Someone else feel free to correct me if I am wrong.
One cannot forge an IP address for an established TCP connection. Before any actual data is tranferred, the client says hello to the server, the server says hello back, if the client forged their IP address on the initaial connection request, the servers response will simply not return to same computer, the TCP connection never becomes established and no data is ever transferred. The web server software itself is probably not normally even aware of the connection attempt, unless you are using some sort of packet sniffer or firewall to do logging of these kinds of failed connections.
One can however forge IP addresses to some usefullness on some of the other IP protocols such as UDP and ICMP, it is still one way, but the recipient of these packets, who may be getting flooded has no way of knowing where packets are actually coming from, unless they look at every router between themselves and the attacker and manually trace back to the attacker by seeing over which interface the packets are coming from.
There is one way one can sort of forge IP addresses, but this technique is more accurately termed as hijacking. Spammers have been known to do this, they abuse BGP which automaticly queries neighboring routers for the networks they manage, and then use this date to decide where to route packets. Don't know if it still can, or still does happen, but hijackers would incorrectly publish that they managed a block of IPs, then, until someone works out what has happened, those IPs, under certain circumstances could be used for established TCP communcation.
One could also hijack a users connection or computer using malware, or alternatively you could perhaps intercept their DSL line between their house and the ISP. However, when the authorities come to investigate the alleged perpertrator, they should be able to notice some strange activity.
And finally, there are ways to mask, or make it diffuclt to find one's originating IP, this can be done by bouncing your TCP connection through one or more servers. Serious hackers use this technique, so for example, a hacker in Russia connects to a server in Brazil, then from Brazil to a server in Europe, and finally from that server in Europe through to the U.S. server he hacks. While this is still backtracable by the authorities, it requires co-operation between multiple authorities in different countries which can be quite difficult and time consuming to organize.
They may be made worse by environmental policies..
on
Controlling Hurricanes?
·
· Score: 2, Insightful
..or lack there of.
It would be ironic if it was found that the intensity of these hurricanes has been made worse by the lack of US participation in the Kyoto Policy, or their lack of any serious environmental policy.
I admit that The Day After Tommorow is possibly a bit of an extreme case, but there was a message the film makers were trying to send.
While I may land up with bad karma for this on/. it's nothing like the bad karma the US will have when the whole world starts having to deal with the agricultural difficulties of changing climates and weather patterns.
Hmmm, windows 95 was certainly full of it's issues, but it was able to do one thing for me. I was only about 14 at the time, but we had a back to back parallel (laplink) cable. And for whatever reason it seemed expensive or difficult to get a serial cable, and I REALLY wanted to be able to play multiplayer games. What I eventually managed to do was install Win95B on 2x 386DX40 computers, then set up a Direct Connection over the LPT ports, windows saw this like an ordinary network, and I set up IPX/SPX over it. Over this, we used to play Warcarft II. Oh the glory of it all, it ran slow as all hell, but I didn't know much better. I seem to recall that stability was not really an issue, unless you accidently minimized Warcraft II, which would unfortunately cause the game to stuff up.
About a year after that I managed to procure a couple of old network cards, and a piece of BNC cable, and lots of T pieces. For the terminators, which like a serial cable seemed difficult to obtain, I managed to carefully remove 2x 50 ohm resistors off an old 286 motherboard, which i then soldered onto two of the T pieces - which worked like a charm.
So when my 12 year old brother casually joins me over our 100MB/s CAT5 LAN for a game of Warcraft II Battle.net edition, he has no idea how easy he has it;)
As someone who does a fair amount of support, I have to say Windows 2000 was the first reliable and still user friendly OS from MS. I mean, at all my clients, as long as they have win2K or better, things run smooth, provided they steer clear of malware, but that is a different topic.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and service packs don't need to be installed right away, to the best of my knowledge, Microsoft, at least initially, releases all security fixes individually as well.
If the company you work for isn't allocating the resources you need to roll out patches effectively, tell them, if they don't/can't give you what you need, they must accept it when a worm wreaks havoc on their network despite the IT departments best efforts.
Also "old man", I may be small fry in terms of number of users, but all to often I see so called "trained" and "experienced" people going about their IT job not really having a clue. If you are indeed good at what you do (I really would't know) you will know that the best people in IT are the ones that understand what they work on, as well as a lot of it's inner workings. I never just click something because that's what I am told works, I click a button because I know where I am headed, and why that click takes me closer to that goal.
Provided they listen to us, all the clients my company consults for have almost completely trouble free IT. And we haven't really had an unhappy customer because when things do go wrong, it is innevitably because they specifically chose, for reason's normally related to cost, not to go for our recommendations, and as such they humbly accept the consequences.
WSUS works like a charm, you can tell it to check for updates every day, and then all clients on the network can be forced to apply the patches.
