I know lots of people who have never had a problem with PayPal, everything runs smoothly. The people I've talked to that have had a problem all have had a complete nightmare with it. Every one of them.
Now it is possible, prehaps likely that people that have a problem that is resolved quickly are less likely to complain about it. This could be why I've never heard good things about their customer service but I don't think it's the case.
Banks have sets of rules and years of experience dealing with problem transactions. They aren't perfect (I have stories, that would make you ill) but because PayPal is a pretty new concept I think they still have a lot of kinks to work out.
item: the version of wu-ftpd that rh released was a pre-release from cvs. they changed the version number. this bug was fixed in cvs months ago.
RedHat did in fact pull a pre-release copy of wu-ftpd and mark it 2.6.1-16 but 2.6.1-0 was vulnerable as well. (RedHat does this, its' why I don't run RedHat) And this was in fact fixed in CVS on June 4th as part of a IPV6 update done by Ian Willis of Sun.
However, there was never a patch posted to apply_to_current on wu-ftp's server. As far as the wu guys knew, this wasn't an exploitable bug.
There was obviously a breakdown in the process here, this shouldn't have been released until the wu-ftp team was aware. Looks like it wasn't really anyone's fault, more of a "shit happens" type of thing.
I hope by saying "this bug was fixed in cvs months ago" you aren't trying to say that the wu-ftpd team had already taken care of it, are you? You wouldn't really want to build a production server by pulling the latest source from cvs. I'm not sure if that's what you meant or not.
... the only reason I can think of for Disney not utilizing it is the fear of someone breaking the system. To me, that says the security is sub-par.
I'd have to disagree with that. Running some sort of public access network on the same wireless segment you are doing credit card authorizations on would be silly.
A common scenario in American football is a 180-pound receiver, standing completely still while catching a mid-field pass, being slammed into by a 250-pound linebacker running top speed. This generally does not happen in rugby.
Actually this happens all the time in rugby and as a 250 pound linebacker / prop forward it is one of my personal favorites.:-) One contact does not prove your point. I got knocked out cold by a scrum half once, it can happen to anyone.
This is why rugby player are tougher: You play the WHOLE game, no huddle, no stopping. The only way to understand this is to think of a football player that plays offence, defense and special teams and also runs around in a circle while everyone else is in the huddle
You don't understand tough until you've been running around a field (twice the size of an American fottbal field) for an hour, get your face stepped on 4 times in rucks, scrummed against a pack that outweighs your side by four hundred pounds and had an entire line out come down on your back.
A man that can do that and then drag his bruised, bleeding body into the club and drink until four in the morning with a grin on his face is a HARD man.
The only keygen I ever saw for Quake 3 wasn't a generator, it was a VB app that had a list of keys that were valid. If you kept hitting 'generate' you'd notice that the keys would be the same and in the same order. Eventually I'm sure they all got added to the banned list.
Nobody every managed to make a key generator for half-life that would work online either.
I've been thinking about doing the same thing with a Playstation 2. Can anybody compare the quality of a PS2 with a certain DVD player? I understand the first model had some issues. Does the remote control option work well?
And before anybody tells me to rent one and try it, I did already. Only problem was, somebody that rented the machine before me setup the parental controls with a password. It would only play G rated movies and I don't own any.
i know a lot of "IT geeks" that are complete party animals. most of my friends, actually:) their after-work activities consist mostly of either getting completely stoned and playing PS2 or going to raves/clubs/parties, etc.
I have a lot of friends who are like that, I also have a lot of friends who have wives and offspring and that stuff. Its' actually really strange sometimes, like I have a "secret life" where I go to family BBQs and look at endless stacks of pitures of the children. Sometimes afterwards I'll go meet my other friends at a club or something and everything changes in the space of a 15 munite cab ride. Really wierd sometimes.
You'll probably find youself in this situation at some point, unless you are one of the ones that retires to the suburbs first. Get ready for it, it sucks. Oh and BTW, its' comming sooner than you think, I'm 25.
Seriously this isn't the first time a tech company has done this. Apple carved out part of their market by first donating Apple computers to schools and then offering schools and teachers pretty substantial discounts there after. If all the kids are familiar with Apple hardware they will become loyal consumers in the future. Don't laugh, I still get fond memories of hacking away on the Macs (Plus and SEs) at school when I consider getting an iBook.
