That is quite understandable considering those "sentences." I don't feel right calling them that since its pretty obvious I didn't look it over. I was merely saying that there is inherently a bit of version control because if you realize ten or so revisions down the line that your proc isn't doing something properly you can role back the proc specifically and be where you left off. Its a form of control versus management.
Basically I was just trying to say a whole lot at once because the parent so blatently did not understand anything about modern database development.
I suppose I could have just said he was wrong and been better off numbering everything. Oh well, tis what I get posting on slashdot right after a long day of fixing sql server cluster while trying to make Panda not suck so bad.
Select,Insert,Update,Delete,Create,Drop are most definitely not the limit of what you are given.
First, you can create datatypes, or tables, or views, or users, or groups, or databases, or procs, or extended procs... the list really goes on. Second, you can have inheritence as that is the very definition of a relational database. If I make a change to a table with a relationship to another than that other table will be adjusted accordingly without any further developer interaction.
As for polymorphism I tend to wonder if you fully understand procs and how you can create params which can adjust themselves depending on who called them, what action they perform, or any number of user defined criteria.
As for version control, in both Oracle and MS SQL you can rollback your procs. By default you could rollback past its creation with Oracle. MS SQL needs to be configured to do this but it is quite capable of the same function.
Back to debugging, yes it does relate to transactions, by default everything you do in Oracle is a transaction. MS SQL can be configured to behave the same way. That means even if you throw untested code out there you can roll it back negating any damage. In addition to this you can do two things with query analyzer. First you can look at the execution plan by running a simulation. It will show you what calculations it will perform and how many cpu cycles it will take. Second, you can run the proc against your test database because no one develops directly on a live mission critical database;)
Just about the only areas I agree with you are with algorithm based execution. In many situations it is both faster and easier to develop it in the a different language.
As for business logic, most applications place a good chunk of their logic in the application itself. Even larger applications will have several middle tiers, a basic chaining of databases to minimize the load on the master.
You're right though, use the right tool for the job. Stored procs aren't for everyone, but it sure makes a much easier way to develop applications. You are essentially building a database api when you build them and I rarely ever hear anyone saying APIs are a bad idea.
First off, what do you think a table is? It is by definition an object, a view is another object. Temp tables and datasets are also objects. Now you're approaching the limits of TSQL but in the Oracle world you have PL/SQL in which case you have a full object oriented language to play with. If you feel you need to use TSQL then you have the option of creating an extended proc where you again have a full object oriented language you can use.
In both the Microsoft and Oracle world's you can see exactly what a stored procedure will do to your data.
I'm actually unsure what the hell you mean by version control. Changing one SP inherently does not change another SP. In order to create the SP you the server does a check against data constraints on all tables/views involved. Again, this is the same for both Oracle and MS SQL.
Debugging, now I'm starting to think you are on crack. In both Oracle and MS SQL you can rollback any transactions you just performed assuming two things, first the syntax had to be correct before you could even create the proc let alone execute it. Now you can watch exactly what parts of the database are effected in as much or as little detail as you like.
Since most commercial databases charge per CPU you would be wise to use optimized code which by definition would be a stored procedure which is precompiled and just awaiting execution. This is far fewer steps than doing a JIT compile.
That's why its great that NTFS is journaled;)
If someone overwrites a file I can recover it back about ten rewrites without much hassle.
You are right though, sometimes you want to old on to old documents, except that most of our data is in a database so its usually just consignment forms from past years. Mostly I doubt they even need to keep it.
I find tape can be great if you don't want to have ready access to it. My problems is that my boss wants all data readily available, so we bought two 1.36 terabyte drive arrays from StorCase They have a great drive array that is fibre sata. You fill it with standard SATA drives and connect it to your fiber channel loop or fabric. In the end I chose to cluster two servers to the same box so I have redundent access to the data. We have an identical setup on our backup side which contains a live mirror of the first array. The only problem is site danger. If an earthquake or some act of god destroyed this place the data would be wiped. Which is why we have a tape backup. Back everything up to tape and store it in a nice safe somewhere else.
They were a great price, about $3200, if we maxed it out it could have run 4k but its still a great deal especially when you consider you could strong 160 of them together pretty cheaply.
Personally, I've never met a game that required Administrative privs. A good chunk require elevated permissions to install but it is by no means a requirement.