There are instances where WSUS cannot really help much:
Laptop users: These users may get infected from their home connection before they get to the office, however, this should not really be able to happen if they are running a personal firewall (such as Windows XP SP2's firewall), and even if they do get infected, the worst possible collateral should be a couple of other, as yet, unpatched laptops on the network.
0 day worms: I would say that, reasonably, you are looking at about 24 hours for all desktop machines to get autopatched. Worms that get made in this time window may be able to sneak in.
Worms which target an unknown vulnerability: Short of ultra-strict firewall policies, as well as no laptop users, a worm like this is more than likely going to cause havoc.
It's called preventative maintenance, you can replace your brakes after they fail, but if you do it before they fail, it saves you having to repair the rest of your car as well.
In summary, all administrators from companies that that run a domain controller, and have a reasonable amount of resources should NOT have experienced any major outbreak. So stop whining, clean up your mess, do your job properly now and avoid future problems.
You have forgotten one important thing, calling someone guilty implies they have done something wrong. So when your urine sample tests positive for an illegal substance, you have committed a crime, but when you test positive for a genetic defect, it's not because you did something wrong, you were just born like that.
In truth it's like not getting hired because you are too short, or you happen to have blue eyes, both of which are generally beyond most people's control. This actually leaves an interesting question, is it wrong to refuse an applicant because of a genetic defect. If you think that some people with eye problems aren't allowed to drive, and driving is part of the job, then by all accounts I feel the employer has the right to refuse to employ you.
It is a very tricky problem, some genetic traits are necessary for a particular job, while others merely make you perform better. So where does one draw the line, Gattaca is an example where requiring certain genetic traits for you job may have gone to far.
Incidently, when they named it Gattaca, they spelled it using the first letters of the types of Nucleotides that are the building blocks of DNA: Adenine (A), Cytosine (C), Guanine (G), Thymine (T), and Uracil (U).
Did you actually RTFA? Countless times it mentions that most compatibility issues come from the fact that a significant amount standards compliant code renders incorrectly on non-standards compliant web browsers.
Now in an ideal world, you could just tell your client to get a standards compliant browser. However, in the world we live in, most people use IE, and it's not going to change over night, if at all.
So for now, always make sure to write code that validates, but don't be so foolish as to assume that IE will render it as standards dictate that it ought to - because often enough, it just doesn't.
I have to admit this is annoying, but it is the sort of annoying that may be necessary to potentially save lives of those "i'll do it later" but never actually do kind of people.
The companies just need to make it that if you haven't yet set up your E911, whenever you try making a call, before the call connects, it gives a voice prompt telling you that E911 is not yet set up, and without it you may have difficulty making emergency calls. After the voice message, your call connects normally.
Very much like a software approach to security updates and registrations, and while annoying, if following the instructions is the only way to get rid of the annoyance, you may be suprised at how many people suddenly take the effort.
At least people can't accuse the VOIP companies of not warning them.
Seeing as I am still working out Linux, and I know my Windows pretty darn well, I did this interesting thing.
The specs: - Pentium II 233MHz - Intel Desktop Board (isn't their slogan "built on reliability") - 96MB RAM - 3GB Hard Disk - OS: Windows 2000 Server Standard
For readers to understand fully why I did this, until about a month ago, South Africa had only one decent ADSL account offering, a 3GB account. These 3GB accounts allow you to browse any site at full speed until you generate 3GB of traffic (that's g/bytes), and after the DSLAM kills your session (happens approximately every 24 hours) and you reconnect you get worse than 9600bps modem speeds when connecting to overseas servers/peers, but local speeds are still 100%. At the beginning of each month the counter is reset.
So, what I do is use OpenVPN (http://www.openvpn.org/) to tunnel to my office for the international bandwidth which we get through a 2mbit/s leased line, however, I have managed to configure my box in such a way that local traffic goes straight over the ADSL.
Using Windows 2000 Routing and remote access on my machine at home, I create the tunnel, and also create a ppp connection using RAS PPPoE (http://www.raspppoe.com/) - seeing as Windows 2000 doesn't have it natively. I then set up NAT routing, make the OpenVPN TUN/TAP adapter and the ppp interface external interfaces, and the LAN card the internal interface.
Then for routes, I set my default route to go down the tunnel, and I natuarlly set up the IP address of the remote end of the tunnel to go down the ppp interface. Now, South Africa has relatively few ASNs, so I also manually added a whole lot of those blocks to my routing table to go down the ppp interface. The net result (excuse the pun) was that local traffic went straight over the ADSL, and international traffic via the tunnel.