I imagine MS is looking to do the same thing here. It will be a good thing for MS, a good thing for the schools, what the hell right? Wrong. I am really disapointed that they would try and do this a means to reach settlement, makes the whole thing rather hollow. If they had done this just because they felt like it I'd probably support them in it, now they just look slimy.
I know exactly how you feel. I can remember using Napster for quite a while and being absolutely content. Eventually you'd start to see people talking about it in Starbucks, my non techie friends were asking me about it, it was on CNN.
The first thought that popped into my head was, "These guys are going to get sued into oblivion".
You really don't want to put IIS on you Terminal Server. If you're using TS in admin mode you don't need to use TSAC (the web plugin). I find I do just as well with the RDP client application. It works smoother and the win32 version will fit on one floppy if you want to carry it around.
The Terminal Services Advanced Client (TSAC) requires IIS.
Well yeah, seeing as though TSAC is the web plugin for TS. But jsut why the hell yould you use Datacenter server for an app server?
Even if you did, does the IIS server have to be the same machine as the app server. I don't think it does but I can't recall. I know that with Citrix NFuse it DOESN'T and probably SHOULDN'T.
This whole discussion is pretty academic isn't it? Nobody is going to use Datacenter server for IIS or Terminal Services. That is not what it's for, you use Datacenter server for big databases or transaction processing, in which case there is no reason it should be accessable from an untrusted network.
Keep in mind, untrusted includes your users as well as your DMZ. Never trust your own network!
I can't belive they left out Avocent. The company is a recent merger between Cybex and Apex and their products are great.
I've been using Cybex stuff for a couple years now, I have one at home, one at work and 2 in my sever room. They work flawlessly and the 2 port Switchview with cables is $169.
About the Blekins, the reviewers didn't have any trouble with them and I see positive comments as here as well but IMO, they suck really bad. I had one at home that was junk. The last company I worked for had one for every developer and ended up replacing all of them, they were just terrible.
I have no problem with security experts blackmailing MS by saying "release a patch within a few days or I release the code!" But the current assumption that the problem is fixed as soon as a patch is released does far more harm than good. Yes, they are fully within their rights to release the code, but does it do any good besides making them feel righteous?
If you have a half assed decent network admin most of the time you don't even need the patch. If I see an exploit that trys to run cmd.exe for example I'll just filter it at the router. It will never even reach the web server. I'm not saying I wouldn't apply the patch ASAP but vendor patches are NOT the only way to protect yourself from many of these exploits. Now if I didn't have a sample exploit how am I supposed to protect myself?
For the closed-source world, I believe that it is better that if you discover an exploit, to send full details to the vendor ASAP, and to release a general statement of a potental vunerability in the software to the general public, but with just info for the end-user to determine severity and criticalness of the bug.
Speaking as an IIS admin, I get really pissed when I can't find sample code for an exploit. I need to be able to test my systems against a newly published exploit. If I don't have a way to do this all I can do is apply the hotfix and hope it works. What if I want to set up some stateful inspection on my firewall just in case, how do I test that? Without sample code I have no way to really know if I am vulnerable or not. IMHO not testing these things would be a pretty irresposible aproach to managing a datacenter.
No wait, hear me out. I want a national barcode ID system. Simple enough to do, just like the one one Dark Angel.
He's the catch, I want it tattooed right in the crack of my ass. I belive that this would be great. Think about it:
Authority Abusing Cop: "I need to see your ID tatoo son"
Me: Gulps down last spoon of Super Ass Ripper Chilli, "Alright, but you're going to have to get nice and close, there's not much light in here officer"
Not True. The most extreme counterexamples come from WW2, when US high command decided to start fire bombing residential neighborhoods in Tokyo and other Japanese cities. In this regard, the use of nuclear weapons was only a change in scale, not in policy. Other examples come from Germany WW2, Vietnam and Korea.
Actually in terms of casulties the firebombing of Tokyo was much more damaging than either of the nuclear weapons dropped on Japan. There was about 650,000 people killed in Tokyo, each nuclear drop killed about 300,000.
I don't think I've ever been involved in a coding project where I haven't been part of a team. I think it would be really helpful for CS programs to do more team based assignments but it probably goes a little deeper than that.
