so you can get your chrooted packages off of there. But alot of times they dont run chrooted by default. This is changing at a good rate (in gentoo at least). When i do an overnight emerge, when i merge in etc-update i am finding that my chroot config directives are getting overwritten by the new config data more and more now.
But then agian, if you install a service avialable to the world, and just go with the default configureation without at least checking to make sure its good.....you deserve what you get:)
Slashdot Mirror
hehe....what can i say....they got to me...they offered me free music and porn! What was I to do?
Oh bullshit. Every layer of abstraction costs you.
:)
The fact that desktop pc's are 5-20% utilized is why you can just claim another layer of abstraction won't hurt you.
Amzaing how some people can be so passionate yet know so little
we are talking about the concept here...not the individual implementations...ther are OO implementations (ie kde) that abstract out without preformance hits
Now go back to your single threaded world
you really havent been on kazza much have you?
I've backed up my home directory, all my software devlopment stuff..and docs...totaling about 650 megs after bzip...i gpg it with a 4096 bit key...then name it blade2.dvd.rip.avi and share it on kazza...ii did that 2 months ago and when i do a search for it i still find it on peoples shared folders..for some stupid reason people just dont delete stuff that turns out to be bad more often than not.
Ah well...kazza makes a great backup system
It really could be one of the next big things, considering the advent of Object oriented methods of handeling information it realistically could be a viable Object oriented model.
With The realitivly recent move of object oriented Programming, you could think of this as just the next level of abstraction, abstracting your objects out to a broader system level as apposed to an implemenatation level.
In Any event it would be a good scheme for many things that need distributed systems....such as cryptographic reaseach and other things that need to be distributed
The concept behind social softwareis very legitimate...But its also becoming one of those buzzwords like 'realtime' or 'high preformance computing' The definition of realtime is to place a deadline on a proccess...and kill it if it has not completed by that time....and high preformance computing is the structuring of algorithims to crunch numbers faster
Yet Microsoft says windows XP does both.
If you ever needed more proof that these are no more than overused buzzwords...thats it!
Similarly, social software is a very real concept, but it just seems to have one of those sexy...media friendly names....every time i turn around now i hear a devloper talking about the next generation of 'social software'. Please.... its not some magical philosiphy that software devlopers are using to better society...we do what makes money...hence our software follows social trends....boom...social software
Its not so strange to have to translate klingon...if you want to find a devloper who can read ircd code AND kernel code.....chances are your gonna be looking for a translater too
:)
Just make sure its not a woman...most of these people havent left the basement in 5 years and the only woman they have seen is on the porn sites...a real one might cause a penial explosion
You know...this would put an end to high speed pursuits
What will fox air....guess they will have to resort to hardcore porn
this could turn out to be quite a cool conference....I'm planning on attending..there is a few problems with wi-fi right now that need to be addressed....such as the lack of security....I have driven thru downtown boston with a laptop and a wi-fi card....and roamed thru about 30 networks, getting on all of them...and succsfully emailing the sysadmins from them too.
There are certian issues, such as security, transmitability and frequency collisions wich need to be addressed, Supposivly the conference plans on addressing these....I'm curious to see what they have.
I hope this isnt yet another broken jdk....jdk 1.3.1 wasnt the best thing in the world..it was pretty slow..the implementations sucked....but there was no Real broken stuff in it.
.so files in their proper places....and literllay hundreds of other errors i have stubmeled across.
JDK 1.4.x is very broken...for example...if you make more than 10,000 rand calls...you will actually push the main thread out of sync with the garbage collection thread...and alot of your variables will dissapear. I've actually had this problem...and the problem of the VM just outright seg-ving on me all the time.
Also, list iterators are broken with the checkConcurencey method of iterator, parts of the JDK 1.4.x wont even compile...even with all the
This has lead me to have to completley re-implement anything from the jdk on my own in production code. Its just to unstable for me to use it in anything that goes into production. Not to mention its as slow as dog shit...and if you eve read the implementation of the jdk....your left going What the fuck? the implementations are very poor in desgin and code...its no wonder they fail.
Hopefully they will fix this in jdk 1.5..at least bring themselves back to were they were with jdk 1.3...i have to say after working with jdk 1.4.1 and several of the betas.....you really start to understand were the concept of Euogenitcs comes from.