This all runs perfectly on Windows 2000 Server on that old box. Unlike the author of the article, I don't ever "work" on the machine per se, so for security reason's it does all it's Windows Updates, while I installed no extra services like IIS, I haven't bothered to disable any default services, I have however turned off Active Desktop, sliding menus and the Activity Pane for Windows Explorer, I discovered a long time ago that turning these off was the simplest way to more than double the responsiveness of their systems. What I have also done is enabled Terminal Services in remote administration mode, so the machine needs no screen keyboard and mouse. I add that I am no security expert however, with the box fully patched and a strong password set, I have had NO security incidences, well, at least none that I am aware of, I also do not run any kind of firewall.
Now my routing works well and causes *almost* no problems, it does have issues nevertheless. Because my box has two external IP addresses, certain things have issues, the problem arises when an application registers on an international server, and other peers from South Africa try connecting to my tunnel interface IP address, this doesnt work because my Windows 2000 box ends up trying to send the packets back over the PPP inteface. I notice this the most with Source and Steam. I cannot connect to any local servers when my tunnel IP address is the one registered with the Steam server, it just keeps on asking for my Steam username and password. Top get around this, when I want to play, I merely end up doing a PPPoE direct from my desktop, and while it takes a while for Steam to sign in, it does work. While I know that I could manually setup the steam server IPs to route over the ppp, I just havent bothered, also this way when an update comes down, it always comes down the fastest.
I am experimenting with Linux, and especially along with Soekris (http://www.soekris.com/) boards, to replace this solution, just a little more time and I will have it worked out - but I am not rushed as my Windows 2000 Server solution works just as well - and is up and running already.
Actually from a financial point of view, I believe there are very good reasons for Blizzard not wanting third party Battle.net servers out there.
Blizzard games all have unique cd-keys, and I know a lot of people who buy the game primarily for the valid cd-key in order to able to play online.
With third party servers, a valid cd-key is not required. While I cannot be sure how bad the piracy issue actually is, I know that on our local reverse engineered battle.net server, almost all the players are using a pirated version of the game. IMO, the only justifiable reason for a small private battle.net is if you don't like the chance of playing with cheaters, apart from that I think that the official servers are better in every other way.
While I agree with you in most respects you need to understand that most music is given artificial value by the recording industry. I find that it is not necessarily the 'good' music that sells, but more the 'well marketed' music that sells.
Personally I believe you get performers, and artists. Artists are the ones who typically write their own music and lyrics and play instruments. If they are good and a little lucky, they play their way to success, often by starting at small clubs or bars. Performers can sing and dance, they often tend to do fancy dancing, they will also never be ugly as marketing is the only real way to make them sell. Unfortunately for artists, they fall under the same category as these performers - 'musicians'.
I believe that the majority of music you hear is crap that sells purely because of the huge amounts of marketing the record companies spend marketing it.
These are the real expenses that the music industry incurrs - we all know that distrubution is no longer an issue.
I live in South Africa, we don't even have it aired here, until I can order DVDs of the series I will most certainly use torrents.
However, I am a bit dissapointed it's not being broadcast in HDTV format first, the AVI's come out so much better.
I found Milkdrop before Winamp 3 hit the scenes, and I had loads of fun being the one to introduce it to all my friends, seeing as Nullsoft only started including it by default with Winamp 5.0.
Brain Chemistry: Harvard Professor Lawrence Summers recently mentioned how women and men have different brain chemistry, as anyone who has spent some time with men and women can attest, they can be very different. Summers noted that the male brain is more attuned to mathematical reasoning and logic, both essential skills for IT types. Evidence for this can be seen for example in the fact that mathematicians have traditionally been men. Hopefully this problem can be addressed in the future through stem cell research and genetic therapy.
And why would you want to change the way women, or men, think. Isn't one of the greatest and most rewarding challenges of life learning to live with, and understand the opposite sex.
As a male, I find the differences in the way women feel and think about things very interesting, and it is a spice of life that makes for wonderful memories as you get older. While the lack of understanding in the way women think may result in rather unpleasant, and emotionally painfull experiences, isn't a lot of life also like this.
The problem here is not that men are better than women in some things, it's that men are often paid more than women for doing tasks, which although different, are not more difficult. More specifically, women are not always given the due credit for what they are good at.
I read/. almost religiously everyday, and I barely ever feel the need to comment, but this guy goes on and on about how crap Windows is, and maybe it is compared to Mac. But most of the problem lies with the fact that most people are just plain stupid and naive when it comes to using a computer. Admittedly the Mac (which I have never really used) may be better out the box against worms, but I doubt the Mac would do any better against adware were it as popular as Windows. The other problem comes down to ISPs being more worried about selling their services than keeping their networks clean.
Let me just state, I sit on public IP address at work, 24 hours a day. I run Windows XP, I do the updates religiously, I even set up SUS at my office to save on bandwidth costs. I personally run NO anti-virus, I run NO firewall. I installed ad-aware once, thought it was a waste of time, and ununistalled it a week later. My computer has NO malware on it, I do not have pop-up problems, I do not have strange task in my running programs list.
