I am not typically supportive of/. bashing, but recently the number of quality articles has gone way down. To go one step further than just plain old bashing, I have a suggestion... Can we start moderating articles themselves so that I can browse articles at +3 on a normal day, +4 on a busy day and +5 on those insane days?
I used to like Evolution, but after this low blow, I think I might change my mind. How can they add Emacs support and not VI support? Since everyone knows that VI is better than Emacs.
</sarcasm>
Users may not care, but businesses care when people can not use their web site, because someone has their browser privacy setting high and they are not accepting cookies without P3P. The first time I implemented P3P it increased online ordering by about 5%. Most end users don't realize that a shopping cart doesn't work correctly because their browser is denying cookies. They simply get frustrated and go to another site. But when businesses realize that P3P is an easy fix, there is really no question about whether or not to use P3P.
<rant> It really bugs me when people start bagging on P3P and saying how crappy it is. Why don't you do something about it? Right now P3P is the best privacy standard out there. Until someone comes up with something better, lets use it! </rant>
Since I do 95% of my banking online, and use Gentoo Linux on the desktop, it is an essential that my bank in Mozilla compatible. When I was a Bank One they changed some stuff which made their site non Mozilla compatible. I politely sent them an email and asked them to fix it. They did not. So I switched to Wells Fargo where now I enjoy Mozilla compatible online banking. Way to go Wells Fargo! (BTW: Bank One might have fixed this, since it was about 1 year ago.)
I already got rid of my home phone and just use a cell phone. Also, I will be moving to VoIP at the office as soon as Vonage can get me a Denver area code.
It's nice to be free from those local phone service bastards.
How did this comment get to a 5? This person does not understand software development. If you need some more information on why we should not "replace the X windowing system alltogether", read this.
Does anyone have a Passport account I can use? I am supprised to see that no one has posted the slashdot passport account info, like they usually do for the NY Times. I want to create a few projects, but I have heard that having a Passport account is insecure and that it even could be taking the mark of the beast. So, if anyone has one they could share, I would like to add a few projects like:
Windows YP - A lightweight Windows Replacement that only crashes once a week Winzilla - An IE replacement written entirely in VB (It is very fast) Inlook - An Outlook replacement that is guarrantied to only have 5 major security holes / month Ipache - An IIS replacement which is only compatible with Winzilla clients
I love it every time this argument comes up. It always has very few facts, and lots of emotions. It's fun to see all us nerds get so defensive about an OS. (I admit I do it too.) However, one FACT that we should focus on is this: Security is the inverse of Convenience! The more convenient something is, the less secure it will be. Windows, Linux, Solaris, etc. can all be very secure depending on what runs on them, and the pain, time, and messyness invloved in locking them down. Linux distros have many tools to aid in configuration. Use them, and your box will probably be less secure. Use a default Windows install and you will probably get hacked. So as some comments have pointed out. And now for my guide on how to secure any OS: Use the Sans (I think) guides on hardening systems. Have a good sysAdmin that knows more than clicking through wizards to set stuff up. Keep everything patched and up to date. Restrict user access as much as possible. Turn off services that are not used. Review the log files. Use packet filters on your router. Unplug the box for total security.
I have read a lot of negative comments about not supporting the ADA on this one... But then I thought, why not use this as an oppurtunity to have web sites forced to be compilant with standards? No more ActiveX sites that don't work with Mozilla... No more sites that say: "Your Opera browser is not compatible with this site. Please use IE 5.5 or 6" Wouldn't that be nice? Now I hate legislation too, but if there is going to be legislation on this, let's use it not only for the benefit of blind people, but also us nerds! Yeah, Go ADA!!!
Oh-yeah, it runs on Linux, so I guess that rules it out as an Outlook replacement for you windows people.
Then I zone out for a while
on
Slashdot Turns 5
·
· Score: 4, Funny
Well, I generally come in at least fifteen minutes late, ah, I use the side door--that way Lumberg can't see me, heh--after that I sorta space out for an hour.