All of this has lead be to use the Blackdown JVM..and JDK...they actually work...still quite slow...but double the speed of sun's VM...and the JDK dosnt break. Howeever, since there is no windows version of Blackdown VM, it really can mainstream...so were left with Sun's pice of shit. Hopefully, with JDK 1.5, I can at least use a JDK that will at least work.
My god...this just never ends, he stole the domain...i dont know what ever possesed him to think he would get away with it...he got canned (big suprised) and hit with a lawsuit (wich he deserved) I hope the judge rules that he has to pay....and they both have to shut up about the whole thing. This has been going on far to long now
this is true, however, anyone running red hat who installed with kde 3.0 and wants to update to kde 3.1 may as well re install red hat 9.0...lord knows that that is easier than trying to get kde 3.0 out and compiling and installing 3.1 (or doing it from rpm) trust me, ports makes life much easier
This could be a very good for linux....it provides a very large scale devlopment enviornment for linux...and lead to more submissions, and review of code...not to mention more discoverys of bad design and security holes...
maybe redhat will find out that by having everything tunred on by defaut, and having to work for 2 hours to turn it all off really pisses off sysadmins.
I've been finding redhat to be a progressivly more and more annyoing linux distro, but this could be their chance to turn things around. Personally i opt for gentoo....small, secure, and works very well. With the amount of attention they will get from devlopment with this, Red hat could follow that line.
at the very least i hope they will get rid of the "rpm hell" that people go thru when you go to upgrade major components.
You obviously dont have fucking clue what your talking about....so lets lay down a few facts first that arnt biased by your knowledge/experience (or lack there of) or my urge to find you and slap you first before we draw any conclusions.
Security is not an overrated field...its a field worth hundrends of billons of dollars a year....no its not overrated...when you have a field were consultants can bill upwards of 1000 dollars an hour...no its not overrated to have a community behind it. Security is a field in wich hundreds of thousands of people in North America alone work in proffesionally....all day every day...not just doing codeing, but doing research, and research that has changed many aspects of the internet over the past 10 years.
Real security that is done by large firms, is not code dependant, in fact, codeing only makes upa bout 10% of the time a proffesional consultant spends on average working a contract.The security we talk about here, and the security wich is regarded when people talk about the security community is very real and very importnat, and involves very little coding. its not a code monkey job. And it requires much more skill, and experience to do than just a random coder can.
Security is not about thwarting scumbag employees or script kiddys, these people use known exploits that a patch gets coded for and then a few millons systems get patched.
The security that we are talking about here involves the use of bugs, explits and holes in system design that are not known and not readily visible. The people who find these, and are smart enough to find these are usally black hat hackers, they are the people the security community is after, since you obviously dont know about this, i'l have to define it for you like i have to with everyone who donst know what goes on past their desktop
A black hat hacker is being paid by one person to get information from another hacker. Fourtune 500 companies do this often. They send hackers after their most threatining competion, in an effort to get design specfications, or other documents that could give them the edge over the company. Other black hat hackers are running billon dollar credit card or other line of credit scams, they go after major companies accounts recivables, they take the credit information, and exploit those credit lines for as much as they are worth...then take the money and run.
These hackers use techniques that they devlop, and the rest of the world dosnt know about, so proffesionals (ie - security people that you were just calling "code monkies") have to constantly look for possible ways that software could, ina hypathetical scenario, be broken. And then generalise these breaks into a more general type of attack (ie buffer overflow attacks) and then design a general methodoligy to countery them, this is what gets handed off to indivudal coders to code solutions for individula applications. The actual security community doesnt do a whole lot fo coding. Yet by your definition, we are all code monkeys.
Is it boring? Not generally, but that depends who you talk to. Is it a Coding Job? is it something that is done by random CS students or code monekys? No. It isnt. Unfortunalty before making your post you didnt bother to actually consult the facts. Perhaps if you were able to understand what goes on in the security industry you would understand why you are so wrong.
I think you were a little harsh on this
...who cares? well alot of people...personally, I am going to attend the chat just to listen and maybe do a little talking...its an interesting thing for many people in the security industry....certianly worthy of front page of slashdot.