Of course, a good chunk of those games also require you to open multiple ports on the firewall so lets face it, you can't game on a computer that needs to be secured. Why not think ahead of situation like this? Spose not everyone has multiple computers
Just seems a shame this copy protection stuff forces the user of administrative privs. I can't think of any other reason they wouldn't store all the settings in an xml config file. It can be done, I don't suspect things will change anytime soon though. Everyone assumes right now if it doesn't work right away then you need higher permissions rather than oh, granting permission to the one folder.
I expect nothing of the such in Windows, I just copied over 700 gigs of data from raid array to raid array without any problems. 25,000 files? Try 25million and no lock ups. Again, using column view in windows, lord only knows how a machine would handle trying to thumbnail that many files.
You are however correct that the slowness is in explorer, that is why I use robocopy, I copy 16 gigs/min all on two windows boxes. Course I'm clustered on both sides and have a strong network backbone. I've seen both platforms and probably a hundred file systems all fall on their asses when you try to use the wrong tools.
It would be nice if NTFS died off but it does work. Reiser4 does sound mighty promising so it looks like the next additional to my SAN will probably be a another Gentoo box. Time will tell, things like this have a habit of getting ahead of themselves.
Might revitalize a hardware repair industry. Right now you don't fix that broken computer, you replace parts. I suspect people would want to hold on to their pre-ban equipment as long as possible since new technology wouldn't have the abilities of the old technology.
I don't think any of this will make it to law though.
Case in point, Ben and Jerry's before they were bought out.
They used research they funded to produce environmentally sound cartons and they backed countless charities. Might add they were vary profitable as well.
Re:I do wish
on
IPv6 is Here
·
· Score: 2, Insightful
I don't think you understand what is gained by using the gateway. First off, only IPv6 traffic goes to the gateway, all the IPv4 data is sent as it currently is. Second, you gain access to an entire network of very useful resources which you obviously didn't know existed. Last but not least, FreeNet is hosted out of the U.S. and throughout Europe; it represents the combined effort of many organizations over the last 10 years.
You're el cheapo firewall is irrelevent since the IPv6 traffic is encapsulated in your IPv4 traffic. So as long as you don't do content filtering it works fine, although I'm not sure it even supports content filtering so odds are it works fine.
Totally no idea how that was modded as insightful.
That is what the client is for, you can either put the client on your end machine or put it on a router that supports IPv6 and IPv4. Otherwise you're stuck with just using the client on your computer which isn't that bad, you still get access to all the services that run on IPv6 only currently.
Re:I do wish
on
IPv6 is Here
·
· Score: 4, Informative
You can have a whole octet to yourself right now. That's a lot of IP addresses and you're ISP doesn't have to support IPv6, it can be encapsulated in IPv4. There are plenty of gateways out there that will translate the request for you so that only your router will need both IPv4 and IPv6.
Might think about the inherent bias every study I've ever read about seems to apply to pornography.
Of course over the years the definition of pornography has really begun to change. Pornography used to be have violence as part of its definition. If you follow that that is still part of the definition then you will probably come to the conclusion that it leads to other activities.
In addition to this, almost every study I've read had its results taken from inmates. Hardly an adequate sampling of violent and non-violent people to make any form of accurate asssessment. Or perhaps the people that do the study have no idea just how many people the porn industry "touches"
I'm seeing these types of results everywhere. Liberals and conservatives alike seem to try to make their point by obscuring evidence or in some cases, outright laws. A lot of the time there is this assumption that everyone agrees with a person who has a strong cultural influence in one direction.
This relates directly to the video game violence deal, there is no direct evidence that the video game is what caused the kid to be violent. In every circumstance I've seen there are plenty of other contributing factors and in reality video games probably slowed the time it took for them to act out.
I recognize I could be wrong and welcome evidence either for or against what I believe to be true both about porn and violent video games. I don't believe they cause problems that people wouldn't have otherwise.
MS already has released new code for older clients. When you switch Windows into native mode you do effectively shut off LanManager.
In the past the hash was still stored, that was because you only disabled the service rather than the component which has a few services associated with it. You can also shut off LM hashing in the local security policy or domain security policy.
As far as updates, I'm not sure of your point, considering the linux platform also has daily updates.