Yeah, I just read Slashdot, but it looks like I'm working. I do that for probably another hour after lunch too, I'd say in a given week I probably only do about fifteen minutes of real, actual, work.
Thanks Slashdot! Happy B-Day from all the Peter Gibbon's in this world!
The only thing I am disagreeing with is that "many people don't want a web-based solution". I really don't think CTO of company XYZ cares what protocol is used for his CMS, just as long as it can work today. I agree that there should be a better solution, since I don't like the idea of staking tons of services on HTTP either. There should be a CMS protocol. But there isn't, so for now let's use what we can.
When most people say web-based they mean browser based. I assumed that is what you meant. If you actually meant http-based, then I will have to disagree with your comment of "Because many people don't want a web-based solution?" entirely. As portrayed by web services, people don't care what protocol is used. (Unless they are network admins) People care that something works. Web Services work for distributing objects and WebDAV works for CMS. It may not be the best thing, but it is here today.
WebDAV really has nothing to do with the "Web" except that it uses the HTTP protocol. I would not consider that a "web-based" solution. In other words... WebDAV has nothing to do with a browser and everything to do with HTTP.
Why can't WebDAV be the standard? From what I have seen WebDAV has a lot of the needed functionaility for a CMS. Jakarta Slide (Open Source Java CMS) is implementing WebDAV as their foundation.
I very highly doubt that any site that I visit will be exploiting this bug. Who would waste the time to do this when only about 1% of their visitors will be susceptible to the user tracking. Yeah, I am concered about privacy, but is this really news? Thanks/. for keeping me informed.
when distros will start shipping 2.0 as standard,
everyone will "just use" it.
<wear suit="flame resistant">
I don't think that "everyone" is the best word to use here. Most real unix sys-admins I know won't touch rpm's for things like Apache, OpenSSL, Postfix, etc. They build them from scratch in order to have more control over their servers. Typically unix sys-admin's like control. Thus they use unix not that other borg like OS. So, I agree that more people will use Apache 2.0 when distro's include it. But that is not the major reason people are not using it.
</wear>
BTW: One great reason to use Apache 2 is that mod_proxy is much faster and works better. From some reports I have read it is now a better way to go than mod_jk.
Use mod_proxy to connect Apache and JBoss/Jetty. Use XDoclet to write your code for you. And now you are an Enterprise Application developer.
Have fun! Try not to spill anything.
Many governments have motivated thier people through fear. The better solution is that the people live based on ethics. Even a tougher penalty for speeding would not convince me that speeding is wrong. Wrongness and Rightness is a matter of Ethics. I think that it is better if people live from ethics and moral convictions, than fear. This is one place where religion has taken the life from people. So many people live in fear that their god will crush them if they do something wrong. No one should live their life in fear. The problem becomes defining ethics, which "After Virtue" does a great job of. Ethics really haven't existed since the Enlightenment Project failed.
And somehow I don't think that "going after" the users works well either... I had this realization the other day when I got a speeding ticket... The reason why I speed is because I don't think that it is wrong. Or perhaps that I think that it's just not that bad. This puts law enforcement in a hard place. They will never be able to convince me that speeding is very wrong, and if I don't get caught very often, I will continue to do it.
I believe this is very similar to pirating music / movies. Many belive that it's not that bad. And since the Enlightenment Project failed, there is not absolute foundation for ethics. Nothing to tell me why I really shouldn't speed or steal music. So what is the answer? I believe that After Virtue by Alasdair MacIntryre has some great insight into ethics not based on absolutes.
I have been reading all sorts of comments from people complaining about the $5000 / year.
J2EE consultants can charge about $150 - $400 / hour. If you could get 5% more per hour by having your JBoss certification, then the 5k is not much.
