If what's being said is true, this is a very bad move for @stake. The company used to be called L0pth Heavy Industries and was lead by Boston-based Mudge, now CEO of @stake. Mudge gave an interesting opinion in the preface of Hackproofing your network by Ryan Russel, saying that this world is driven by the people who, quote, are not afraid to rip things apart and see how they work from the inside. In summary, sharing of knowledge and open criticsm are key to the progression of society. Mudge gave an impression as if he believed in these values greatly.
Now, if a @stake employee whether on- or off-hours, writes a credible report on MS not representing those values, and gets fired for it, then the CEO in the building must have a different mindset. One of MS's: money money money, in a richman's world. And if so, @stake (and its services, including securityfocus.com) should not be considered so seriously anymore.
Anyone writing criticism upon 9/11 was fired; their words true or not. I thought the hacker mindset would be immune to that; sadly it's not. Shame.
All this under the presumption that the data in the article is correct.
-i
Sure, some developers won't grasp HTTP is a stateless protocol. Others remain ignorant of the fact it's trivial to spoof and continue to rely on the the refferer as means of session tracking. But that's not where the big problems are. They lie in misuse of HTML.
1. most people use it to "design pages", not represent data. H1, H2.. tags are miserably neglected (in favour of, say, FONT). Flash, on the other hand, is used where it shouldn't be.
2. small fonts (guess what: verdana is NOT cool), sans-serif for main text, low-contrast hard-to-read colors, and so on.
3. propriatery HTML (say IE 6.0+ only), fixed-resolution design
and many other bugs of the sort. Reading W3C's HTML 4.01 & CSS2 specifications and some usability guides (www.useit.com) should be more insightful than following up on HTTP headers. What works for me is knowing it's stateless, what this means, cookies and url rewriting, and SSL/TSL. The only time I used cleancut HTTP was when testing certain servers via telnet 80.
Verisign and networksolutions are an additional problem, but that's another story altogether.
For a webdesigner, the protocol details are of little use. There are more important things to study. -i
UNIX and lookalikes weren't designed for the would-be user. Still, most users just migrated from M$ will be happy with the out-of-the-box install of RedHat-latest and Apache. That is simply not the way to go. A UNIX takes a lot of time to configure and then administer, and if this isn't done, you might as well pronounce yourself a windows admin.
The key concept of UNIX are it's building blocks: you build it from the ground up, not the other way around. A good server install should use the linuxfromscratch OS, with as little installed as absolutely needed. Then you hardify, using your KNOWLEDGE of the system. That's what most users think comes with linux by default. Wrong.
With M$, you get to do what M$ thinks you will do. With linux, you get to do what you want to. The downside is you must know what you want and how to get there. -i
Slashdot Mirror
If what's being said is true, this is a very bad move for @stake. The company used to be called L0pth Heavy Industries and was lead by Boston-based Mudge, now CEO of @stake. Mudge gave an interesting opinion in the preface of Hackproofing your network by Ryan Russel, saying that this world is driven by the people who, quote, are not afraid to rip things apart and see how they work from the inside. In summary, sharing of knowledge and open criticsm are key to the progression of society. Mudge gave an impression as if he believed in these values greatly.
Now, if a @stake employee whether on- or off-hours, writes a credible report on MS not representing those values, and gets fired for it, then the CEO in the building must have a different mindset. One of MS's: money money money, in a richman's world. And if so, @stake (and its services, including securityfocus.com) should not be considered so seriously anymore.
Anyone writing criticism upon 9/11 was fired; their words true or not. I thought the hacker mindset would be immune to that; sadly it's not. Shame.
All this under the presumption that the data in the article is correct.
-i
Sure, some developers won't grasp HTTP is a stateless protocol. Others remain ignorant of the fact it's trivial to spoof and continue to rely on the the refferer as means of session tracking. But that's not where the big problems are. They lie in misuse of HTML.
.. tags are miserably neglected (in favour of, say, FONT). Flash, on the other hand, is used where it shouldn't be.
1. most people use it to "design pages", not represent data. H1, H2
2. small fonts (guess what: verdana is NOT cool), sans-serif for main text, low-contrast hard-to-read colors, and so on.
3. propriatery HTML (say IE 6.0+ only), fixed-resolution design
and many other bugs of the sort. Reading W3C's HTML 4.01 & CSS2 specifications and some usability guides (www.useit.com) should be more insightful than following up on HTTP headers. What works for me is knowing it's stateless, what this means, cookies and url rewriting, and SSL/TSL. The only time I used cleancut HTTP was when testing certain servers via telnet 80.
Verisign and networksolutions are an additional problem, but that's another story altogether.
For a webdesigner, the protocol details are of little use. There are more important things to study.
-i
UNIX and lookalikes weren't designed for the would-be user. Still, most users just migrated from M$ will be happy with the out-of-the-box install of RedHat-latest and Apache. That is simply not the way to go. A UNIX takes a lot of time to configure and then administer, and if this isn't done, you might as well pronounce yourself a windows admin.
The key concept of UNIX are it's building blocks: you build it from the ground up, not the other way around. A good server install should use the linuxfromscratch OS, with as little installed as absolutely needed. Then you hardify, using your KNOWLEDGE of the system. That's what most users think comes with linux by default. Wrong.
With M$, you get to do what M$ thinks you will do. With linux, you get to do what you want to. The downside is you must know what you want and how to get there.
-i