This isnt by any means groundbreaking but it is something that is a psdo-event in the security industry...this is not a random firm, it is a leading New York City firm...that being said, no they are not an national/international authority on the subject. This wouldnt be on the scale as something like phil zimmerman having an online chat about asyncronus encryption.
However, it is an oppertunity for smaller people in the security community, and people who arnt even in the security industry to talk to someone who is, at least, a successful member of the community. A Business execuitive Will pay $5,000 to find out they need a linux box with a NAT'ing firewall...i know...i've charged companies that much to just to tell them that. So for some people, this is a major event to get free advice.
If these people were put that Citicorp and Bank Of America on their list of clients, and they wernt clients, there would at least be a public announcment from them that they do not have any affilation....worst case...possibly a lawsuit.
Also, dont expect alot on a proffesional security firm's website....a website for a proffessional security firm has one purpose....attract clients...not divulge information...any firm is not going to want any random script kiddy or a black hat hacker scouting the security surrounding their target to be able to find out weather or not they are a compentent firm, or what areas of security they focus on. Personally, i consider it a disservice to clients to put loads of security infromation up onto a public website. The legitmite people who can deal with this data, and offer intelligent disscusion on it, are going to find out and do it in the many security circles that exist.
Moreover, many firms dont even divulge big things they have discovered to anyone. Thats how they stay on top...they may be a security frim...but they are also a business...they dont exist to make the security world a better place...they are going to want to devlop methods that no one else knows...they are then less likely to be broken...or copied by other firms...all of wich lead to more money for the current firm. That being said, this would really only cover big things....for example, if iptables was found to have a vaunerablility to exploit, and a firm found it and patched it, they would most likely not divulge this, they can make alot more money by not divulging it than by running out in the open about it.
And finaly
This "alliance" makes me a little nervous, i didnt trust aol or microsoft on their own, but allied together, that kinda makes me nervous.
There really isnt much a Windows user can do about spam on the client end, so i can understand the need.
personally, I run my own mailserver, and suc every 4 hours with a databse to update my body checks on incoming mail, between that and some cool rules in KMail I havent seen any spam in my inbox in about 6 months since i set the stuff up.
as for browsing, i use phonex with pop up stopping enabled, then i turn on my squid web proxy and implement the ad-zapper module (wich also syncs with a database every 4 hours) to filter websites. All in all, i havent seen an ad on my local box in over 5 months now. So spam dosnt bother me.
If larger isps would implement a similar solution, and contribute to the online spammer database at the same time, i am pretty sure we could crush most of the spam out there. The trick is, is to implement these body checks, and html filtering at higher, route levels. Wich is more less what AOL is doing.
Its not a matter of "new and innovative solutions" its a matter of finding ways to get spammer information into online databses faster, and then getting major routes to sync with those databases more often. then its a matter of http filtering and smtp body checks at a route level, and spam could probably be stopped in its tracks.
The kinda scary apart about that is if they can filter spam like that, major routes could just start pushing information they dont like into the databases and boom, we have internet wide censorship.
Kinda a double edged sword, but i cant think of any other effective way to fight spam
void rant
:)
{
These are problems you *can* have with any linux or Unix distro. However, they are annyoing, and very commenplace in many distros unfortunatly. There IS alot of information on just about everything out there, but the problem is it amounts to a hudge mountain of information that you have to sift thru to find what you need. Which i agree...is annyoing.
The problem here is SuSE and Redhat, and other distros like them arnt really that targetted to users who want to do advnaced things in them.you can do these advanced things, but compared to distros like gentoo, or BSD (freeBSD or openBSD) its like climbing a mountian!.
i actually left redhat for Gentoo, and I've moved alot of my clients off of SuSE to gentoo for those reasons.
If your looking to stick with the linux kernel, but want something that "just works" I'd have to say gentoo. The website gentoo.org provides great instructions that you can just follow and get the job done. And with ports, i've never had a problem compilign configureing and installing a pice of software since i went gentoo. Even compiling things like kde 3.1 went like clockwork. If your looking for stuff that will just work gentoo is probably what your looking for, i type energe then walk away and have a coffee and come back and its working. (or in the event its something major like X or KDE go to bed and wake up the next morning).moreover, i have a crontab with one line: emerge rsync && emerge -u world that runs every night, and all the software on my box is checked and updated if there is a newer version avialable, and the results are mailed to me so i can read up on what got installed overnight. its great!