The more experience you can gain working as part of a team the better. Try spending time in fun projects sponored by you're local LUG, or the chess club or whatever. The other thing that will help a lot with this is sports, I played all kinds of team sports (hockey, football, rugby) when I was a kid and I think the experience really helped me with my proffessional development. The time I spent coaching a bantam (14 and 15 year olds) football team in high school was especially helpful when I became a team leader a few years ago.
In short, it wouldn't hurt to push for more team based assignments but just about any experience you can get working or playing with others can be helpful.
The second (bigger, dependable, easily forecasted) chunk of our revenue comes from yearly renewable support contracts, which happen to include access to the latest version of our software. This is fairly common practice.
Yeah this is a pretty common practice but I don't think it applies to Microsoft. To use your example, Veritas, IMO there is a pretty compelling value between Backup Exec v7 and v8. v8 is a much nicer product.
Let's compare that to Office, I have my company running Office 2000 right now, I see absolutely no reason to go to XP, I frankly don't remember the reason we upgraded from 97.
MS has realized that they're upgrade track is way too fast and they're scared. I don't know ANYONE who is excited about the release of Windows XP or Office XP.
Dear Terrorist,
We at Macrosloth are proud to offer you our new Encrption Suite for all of your communication needs. The Macrosloth Encrption Suite is the easiest to use network aware tool set available. The Terrorist Edition is specially designed with your requirements in mind and includes advanced features such as Per Cell Key Management (tm).
Please contact your Macrosloth reseller for more information or to arrange a demo.
*Remember, all Macrosloth Encrytion tools are NSA approved!*
So could somebody please explain to me why someone planning a terrorist action would use a tool they know has a backdoor in it? You can say a lot of nasty things about these people and be right but nobody is calling them stupid.
Right. That's partly the reason why we Canadians pay a CD levy tax.
Speaking as a Canadian I love the CD levy. Here's the thing, if money that I pay at purchase time goes to the recording industry then I have the right to use the media to copy music. The legislation is very clear, if I borrow a CD from you and make a copy of it on my "tax paid" CDR I am breaking no law.
The only thing that is illegal in Canada is distributing copies. I can't make a copy and give it to you without breaking the law.
I've been sitting on one since the beginning of June and to be perfectly honest you have to spend a pretty large amount of time learning how to use it. I spent a lot of time fiddling around, reading the documentation and trying different configs until I found the one that worked best for me. Sound like a familiar concept?
This is the best chair I have ever sat on. My Office Depot $150 special at home that I used to love, I can barely stand.
F*cked company sells a mousepad that sums up my opinion quite handily.
Slashdot Mirror
I know lots of people who have never had a problem with PayPal, everything runs smoothly. The people I've talked to that have had a problem all have had a complete nightmare with it. Every one of them.
Now it is possible, prehaps likely that people that have a problem that is resolved quickly are less likely to complain about it. This could be why I've never heard good things about their customer service but I don't think it's the case. Banks have sets of rules and years of experience dealing with problem transactions. They aren't perfect (I have stories, that would make you ill) but because PayPal is a pretty new concept I think they still have a lot of kinks to work out.
You know, I'm not sure why that's so much funnier than the usual "Anyone hiring web developers?" jokes we get around here but it's friggin hilarious.
BTW, playing for the EFF on Weakest Link was a pretty cool idea. I never thought I'd hear the EFF mentioned on prime time TV.
RedHat did in fact pull a pre-release copy of wu-ftpd and mark it 2.6.1-16 but 2.6.1-0 was vulnerable as well. (RedHat does this, its' why I don't run RedHat) And this was in fact fixed in CVS on June 4th as part of a IPV6 update done by Ian Willis of Sun.
However, there was never a patch posted to apply_to_current on wu-ftp's server. As far as the wu guys knew, this wasn't an exploitable bug.
There was obviously a breakdown in the process here, this shouldn't have been released until the wu-ftp team was aware. Looks like it wasn't really anyone's fault, more of a "shit happens" type of thing.
I hope by saying "this bug was fixed in cvs months ago" you aren't trying to say that the wu-ftpd team had already taken care of it, are you? You wouldn't really want to build a production server by pulling the latest source from cvs. I'm not sure if that's what you meant or not.