Let's do some math:
(Normal J2EE Consultant)
20 hours / week x $200 / hour x 50 weeks ------------- $200,000 / year (Wouldn't that be nice)
(JBoss Certifified Consultant)
20 hours / week x $210 / hour x 50 weeks -------------- $210,000 / year (That would be even nicer)
So there... You just made (net) an extra $5000 for getting your JBoss certification. Realistically, I think that JBoss certified consultants could get more than an extra 5% but I was trying to be conservative.
So have fun, and if you want to make more money then go get your JBoss certification. Simple as that.
I think you are missing the point... At this time it's primarly for consultants selling their time. I am sure that eventually it will be a required resume item for J2EE jobs. But for now if you are trying to selling J2EE consulting work, that certification is important.
<sarcasm>
You are right... Because using JBoss's:
- Database connection pools
- Better war file deployment handling (no restarts needed)
- JNDI stuff
- JAAS stuff
- etc.
Just has "no value"
</sarcasm>
JBoss is not just EJB! JBoss is the kitchen sink... It provides so much infrastructure that I save tons of time on every project. Plus even if I don't use EJB now, it is much easier to implement later.
The only reason I can think of to not use JBoss is
that it consumes a little extra memory.
I manage a few servers...
1 Apache box on an Ultra 5 (Slow sun box typically used as a workstation)
1 Tomcat box on an Ultra 5
I use mod_jk and hide the tomcat box behind the web server. This adds a nice layer of security and lets Apache process.html pages.
In total I have 5 instances of Apache, ~100 instances of tomcat, and ~150 web sites. The apache box sustains about 2MB/s and about 400k/s gets sent to the Tomcat box to deal with. I have had very few problems with Tomcat 3.3.
If you need some redundancy I would recommend using the mod_jk load balancing. It works very well and is simple to setup.
My advice: Don't litsten to all the Slashdoters who gripe about anything to do with Java, give Tomcat a try. It works for me!
BTW: If you want to get into J2EE stuff, absolutly use JBoss!!! It rocks!
Slashdot Mirror
I am not typically supportive of
I used to like Evolution, but after this low blow, I think I might change my mind. How can they add Emacs support and not VI support? Since everyone knows that VI is better than Emacs.
</sarcasm>
Users may not care, but businesses care when people can not use their web site, because someone has their browser privacy setting high and they are not accepting cookies without P3P. The first time I implemented P3P it increased online ordering by about 5%. Most end users don't realize that a shopping cart doesn't work correctly because their browser is denying cookies. They simply get frustrated and go to another site. But when businesses realize that P3P is an easy fix, there is really no question about whether or not to use P3P.
<rant>
It really bugs me when people start bagging on P3P and saying how crappy it is. Why don't you do something about it? Right now P3P is the best privacy standard out there. Until someone comes up with something better, lets use it!
</rant>
Since I do 95% of my banking online, and use Gentoo Linux on the desktop, it is an essential that my bank in Mozilla compatible. When I was a Bank One they changed some stuff which made their site non Mozilla compatible. I politely sent them an email and asked them to fix it. They did not. So I switched to Wells Fargo where now I enjoy Mozilla compatible online banking. Way to go Wells Fargo! (BTW: Bank One might have fixed this, since it was about 1 year ago.)
I already got rid of my home phone and just use a cell phone. Also, I will be moving to VoIP at the office as soon as Vonage can get me a Denver area code.
It's nice to be free from those local phone service bastards.
How did this comment get to a 5? This person does not understand software development. If you need some more information on why we should not "replace the X windowing system alltogether", read this.
Does anyone have a Passport account I can use? I am supprised to see that no one has posted the slashdot passport account info, like they usually do for the NY Times. I want to create a few projects, but I have heard that having a Passport account is insecure and that it even could be taking the mark of the beast. So, if anyone has one they could share, I would like to add a few projects like:
Windows YP - A lightweight Windows Replacement that only crashes once a week
Winzilla - An IE replacement written entirely in VB (It is very fast)
Inlook - An Outlook replacement that is guarrantied to only have 5 major security holes / month
Ipache - An IIS replacement which is only compatible with Winzilla clients
Thanks.