Might also be worth mentioning that 98 and below are no longer supported by MS hense the willingness to cut them out of accessing Windows 2003 boxes which was previously unheard of.
Of course, if they'd have stopped with the whole AD thing and licensed NDS from Novell none of this would be an issue. Even NDS has its issues but they can be dealt with far more easily.
Perhaps you misunderstood or chose to ignore the entire point of the post. The simple solution is inherently the lazy one because you are breaking functionality to achieve security.
Heuristic scanning can do a lot more than you give credit it for. The virus does not have to be known in order for a system to be protected. Also, proper permissions will prevent most viruses from performing most any functions. Obviously the system is not impervious to attack. You seem to discount the fact that in many situations it is logistically impossible to whitelist everything that users will need access to. Start with a base policy, enforce it at the server level to prevent the more stupid mistakes, the rest can be handled through minimal training of users.
Second, spyware and adware more often than not occur in the web browser. I already acknowledge IE is broken but it is the extended functions which cause the security problems. ActiveX, javascript and vb script controls and the likes are where the problems lay.
I tend to think that you need some html rendering engine built into the GUI, but you can completely disable IE, delete the shdoc.dll along with iexplore.exe and Windows will quite happily continue its existence in a less feature rich environment. You won't be able to thumbnail or create filmstrips on the fly but it will work.
I could definitely be wrong but it sounds like you are in a much smaller computing environment. When you start dealing with thousands of clients or more you have to start making policy because it is an administrative nightmare to create whitelists, Policy is key.
You call Outlook a mail application, it is not. It has features for mail but first and foremost it is a collaborative tool.
You are right, if you are not using any of the collaborative features then you should indeed ban Outlook because it is a bloated mail client. If you actually use all its features then the bloat is actually pretty minimal considering the functionality.
Second, outright banning html content is being lazy. It's like closing port 80 because you don't want exposure. If it is a required service then you take the time to secure it rather than just banning it. Fortunately for you your situation doesn't not require those services and so you are using due diligence as providing unnecessary services is well, unnecessary.
Server side virus scanning evaluates all incoming email so this malicious code being run from an untrusted source is quite irrelevent, the code never makes it to the client whether they use Outlook or not. Of course, all email is deemed trusted because the code was evaluated and determined to not be either malicious or against company policy. I can control what types of attachments they are allow to open, or even if they can open any. I can do this for individual or groups of users.
We are obviously in very different computing evironments that's for sure. Of course, there is a simple solution for all the html crap that goes on. Make the mail server, whatever it is, convert everything to plaintext. Its easy in Exchange, its relatively easy in Sendmail and Postfix, you can even do it with smaller apps like iMail or Merak.
You don't need to Deny access to execute, it won't execute unless you specifically enable it.
There's nothing wrong with listing the contents of a directory if they don't have access to the contents. Besides that you can even disable their ability to see files they don't have access to. The only trick is for users that don't use Windows.
I agree the NTFS model isn't perfect but I think it definitely gets the job done most of the time. Although it is still no where's near as close to the level of granularity Novell with Netware achieved more than a decade ago.
Also, if you remove the ability to execute on a root folder then all files and folders beneath it would have the same permission since by default inheritence is turned on. I most always break inheritence initially so that I can setup proper access rights but once I establish file structure I use inheritence everywhere that is reasonable. There are a few places such as ntds and sysvol folders where its not a good idea.
In other words you weren't using Outlook as Outlook nor Exchange as Exchange. You were using a simple mail client and mail server.
This seems to be something a lot of people forget. The fact that I can check my voicemail from Outlook, the fact that my boss can schedule a meeting and if I'm not at my desk; I will be paged to inform me the meeting will begin in 15 minutes.
The problem isn't Outlook or Exchange, its being lazy in your initial configuration of both. Guess what, by default Outlook 2003 doesn't even load embedded images in an email. It provides a link so the user knows where to go if they need to see the image. You've been able to configure Outlook to do this since 1997.
Attack IE all you like, I've disabled access to IE on most machines here in my network and installed Firefox 0.9.1
Tis nice not having to deal with all the spyware. The only problem is that there are occasions that I need ActiveX which is why IE isn't universally disabled here.