How do I get away with this, well, since code red and nimda, Microsoft has always managed to release fixes, which is what actually alerts malicious programmers to the vulnerability, before a worm hits. Also, being an intelligent user (I don't even have any real post-school qualifications), I know what NOT to click, and the golden rule in life: "There is no such thing as a free lunch." which keeps me away from dubious software, particulaly things like Smiley Central and Date Manager (see these on client machines too often). I also use Open Source software where it is convenient. Particularly eMule and Firefox.
I personally believe that perhaps grannies shouldnt be allowed on a PC wihout at least a little knowledge, in the same way a granny who has never learnt to drive shouldn't be on the road. I don't know how it works in th US, but where I live, before you can even get in a car to start learning to drive, you have to write a test PROVING that you know the rules of the road, why don't people do this for PCs? I mean this applies to life as well, any good mother wouldn't leave their kids alone in a big city on the street, unless they were confident that after years of teaching their child simple self survival techniques were sufficent, basic things like: "don't walk into dark alleys with shday characters lurking around".
PC's are the same, we have these zombie nets, simply because people are irresponsible with their PCs, and don't make the effort to make sure they are "internet worthy", i mean if a car is unroadworthy, you get fined, and chucked off the road, this is not just because people are picky about these things, it's becuase roads are quite important, and we can't have morons making it unusable for basic needs. I would say the internet is pretty damn important for business, particularly e-mail, shouldn't people have to prove their competence before being allowed on it?
First, I will explain why monopolies *can* be a good thing, then how monopolies can also exploit end users horribly.
When it came time for the country I live in to start rolling out a telephone network, they made it law that only one company would be allowed to lay a telecommuncations network. There was a good reason for this, laying down a telephone network is exceptionally expensive, and if there was competition, you may have one or the other party taking *shortcuts* to reduce costs, and undercut their competitors price, having the competitor in turn do that same, resulting in an inferior network. So our telecom comfortably drew up a long term plan make sure that our country can get an advanced, and reliable network, without them risking bad return from investment.
Now, this is where the problem with monopolies comes in: I live in Johannesburg, South Africa, a first world city, where about the only difference I have compared to say a big city citizen in the US, is that I pay through roof for internet and telephone, because our Telco company is a monopoly. Just to give you an idea, their ADSL offering costs about R900 p/m (appr US $115) we get a 512k down and 256k up connection. Now if that cost doesn't horrify you, listen to this, that only includes 3gb of traffic to anywhere you want, after you hit that 3gb cap, while local bandwidth is still fast, you get put in a 1:50 international pool, which translates to 10kbits/s if you are lucky, although to get around this, you can pay about $15 for a fresh account, which will work nicely until that also reaches it's limit. I don't know exactly how much local landline calls cost, but i am certain it is more than $0.15 per minute, if you want a nice view of how bad things are, visit http://www.hellkom.co.za/, this site is someones attempt to let everyone know just how badly they are being ripped off. And Telkom (our telco) is trying to sue him. It gets more insidous, becuase the South African government (not the ruling party) has large shares in Telkom, they haven't really been overly enthusiastic to sort out the economy cripling state of afairs, they have announced, but also delayed awarding a second network operator license for about 6 years.
Eskom, which provides electricity in our country is also a monopoly, however I have no complaints about them, infact, Eskom is one of the big players that bought the pebble bed reactor technology to where it is today.
We recently had some changes in our telecommunications law, making VOIP and inter site wireless LAN connections legal as of Feb 2005, but this only happened about 2 weeks ago, so things are looking up a bit, and with any luck, this will drive our telco's prices down, as any one will be allowed, and able to sell bandwidth without having to use our hideously overpriced, in fact these two factors will allow people to legally pay nothing to talk to their next door neighbor, or a friend who lives 5km's away.
In summary: In theory, a monopoly can be a good idea, but in reality, people who run the monopolies generally rip their customers off, simply because the consumer has no choice, and as a monopoly, they can get away with it.
I bought VHS cassettes of the original trilogy, and I remember a compaign to the effect of, this is the only time you will be able to get "The Original Star Wars" trilogy. (Altough I would have bought it anyway.)
Then a while later we had big creen Special Editions, but of course this didn't contradict the previous offer, becuase it wasn't the "Original Star Wars Trilogy" even if it was only slightly different.
A good idea, but the problem with the Blaster variant was that it was proactive as appose to reactive.
IE: Blaster variant behaved almost exactly like the orginal worm, except that as it *infected* a machine it would patch and protect it, but still create web traffic, trying to *clean up* other infected machines.
What the blaster variant SHOULD have done, was watch for infection attempts, note which IP adress attempted it, then *infect* that IP address to clean it up, that way we have auto worm reponse, after *infecting* and cleaning the machine, that machine, now also has a reactive approach only, of listening for infected machines, as appose to proactively searching for them.
