Our department is moving from IIS 4.0 to Apache 1.3.29 within the next few months. The server is up & running and I'm working on porting our site over. The reasoning for the switch?
While MS requires patching & monitoring, so does Apache/Linux (although it's not as time-consuming IMO). I also haven't had up-time issues with IIS although I inherently believe Apache would beat IIS in that category.
The true reason is that Apache processes SSI from the outside, while IIS processes them from the inside. I can make more modular code using apache (i.e. a single template for the whole site that the index files link to, and that template links to "content" and "data" files in a given directory). It also seems to perform better, but that's because I was using Access on the IIS machine, and MySQL on the Apache machine. Also Apache/MySQL are cheaper (putting SCO aside).
The only other good reason was to learn something new/different to make myself more marketable.:)
You get what you pay for, that's generally true for products AND employees. If I want a tv and I go on the Net to find the absolute cheapest tv that meets my specs, I'm going to be lucky to have something delivered that works.
With these outsourcing companies, they don't seem to care about the quality of what they are paying for. I called up Dell technical support the other day to ask if something was covered under the warranty only to end up spending 10 minutes trying to communicate my request to the tech. They don't necessarily understand the problem or how to fix it, they are trying to find the prepared response for an anticipated question.
And you KNOW companies like Dell are aware of the difference in quality because they are moving tech support for their "important" customers back to the states because they knew it was crap.
Whether I'm buying for myself or a friend/relative, I base my decision primarily on QUALITY. If I'm buying for someone who I don't care about and I'm not worried about what they will think, I base the decision on PRICE. It's that simple... companies that outsource don't care about the quality of their product (tech support, software, etc.).
Sounds like somebody is a little worried that their lucrative business of stalking dying companies won't be quite so lucrative in the near future. So he now proclaims that times will still be bad in an attempt to stifle spending by consumers and companies, thus furthing this slump that we're in.
This reminds me of the Simpsons episode where Bart joins an Internet company and they die at the end of the episode as Bart is confronted by a repo guy lighting his cigar with dollar bills.
I agree with your position, but I also believe that while one may be a law abider at this time, what is to prevent the government from proclaiming an activity as unlawful. What if it were illegal to eat meat, read Tolkien, or play violent video games? All of these big brother spying laws get passed first under the "you shouldn't worry if you don't break the law" guise. Then they change the laws such that you are breaking them.
It's probably been said, but just send an HTML message to the recipient with an embedded image reference, check your Web server logs for a hit, and you probably have the IP address (of course you can avoid being a victim of this, but in my experience most folks don't, even "security experts").
I read somewhere that this is one method spammers use to verify valid e-mail addresses.
From what I've heard, they only did this for their corporate lines... OptiPlex & Latitude. If you call in for support concerning the Dimension or Inspiron lines you will still have a great deal of fun trying to communicate effectively. Of course, corporate purchases account for 85% of their sales from what I read...
So... we've moved from pay-per-use (performances pre-dating records) to 100% fair use, to limited fair use (pay for the music, use it how they want), to unlimited-use subscriptions. Soon the unlimited subscription service will be segregated into levels where you have to pay out of your ass to get anything worthwhile. Following that, it'll probably land back to a pay-per-use scheme. Of course, all alternatives like FM radio, MP3's, Internet radio, garage bands, etc., will have been stomped out from the greedy industry execs by then...
What could you do in MySQL that you couldn't do in Access? Both take SQL (although the syntax differs and one may implement something that the other does not).
Personally, I prefer MySQL after having used both, but I never came across something in Access that couldn't also be done in MySQL. In fact, I found that MySQL lacked some functionality that I wanted (subqueries, but that was fixed in MySQL 4.1 I think).
And while Perl & PHP might expand on the capabilities of MySQL, the same thing can be said about ASP and Access. The only limitation on Access was the number of connections that could be made to the database.
As for Excel, it serves its purpose well. A quick/easy way to store/analyze/present small amounts of information.
In the end, they are all merely tools and each has its own advantages and disadvantages. Just because one meets your needs better than another doesn't necessarily mean it's a bad tool.
