our first 16k systems, our first 12 Megabyte hard disk (external) and the massive full height 80MB one that came along later. Anyone own a SHUGART drive?
Notes is still the #1 enterprise mail and collaboration platform. In the U.S., that margin is below the level of error but in Europe and Asia it is significant.
Microsoft continues to be better at making software people like to use at their desktop. Its what they're good at. Yet from an enterprise I.T. perspective, the Domino/Notes platform remains much cheaper and easier to manage. It also remains much more secure, much more cross platform (there's nothing at all cross platform about Exchange) and much more flexible.
What's more, the Lotus platform now has a client built on Eclipse that is FULLY SUPPORTED in Linux, Mac, and Windows platforms at the workstation -- and they're increasing platforms rather than decreasing them. It speaks java, web services, smtp, imap, nntp, snmp, http, and ldap, and integrates with just about anything. Compare that with say...exchange.
So, what's the problem? Oh, and don't tell me "I used it once in...." or "I use it at my company" if we're talking about version 4, 5, or 6. Those are now YEARS out of date. Its like that Macs don't multitask well if you're basing that on the old Mac OS and ignoring OSX. Sure, my old Mac SE doesn't multitask well either.
The believe was that by rubbing the check on a magnet (a big speaker magnet seemed always to be handy in those days) it would make the check harder to read with the automatic readers and could delay the transaction by a day or two.
I have no idea if it actually worked, if the ink even contained metal or a magnetic substance, or if we were just wasting our time.
I am a firefighter, though not in that part of the country. I can tell you that in that kind of wind, stopping any fire in even a single home once the wind can get in (windows broken, etc.) is going to be extremely difficult.
Embers larger than your hand can travel hundreds or even thousands of feet in that kind of wind and still be viable. These land on grasses and structures that have been dried over months then punished for days with these 90 degree, single digit humidity level winds. The winds are like a blow drier pointed at you face, on medium setting...for days.
In the great Chicago fire, people fled across the river -- and embers were able to cross that space to ignite structures on the other side. Not just embers, either. The fires create their own weather, creating vortexes that look like tornados hundreds of feet high. Pretty scary stuff. You're not going to slow it down with a garden hose on your roof, and you're not going to put it out with a fire truck and a couple of hand lines.
TFA is about writing code that treats the data it uses securely. We're not talking about having off-site backups through the internet necessarily. Nobody (surely not me) is saying you should back up your data to an internet site that stores it in a way they can see it. I'm talking about the data you need for the application to work properly -- in the case of an online application. I'm saying you can't rely on the user to store it. You have to store it in your application. Yes, you should do so in a secure way, but you have to be able to read it so that you can use it to do whatever your application does. If your application doesn't need it, you shouldn't be storing it at all.
Rule 1: Don't collect any personal data you don't need for the operation of the program or web site. Rule 2: For information you DO collect, do not trust the end user not to loose it.
Your points primarily relate to rule 1 -- That is, my application should not be storing any data not directly needed for its operation. I don't collection ss# because there is no need. I don't store credit card numbers because there is no need. You can't have stolen from me what I do not store.
On these points, I agree completely with you.
My point is on that information I do need (in the case of my work, this involves cell phone numbers and email, often home address and telephone numbers as well) my users would be very upset if I did not store this on my end so that it was available to them without them having to re-enter it from any other PC or if they deleted local cookies.
As a matter of practice, you store a key to the data on the user's machine but not the data itself. You also use and password or something so that if the user looses the key or logs in from another PC that key can be replaced. If you store the real user data in the local machine (say in a cookie for web apps) than the loss of the cookie means the application breaks for that user. User environments are not reliability enough for this to be acceptable.
Unlike T.V., in the real world most violent criminals are not terribly bright and are caught through far more stupid actions than those required on CSI.
If malware writers were really all that good, you'd never know you were infected. Its the same thing.
Here's my official WTF? I posted this exact story w/ a link to Science Daily's article two days ago -- before it was on Extreme Tech and half the other interwebs out there. I've never whined about having a story declined, but seeing the exact same story in here two days later isn't leaving me with that happy, warm, well fed feeling.
...if I'm several steps ahead of you in a burning house, it is only because I'm using a some rescue webbing to drag you out while keeping your head down. You don't really ever want that to happen.
