Let's just think about that phrase. No, better still, just laugh about it. There isn't a single use where this _isn't_ a huge plus.
My mobile phone has bluetooth, a serial cable connection and fir. Guess which one whould be most usefull to synchronize with my computer? Or use as GPRS device with my PDA for use for internet on the move?
It isn't the fir or the serial cable that's for sure.
When I see something like this happening in a computer store (my speciality) I will normally explain what's really happening to the customer.
This is at least as much fun as laughing at the customer; it is really fun to see such a sales person to begin to sweat. Or if they are not easily embarrased, begin to look awfully mean. Which is fine, a sales person may not physically attack clients:)
Ok, I'm off buying some gold connectors for my car stereo.
If you call yourself a security expert, which in a way he does, missing this point is fatal. You beat me in posting it early, but I stopped reading the article at that point.
I mean, if the guy doesn't t know THAT, then he should get a job in securing property instead. He could use his muscles instead of his brain:)
Luckily I've already responded to the author in person before this became/.ed.
As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.
I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.
Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.
Neh, nobody will ever get that far to sue a pennyless (in comparison with MS, for sure) programmer because of some bugs in his code. What you can do though is circumvent the obvious pitfalls.
C++ and other languages have their buffer overflows, pointer arithmetic and other easy to exploit holes, so let a program check those risks.
PHP, Perl and other scripting languates have eval() functions, so make sure those functions aren't abused (or even better, aren't used at all).
Mail programs nowadays "need" to display HTML, so do use a safe HTML parser and at least disable scripting. Err, MS?
Don't forget that law gets amended according to the need of society (or at least some part of society). A dragon law that won't let you produce code will therefore never exist. There would be too many people to fight it.
Now wait a minute, that's not true... Just a second I've got mail...
Hmm, another 10 messages with the stupid virus in it. Darn.
Actually, it is getting so bad that my high quality ISP has trouble with the handling of all the spam and viri, and it is already taking up quite some budget on both bandwith, equipment, cpu power, spam and virus filters etc.
The security branche is already making billions of money. And I bet its not only VPN that's the moneymaker here. Hey, that's enough to bankrupt even Microsoft itself. Interesting.
Yeah, but the truth is that their software is insecure by _architecture_. They seem to realise this however, and have initiatives to amend this problem. Not the ones you and I are after, I agree, but they do seem to be slightly more on track (.NET).
However, even now they make mistakes. Doing a SOAP call over HTTP port 80 is as stupid as it can get. The whole idea that firewalls are open only to port 80 is to run a (relatively) save web-server behind the port. Doing remote procedure calls over the same port...you could as well open all the ports again.
As long as MS lets functionality and ease of use predominate security, they won't make secure systems. There is always a trade off in the real world. MS Outlook and Outlook express are the ultimate examples of that policy.
Excactly. What I would like to see is a page that explains how your credit card details are handled. To be on the safe side, they should be encrypted using asymetric (RSA) encryption before being saved into the database. Another (administration) PC, behind another firewall, would then connect to the database when this information is needed.
Another better way would be to use the information once to validate the creditcard and let the creditcard compagny take care of the rest. After that, simply throw away the credit card number. I do not mind typing it in another time.
But however you look at it, a secure SSL connection would be the way to go. It is way to easy for somebody in between to listen in in this way. If the site does generate shitloads of money (which it won't for some time to come) it would be too easy for somebody that operates the network to get the creditcard details.
And credit card fraud does still happen. Big time. So that makes your referral to the fair credti billing act a bit pointless. In one way or another, somebody's gotta pay for that.
Yeah, just try to download the mpeg 4 movie from the microsoft site and plant it in your media player (or your favourite player, if that supports it).
It's called liquid_1.wmv and google will probably find it. It plays fine on my 2.4+ AMD, but I cannot scale it yet, let alone do any other operation on it. Which is a shame, because playing at the same datarate as DVD it manages 1280x960 resolution.
Right you are. JSP is mainly meant to be used for making it easyer for web builders to communicate with the underlying Java objects.