Erm, you are mistaken, read and execute is a permission yes, but you can also just allow read. You may allow just allow write, or just allow change. Don't for a second think that chmod is anywhere's near as powerful as a full ACL like NTFS or even better, every netware volume in the last 15 years.
Novell knows ACLs!
So in short, you can chmod -x the IE Temporary directory, especially if you use Microsoft Services for Unix. Otherwise you have to do the equivalent of turning off execute permissions which is all point and click, so surely everyone can do it. Although if you'd like you can do it from the cli as well.
The difficulty of Windows is that most features are hidden, some well documented, some poorly documented, and some that just plain don't work. Fortunately for security purposes this is one feature that does work.
Not to mention the fact that you could do it for other people as well.
I think a lot of people don't realize how much control you can take over Windows using WSH. Maybe most people don't know it exists?
At any rate, I think the original post there was just plain wrong. I'm coming at it from a point of Office 2003 though. I don't think I ever used XP. In 2003 I spent about ten minutes making a custom install script which put all the features how I want them for the entire company and that was that. Its only used for existing machines, new machines are just imaged. I hate reinstalling stuff.
You sir do not know html. It does indeed have variables which you use when dealing with forms.
That said html can be learned in a few hours so yes it does indeed help programming because you have to plan out what you want especially when dealing with complex tables.
The ability to manipulate text to produce an image in your head is a very key concept when programming.
Also, very few people ever learn html without learning css and javascript in which case you would be woefully incorrect because javascript supports a great deal and contains most basic programming concepts. Its still not C but its a hell of a lot closer and produces real results a hell of a lot faster. Plus when you learn javascript you learn a bit about C syntax so jumping over is quite simple.
Slashdot Mirror
Basically I was just trying to say a whole lot at once because the parent so blatently did not understand anything about modern database development.
I suppose I could have just said he was wrong and been better off numbering everything. Oh well, tis what I get posting on slashdot right after a long day of fixing sql server cluster while trying to make Panda not suck so bad.I have seen many version control systems that do a fine job of it.
First, you can create datatypes, or tables, or views, or users, or groups, or databases, or procs, or extended procs... the list really goes on. Second, you can have inheritence as that is the very definition of a relational database. If I make a change to a table with a relationship to another than that other table will be adjusted accordingly without any further developer interaction.
As for polymorphism I tend to wonder if you fully understand procs and how you can create params which can adjust themselves depending on who called them, what action they perform, or any number of user defined criteria.
As for version control, in both Oracle and MS SQL you can rollback your procs. By default you could rollback past its creation with Oracle. MS SQL needs to be configured to do this but it is quite capable of the same function.Back to debugging, yes it does relate to transactions, by default everything you do in Oracle is a transaction. MS SQL can be configured to behave the same way. That means even if you throw untested code out there you can roll it back negating any damage. In addition to this you can do two things with query analyzer. First you can look at the execution plan by running a simulation. It will show you what calculations it will perform and how many cpu cycles it will take. Second, you can run the proc against your test database because no one develops directly on a live mission critical database ;)
Just about the only areas I agree with you are with algorithm based execution. In many situations it is both faster and easier to develop it in the a different language.As for business logic, most applications place a good chunk of their logic in the application itself. Even larger applications will have several middle tiers, a basic chaining of databases to minimize the load on the master.
You're right though, use the right tool for the job. Stored procs aren't for everyone, but it sure makes a much easier way to develop applications. You are essentially building a database api when you build them and I rarely ever hear anyone saying APIs are a bad idea.First off, what do you think a table is? It is by definition an object, a view is another object. Temp tables and datasets are also objects. Now you're approaching the limits of TSQL but in the Oracle world you have PL/SQL in which case you have a full object oriented language to play with. If you feel you need to use TSQL then you have the option of creating an extended proc where you again have a full object oriented language you can use.
In both the Microsoft and Oracle world's you can see exactly what a stored procedure will do to your data.I'm actually unsure what the hell you mean by version control. Changing one SP inherently does not change another SP. In order to create the SP you the server does a check against data constraints on all tables/views involved. Again, this is the same for both Oracle and MS SQL.
Debugging, now I'm starting to think you are on crack. In both Oracle and MS SQL you can rollback any transactions you just performed assuming two things, first the syntax had to be correct before you could even create the proc let alone execute it. Now you can watch exactly what parts of the database are effected in as much or as little detail as you like.Since most commercial databases charge per CPU you would be wise to use optimized code which by definition would be a stored procedure which is precompiled and just awaiting execution. This is far fewer steps than doing a JIT compile.