I love it every time this argument comes up. It always has very few facts, and lots of emotions. It's fun to see all us nerds get so defensive about an OS. (I admit I do it too.) However, one FACT that we should focus on is this:
Security is the inverse of Convenience!
The more convenient something is, the less secure it will be. Windows, Linux, Solaris, etc. can all be very secure depending on what runs on them, and the pain, time, and messyness invloved in locking them down. Linux distros have many tools to aid in configuration. Use them, and your box will probably be less secure. Use a default Windows install and you will probably get hacked. So as some comments have pointed out. And now for my guide on how to secure any OS:
Use the Sans (I think) guides on hardening systems.
Have a good sysAdmin that knows more than clicking through wizards to set stuff up.
Keep everything patched and up to date.
Restrict user access as much as possible.
Turn off services that are not used.
Review the log files.
Use packet filters on your router.
Unplug the box for total security.
I have read a lot of negative comments about not supporting the ADA on this one... But then I thought, why not use this as an oppurtunity to have web sites forced to be compilant with standards? No more ActiveX sites that don't work with Mozilla... No more sites that say: "Your Opera browser is not compatible with this site. Please use IE 5.5 or 6" Wouldn't that be nice? Now I hate legislation too, but if there is going to be legislation on this, let's use it not only for the benefit of blind people, but also us nerds! Yeah, Go ADA!!!
What about Ximian Evolution as a secure Outlook replacement?
It can even talks to Exchange servers.
Oh-yeah, it runs on Linux, so I guess that rules it out as an Outlook replacement for you windows people.
Well, I generally come in at least fifteen minutes late, ah, I use the side door--that way Lumberg can't see me, heh--after that I sorta space out for an hour.
Yeah, I just read Slashdot, but it looks like I'm working. I do that for probably another hour after lunch too, I'd say in a given week I probably only do about fifteen minutes of real, actual, work.
Thanks Slashdot! Happy B-Day from all the Peter Gibbon's in this world!
GUI Secure CoPy
Train those friends and family to use a secure method of transfering files.
True, I'm speaking purely in regards to this being the "collaborative, interoperating, standard CMS" system. It's good, but not that good.
:)
I agree 100%!
Come on it's Friday! No need to get all up-tight.
The only thing I am disagreeing with is that "many people don't want a web-based solution". I really don't think CTO of company XYZ cares what protocol is used for his CMS, just as long as it can work today. I agree that there should be a better solution, since I don't like the idea of staking tons of services on HTTP either. There should be a CMS protocol. But there isn't, so for now let's use what we can.
When most people say web-based they mean browser based. I assumed that is what you meant. If you actually meant http-based, then I will have to disagree with your comment of "Because many people don't want a web-based solution?" entirely. As portrayed by web services, people don't care what protocol is used. (Unless they are network admins) People care that something works. Web Services work for distributing objects and WebDAV works for CMS. It may not be the best thing, but it is here today.
WebDAV really has nothing to do with the "Web" except that it uses the HTTP protocol. I would not consider that a "web-based" solution. In other words... WebDAV has nothing to do with a browser and everything to do with HTTP.
Why can't WebDAV be the standard? From what I have seen WebDAV has a lot of the needed functionaility for a CMS. Jakarta Slide (Open Source Java CMS) is implementing WebDAV as their foundation.
I very highly doubt that any site that I visit will be exploiting this bug. Who would waste the time to do this when only about 1% of their visitors will be susceptible to the user tracking. Yeah, I am concered about privacy, but is this really news? Thanks /. for keeping me informed.
when distros will start shipping 2.0 as standard, everyone will "just use" it.
<wear suit="flame resistant">
I don't think that "everyone" is the best word to use here. Most real unix sys-admins I know won't touch rpm's for things like Apache, OpenSSL, Postfix, etc. They build them from scratch in order to have more control over their servers. Typically unix sys-admin's like control. Thus they use unix not that other borg like OS. So, I agree that more people will use Apache 2.0 when distro's include it. But that is not the major reason people are not using it.