Slashdot Mirror
Isn't:
"Gentlemen, start you credit cards."
Meant to be:
"Gentlemen, start your credit cards."?
Someone else feel free to correct me if I am wrong.
One cannot forge an IP address for an established TCP connection. Before any actual data is tranferred, the client says hello to the server, the server says hello back, if the client forged their IP address on the initaial connection request, the servers response will simply not return to same computer, the TCP connection never becomes established and no data is ever transferred. The web server software itself is probably not normally even aware of the connection attempt, unless you are using some sort of packet sniffer or firewall to do logging of these kinds of failed connections.
One can however forge IP addresses to some usefullness on some of the other IP protocols such as UDP and ICMP, it is still one way, but the recipient of these packets, who may be getting flooded has no way of knowing where packets are actually coming from, unless they look at every router between themselves and the attacker and manually trace back to the attacker by seeing over which interface the packets are coming from.
There is one way one can sort of forge IP addresses, but this technique is more accurately termed as hijacking. Spammers have been known to do this, they abuse BGP which automaticly queries neighboring routers for the networks they manage, and then use this date to decide where to route packets. Don't know if it still can, or still does happen, but hijackers would incorrectly publish that they managed a block of IPs, then, until someone works out what has happened, those IPs, under certain circumstances could be used for established TCP communcation.
One could also hijack a users connection or computer using malware, or alternatively you could perhaps intercept their DSL line between their house and the ISP. However, when the authorities come to investigate the alleged perpertrator, they should be able to notice some strange activity.
And finally, there are ways to mask, or make it diffuclt to find one's originating IP, this can be done by bouncing your TCP connection through one or more servers. Serious hackers use this technique, so for example, a hacker in Russia connects to a server in Brazil, then from Brazil to a server in Europe, and finally from that server in Europe through to the U.S. server he hacks. While this is still backtracable by the authorities, it requires co-operation between multiple authorities in different countries which can be quite difficult and time consuming to organize.
It would be ironic if it was found that the intensity of these hurricanes has been made worse by the lack of US participation in the Kyoto Policy, or their lack of any serious environmental policy.
I admit that The Day After Tommorow is possibly a bit of an extreme case, but there was a message the film makers were trying to send.
While I may land up with bad karma for this on /. it's nothing like the bad karma the US will have when the whole world starts having to deal with the agricultural difficulties of changing climates and weather patterns.
Hmmm, windows 95 was certainly full of it's issues, but it was able to do one thing for me. I was only about 14 at the time, but we had a back to back parallel (laplink) cable. And for whatever reason it seemed expensive or difficult to get a serial cable, and I REALLY wanted to be able to play multiplayer games. What I eventually managed to do was install Win95B on 2x 386DX40 computers, then set up a Direct Connection over the LPT ports, windows saw this like an ordinary network, and I set up IPX/SPX over it. Over this, we used to play Warcarft II. Oh the glory of it all, it ran slow as all hell, but I didn't know much better. I seem to recall that stability was not really an issue, unless you accidently minimized Warcraft II, which would unfortunately cause the game to stuff up.
;)
About a year after that I managed to procure a couple of old network cards, and a piece of BNC cable, and lots of T pieces. For the terminators, which like a serial cable seemed difficult to obtain, I managed to carefully remove 2x 50 ohm resistors off an old 286 motherboard, which i then soldered onto two of the T pieces - which worked like a charm.
So when my 12 year old brother casually joins me over our 100MB/s CAT5 LAN for a game of Warcraft II Battle.net edition, he has no idea how easy he has it
As someone who does a fair amount of support, I have to say Windows 2000 was the first reliable and still user friendly OS from MS. I mean, at all my clients, as long as they have win2K or better, things run smooth, provided they steer clear of malware, but that is a different topic.
I have installed and used it on Windows 2000 Server without issue. No errors encountered during use, or installation.
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and service packs don't need to be installed right away, to the best of my knowledge, Microsoft, at least initially, releases all security fixes individually as well.
If the company you work for isn't allocating the resources you need to roll out patches effectively, tell them, if they don't/can't give you what you need, they must accept it when a worm wreaks havoc on their network despite the IT departments best efforts.
Also "old man", I may be small fry in terms of number of users, but all to often I see so called "trained" and "experienced" people going about their IT job not really having a clue. If you are indeed good at what you do (I really would't know) you will know that the best people in IT are the ones that understand what they work on, as well as a lot of it's inner workings. I never just click something because that's what I am told works, I click a button because I know where I am headed, and why that click takes me closer to that goal.
Provided they listen to us, all the clients my company consults for have almost completely trouble free IT. And we haven't really had an unhappy customer because when things do go wrong, it is innevitably because they specifically chose, for reason's normally related to cost, not to go for our recommendations, and as such they humbly accept the consequences.