I just gave up counterstrike a few weeks back. The first 2 days were terrible, I kept thinking about CS this, CS that... but I stood firm. Then my computer crashed and I reformatted and I didn't bother putting CS back on... that worked like a charm too. Haven't found a good replacement game though... it's pretty sad but I'm more excited about setting up an Apache server at work than I am about Christmas...:/
I had a friend who worked for a large organization and was helping me get a job there. I found a position that matched me perfectly, my friend contacted the hiring manager and the hiring manager liked my resume. The only problem is that the HR person (department?) in another state weeded my resume out before it even got to the hiring manager (who couldn't hire me because my resume didn't get past this HR person). I think the problem is that I'm targeting my resume at technically competent people when I should be targeting it at non-techies who think they know what's necessary for a given position.
- I don't care if they have know $TECHNOTERM, they don't have their resume formatted the right way! I much prefer this French major who correctly listed their retail experience at Sears.
I personally deleted all of my mp3's as well as all traces of said mp3's in the registry because I didn't want to chance being harassed. However, I also have not purchased a CD since then nor will I ever purchase one in the future.
The music industry stifles musical creativity by picking up the latest britney clones and telling the masses that they are popular. Even the artists that are lucky enough to be chosen don't make anything from the CD sales. It's all about some old man somewhere making 90% profit from each CD sold, just because a group of those guys controls what gets sold to stores, what plays on the radio, and what is seen on MTV.
I can safely say that I've given up on the music industry and the only time I am exposed is when I'm in the car and the radio happens to be on. Good riddance Recording Industry Ass. of America. You can take your pop music and shove it up your ass.
So... just as you would have the owners of the honeypot be accountable for doing something to your computer, shouldn't they be able to hold you accountable for doing something to their computers? Seems to be a washout in the end... although for their single attack on your computer, you will have attacked at least one of theirs as well as those of many other people/organizations.
I think we're defining the line between vigilanteism and self-defense. Welchia is a kind of vigilante worm... the honeypot is more like self-defense.
There's a difference between Welchia and this concept though. Welchia *SEEKS OUT* infected hosts, which is why it was so damaging. The honeypot would only attempt to fix machines that are already infected, it wouldn't probe and spread like Welchia.
However, as another poster said, it's a lawsuit waiting to happen. Even if the project were technically successful, some schmoe out there would try to abuse it somehow.
But where is the line between a concept and a method?
Okay, using online interface "A" is a method.
But couldn't the use of the Internet to promote one's product be viewed as a method of selling a product?
And can't the concept of "selling products" actually be a method of generating income (as opposed to selling services, conducting fraudulent activities, etc..
How about running a business... isn't that a method for providing for yourself?
In my opinion and perhaps many others, these "methods" that Amazon wants to cover are merely concepts. Seriously... a category tree? That's an obvious concept if I ever saw one. What about wish lists? Those sound like gift registeries to me...
We have two vehicles... a Civic and an F150. We primarily use the Civic due to gas costs. However, I truly do not fit in that car. I have to lean the seat 45 degrees back just so my head isn't hitting the top. As a passenger, my left leg is always in the way of the driver when accessing the gear shifter or parking brake. As a driver, my right knee is pressed up against the ignition switch.
Don't get me wrong... I love the fuel efficiency part. I just want a fuel efficient vehicle that's made for tall folks.
We'll be trading in the Civic soon as child seats are difficult to fit in the rear. Suggestions for a roomy, affordable, reliable, fuel efficient vehicle are welcome.:)
Slight misunderstanding of what I said. Disabling the Messenger service does indeed prevent people from exploiting the hole *in the messenger service*. I don't doubt this.
Microsoft bundled enourmous functionality into a few ports, and they leave these ports open by default. If a user doesn't patch or use a firewall then they are obviously open to exploitation. This is what I consider a serious hole...
Before we were told about the Messenger flaw, I don't think the Messenger service was considered a hole, I think it was the fact that spammers were able to send messages to computers remotely using the Messenger service that was INDICATIVE of a hole. Even if they disabled Messenger the problem still existed. It's NetBIOS that's the real problem. Of all the Windows worms that have come out in the past few years, all have relied on NetBIOS, IIS, or Outlook to propogate.
Most of the people running IIS got a clue and patched (granted some didn't).
Many running Outlook were aware that they could open viruses just by viewing message and many of them patched (granted some didn't).
However everyone running Windows probably has NetBIOS running and all but the Systems Administrators and nerds don't realize that it has numerous holes and can be exploited.