</wear>
BTW: One great reason to use Apache 2 is that mod_proxy is much faster and works better. From some reports I have read it is now a better way to go than mod_jk.
Go download yourself a copy of
Apache 2
JBoss 3.0.2 with Jetty
XDoclet
Use mod_proxy to connect Apache and JBoss/Jetty. Use XDoclet to write your code for you. And now you are an Enterprise Application developer. Have fun! Try not to spill anything.
Many governments have motivated thier people through fear. The better solution is that the people live based on ethics. Even a tougher penalty for speeding would not convince me that speeding is wrong. Wrongness and Rightness is a matter of Ethics. I think that it is better if people live from ethics and moral convictions, than fear. This is one place where religion has taken the life from people. So many people live in fear that their god will crush them if they do something wrong. No one should live their life in fear. The problem becomes defining ethics, which "After Virtue" does a great job of. Ethics really haven't existed since the Enlightenment Project failed.
And somehow I don't think that "going after" the users works well either... I had this realization the other day when I got a speeding ticket... The reason why I speed is because I don't think that it is wrong. Or perhaps that I think that it's just not that bad. This puts law enforcement in a hard place. They will never be able to convince me that speeding is very wrong, and if I don't get caught very often, I will continue to do it.
I believe this is very similar to pirating music / movies. Many belive that it's not that bad. And since the Enlightenment Project failed, there is not absolute foundation for ethics. Nothing to tell me why I really shouldn't speed or steal music. So what is the answer? I believe that After Virtue by Alasdair MacIntryre has some great insight into ethics not based on absolutes.
I have been reading all sorts of comments from people complaining about the $5000 / year.
J2EE consultants can charge about $150 - $400 / hour. If you could get 5% more per hour by having your JBoss certification, then the 5k is not much.
Let's do some math:
(Normal J2EE Consultant)
20 hours / week
x $200 / hour
x 50 weeks
-------------
$200,000 / year (Wouldn't that be nice)
(JBoss Certifified Consultant)
20 hours / week
x $210 / hour
x 50 weeks
--------------
$210,000 / year (That would be even nicer)
So there... You just made (net) an extra $5000 for getting your JBoss certification. Realistically, I think that JBoss certified consultants could get more than an extra 5% but I was trying to be conservative.
So have fun, and if you want to make more money then go get your JBoss certification. Simple as that.
I think you are missing the point... At this time it's primarly for consultants selling their time. I am sure that eventually it will be a required resume item for J2EE jobs. But for now if you are trying to selling J2EE consulting work, that certification is important.
<sarcasm>
You are right... Because using JBoss's:
- Database connection pools
- Better war file deployment handling (no restarts needed)
- JNDI stuff
- JAAS stuff
- etc.
Just has "no value"
</sarcasm>
JBoss is not just EJB! JBoss is the kitchen sink... It provides so much infrastructure that I save tons of time on every project. Plus even if I don't use EJB now, it is much easier to implement later.
The only reason I can think of to not use JBoss is that it consumes a little extra memory.
Give it a try
Besides, if all you need is a web container, it's jmx... Pull out the mbeans you don't need. Yup, it's that easy.
I manage a few servers...
1 Apache box on an Ultra 5 (Slow sun box typically used as a workstation)
1 Tomcat box on an Ultra 5
I use mod_jk and hide the tomcat box behind the web server. This adds a nice layer of security and lets Apache process
In total I have 5 instances of Apache, ~100 instances of tomcat, and ~150 web sites. The apache box sustains about 2MB/s and about 400k/s gets sent to the Tomcat box to deal with. I have had very few problems with Tomcat 3.3.
If you need some redundancy I would recommend using the mod_jk load balancing. It works very well and is simple to setup.
My advice: Don't litsten to all the Slashdoters who gripe about anything to do with Java, give Tomcat a try. It works for me!
BTW: If you want to get into J2EE stuff, absolutly use JBoss!!! It rocks!