Think about how you'd write the code for the machine. Your job is to count -- you have to find at least two distinct signatures. If you find more than one that is distinct, you ignore that car. If you find less than one, what do you do? Probably you consider this a detection error. A thermally reflective glass coating would work. I'd bet a heat pack hand warmer on the dashboard would do it too.
If it were me, I'd try a thermal hand warmer pack on the dashboard by the passenger seat; and maybe one each on a string in the back seat about where heads would be for back seat passengers.
Remember, glass is transparent in the visual spectrum, but can be opaque in the infrared. I know this from using Thermal Imaging Cameras in houses that are on fire. A big living room window can look just like a wall -- or even a mirror -- through the screen of a TIC depending on what outside temperature. You can see the shape of a person on the TIC when what you're looking at is a porcelain shower stall. Your own heat is being reflected back at you.
This sounds like a despot's dream. The systems receiving the data are "unseen". The path the vote takes to them is uncontrolled. The user of the phone is unverified. On top of all that, you've formally tied your Cell Phone to your National ID making you one of the most easily traced animals on the planet.
...A certain world leader who has been called "Messianic" and has declared that he has to invade [another country] because nobody else will have the guts to do it, is in fact in charge of a rather large stockpile of nukes. That least is GW Bush, and the country he's said he has to invade is Iran. (New Yorker article, about a year ago).
...in his article of IE simply to avoid the "IE Sucks" discussion. Consultants do what consultants are paid to do. Someone owned the project scope and was responsible. That person utterly failed to reconcile things like scalability and product choice. Regardless of the merits of IE based code, the PM allowed it to be done without checking with the desktop people.
...stupid decisions based on myth over reality. You have front end people making decisions about browser security in utter discord with back end choices made for functionality. You have redesign of existing functional systems without starting back at the design specification. You have scale failures because you didn't test your nonexistent spec. for scale.
If you were to use some kind of running hash algorythm, then all you would need to validate a paper would be a single receipt and its order, and another single receipt from that machine and its order. The hash at each point in the stream would not match if votes between the two points had been changed.
At each point in the linear order of votes cast, the hash would be altered by including the next vote. Change order of or number of votes, and a different hash will evolve. As long as a trail of each vote and that hash at that time were kept, then any receipt could be compared to the stored value in the machine for that receipt number to be certain that all the records to that point match what users were given.
The algorythm in the machine could also be validated by running the same sequence of votes through a 'known good' source and comparing the hashes.
I'm sure I'm missing some finer details here, but in principal this should be extremely effective and secure.
but you and I are not typical end users either. I can't say as I've ever sent a pc back to the manufacturer. I've never had a laptop fail while still in warranty, and after that I'd rather fix it myself. As far as desktops -- well, I haven't bought a pre-built one from a manufacturer in many years.
I don't get, and never have gotten, why one of the first things a manufacturer doing warranty work does isn't to pull your drive out and pop in a standard one. Boot the standard drive with diagnostics and repair any hardware issues. If the problem persists, the vendor can then connect the owner's drive to a diagnostic bench and know if the drive if physically intact. At this point, no customer data has been altered because at no time has the machine mounted the existing file system.
Both of these steps are simple and linear, they don't require great diagnostic skill or time. If the machine passes both tests, the manufacturer can contact the consumer and offer to either re-image the drive as it was when new for a small fee, attempt to repair the software configuration at a much much higher fee, or return the unit for the consumer to find a local specialist to recover the data.
As a standard practice, this would seem to me to limit repair time and cost, limit damage to consumer data when not necessary, and generally make more people happy more of the time.
You don't pay attention to them when you're entering your password, but if the aren't the same or if they aren't moving you do notice instantly.
A certain very large agency of the United States Government who may have been or may still be a really big Notes shop really wanted this feature.
If you were to fake a login box to someone, you'd have to have the images move correctly. They are not linear and are not tied solely to password. They are a combination (hash) of the private key and the passsword. You cannot duplicate them without having either recorded them visibly or else knowing the password AND having the private key (which is stored in the ID file itself).
The Notes client used public/private key based encryption as far back as 1990. It has always been the most secure product in its class, and remains so.
In addition to the gliphs, each key you press as you enter the password produces 1 or more than 1 "X" characters so that you can't count the x's to get password length.