Mind you, gentoo moves closer to traditional unix that most distros, so its really only appropriate for power users or sys admins.
The problem with distros like SuSE and Redhat, is not that they are "bad" distros, but they are targeted at a different audience. Judging by your experience, I'd say SuSE is not the distro for you.
The thing about linux is there isnt one "ideal" distro. Invariably everyone is going to find a particular distro they like, depending on what they do with the box. They can all be made to do the same things, but some have to be kciked in the pants a bit to do some things, while others will just make them work on their own. Your experience with SuSE dosnt make it a bad distro, but i know i didnt like it for what i was doing, and chances are you need to find a new distro for what your doing
return;
}
I was a microsoft devloper, and a hardcore microsoft beliver for years, I have almost every microsoft cert you can imagine (even those ones with the fancy +i on the end!) And after using windows and devloping in windows for years, it took 48 hours to get me hooked on Linux.
Mind you linux is a very steep learning curve if its your first *inx operating system. It took me about 2 weeks of 18 hour days to figure out the OS when i started. So its not for the faint of heart.
However, the good news is the learning curve is lograthmic....once the inital pain is over, it gets more fun.
Bottom line, its useful to know linux, its a fast growing operating system. Its not going to burn you to learn it. Linux is pretty fun because once you know it inside out you can do pretty much anything you want with it.
Personally i started with a redhat distro, and then moved to a Gentoo distro after a few months. You may Want to consider starting with a SuSE distro until you have a good fel for the os.
Like i said you can Do just about anythingwith linux once you figure it out, however, your going to have to learn it first, knowing how to code is defiantly an advantage for prospective linux users, but not a requirement. Once you get the feel for the enviornment,and a feel for the Enviornment, and the tools used in the enviornment, you will be able to devolp windows programs AND run them (when you learn the ins and outs of wine and vmware) However, like i said, this knowledge is gonna coast you some hair if this is your first *inx enviornment.
However, personally, i started in Linux about 8 months ago, and I now have some code in the iptables conntrak modules. So its not going to take you years to learn linux by any means. But you may want to bring a few cases of beer home on nights were your trying to sift thru the vast online forums lookng for an answer to your question, or just trying to figure something out.
Another problem is the people who use Linux advance fairly quickly, to he point were after a year or two, many people forget what its like learning linux for the first time. I've personally found myself malicly typing RTFM! a few times. If it was for my recent initation into linux i proably wouldnt have thought twice about it.
That being said, linux is a powerful and fun os once you know it, its costly to learn, but there are big payoffs depending on what your doing. If your a devloper, understanding the unix side of devlopment is going to help you in your current devlopment. We have also seen an increasing number of unix tools being ported (some might say ripped off) to windows. So you may have an advantage there as well.
Bottom line, weather Linux is going to be worth learning for you is a decision that only you can make. For me, learning it set my carrer and my skills ahead a good 10 years in a matter of months. But for some people the pain of learning linux dosnt pay of. Weather or not its going to be worth it is ultimatly a decision only you can make.
are possibly responsible for 45% of traffic on some networks is the quote you were misquoting.
They keywords here are possibly and some networks
On some networks, it is 45% of the traffic, if you happen to be running a m$ network, its probably more like 70%. Then agian on other networks, such as government and acadamia, 95% of the traffic is porn.
Yes i am sure open source advocates shudder when they see m$ bashing
The post was relivant, just because you cant understand it dosnt negate the conent
Its good they finally got it to boot...but still...i think there are far to many bugs in printk. I've had the 2.5's barf on me quite a bit because of this, and it only seems to get worse as it spans out over more proccessors. I think we need to proritize here. The kernel devlopers should be focusing more on stablilzing the 2.5.x kernels rather than adding loads and loads of new features. The recent benchmarks show the 2.5.x kernels are lagging way behind 2.4 and even 2.3 kernels. I think we need to stop loaded all the pretty new features for a minute and focus on getting what we have right now to work. I still have problems with ntfs writing out malformed blocks :|
:)
There is alot of cool stuff in the new 2.5.x kernels i will admit, and i look forward to using it, but as it stands i cant put a 2.5 kernel anyweres but on my home machine because once it hits a production envoirnment it craps itself. I know its just a devlopment release, but lets get it speed up a little before we start working on features for distrubted systems
We were truly excited to bring this particular ATX PowerPC Linux product to market.