Granted, I deal only with about 150 users, over about 6 companies, however, I haven't even had a reported case of this worm.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
Any competent administrator knows:
WSUS works like a charm, you can tell it to check for updates every day, and then all clients on the network can be forced to apply the patches.
There are instances where WSUS cannot really help much:
It's called preventative maintenance, you can replace your brakes after they fail, but if you do it before they fail, it saves you having to repair the rest of your car as well.
In summary, all administrators from companies that that run a domain controller, and have a reasonable amount of resources should NOT have experienced any major outbreak. So stop whining, clean up your mess, do your job properly now and avoid future problems.
You have forgotten one important thing, calling someone guilty implies they have done something wrong. So when your urine sample tests positive for an illegal substance, you have committed a crime, but when you test positive for a genetic defect, it's not because you did something wrong, you were just born like that.
In truth it's like not getting hired because you are too short, or you happen to have blue eyes, both of which are generally beyond most people's control. This actually leaves an interesting question, is it wrong to refuse an applicant because of a genetic defect. If you think that some people with eye problems aren't allowed to drive, and driving is part of the job, then by all accounts I feel the employer has the right to refuse to employ you.
It is a very tricky problem, some genetic traits are necessary for a particular job, while others merely make you perform better. So where does one draw the line, Gattaca is an example where requiring certain genetic traits for you job may have gone to far.
You got the spelling of Gattaca wrong.
Incidently, when they named it Gattaca, they spelled it using the first letters of the types of Nucleotides that are the building blocks of DNA:
Adenine (A), Cytosine (C), Guanine (G), Thymine (T), and Uracil (U).
This is no coincidence and was purposefully done.
Uhhh, not really....
Did you actually RTFA? Countless times it mentions that most compatibility issues come from the fact that a significant amount standards compliant code renders incorrectly on non-standards compliant web browsers.
Now in an ideal world, you could just tell your client to get a standards compliant browser. However, in the world we live in, most people use IE, and it's not going to change over night, if at all.
So for now, always make sure to write code that validates, but don't be so foolish as to assume that IE will render it as standards dictate that it ought to - because often enough, it just doesn't.
I have to admit this is annoying, but it is the sort of annoying that may be necessary to potentially save lives of those "i'll do it later" but never actually do kind of people.
The companies just need to make it that if you haven't yet set up your E911, whenever you try making a call, before the call connects, it gives a voice prompt telling you that E911 is not yet set up, and without it you may have difficulty making emergency calls. After the voice message, your call connects normally.
Very much like a software approach to security updates and registrations, and while annoying, if following the instructions is the only way to get rid of the annoyance, you may be suprised at how many people suddenly take the effort.
At least people can't accuse the VOIP companies of not warning them.
Seeing as I am still working out Linux, and I know my Windows pretty darn well, I did this interesting thing.
The specs:
- Pentium II 233MHz
- Intel Desktop Board (isn't their slogan "built on reliability")
- 96MB RAM
- 3GB Hard Disk
- OS: Windows 2000 Server Standard
For readers to understand fully why I did this, until about a month ago, South Africa had only one decent ADSL account offering, a 3GB account. These 3GB accounts allow you to browse any site at full speed until you generate 3GB of traffic (that's g/bytes), and after the DSLAM kills your session (happens approximately every 24 hours) and you reconnect you get worse than 9600bps modem speeds when connecting to overseas servers/peers, but local speeds are still 100%. At the beginning of each month the counter is reset.
So, what I do is use OpenVPN (http://www.openvpn.org/) to tunnel to my office for the international bandwidth which we get through a 2mbit/s leased line, however, I have managed to configure my box in such a way that local traffic goes straight over the ADSL.
Using Windows 2000 Routing and remote access on my machine at home, I create the tunnel, and also create a ppp connection using RAS PPPoE (http://www.raspppoe.com/) - seeing as Windows 2000 doesn't have it natively. I then set up NAT routing, make the OpenVPN TUN/TAP adapter and the ppp interface external interfaces, and the LAN card the internal interface.
Then for routes, I set my default route to go down the tunnel, and I natuarlly set up the IP address of the remote end of the tunnel to go down the ppp interface. Now, South Africa has relatively few ASNs, so I also manually added a whole lot of those blocks to my routing table to go down the ppp interface. The net result (excuse the pun) was that local traffic went straight over the ADSL, and international traffic via the tunnel.
This all runs perfectly on Windows 2000 Server on that old box. Unlike the author of the article, I don't ever "work" on the machine per se, so for security reason's it does all it's Windows Updates, while I installed no extra services like IIS, I haven't bothered to disable any default services, I have however turned off Active Desktop, sliding menus and the Activity Pane for Windows Explorer, I discovered a long time ago that turning these off was the simplest way to more than double the responsiveness of their systems. What I have also done is enabled Terminal Services in remote administration mode, so the machine needs no screen keyboard and mouse. I add that I am no security expert however, with the box fully patched and a strong password set, I have had NO security incidences, well, at least none that I am aware of, I also do not run any kind of firewall.