..on linux boxes, and I know there is a win32 version as well. Its command line driven, and uses a database hash list on both sides to determine what has changed. It has conflict resolution capabilities and plenty of options.
It works very much like Lotus Notes replication, but for file systems.
For over a month I tried to get a replacement for my D820 - which isn't on the recall list.
They told me 3 times it would go out overnight but didn't. Finally, I had a "manager" on the customer service chat swear she would get it resolved and it would ship overnight. HOWEVER, when I tried to pin her down to when it would SHIP, she wouldn't give a date at all and claimed it could take up to 8 days to get it "in the system".
08/25/2007 03:38:40PM Agent (Khushboo Sharma): "The replacement order will be sent to you overnight." 08/25/2007 03:38:54PM (me): "when will it be shipped?" 08/25/2007 03:38:56PM Agent (Khushboo Sharma): "However, it will take some to get the new order number generated and get it shipped out of Dell." 08/25/2007 03:39:08PM (me): "I need you to say, clearly, that it wil be shipped on MONDAY and will be shipped OVERNIGHT." 08/25/2007 03:39:35PM (me): "I am not a moron. I have been duped before. Not again." 08/25/2007 03:40:44PM Agent (Khushboo Sharma): "I can not assure you that it will ship on Monday."
--- and it went on and on.... Finally I made them refund the money on the order, and I order the replacement from someone else who actually had them.
Do you also own a cat with a diamond collar?
on
Failing Our Geniuses
·
· Score: 2, Funny
I'm just curious here, because it sounds like the next thing you'll be talking about is your superweapon and plan to repopulate the earth with your lycra jumpsuit clad workers if only you can stop that meddlesome Mr. Bond....
Seriously though -- I'm sure half the people reading this on/. found school similarly boring. Nonetheless, you are here as a result of your education and your own additional work. No point still being bitter, yes?
Slashdot Mirror
our first 16k systems, our first 12 Megabyte hard disk (external) and the massive full height 80MB one that came along later. Anyone own a SHUGART drive?
Notes is still the #1 enterprise mail and collaboration platform. In the U.S., that margin is below the level of error but in Europe and Asia it is significant.
Microsoft continues to be better at making software people like to use at their desktop. Its what they're good at. Yet from an enterprise I.T. perspective, the Domino/Notes platform remains much cheaper and easier to manage. It also remains much more secure, much more cross platform (there's nothing at all cross platform about Exchange) and much more flexible.
What's more, the Lotus platform now has a client built on Eclipse that is FULLY SUPPORTED in Linux, Mac, and Windows platforms at the workstation -- and they're increasing platforms rather than decreasing them. It speaks java, web services, smtp, imap, nntp, snmp, http, and ldap, and integrates with just about anything. Compare that with say...exchange.
So, what's the problem? Oh, and don't tell me "I used it once in...." or "I use it at my company" if we're talking about version 4, 5, or 6. Those are now YEARS out of date. Its like that Macs don't multitask well if you're basing that on the old Mac OS and ignoring OSX. Sure, my old Mac SE doesn't multitask well either.
Of course, that's just my opinion. Lets review his record.
He came out strongly against blogs, bloggers, and all such. Only professional journalists like him should write.
He's been saying for years that Lotus Notes was dead and gone, just to stir the pot and get talked about.
He went to a lot of trouble to stand up for Sarah Radicatti (the Radicatti Group) after she was caught astroturfing her own badly written report.
He wrote a blog calling himself "The Fake Steve Jobs" -- which is only slightly more distant from true journalism than his articles usually are.
Other than that, I'm a huge fan.
The believe was that by rubbing the check on a magnet (a big speaker magnet seemed always to be handy in those days) it would make the check harder to read with the automatic readers and could delay the transaction by a day or two.
I have no idea if it actually worked, if the ink even contained metal or a magnetic substance, or if we were just wasting our time.
I am a firefighter, though not in that part of the country. I can tell you that in that kind of wind, stopping any fire in even a single home once the wind can get in (windows broken, etc.) is going to be extremely difficult.
Embers larger than your hand can travel hundreds or even thousands of feet in that kind of wind and still be viable. These land on grasses and structures that have been dried over months then punished for days with these 90 degree, single digit humidity level winds. The winds are like a blow drier pointed at you face, on medium setting...for days.