You get excited over that and you think the halting of the atx PPC is your biggest problem?
PPC is great in theory, troble is in the real world its just so damn expensive you may as well go the x86 route. its actually so much cheaper that the cost of having the architechure fail is balenced by the fact you can go down the street and buy a replacement. I like PPC, its a nice archatechure, but its exensive, and its still coming out of the old propietary days. I'll be interested to see if it survives to become at least a little mainstream
you know if we were using java we could just catch a java.lang.classCastException...
...and then call the garbage collector.
They are the cogs in Microsoft's software machine
..., a policy center dedicated to temporary workers' rights. "It's very bad for morale.
Its not a machine...its an outhouse....lets keep that in mind as we read this article.
"They really screwed it for the rest of us," says Derek Miebers, a one-time temp who believes that the lawsuit claimants contributed toward an even more negative work environment for future Microsoft contingent staff.
well duh, they are microsoft, they have been screwing the world for 20 years, that little dump they took out in the outhouse that they packaged and called windows.
"They basically encourage a culture that devalues the contributions of these employees because of their status as contractors,"
look at their products, do you really want to be assoicated with that? One current contractor goes so far as to describe the deliberate distinctions between full timers and contractors as a sort of "caste system" with clear signifiers that show who belongs to the high Brahmin class and who are the outcasts.
One current contractor goes so far as to describe the deliberate distinctions between full timers and contractors as a sort of "caste system" with clear signifiers that show who belongs to the high Brahmin class and who are the outcasts. they have a castle system? and outcasts? oh jesus, no wonder windows blows so much, these people are so busy trying to become king of the castle that they dont have time to devlop software. Micrsoft management really needs to get a fucking life....wel, i suppose all they have is their status, after all, they certinally cant brag about their quality assurance, or custmer service. Hell, they cant even brag about their product without at least some snickiering.
if it were me, just working for microsoft would bring down my morale
I gotta be honest, i got a little over half way thru this article and just stopped reading it. It just gets more and more retarded. These people are suppose to be devloping software and all they are doing is sitting around flinging shit at each other like monkeys with cucumbers up their ass.
no wonder windows sucks so much, i doubt with the big struggle of the peseants they have any time to work on it.
I kind of like this idea. It moves more towards having a seperate enviornment from the operating system enviornment. Wich i like because i like to keep my http users as far away from the system as possible.
Using grsecurity kernel patch, i can use trusted path execution and take execution privlages away from the apache group, and set its gid = 1005 (or whatever you specified under trusted path execution for the untrusted group in the grsecurity options) and then only give apache execute rights on specific things...(ie pearl, java...etc). Howrever, this way, i only need to give apache execute rights on basically just apache, and run everything else from within the chroot. It makes my life much simplier. Not having to go and find all the intpretures that it needs access to, or the vms, giving them those rights, and then playing around with the directory structure to make sure apache cant just freely roam the system.
It does take more space, but i think its worth it. When i set up a webserver for a client, my biggest worrys are not known exploits, i can write a script to go and patch that for me. Hell in gentoo i write a line of bash and put it in my crontab and i never worry about known exploits agian. What i am more worried about is someone hitting me with a exploit that is not known. So if some sort of bufer overflow happens. At worst, i will lose the http service. But i can have a replication service running if its really a concern. So thats not much of an issue. However, what is an issue is people getting outside of the http service with buffer overflows. the grsecurity kernel patch, enforcing non executable pages and stacks, is nice, and does a good job at stopping buffer overflows, however, this chroot thing i find intergrates nicely into the extra levels of security i put in.
Well alot of the various linux distros really blow hard.
:)
The only one that dosnt, is gentoo. Its actually on a pretty level playingfield as freeBSD.
Gentoo uses the ports collection, so you can get your chrooted packages off of there. But alot of times they dont run chrooted by default. This is changing at a good rate (in gentoo at least). When i do an overnight emerge, when i merge in etc-update i am finding that my chroot config directives are getting overwritten by the new config data more and more now.
But then agian, if you install a service avialable to the world, and just go with the default configureation without at least checking to make sure its good.....you deserve what you get