> A big chunk of security work is thinking up unlikely things which could happen and closing those holes.
Yes but so is addressing the most likely instances first, and not wasting time on the 1 in 10^100 instances until everything else is sorted out. A lot of security concepts are based on "So unlikely that it can be ignored completely". Encryption is a good example of that, and most authorisation systems.
However, you're right that trusting a third party to do something right is never a good idea. But NAT as implemented by home DSL routers is still a hell of a lot better than nothing, and protects you against everyting except a deliberate act from within your ISP.
You trust your money to no more than that with a bank.
Using that logic, if ISP X was also very small, then there'd be no routers at all.
But each ISP will have their own network block, and you can't route packets from one network to another without a router involved.
Each ISP will have a router between them and the internet. The two router case pretty much _is_ the scenario you've described - with the PPP server using proxy ARP to map the dialed in users directly into their network.
No good - the ISPs will each have their own network block, so you still need a router at each end so the packets know which interface the pidgeon is attatched to.
Before you post another word on this topic, please demonstrate that you have the slightest idea what your talking about by defining the following words for us:
Next, explain to us how packets from computer A with ISP X on one side of the world, can possibly attack computer B with ISP Y on the other side of the world without going through at least two routers.
No, from what I understand of ezPublish, it has always (or nearly always) been an open source project, but it's developed and supported by a commercial company. They make their money by dual licensing it and selling a commercial licensed version (that is the same as the open source version, but gives you the right to keep any products developed on top of it closed). They also sell a WYSIWYG online editor and offer support. They're also only up to version 3.5 right now...
As for PHP, the problem isn't that it's too easy, the problem is that it encourages bad design, because it _is_ badly designed. It seems to be steadily improving, but until such time as they rip out the abomination that is the mysql_* functions in favour of a proper database abstraction layer, and separate the core language from the optional libraries it's got a long way to go. The PEAR stuff in theory should help with that, but only once it reaches the stage where compiling PHP only compiles the language interpreter and the core platform, and all the other stuff is installed via something like PEAR.
ezPublish is definitely worth checking out. The best feature is the fact that their documentation contains a tutorial that steps you through the process of implementing a real site.
A lot of the other CMSs out there that have shown promise have lacked signigicantly in the "Getting started doing the real stuff you're going to do with it" sort of documentation. Others lack any useful free documentation at all.
Also, I rather liked the way that Plone worked, but it was way, way too slow, suffered from not having a coherent administration interface (Some things can be admined from within Plone, others you have to use the Zope admin) and was very difficult to change the style. ezPublish follows the template based object oriented approach of Plone, but solves a lot of its problems. Its PHP though...but then again, most of them are, so you're probably going to have to live with that anyway....
You know, plagarism, whilst certainly immoral, is not actually a crime.
Some plagarism (and probably the sort that Roland is accused of) constitutes a copyright infringement, which _is_ a crime, but plagarism in itself is not.
Personally I think all you're overreacting a bit. OK, so the guy is scum - take a deep breath, avoid clicking on links that take you to his site, and move on to the next article - you'll live longer.
why would you get charged for _receiving_ text messages?
I can sort of understand the justification for being charged for incoming calls - no dedicated area code for mobile numbers like we have in Australia, so no way for a caller to know they're calling a mobile. But That argument doesn't work for text...
The important thing is that it produces standard static HTML, so allows you to easily maintain a site with a common look and feel, without having to use any server side language - therefore improving performance and portability.
hmmm....but that one won't fit in SD based devices that expect the length to be fixed.
My camera has the SD slot behind the battery door, so I'd have to leave that open while using one of those - wheras the SanDisk one is the same shape as a standard SD card until you want to use it in a USB port.
Slashdot Mirror
Oracle isn't really Javacentric - I don't see any reason to believe they're using EJB. Other than the fact that it _has_ chocked under load that is ;)
> A big chunk of security work is thinking up unlikely things which could happen and closing those holes.
Yes but so is addressing the most likely instances first, and not wasting time on the 1 in 10^100 instances until everything else is sorted out.
A lot of security concepts are based on "So unlikely that it can be ignored completely". Encryption is a good example of that, and most authorisation systems.
However, you're right that trusting a third party to do something right is never a good idea.
But NAT as implemented by home DSL routers is still a hell of a lot better than nothing, and protects you against everyting except a deliberate act from within your ISP.
You trust your money to no more than that with a bank.
I bow before your l33t n1nj4 networking sk1llz!
Perfectly happy!
;)
Although I liked the ninja answer someone else gave better
Using that logic, if ISP X was also very small, then there'd be no routers at all.
But each ISP will have their own network block, and you can't route packets from one network to another without a router involved.