Any person using a lot of Java in their.JSP pages is obviously badly mistaken. Most of the time defining tags and doing everything outside the view of the web based programmer is the way to go. Try to get your functionality in seperate classes, and use EJB's if you want scalability.
And that's the other thing. A well written servlet is scalable. Obviously something they missed since the site is still down.
Furthermore, how can you say that PERL is easier to maintain? Most people will not even be able to read PERL scripts due to the lovely syntax. Which is also the problem with the.NET languages by the way. As long as the API stays the same, there is little to worry about for Sun.
My prediction: Java will stay put for the immediate future.
The YP55V was able to copy a 15MB file in about 20 seconds which is pretty fast.
15 MB * 8 = 120 M bits. Which makes it a 120 M / 20 = 6 Mbit/sec device. Filling the whole thing therefore takes 256 * 8 / 6 = 341 seconds or 5 minutes and 41 seconds.
My USB 2.0 stick is about 5 times as fast so then it would take only a minute and 8 seconds to load the music.
Maybe this sounds strange, but almost 6 minutes is quite a lot of time. If you want to take some music to work, it would take the additional time to startup your computer. And consider that burning a CD nowadays takes about 5 minutes too (including getting the *(&*&^^ cd out of the *^%^%*& box).
So I think I know an additional feature it could use.
Dunno. You do not sound like the first person I would start to talk to anyway. I personally never have any problems trying to stop a person talking to me. Furthermore, as long as they keep their distance, I do not mind anybody watching the movie with me. Actually, people trying to read the same book is way worse.
Anyways, if you want to promote a technology you normally take one of the obvious examples. I mean the phrase "you can build an entire linux kernel in flight" is not likely to separate people from their $200.
And as a final point: if you need to take your (company supplied) laptop anyways, why would you buy an additional DVD movie player?
I generally do like blacklists, but I do not trust them to get everything right.
My ISP has multiple POP boxes for each customer though. Currently all the spam gets into one box and the (presumed) legit mail gets into my normal mail box.
Now and then some legit mail gets into the spam pop account. Now and then I check this account for messages that are non-spam. Until now, only some mailinglists have been incorrectly identified as spam (ironically, mostly from IT security companies).
There is still an amount of spam in my inbox too, but some rules take most of that out as well.
I would not want my ISP to throw away all the mail they think as spam; they should never do that without my consent. But blacklistst do not have to be a 0 or 1 (or black or white:) for mail.
Hmmm, I believe most of the population of the earth wants to live in peace, and let everybody have enough food on the table. The number of people against this idea will be an unsignificant minority, but that does not make it so.
Currently I am having some trouble from spammers that send mails with just pictures in them, containing the complete message. Try filtering that out. What can I do against that? Have my mail system recognice text in mailed messages? What if it is just a link written over a very large penis (and I am not even making that one up, bah).
This is something to take extreme care of, especially if you are using RAID 1 or 5. Both are meant to keep your data secure. When the drives heat up, they have a lot higher failure rate, so even two drives for the same data may not be secure.
Actually, a lot of computer cases are sold with two spaces for hard disk drives. If these are too close to each other, situating two 7200 RPM drives is quite dangerous. Use front side cooling fans if you have such a setup.
Warper
ps. the situation was created at work by a collegue of mine. We had two crashes on the same machine in a row. There was less than a half height space between the drives.
Moreover, if somebody would want to release a successfull worm, he now would have the oportunity to synchronize with the Windows update service.
Just wait until the monthly patch-thingy is issued and your worm has a whole month to have fun. Patches will be issued NEXT MONTH.
Great idea MS, I wonder why nobody else does such a thing. Sheesh.
"You don't have to aim it, that's it."
Let's just think about that phrase. No, better still, just laugh about it. There isn't a single use where this _isn't_ a huge plus.
My mobile phone has bluetooth, a serial cable connection and fir. Guess which one whould be most usefull to synchronize with my computer? Or use as GPRS device with my PDA for use for internet on the move?
It isn't the fir or the serial cable that's for sure.
When I see something like this happening in a computer store (my speciality) I will normally explain what's really happening to the customer.