I plan on letting my offspring experience games and movies that are targeted towards mature audiences once I believe they can understand that games and movies are typically not based on reality. I want them to know that movies take place on sets with actors and special effects and that games are created from millions of lines of source code. I want them to know that these productions are merely derivations from the minds of a person or small group, not a perfect representation of reality.
Of course, by that time I'm sure that my kid(s) will be making fun of me, saying "yes dad, I know that you waited for 3 minutes in a hot room in front of a 17" CRT waiting for Counter-Strike to launch using your hands to control your computer."
I truly believe that punishment is a deterrent for bad behavior. My father used a short 1-inch thick board to spank me when I was bad. The effect: I considered the effects of my actions before I acted. I hated the board, I often had mean-spirited thoughts about my dad, but I behaved. However I never did drugs, I didn't try alcohol until college, and I generally avoided bad situations.
Unfortunately, I don't know how I will teach my child (due in April) to behave. Sure, I can scold him/her and send them to a corner, but I know that the child will rationalize the risk with the action. The risk is not too great, thus the child will less scared of being caught. I can spank the child, and the child would be less likely to behave in certain ways, but then I'd have CPA all over me about child abuse.
I say let parents raise their children as they want and hold parents responsible for the actions of their children. Drop the PC crap...
I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.
However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.
I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.
My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.
I tackled this problem a year ago because I feared that addresses were being harvested off of our site. The webmaster address was on the front page and got the most traffic, but even those that were buried were affected (looking through the logs showed some artcompendium.com browser, likely a bot harvesting addresses... it hit every page).
I couldn't use images because we have rules regarding usability.
I decided to use forms and server-side scripting. You can do it with PHP or ASP and it doesn't reveal the address to the world, but it allows any browser that handles forms to send e-mail. I also captured the IP address and placed redundant checks in the code to ensure that mail would ONLY go to a single address within our organization. The last thing I wanted to do was open the door to spam abuse through our site.
Slashdot Mirror
Our department is moving from IIS 4.0 to Apache 1.3.29 within the next few months. The server is up & running and I'm working on porting our site over. The reasoning for the switch?
:)
While MS requires patching & monitoring, so does Apache/Linux (although it's not as time-consuming IMO). I also haven't had up-time issues with IIS although I inherently believe Apache would beat IIS in that category.
The true reason is that Apache processes SSI from the outside, while IIS processes them from the inside. I can make more modular code using apache (i.e. a single template for the whole site that the index files link to, and that template links to "content" and "data" files in a given directory). It also seems to perform better, but that's because I was using Access on the IIS machine, and MySQL on the Apache machine. Also Apache/MySQL are cheaper (putting SCO aside).
The only other good reason was to learn something new/different to make myself more marketable.
You get what you pay for, that's generally true for products AND employees. If I want a tv and I go on the Net to find the absolute cheapest tv that meets my specs, I'm going to be lucky to have something delivered that works.
With these outsourcing companies, they don't seem to care about the quality of what they are paying for. I called up Dell technical support the other day to ask if something was covered under the warranty only to end up spending 10 minutes trying to communicate my request to the tech. They don't necessarily understand the problem or how to fix it, they are trying to find the prepared response for an anticipated question.
And you KNOW companies like Dell are aware of the difference in quality because they are moving tech support for their "important" customers back to the states because they knew it was crap.
Whether I'm buying for myself or a friend/relative, I base my decision primarily on QUALITY. If I'm buying for someone who I don't care about and I'm not worried about what they will think, I base the decision on PRICE. It's that simple... companies that outsource don't care about the quality of their product (tech support, software, etc.).
Sounds like somebody is a little worried that their lucrative business of stalking dying companies won't be quite so lucrative in the near future. So he now proclaims that times will still be bad in an attempt to stifle spending by consumers and companies, thus furthing this slump that we're in.
This reminds me of the Simpsons episode where Bart joins an Internet company and they die at the end of the episode as Bart is confronted by a repo guy lighting his cigar with dollar bills.
I agree with your position, but I also believe that while one may be a law abider at this time, what is to prevent the government from proclaiming an activity as unlawful. What if it were illegal to eat meat, read Tolkien, or play violent video games? All of these big brother spying laws get passed first under the "you shouldn't worry if you don't break the law" guise. Then they change the laws such that you are breaking them.