I think I'll stop here for nowYou are right though, sometimes you want to old on to old documents, except that most of our data is in a database so its usually just consignment forms from past years. Mostly I doubt they even need to keep it.
They were a great price, about $3200, if we maxed it out it could have run 4k but its still a great deal especially when you consider you could strong 160 of them together pretty cheaply.
Of course, a good chunk of those games also require you to open multiple ports on the firewall so lets face it, you can't game on a computer that needs to be secured. Why not think ahead of situation like this? Spose not everyone has multiple computers
Just seems a shame this copy protection stuff forces the user of administrative privs. I can't think of any other reason they wouldn't store all the settings in an xml config file. It can be done, I don't suspect things will change anytime soon though. Everyone assumes right now if it doesn't work right away then you need higher permissions rather than oh, granting permission to the one folder.Just a couple of my cents on this issue
You are however correct that the slowness is in explorer, that is why I use robocopy, I copy 16 gigs/min all on two windows boxes. Course I'm clustered on both sides and have a strong network backbone. I've seen both platforms and probably a hundred file systems all fall on their asses when you try to use the wrong tools.
It would be nice if NTFS died off but it does work. Reiser4 does sound mighty promising so it looks like the next additional to my SAN will probably be a another Gentoo box. Time will tell, things like this have a habit of getting ahead of themselves.I don't think any of this will make it to law though.
They used research they funded to produce environmentally sound cartons and they backed countless charities. Might add they were vary profitable as well.
You're el cheapo firewall is irrelevent since the IPv6 traffic is encapsulated in your IPv4 traffic. So as long as you don't do content filtering it works fine, although I'm not sure it even supports content filtering so odds are it works fine.
Totally no idea how that was modded as insightful.That is what the client is for, you can either put the client on your end machine or put it on a router that supports IPv6 and IPv4. Otherwise you're stuck with just using the client on your computer which isn't that bad, you still get access to all the services that run on IPv6 only currently.
You can have a whole octet to yourself right now. That's a lot of IP addresses and you're ISP doesn't have to support IPv6, it can be encapsulated in IPv4. There are plenty of gateways out there that will translate the request for you so that only your router will need both IPv4 and IPv6.
It's all up on FreeNet.Will stick with the Athlon64 running about 30 watts, but that's good info.
Of course over the years the definition of pornography has really begun to change. Pornography used to be have violence as part of its definition. If you follow that that is still part of the definition then you will probably come to the conclusion that it leads to other activities.
In addition to this, almost every study I've read had its results taken from inmates. Hardly an adequate sampling of violent and non-violent people to make any form of accurate asssessment. Or perhaps the people that do the study have no idea just how many people the porn industry "touches"I'm seeing these types of results everywhere. Liberals and conservatives alike seem to try to make their point by obscuring evidence or in some cases, outright laws. A lot of the time there is this assumption that everyone agrees with a person who has a strong cultural influence in one direction.
This relates directly to the video game violence deal, there is no direct evidence that the video game is what caused the kid to be violent. In every circumstance I've seen there are plenty of other contributing factors and in reality video games probably slowed the time it took for them to act out.I recognize I could be wrong and welcome evidence either for or against what I believe to be true both about porn and violent video games. I don't believe they cause problems that people wouldn't have otherwise.
In the past the hash was still stored, that was because you only disabled the service rather than the component which has a few services associated with it. You can also shut off LM hashing in the local security policy or domain security policy.
As far as updates, I'm not sure of your point, considering the linux platform also has daily updates.Might also be worth mentioning that 98 and below are no longer supported by MS hense the willingness to cut them out of accessing Windows 2003 boxes which was previously unheard of.
Of course, if they'd have stopped with the whole AD thing and licensed NDS from Novell none of this would be an issue. Even NDS has its issues but they can be dealt with far more easily.Perhaps you misunderstood or chose to ignore the entire point of the post. The simple solution is inherently the lazy one because you are breaking functionality to achieve security.
Second, spyware and adware more often than not occur in the web browser. I already acknowledge IE is broken but it is the extended functions which cause the security problems. ActiveX, javascript and vb script controls and the likes are where the problems lay.