:)
This is at least as much fun as laughing at the customer; it is really fun to see such a sales person to begin to sweat. Or if they are not easily embarrased, begin to look awfully mean. Which is fine, a sales person may not physically attack clients
Ok, I'm off buying some gold connectors for my car stereo.
If you call yourself a security expert, which in a way he does, missing this point is fatal. You beat me in posting it early, but I stopped reading the article at that point.
:)
I mean, if the guy doesn't t know THAT, then he should get a job in securing property instead. He could use his muscles instead of his brain
What it's already one year since the Iraqi minister of information was captured? Time surely goes by quickly.
Luckily I've already responded to the author in person before this became /.ed.
As I've pointed out to the author, being just a "normal user" is enough to let the virus spread and to destroy the "normal" users documents.
I keep seeing this argument over and over again when talking about system stability. But my system would be next to useless if all my documents and configurations would be gone. Maybe it would be easier to recover from backup instead of a full reinstall, but that would be it.
Most pc's out there are single user (or single family) computers, instead of the old multi-user mainframes. All the important data are in reach of the virus.
If I get a response I will let you know...
It's simple. Just take a look at the movie trailer, if you think you've seen it all, well, you've seen it all :)
Neh, nobody will ever get that far to sue a pennyless (in comparison with MS, for sure) programmer because of some bugs in his code. What you can do though is circumvent the obvious pitfalls.
C++ and other languages have their buffer overflows, pointer arithmetic and other easy to exploit holes, so let a program check those risks.
PHP, Perl and other scripting languates have eval() functions, so make sure those functions aren't abused (or even better, aren't used at all).
Mail programs nowadays "need" to display HTML, so do use a safe HTML parser and at least disable scripting. Err, MS?
Don't forget that law gets amended according to the need of society (or at least some part of society). A dragon law that won't let you produce code will therefore never exist. There would be too many people to fight it.
Now wait a minute, that's not true... Just a second I've got mail...
Hmm, another 10 messages with the stupid virus in it. Darn.
Actually, it is getting so bad that my high quality ISP has trouble with the handling of all the spam and viri, and it is already taking up quite some budget on both bandwith, equipment, cpu power, spam and virus filters etc.
The security branche is already making billions of money. And I bet its not only VPN that's the moneymaker here. Hey, that's enough to bankrupt even Microsoft itself. Interesting.
Yeah, but the truth is that their software is insecure by _architecture_. They seem to realise this however, and have initiatives to amend this problem. Not the ones you and I are after, I agree, but they do seem to be slightly more on track (.NET).
However, even now they make mistakes. Doing a SOAP call over HTTP port 80 is as stupid as it can get. The whole idea that firewalls are open only to port 80 is to run a (relatively) save web-server behind the port. Doing remote procedure calls over the same port...you could as well open all the ports again.
As long as MS lets functionality and ease of use predominate security, they won't make secure systems. There is always a trade off in the real world. MS Outlook and Outlook express are the ultimate examples of that policy.
Excactly. What I would like to see is a page that explains how your credit card details are handled. To be on the safe side, they should be encrypted using asymetric (RSA) encryption before being saved into the database. Another (administration) PC, behind another firewall, would then connect to the database when this information is needed.
Another better way would be to use the information once to validate the creditcard and let the creditcard compagny take care of the rest. After that, simply throw away the credit card number. I do not mind typing it in another time.
But however you look at it, a secure SSL connection would be the way to go. It is way to easy for somebody in between to listen in in this way. If the site does generate shitloads of money (which it won't for some time to come) it would be too easy for somebody that operates the network to get the creditcard details.
And credit card fraud does still happen. Big time. So that makes your referral to the fair credti billing act a bit pointless. In one way or another, somebody's gotta pay for that.
If only for the sound effects...
Yeah, they are very social overall. Don't ditch them all just one landed in a populated area by mistake. I'm sorry for the victims though.
In all probability it was featured in Buffy then :)
It is funny to see unix commands being used on apples though. Isn't there a single click way of executing sudo somewhere?
:)
Oh well, I do like the looks on the faces of Apple salesmen when I call up a terminal and do all sort of "spooky" stuff on the machine
You know that you are on /. when:
50% of their, they're and there have been replaced by one of the other two.