It's probably been said, but just send an HTML message to the recipient with an embedded image reference, check your Web server logs for a hit, and you probably have the IP address (of course you can avoid being a victim of this, but in my experience most folks don't, even "security experts").
I read somewhere that this is one method spammers use to verify valid e-mail addresses.
From what I've heard, they only did this for their corporate lines... OptiPlex & Latitude. If you call in for support concerning the Dimension or Inspiron lines you will still have a great deal of fun trying to communicate effectively. Of course, corporate purchases account for 85% of their sales from what I read...
So... we've moved from pay-per-use (performances pre-dating records) to 100% fair use, to limited fair use (pay for the music, use it how they want), to unlimited-use subscriptions. Soon the unlimited subscription service will be segregated into levels where you have to pay out of your ass to get anything worthwhile. Following that, it'll probably land back to a pay-per-use scheme. Of course, all alternatives like FM radio, MP3's, Internet radio, garage bands, etc., will have been stomped out from the greedy industry execs by then...
What could you do in MySQL that you couldn't do in Access? Both take SQL (although the syntax differs and one may implement something that the other does not).
Personally, I prefer MySQL after having used both, but I never came across something in Access that couldn't also be done in MySQL. In fact, I found that MySQL lacked some functionality that I wanted (subqueries, but that was fixed in MySQL 4.1 I think).
And while Perl & PHP might expand on the capabilities of MySQL, the same thing can be said about ASP and Access. The only limitation on Access was the number of connections that could be made to the database.
As for Excel, it serves its purpose well. A quick/easy way to store/analyze/present small amounts of information.
In the end, they are all merely tools and each has its own advantages and disadvantages. Just because one meets your needs better than another doesn't necessarily mean it's a bad tool.
I just gave up counterstrike a few weeks back. The first 2 days were terrible, I kept thinking about CS this, CS that... but I stood firm. Then my computer crashed and I reformatted and I didn't bother putting CS back on... that worked like a charm too. Haven't found a good replacement game though... it's pretty sad but I'm more excited about setting up an Apache server at work than I am about Christmas... :/
I had a friend who worked for a large organization and was helping me get a job there. I found a position that matched me perfectly, my friend contacted the hiring manager and the hiring manager liked my resume. The only problem is that the HR person (department?) in another state weeded my resume out before it even got to the hiring manager (who couldn't hire me because my resume didn't get past this HR person). I think the problem is that I'm targeting my resume at technically competent people when I should be targeting it at non-techies who think they know what's necessary for a given position. - I don't care if they have know $TECHNOTERM, they don't have their resume formatted the right way! I much prefer this French major who correctly listed their retail experience at Sears.
Perhaps a former Valve employee found a new calling with Debian? :)
Doesn't matter if they run Windows, Mac, or *nix, they're still on their own intranet because they pissed off so many e-mail admins.
- blocking 200.0.0.0/7
I personally deleted all of my mp3's as well as all traces of said mp3's in the registry because I didn't want to chance being harassed. However, I also have not purchased a CD since then nor will I ever purchase one in the future.
The music industry stifles musical creativity by picking up the latest britney clones and telling the masses that they are popular. Even the artists that are lucky enough to be chosen don't make anything from the CD sales. It's all about some old man somewhere making 90% profit from each CD sold, just because a group of those guys controls what gets sold to stores, what plays on the radio, and what is seen on MTV.
I can safely say that I've given up on the music industry and the only time I am exposed is when I'm in the car and the radio happens to be on. Good riddance Recording Industry Ass. of America. You can take your pop music and shove it up your ass.
So... just as you would have the owners of the honeypot be accountable for doing something to your computer, shouldn't they be able to hold you accountable for doing something to their computers? Seems to be a washout in the end... although for their single attack on your computer, you will have attacked at least one of theirs as well as those of many other people/organizations.
I think we're defining the line between vigilanteism and self-defense. Welchia is a kind of vigilante worm... the honeypot is more like self-defense.
There's a difference between Welchia and this concept though. Welchia *SEEKS OUT* infected hosts, which is why it was so damaging. The honeypot would only attempt to fix machines that are already infected, it wouldn't probe and spread like Welchia.
However, as another poster said, it's a lawsuit waiting to happen. Even if the project were technically successful, some schmoe out there would try to abuse it somehow.
But where is the line between a concept and a method?
Okay, using online interface "A" is a method.