I'd have to disagree with that. Running some sort of public access network on the same wireless segment you are doing credit card authorizations on would be silly.
Actually this happens all the time in rugby and as a 250 pound linebacker / prop forward it is one of my personal favorites. :-) One contact does not prove your point. I got knocked out cold by a scrum half once, it can happen to anyone.
This is why rugby player are tougher: You play the WHOLE game, no huddle, no stopping. The only way to understand this is to think of a football player that plays offence, defense and special teams and also runs around in a circle while everyone else is in the huddle
You don't understand tough until you've been running around a field (twice the size of an American fottbal field) for an hour, get your face stepped on 4 times in rucks, scrummed against a pack that outweighs your side by four hundred pounds and had an entire line out come down on your back.
A man that can do that and then drag his bruised, bleeding body into the club and drink until four in the morning with a grin on his face is a HARD man.
The only keygen I ever saw for Quake 3 wasn't a generator, it was a VB app that had a list of keys that were valid. If you kept hitting 'generate' you'd notice that the keys would be the same and in the same order. Eventually I'm sure they all got added to the banned list.
Nobody every managed to make a key generator for half-life that would work online either.
And before anybody tells me to rent one and try it, I did already. Only problem was, somebody that rented the machine before me setup the parental controls with a password. It would only play G rated movies and I don't own any.
I have a lot of friends who are like that, I also have a lot of friends who have wives and offspring and that stuff. Its' actually really strange sometimes, like I have a "secret life" where I go to family BBQs and look at endless stacks of pitures of the children. Sometimes afterwards I'll go meet my other friends at a club or something and everything changes in the space of a 15 munite cab ride. Really wierd sometimes.
You'll probably find youself in this situation at some point, unless you are one of the ones that retires to the suburbs first. Get ready for it, it sucks. Oh and BTW, its' comming sooner than you think, I'm 25.
I imagine MS is looking to do the same thing here. It will be a good thing for MS, a good thing for the schools, what the hell right? Wrong. I am really disapointed that they would try and do this a means to reach settlement, makes the whole thing rather hollow. If they had done this just because they felt like it I'd probably support them in it, now they just look slimy.
Errr, more slimy.
I know exactly how you feel. I can remember using Napster for quite a while and being absolutely content. Eventually you'd start to see people talking about it in Starbucks, my non techie friends were asking me about it, it was on CNN.
The first thought that popped into my head was, "These guys are going to get sued into oblivion".
You really don't want to put IIS on you Terminal Server. If you're using TS in admin mode you don't need to use TSAC (the web plugin). I find I do just as well with the RDP client application. It works smoother and the win32 version will fit on one floppy if you want to carry it around.
Well yeah, seeing as though TSAC is the web plugin for TS. But jsut why the hell yould you use Datacenter server for an app server?
Even if you did, does the IIS server have to be the same machine as the app server. I don't think it does but I can't recall. I know that with Citrix NFuse it DOESN'T and probably SHOULDN'T.
This whole discussion is pretty academic isn't it? Nobody is going to use Datacenter server for IIS or Terminal Services. That is not what it's for, you use Datacenter server for big databases or transaction processing, in which case there is no reason it should be accessable from an untrusted network.
Keep in mind, untrusted includes your users as well as your DMZ. Never trust your own network!
I've been using Cybex stuff for a couple years now, I have one at home, one at work and 2 in my sever room. They work flawlessly and the 2 port Switchview with cables is $169.
About the Blekins, the reviewers didn't have any trouble with them and I see positive comments as here as well but IMO, they suck really bad. I had one at home that was junk. The last company I worked for had one for every developer and ended up replacing all of them, they were just terrible.
If you have a half assed decent network admin most of the time you don't even need the patch. If I see an exploit that trys to run cmd.exe for example I'll just filter it at the router. It will never even reach the web server. I'm not saying I wouldn't apply the patch ASAP but vendor patches are NOT the only way to protect yourself from many of these exploits. Now if I didn't have a sample exploit how am I supposed to protect myself?