Now my routing works well and causes *almost* no problems, it does have issues nevertheless. Because my box has two external IP addresses, certain things have issues, the problem arises when an application registers on an international server, and other peers from South Africa try connecting to my tunnel interface IP address, this doesnt work because my Windows 2000 box ends up trying to send the packets back over the PPP inteface. I notice this the most with Source and Steam. I cannot connect to any local servers when my tunnel IP address is the one registered with the Steam server, it just keeps on asking for my Steam username and password. Top get around this, when I want to play, I merely end up doing a PPPoE direct from my desktop, and while it takes a while for Steam to sign in, it does work. While I know that I could manually setup the steam server IPs to route over the ppp, I just havent bothered, also this way when an update comes down, it always comes down the fastest.
I am experimenting with Linux, and especially along with Soekris (http://www.soekris.com/) boards, to replace this solution, just a little more time and I will have it worked out - but I am not rushed as my Windows 2000 Server solution works just as well - and is up and running already.
Actually from a financial point of view, I believe there are very good reasons for Blizzard not wanting third party Battle.net servers out there. Blizzard games all have unique cd-keys, and I know a lot of people who buy the game primarily for the valid cd-key in order to able to play online. With third party servers, a valid cd-key is not required. While I cannot be sure how bad the piracy issue actually is, I know that on our local reverse engineered battle.net server, almost all the players are using a pirated version of the game. IMO, the only justifiable reason for a small private battle.net is if you don't like the chance of playing with cheaters, apart from that I think that the official servers are better in every other way.
While I agree with you in most respects you need to understand that most music is given artificial value by the recording industry. I find that it is not necessarily the 'good' music that sells, but more the 'well marketed' music that sells.
Personally I believe you get performers, and artists. Artists are the ones who typically write their own music and lyrics and play instruments. If they are good and a little lucky, they play their way to success, often by starting at small clubs or bars. Performers can sing and dance, they often tend to do fancy dancing, they will also never be ugly as marketing is the only real way to make them sell. Unfortunately for artists, they fall under the same category as these performers - 'musicians'.
I believe that the majority of music you hear is crap that sells purely because of the huge amounts of marketing the record companies spend marketing it.
These are the real expenses that the music industry incurrs - we all know that distrubution is no longer an issue.
I live in South Africa, we don't even have it aired here, until I can order DVDs of the series I will most certainly use torrents. However, I am a bit dissapointed it's not being broadcast in HDTV format first, the AVI's come out so much better.
I found Milkdrop before Winamp 3 hit the scenes, and I had loads of fun being the one to introduce it to all my friends, seeing as Nullsoft only started including it by default with Winamp 5.0.
Anyone seen both in action?
Brain Chemistry: Harvard Professor Lawrence Summers recently mentioned how women and men have different brain chemistry, as anyone who has spent some time with men and women can attest, they can be very different. Summers noted that the male brain is more attuned to mathematical reasoning and logic, both essential skills for IT types. Evidence for this can be seen for example in the fact that mathematicians have traditionally been men. Hopefully this problem can be addressed in the future through stem cell research and genetic therapy.
And why would you want to change the way women, or men, think. Isn't one of the greatest and most rewarding challenges of life learning to live with, and understand the opposite sex.
As a male, I find the differences in the way women feel and think about things very interesting, and it is a spice of life that makes for wonderful memories as you get older. While the lack of understanding in the way women think may result in rather unpleasant, and emotionally painfull experiences, isn't a lot of life also like this.
The problem here is not that men are better than women in some things, it's that men are often paid more than women for doing tasks, which although different, are not more difficult. More specifically, women are not always given the due credit for what they are good at.
I read /. almost religiously everyday, and I barely ever feel the need to comment, but this guy goes on and on about how crap Windows is, and maybe it is compared to Mac. But most of the problem lies with the fact that most people are just plain stupid and naive when it comes to using a computer. Admittedly the Mac (which I have never really used) may be better out the box against worms, but I doubt the Mac would do any better against adware were it as popular as Windows. The other problem comes down to ISPs being more worried about selling their services than keeping their networks clean.
Let me just state, I sit on public IP address at work, 24 hours a day. I run Windows XP, I do the updates religiously, I even set up SUS at my office to save on bandwidth costs. I personally run NO anti-virus, I run NO firewall. I installed ad-aware once, thought it was a waste of time, and ununistalled it a week later. My computer has NO malware on it, I do not have pop-up problems, I do not have strange task in my running programs list.