But couldn't the use of the Internet to promote one's product be viewed as a method of selling a product?
And can't the concept of "selling products" actually be a method of generating income (as opposed to selling services, conducting fraudulent activities, etc..
How about running a business... isn't that a method for providing for yourself?
In my opinion and perhaps many others, these "methods" that Amazon wants to cover are merely concepts. Seriously... a category tree? That's an obvious concept if I ever saw one. What about wish lists? Those sound like gift registeries to me...
We have two vehicles... a Civic and an F150. We primarily use the Civic due to gas costs. However, I truly do not fit in that car. I have to lean the seat 45 degrees back just so my head isn't hitting the top. As a passenger, my left leg is always in the way of the driver when accessing the gear shifter or parking brake. As a driver, my right knee is pressed up against the ignition switch.
:)
Don't get me wrong... I love the fuel efficiency part. I just want a fuel efficient vehicle that's made for tall folks.
We'll be trading in the Civic soon as child seats are difficult to fit in the rear. Suggestions for a roomy, affordable, reliable, fuel efficient vehicle are welcome.
Slight misunderstanding of what I said. Disabling the Messenger service does indeed prevent people from exploiting the hole *in the messenger service*. I don't doubt this.
Microsoft bundled enourmous functionality into a few ports, and they leave these ports open by default. If a user doesn't patch or use a firewall then they are obviously open to exploitation. This is what I consider a serious hole...
Before we were told about the Messenger flaw, I don't think the Messenger service was considered a hole, I think it was the fact that spammers were able to send messages to computers remotely using the Messenger service that was INDICATIVE of a hole. Even if they disabled Messenger the problem still existed. It's NetBIOS that's the real problem. Of all the Windows worms that have come out in the past few years, all have relied on NetBIOS, IIS, or Outlook to propogate.
Most of the people running IIS got a clue and patched (granted some didn't).
Many running Outlook were aware that they could open viruses just by viewing message and many of them patched (granted some didn't).
However everyone running Windows probably has NetBIOS running and all but the Systems Administrators and nerds don't realize that it has numerous holes and can be exploited.
That's an example of a movie I probably won't let my kids see. At least Hollywood disguises its propaganda in the form of entertainment.
If you prevent your child from making any mistakes how will they know what is right and what is wrong?
Take a dog as an analogy. I could keep it outdoors its entire life, but does this mean it won't piss on the floor when I let it in?
I plan on letting my offspring experience games and movies that are targeted towards mature audiences once I believe they can understand that games and movies are typically not based on reality. I want them to know that movies take place on sets with actors and special effects and that games are created from millions of lines of source code. I want them to know that these productions are merely derivations from the minds of a person or small group, not a perfect representation of reality.
Of course, by that time I'm sure that my kid(s) will be making fun of me, saying "yes dad, I know that you waited for 3 minutes in a hot room in front of a 17" CRT waiting for Counter-Strike to launch using your hands to control your computer."
I truly believe that punishment is a deterrent for bad behavior. My father used a short 1-inch thick board to spank me when I was bad. The effect: I considered the effects of my actions before I acted. I hated the board, I often had mean-spirited thoughts about my dad, but I behaved. However I never did drugs, I didn't try alcohol until college, and I generally avoided bad situations.
Unfortunately, I don't know how I will teach my child (due in April) to behave. Sure, I can scold him/her and send them to a corner, but I know that the child will rationalize the risk with the action. The risk is not too great, thus the child will less scared of being caught. I can spank the child, and the child would be less likely to behave in certain ways, but then I'd have CPA all over me about child abuse.
I say let parents raise their children as they want and hold parents responsible for the actions of their children. Drop the PC crap...
I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.
However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.
I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.
My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.
I tackled this problem a year ago because I feared that addresses were being harvested off of our site. The webmaster address was on the front page and got the most traffic, but even those that were buried were affected (looking through the logs showed some artcompendium.com browser, likely a bot harvesting addresses... it hit every page).
I couldn't use images because we have rules regarding usability.
I decided to use forms and server-side scripting. You can do it with PHP or ASP and it doesn't reveal the address to the world, but it allows any browser that handles forms to send e-mail. I also captured the IP address and placed redundant checks in the code to ensure that mail would ONLY go to a single address within our organization. The last thing I wanted to do was open the door to spam abuse through our site.