In the great Chicago fire, people fled across the river -- and embers were able to cross that space to ignite structures on the other side. Not just embers, either. The fires create their own weather, creating vortexes that look like tornados hundreds of feet high. Pretty scary stuff. You're not going to slow it down with a garden hose on your roof, and you're not going to put it out with a fire truck and a couple of hand lines.
TFA is about writing code that treats the data it uses securely. We're not talking about having off-site backups through the internet necessarily. Nobody (surely not me) is saying you should back up your data to an internet site that stores it in a way they can see it. I'm talking about the data you need for the application to work properly -- in the case of an online application. I'm saying you can't rely on the user to store it. You have to store it in your application. Yes, you should do so in a secure way, but you have to be able to read it so that you can use it to do whatever your application does. If your application doesn't need it, you shouldn't be storing it at all.
Rule 1: Don't collect any personal data you don't need for the operation of the program or web site.
Rule 2: For information you DO collect, do not trust the end user not to loose it.
Your points primarily relate to rule 1 -- That is, my application should not be storing any data not directly needed for its operation. I don't collection ss# because there is no need. I don't store credit card numbers because there is no need. You can't have stolen from me what I do not store.
On these points, I agree completely with you.
My point is on that information I do need (in the case of my work, this involves cell phone numbers and email, often home address and telephone numbers as well) my users would be very upset if I did not store this on my end so that it was available to them without them having to re-enter it from any other PC or if they deleted local cookies.
As a matter of practice, you store a key to the data on the user's machine but not the data itself. You also use and password or something so that if the user looses the key or logs in from another PC that key can be replaced. If you store the real user data in the local machine (say in a cookie for web apps) than the loss of the cookie means the application breaks for that user. User environments are not reliability enough for this to be acceptable.
Unlike T.V., in the real world most violent criminals are not terribly bright and are caught through far more stupid actions than those required on CSI.
If malware writers were really all that good, you'd never know you were infected. Its the same thing.
Here's my official WTF? I posted this exact story w/ a link to Science Daily's article two days ago -- before it was on Extreme Tech and half the other interwebs out there. I've never whined about having a story declined, but seeing the exact same story in here two days later isn't leaving me with that happy, warm, well fed feeling.
Just wait for Windows Cyborg/Pro with TrulyDirectX 12!
The BSOD becomes the BSOD (Black Shroud of Death) however, which means you really want to test this stuff better.
...if I'm several steps ahead of you in a burning house, it is only because I'm using a some rescue webbing to drag you out while keeping your head down. You don't really ever want that to happen.
Think about how you'd write the code for the machine. Your job is to count -- you have to find at least two distinct signatures. If you find more than one that is distinct, you ignore that car. If you find less than one, what do you do? Probably you consider this a detection error. A thermally reflective glass coating would work. I'd bet a heat pack hand warmer on the dashboard would do it too.
If it were me, I'd try a thermal hand warmer pack on the dashboard by the passenger seat; and maybe one each on a string in the back seat about where heads would be for back seat passengers.
Remember, glass is transparent in the visual spectrum, but can be opaque in the infrared. I know this from using Thermal Imaging Cameras in houses that are on fire. A big living room window can look just like a wall -- or even a mirror -- through the screen of a TIC depending on what outside temperature. You can see the shape of a person on the TIC when what you're looking at is a porcelain shower stall. Your own heat is being reflected back at you.
This sounds like a despot's dream. The systems receiving the data are "unseen". The path the vote takes to them is uncontrolled. The user of the phone is unverified. On top of all that, you've formally tied your Cell Phone to your National ID making you one of the most easily traced animals on the planet.
...A certain world leader who has been called "Messianic" and has declared that he has to invade [another country] because nobody else will have the guts to do it, is in fact in charge of a rather large stockpile of nukes. That least is GW Bush, and the country he's said he has to invade is Iran. (New Yorker article, about a year ago).
...in his article of IE simply to avoid the "IE Sucks" discussion. Consultants do what consultants are paid to do. Someone owned the project scope and was responsible. That person utterly failed to reconcile things like scalability and product choice. Regardless of the merits of IE based code, the PM allowed it to be done without checking with the desktop people.
...stupid decisions based on myth over reality. You have front end people making decisions about browser security in utter discord with back end choices made for functionality. You have redesign of existing functional systems without starting back at the design specification. You have scale failures because you didn't test your nonexistent spec. for scale.