Each ISP will have a router between them and the internet. The two router case pretty much _is_ the scenario you've described - with the PPP server using proxy ARP to map the dialed in users directly into their network.
No good - the ISPs will each have their own network block, so you still need a router at each end so the packets know which interface the pidgeon is attatched to.
Before you post another word on this topic, please demonstrate that you have the slightest idea what your talking about by defining the following words for us:
1. Hub
2. Switch
3. Router
4. Firewall
5. NAT
6. Proxy
7. Modem
Next, explain to us how packets from computer A with ISP X on one side of the world, can possibly attack computer B with ISP Y on the other side of the world without going through at least two routers.
You've only just found proof now, with that UID??
hmmm...data migration is not really a buzzword.
It means move data from one system to another or one format to another - migrating (moving from one place to another) the data - data migration.
it's nothing like leveraging best-of-breed scalable enterprise solutions.
Which I think translates to "uses big good stuff"
no, not it's not.
And even if it was, being open source doesn't make some magical open source porting fairy make the porting easy.
If there's a mismatch between the way things work, then it's not gong to be easy, no matter how much source access you have.
Look at the MX record for it.
if you've got nslookup then simple run
nslookup
> set query=mx
> consultant.com
And that will give you the name of the mail server(s) handling mail for that domain.
If you don't have nslookup (since it's deprecated), then there's a dig command that will do the same, but I don't know the syntax.
Also "whois consultant.com" is probably useful too...
No, from what I understand of ezPublish, it has always (or nearly always) been an open source project, but it's developed and supported by a commercial company.
They make their money by dual licensing it and selling a commercial licensed version (that is the same as the open source version, but gives you the right to keep any products developed on top of it closed). They also sell a WYSIWYG online editor and offer support.
They're also only up to version 3.5 right now...
As for PHP, the problem isn't that it's too easy, the problem is that it encourages bad design, because it _is_ badly designed. It seems to be steadily improving, but until such time as they rip out the abomination that is the mysql_* functions in favour of a proper database abstraction layer, and separate the core language from the optional libraries it's got a long way to go.
The PEAR stuff in theory should help with that, but only once it reaches the stage where compiling PHP only compiles the language interpreter and the core platform, and all the other stuff is installed via something like PEAR.
ezPublish is definitely worth checking out.
The best feature is the fact that their documentation contains a tutorial that steps you through the process of implementing a real site.
A lot of the other CMSs out there that have shown promise have lacked signigicantly in the "Getting started doing the real stuff you're going to do with it" sort of documentation. Others lack any useful free documentation at all.
Also, I rather liked the way that Plone worked, but it was way, way too slow, suffered from not having a coherent administration interface (Some things can be admined from within Plone, others you have to use the Zope admin) and was very difficult to change the style.
ezPublish follows the template based object oriented approach of Plone, but solves a lot of its problems.
Its PHP though...but then again, most of them are, so you're probably going to have to live with that anyway....
where do they call themselves that officially?
ahhh...that _explains_ it. .NET is becomming popular because it follows PHPs lessons on good design!
They still have to make the CDs and get them into distribution.
They don't offer it as a download (do they?)...
You know, plagarism, whilst certainly immoral, is not actually a crime.
Some plagarism (and probably the sort that Roland is accused of) constitutes a copyright infringement, which _is_ a crime, but plagarism in itself is not.
Personally I think all you're overreacting a bit.
OK, so the guy is scum - take a deep breath, avoid clicking on links that take you to his site, and move on to the next article - you'll live longer.
Kids also tend to sleep like logs......
I would guess you're on ADSL then, and it's not Bittorrent that's slowing you down - it's your connection.
When you saturate your upstream, it slows down the downstream as well.
Is it just me, or does that photo look disturbingly like an almost completed Death Star?
why would you get charged for _receiving_ text messages?
I can sort of understand the justification for being charged for incoming calls - no dedicated area code for mobile numbers like we have in Australia, so no way for a caller to know they're calling a mobile.
But That argument doesn't work for text...
harsh moderation.......
;)
I think a first posting AC that doesn't say some variation of "First Post" should be modded _up_, just on principal...
Or maybe your Offtopic was due to the lack of FP comment?
The important thing is that it produces standard static HTML, so allows you to easily maintain a site with a common look and feel, without having to use any server side language - therefore improving performance and portability.
hmmm....but that one won't fit in SD based devices that expect the length to be fixed.
My camera has the SD slot behind the battery door, so I'd have to leave that open while using one of those - wheras the SanDisk one is the same shape as a standard SD card until you want to use it in a USB port.
that's nice.
So next time I leave my camera cable behind, I'll just go out an buy a new laptop shall I?