I tend to think that you need some html rendering engine built into the GUI, but you can completely disable IE, delete the shdoc.dll along with iexplore.exe and Windows will quite happily continue its existence in a less feature rich environment. You won't be able to thumbnail or create filmstrips on the fly but it will work.I could definitely be wrong but it sounds like you are in a much smaller computing environment. When you start dealing with thousands of clients or more you have to start making policy because it is an administrative nightmare to create whitelists, Policy is key.
You are right, if you are not using any of the collaborative features then you should indeed ban Outlook because it is a bloated mail client. If you actually use all its features then the bloat is actually pretty minimal considering the functionality.
Second, outright banning html content is being lazy. It's like closing port 80 because you don't want exposure. If it is a required service then you take the time to secure it rather than just banning it. Fortunately for you your situation doesn't not require those services and so you are using due diligence as providing unnecessary services is well, unnecessary.Server side virus scanning evaluates all incoming email so this malicious code being run from an untrusted source is quite irrelevent, the code never makes it to the client whether they use Outlook or not. Of course, all email is deemed trusted because the code was evaluated and determined to not be either malicious or against company policy. I can control what types of attachments they are allow to open, or even if they can open any. I can do this for individual or groups of users.
We are obviously in very different computing evironments that's for sure. Of course, there is a simple solution for all the html crap that goes on. Make the mail server, whatever it is, convert everything to plaintext. Its easy in Exchange, its relatively easy in Sendmail and Postfix, you can even do it with smaller apps like iMail or Merak.There's nothing wrong with listing the contents of a directory if they don't have access to the contents. Besides that you can even disable their ability to see files they don't have access to. The only trick is for users that don't use Windows.
I agree the NTFS model isn't perfect but I think it definitely gets the job done most of the time. Although it is still no where's near as close to the level of granularity Novell with Netware achieved more than a decade ago.Also, if you remove the ability to execute on a root folder then all files and folders beneath it would have the same permission since by default inheritence is turned on. I most always break inheritence initially so that I can setup proper access rights but once I establish file structure I use inheritence everywhere that is reasonable. There are a few places such as ntds and sysvol folders where its not a good idea.
This seems to be something a lot of people forget. The fact that I can check my voicemail from Outlook, the fact that my boss can schedule a meeting and if I'm not at my desk; I will be paged to inform me the meeting will begin in 15 minutes.
The problem isn't Outlook or Exchange, its being lazy in your initial configuration of both. Guess what, by default Outlook 2003 doesn't even load embedded images in an email. It provides a link so the user knows where to go if they need to see the image. You've been able to configure Outlook to do this since 1997.Attack IE all you like, I've disabled access to IE on most machines here in my network and installed Firefox 0.9.1
Tis nice not having to deal with all the spyware. The only problem is that there are occasions that I need ActiveX which is why IE isn't universally disabled here.Yes there are security patches up there waiting for you. Sorry but you're not immune either. No one is
Novell knows ACLs!
So in short, you can chmod -x the IE Temporary directory, especially if you use Microsoft Services for Unix. Otherwise you have to do the equivalent of turning off execute permissions which is all point and click, so surely everyone can do it. Although if you'd like you can do it from the cli as well.The difficulty of Windows is that most features are hidden, some well documented, some poorly documented, and some that just plain don't work. Fortunately for security purposes this is one feature that does work.
I think a lot of people don't realize how much control you can take over Windows using WSH. Maybe most people don't know it exists?
At any rate, I think the original post there was just plain wrong. I'm coming at it from a point of Office 2003 though. I don't think I ever used XP. In 2003 I spent about ten minutes making a custom install script which put all the features how I want them for the entire company and that was that. Its only used for existing machines, new machines are just imaged. I hate reinstalling stuff.That said html can be learned in a few hours so yes it does indeed help programming because you have to plan out what you want especially when dealing with complex tables.
The ability to manipulate text to produce an image in your head is a very key concept when programming.
Also, very few people ever learn html without learning css and javascript in which case you would be woefully incorrect because javascript supports a great deal and contains most basic programming concepts. Its still not C but its a hell of a lot closer and produces real results a hell of a lot faster. Plus when you learn javascript you learn a bit about C syntax so jumping over is quite simple.