I'm glad I don't work there.
If you were to use some kind of running hash algorythm, then all you would need to validate a paper would be a single receipt and its order, and another single receipt from that machine and its order. The hash at each point in the stream would not match if votes between the two points had been changed.
At each point in the linear order of votes cast, the hash would be altered by including the next vote. Change order of or number of votes, and a different hash will evolve. As long as a trail of each vote and that hash at that time were kept, then any receipt could be compared to the stored value in the machine for that receipt number to be certain that all the records to that point match what users were given.
The algorythm in the machine could also be validated by running the same sequence of votes through a 'known good' source and comparing the hashes.
I'm sure I'm missing some finer details here, but in principal this should be extremely effective and secure.
but you and I are not typical end users either. I can't say as I've ever sent a pc back to the manufacturer. I've never had a laptop fail while still in warranty, and after that I'd rather fix it myself. As far as desktops -- well, I haven't bought a pre-built one from a manufacturer in many years.
I don't get, and never have gotten, why one of the first things a manufacturer doing warranty work does isn't to pull your drive out and pop in a standard one. Boot the standard drive with diagnostics and repair any hardware issues. If the problem persists, the vendor can then connect the owner's drive to a diagnostic bench and know if the drive if physically intact. At this point, no customer data has been altered because at no time has the machine mounted the existing file system.
Both of these steps are simple and linear, they don't require great diagnostic skill or time. If the machine passes both tests, the manufacturer can contact the consumer and offer to either re-image the drive as it was when new for a small fee, attempt to repair the software configuration at a much much higher fee, or return the unit for the consumer to find a local specialist to recover the data.
As a standard practice, this would seem to me to limit repair time and cost, limit damage to consumer data when not necessary, and generally make more people happy more of the time.
You don't pay attention to them when you're entering your password, but if the aren't the same or if they aren't moving you do notice instantly.
A certain very large agency of the United States Government who may have been or may still be a really big Notes shop really wanted this feature.
If you were to fake a login box to someone, you'd have to have the images move correctly. They are not linear and are not tied solely to password. They are a combination (hash) of the private key and the passsword. You cannot duplicate them without having either recorded them visibly or else knowing the password AND having the private key (which is stored in the ID file itself).
The Notes client used public/private key based encryption as far back as 1990. It has always been the most secure product in its class, and remains so.
In addition to the gliphs, each key you press as you enter the password produces 1 or more than 1 "X" characters so that you can't count the x's to get password length.
Notepad isn't standalone at all. It relys on a massive library set called Windows for its UI.
..on linux boxes, and I know there is a win32 version as well. Its command line driven, and uses a database hash list on both sides to determine what has changed. It has conflict resolution capabilities and plenty of options.
It works very much like Lotus Notes replication, but for file systems.
For over a month I tried to get a replacement for my D820 - which isn't on the recall list.
They told me 3 times it would go out overnight but didn't. Finally, I had a "manager" on the customer service chat swear she would get it resolved and it would ship overnight. HOWEVER, when I tried to pin her down to when it would SHIP, she wouldn't give a date at all and claimed it could take up to 8 days to get it "in the system".
08/25/2007 03:38:40PM Agent (Khushboo Sharma): "The replacement order will be sent to you overnight."
08/25/2007 03:38:54PM (me): "when will it be shipped?"
08/25/2007 03:38:56PM Agent (Khushboo Sharma): "However, it will take some to get the new order number generated and get it shipped out of Dell."
08/25/2007 03:39:08PM (me): "I need you to say, clearly, that it wil be shipped on MONDAY and will be shipped OVERNIGHT."
08/25/2007 03:39:35PM (me): "I am not a moron. I have been duped before. Not again."
08/25/2007 03:40:44PM Agent (Khushboo Sharma): "I can not assure you that it will ship on Monday."
--- and it went on and on.... Finally I made them refund the money on the order, and I order the replacement from someone else who actually had them.
I'm just curious here, because it sounds like the next thing you'll be talking about is your superweapon and plan to repopulate the earth with your lycra jumpsuit clad workers if only you can stop that meddlesome Mr. Bond....
/. found school similarly boring. Nonetheless, you are here as a result of your education and your own additional work. No point still being bitter, yes?
Seriously though -- I'm sure half the people reading this on