No no no no, no!
The cow and other lifestock was catapulted from the castle, and the insult was "your mother is a hamster"!
That's how it went. Know your classics!
Yeah, just try to download the mpeg 4 movie from the microsoft site and plant it in your media player (or your favourite player, if that supports it).
It's called liquid_1.wmv and google will probably find it. It plays fine on my 2.4+ AMD, but I cannot scale it yet, let alone do any other operation on it. Which is a shame, because playing at the same datarate as DVD it manages 1280x960 resolution.
Warper
Right you are. JSP is mainly meant to be used for making it easyer for web builders to communicate with the underlying Java objects.
.JSP pages is obviously badly mistaken. Most of the time defining tags and doing everything outside the view of the web based programmer is the way to go. Try to get your functionality in seperate classes, and use EJB's if you want scalability.
.NET languages by the way. As long as the API stays the same, there is little to worry about for Sun.
Any person using a lot of Java in their
And that's the other thing. A well written servlet is scalable. Obviously something they missed since the site is still down.
Furthermore, how can you say that PERL is easier to maintain? Most people will not even be able to read PERL scripts due to the lovely syntax. Which is also the problem with the
My prediction: Java will stay put for the immediate future.
Maarten
15 MB * 8 = 120 M bits. Which makes it a 120 M / 20 = 6 Mbit/sec device. Filling the whole thing therefore takes 256 * 8 / 6 = 341 seconds or 5 minutes and 41 seconds.
My USB 2.0 stick is about 5 times as fast so then it would take only a minute and 8 seconds to load the music.
Maybe this sounds strange, but almost 6 minutes is quite a lot of time. If you want to take some music to work, it would take the additional time to startup your computer. And consider that burning a CD nowadays takes about 5 minutes too (including getting the *(&*&^^ cd out of the *^%^%*& box).
So I think I know an additional feature it could use.
Warper
Dunno. You do not sound like the first person I would start to talk to anyway. I personally never have any problems trying to stop a person talking to me. Furthermore, as long as they keep their distance, I do not mind anybody watching the movie with me. Actually, people trying to read the same book is way worse.
Anyways, if you want to promote a technology you normally take one of the obvious examples. I mean the phrase "you can build an entire linux kernel in flight" is not likely to separate people from their $200.
And as a final point: if you need to take your (company supplied) laptop anyways, why would you buy an additional DVD movie player?
Warper
Thats good, I am only moderately good at my work :)
Warper
I generally do like blacklists, but I do not trust them to get everything right.
:) for mail.
My ISP has multiple POP boxes for each customer though. Currently all the spam gets into one box and the (presumed) legit mail gets into my normal mail box.
Now and then some legit mail gets into the spam pop account. Now and then I check this account for messages that are non-spam. Until now, only some mailinglists have been incorrectly identified as spam (ironically, mostly from IT security companies).
There is still an amount of spam in my inbox too, but some rules take most of that out as well.
I would not want my ISP to throw away all the mail they think as spam; they should never do that without my consent. But blacklistst do not have to be a 0 or 1 (or black or white
Warper
0 - evil bit
Hmmm, I believe most of the population of the earth wants to live in peace, and let everybody have enough food on the table. The number of people against this idea will be an unsignificant minority, but that does not make it so.
Currently I am having some trouble from spammers that send mails with just pictures in them, containing the complete message. Try filtering that out. What can I do against that? Have my mail system recognice text in mailed messages? What if it is just a link written over a very large penis (and I am not even making that one up, bah).
Warper
Yes, I've been in that situation myself.
This is something to take extreme care of, especially if you are using RAID 1 or 5. Both are meant to keep your data secure. When the drives heat up, they have a lot higher failure rate, so even two drives for the same data may not be secure.
Actually, a lot of computer cases are sold with two spaces for hard disk drives. If these are too close to each other, situating two 7200 RPM drives is quite dangerous. Use front side cooling fans if you have such a setup.
Warper
ps. the situation was created at work by a collegue of mine. We had two crashes on the same machine in a row. There was less than a half height space between the drives.