How do I get away with this, well, since code red and nimda, Microsoft has always managed to release fixes, which is what actually alerts malicious programmers to the vulnerability, before a worm hits. Also, being an intelligent user (I don't even have any real post-school qualifications), I know what NOT to click, and the golden rule in life: "There is no such thing as a free lunch." which keeps me away from dubious software, particulaly things like Smiley Central and Date Manager (see these on client machines too often). I also use Open Source software where it is convenient. Particularly eMule and Firefox.
I personally believe that perhaps grannies shouldnt be allowed on a PC wihout at least a little knowledge, in the same way a granny who has never learnt to drive shouldn't be on the road. I don't know how it works in th US, but where I live, before you can even get in a car to start learning to drive, you have to write a test PROVING that you know the rules of the road, why don't people do this for PCs? I mean this applies to life as well, any good mother wouldn't leave their kids alone in a big city on the street, unless they were confident that after years of teaching their child simple self survival techniques were sufficent, basic things like: "don't walk into dark alleys with shday characters lurking around".
PC's are the same, we have these zombie nets, simply because people are irresponsible with their PCs, and don't make the effort to make sure they are "internet worthy", i mean if a car is unroadworthy, you get fined, and chucked off the road, this is not just because people are picky about these things, it's becuase roads are quite important, and we can't have morons making it unusable for basic needs. I would say the internet is pretty damn important for business, particularly e-mail, shouldn't people have to prove their competence before being allowed on it?
First, I will explain why monopolies *can* be a good thing, then how monopolies can also exploit end users horribly.
When it came time for the country I live in to start rolling out a telephone network, they made it law that only one company would be allowed to lay a telecommuncations network. There was a good reason for this, laying down a telephone network is exceptionally expensive, and if there was competition, you may have one or the other party taking *shortcuts* to reduce costs, and undercut their competitors price, having the competitor in turn do that same, resulting in an inferior network. So our telecom comfortably drew up a long term plan make sure that our country can get an advanced, and reliable network, without them risking bad return from investment.
Now, this is where the problem with monopolies comes in:
I live in Johannesburg, South Africa, a first world city, where about the only difference I have compared to say a big city citizen in the US, is that I pay through roof for internet and telephone, because our Telco company is a monopoly. Just to give you an idea, their ADSL offering costs about R900 p/m (appr US $115) we get a 512k down and 256k up connection. Now if that cost doesn't horrify you, listen to this, that only includes 3gb of traffic to anywhere you want, after you hit that 3gb cap, while local bandwidth is still fast, you get put in a 1:50 international pool, which translates to 10kbits/s if you are lucky, although to get around this, you can pay about $15 for a fresh account, which will work nicely until that also reaches it's limit. I don't know exactly how much local landline calls cost, but i am certain it is more than $0.15 per minute, if you want a nice view of how bad things are, visit http://www.hellkom.co.za/, this site is someones attempt to let everyone know just how badly they are being ripped off. And Telkom (our telco) is trying to sue him. It gets more insidous, becuase the South African government (not the ruling party) has large shares in Telkom, they haven't really been overly enthusiastic to sort out the economy cripling state of afairs, they have announced, but also delayed awarding a second network operator license for about 6 years.
Eskom, which provides electricity in our country is also a monopoly, however I have no complaints about them, infact, Eskom is one of the big players that bought the pebble bed reactor technology to where it is today.
We recently had some changes in our telecommunications law, making VOIP and inter site wireless LAN connections legal as of Feb 2005, but this only happened about 2 weeks ago, so things are looking up a bit, and with any luck, this will drive our telco's prices down, as any one will be allowed, and able to sell bandwidth without having to use our hideously overpriced, in fact these two factors will allow people to legally pay nothing to talk to their next door neighbor, or a friend who lives 5km's away.
In summary:
In theory, a monopoly can be a good idea, but in reality, people who run the monopolies generally rip their customers off, simply because the consumer has no choice, and as a monopoly, they can get away with it.
I bought VHS cassettes of the original trilogy, and I remember a compaign to the effect of, this is the only time you will be able to get "The Original Star Wars" trilogy. (Altough I would have bought it anyway.)
Then a while later we had big creen Special Editions, but of course this didn't contradict the previous offer, becuase it wasn't the "Original Star Wars Trilogy" even if it was only slightly different.
A good idea, but the problem with the Blaster variant was that it was proactive as appose to reactive. IE: Blaster variant behaved almost exactly like the orginal worm, except that as it *infected* a machine it would patch and protect it, but still create web traffic, trying to *clean up* other infected machines. What the blaster variant SHOULD have done, was watch for infection attempts, note which IP adress attempted it, then *infect* that IP address to clean it up, that way we have auto worm reponse, after *infecting* and cleaning the machine, that machine, now also has a reactive approach only, of listening for infected machines, as appose to proactively searching for them.