Speaking as an IIS admin, I get really pissed when I can't find sample code for an exploit. I need to be able to test my systems against a newly published exploit. If I don't have a way to do this all I can do is apply the hotfix and hope it works. What if I want to set up some stateful inspection on my firewall just in case, how do I test that? Without sample code I have no way to really know if I am vulnerable or not. IMHO not testing these things would be a pretty irresposible aproach to managing a datacenter.
He's the catch, I want it tattooed right in the crack of my ass. I belive that this would be great. Think about it:
Authority Abusing Cop: "I need to see your ID tatoo son"
Me: Gulps down last spoon of Super Ass Ripper Chilli, "Alright, but you're going to have to get nice and close, there's not much light in here officer"
Best idea I've had all week.
It compiles Java completely and correctly.
It compiles to a native .NET executable that gives a significant speed advantage over VM bytecode on a .NET platform.
I have to make exactly zero changes to my Java to have it compile to both VM bytecodes and to a .NET executable.
So basically what you're saying is that there's no way in hell you're going to use J#?
I agree with the points you made 100% but I don't think its' going to happen.
Not True. The most extreme counterexamples come from WW2, when US high command decided to start fire bombing residential neighborhoods in Tokyo and other Japanese cities. In this regard, the use of nuclear weapons was only a change in scale, not in policy. Other examples come from Germany WW2, Vietnam and Korea.
Actually in terms of casulties the firebombing of Tokyo was much more damaging than either of the nuclear weapons dropped on Japan. There was about 650,000 people killed in Tokyo, each nuclear drop killed about 300,000.
I don't think I've ever been involved in a coding project where I haven't been part of a team. I think it would be really helpful for CS programs to do more team based assignments but it probably goes a little deeper than that.
The more experience you can gain working as part of a team the better. Try spending time in fun projects sponored by you're local LUG, or the chess club or whatever. The other thing that will help a lot with this is sports, I played all kinds of team sports (hockey, football, rugby) when I was a kid and I think the experience really helped me with my proffessional development. The time I spent coaching a bantam (14 and 15 year olds) football team in high school was especially helpful when I became a team leader a few years ago.
In short, it wouldn't hurt to push for more team based assignments but just about any experience you can get working or playing with others can be helpful.
The second (bigger, dependable, easily forecasted) chunk of our revenue comes from yearly renewable support contracts, which happen to include access to the latest version of our software. This is fairly common practice.
Yeah this is a pretty common practice but I don't think it applies to Microsoft. To use your example, Veritas, IMO there is a pretty compelling value between Backup Exec v7 and v8. v8 is a much nicer product.
Let's compare that to Office, I have my company running Office 2000 right now, I see absolutely no reason to go to XP, I frankly don't remember the reason we upgraded from 97.
MS has realized that they're upgrade track is way too fast and they're scared. I don't know ANYONE who is excited about the release of Windows XP or Office XP.
Don't get a Jensen. I bought one about a year ago and returned it the same day, it was a complete peice of junk.
It looks cheap, feels cheap and only has marginal support for each device (runs some functions but not all). Of course it was cheap, $40 CDN I think.
Dear Terrorist,
We at Macrosloth are proud to offer you our new Encrption Suite for all of your communication needs. The Macrosloth Encrption Suite is the easiest to use network aware tool set available. The Terrorist Edition is specially designed with your requirements in mind and includes advanced features such as Per Cell Key Management (tm).
Please contact your Macrosloth reseller for more information or to arrange a demo.
*Remember, all Macrosloth Encrytion tools are NSA approved!*
So could somebody please explain to me why someone planning a terrorist action would use a tool they know has a backdoor in it? You can say a lot of nasty things about these people and be right but nobody is calling them stupid.
Here is a link to the Department of Candaian Heritage's website that explains, briefly, the situation
Right. That's partly the reason why we Canadians pay a CD levy tax.
Speaking as a Canadian I love the CD levy. Here's the thing, if money that I pay at purchase time goes to the recording industry then I have the right to use the media to copy music. The legislation is very clear, if I borrow a CD from you and make a copy of it on my "tax paid" CDR I am breaking no law.
The only thing that is illegal in Canada is distributing copies. I can't make a copy and give it to you without breaking the law.
This is the best chair I have ever sat on. My Office Depot $150 special at home that I used to love, I can barely stand.
F*cked company sells a mousepad that sums up my opinion quite handily.