I can recommend "Maximum Security: A Hacker's Guide to Protecting your Internetsite and Network" by Anonymous, published by SAMS. It's a real hacker's/cracker's eye view of network security. Concentrating on explaining techniques and software for cracking and defending against attacks. It's really heavy on catelogueing the different attacks and exploits and explaining how they work, but being (comparatively) light on the "ensuring security" side. But this is made up for by the fact that the book is full of links to RFC's, BUGTRAQ postings etc. Basically you read about a class of attacks here, then follow the links to the Web and the detailed info. This also helps stop the book from immediately becoming out of date.
>> P.S. How in the hell are we supposed to remember addresses like >>127.12.255.234.127.123.55.234.124.121.253.231. 227.12.215.134?
> You're not. The obvious solution is to make sure you use DNS so you don't have to worry about what the IP is.
How in the hell are we supposed to remember DNS names like www.toaster.upstairskitchen.myhouse.org.au.earth.s ol.milkyway....?
Averages can fix the bad moderator problem...
on
Moderation Ideas
·
· Score: 1
In image processing speak what I'm about to explain is basically "alpha trimmed mean".
1. The moderators score an article on a scale of -1 to 5 (or what ever).
2. Slashdot takes the list of scores for an article and sorts them.
3. Slashdot discards the top and bottom 20% (or whatever, aka 'alpha') of the scores from the sorted list. (This is the trimming bit).
4. Slashdot them averages the remaining list of scores and uses the result as the actual score for the article. (statistical mean bit here).
Problem solved. Articles get moderated. Bad moderators have no effect. No meta-moderation is needed. No race conditions either. A few more moderators and moderator points would need to be handed around.
As a bonus, a background process can hunt for bad moderators and eliminate them. It would just have to find moderators that constantly score articles way different from thier peers. (Insert statistically analysis here).
That's an interesting observation, and you are right. But in C once you've overflowed the stack or a buffer a few times you quickly learn that you certainly can manipulate code as data. Especially when you don't want to!
But C really is a higher level asm. Every construct and feature in C maps very closely to an asm analogy(? you know what I'm trying to say?). While features like type checking, array bounds checks, garbage collection and virtual functions and classes from high level languages don't really match anything in the asm world at all.
I guess it's more a question of how much asm is needed per statement in a high level language than anything else...
Let's have another look at this. The old program has a Customer class with one address. All the other classes are happy and work fine with this one address customer class. Now we add the ability of extra addresses to the customer class. The GetAddress() method can still return the old/default address just like in the original customer class. While new code that needs the extra addresses can use a new GetAddresses() method. The old GetAddress() method works just like it always did for the old code, and the new GetAddresses() method works for the new code. No problem.
Extra functionality can be added to a class while maintaining the functionality of the old interface (GetAddress() for example) and the old dependant code. This is a big part of the advantage of OO. Provided GetAddress() returns the customer address, the dependant code doesn't care how the address is stored by the customer class. Hell you could then replace the DB under the customer class with a brain in a jar and still keep the dependant code!
Hardcoding SQL queries all over the place is it's own punishment.
You have forgotten one of the biggest reasons why software sucks. Most programmers are poor and write bad code, don't understand multithreading issues, can't manage memory, don't appreciate security issues, don't take the time consider other things that will influence thier code etc etc. Of course I'm being a bit harsh here. Poor programmers can become good ones with time, learning and practice. But time for learning and practice is rare when you have management breathing down your neck. Hence most people can't improve.... sad state of affairs..
..and the RCX would have been the size of VCR.:-) Imagine the size of the motors and the batteries you would need. Not too mention the amount of bricks just to build something half useful. The Mindstorms kit would come with buckets and buckets of bricks too.
I'm just wondering how raising an animal without parents will affect it. For many 'simplier' creatures it won't matter. But imagine trying to recreate a more 'social' species like ants or chimps. What would the first ant do by itself? How would the first chimp learn to act like an chimp? There is a lot of 'stuff' which make up a species but is not contained in its genes. Learnt behaviours would be lost.
Generally, open source licenses don't cover scripts/programs written in the OSS script/programming language. For example if you write a C prog and compile it with GCC, the input source does not become GPL'ed, and the output does not become GPL'ed either. As you pointed out PHP4 would be quite useless if the QPL didn't have the same 'idea' in mind. Most of the stuff in the QPL will apply to programs derived from the zend program source I guess.
The only problem I have with this idea is that it would give NT admin geeks too much leverage when it comes to strikes. If a strike was called, which admin to you think people would miss first? The NT guy or the Linux (or *nix-whatever) guy? sheesh.. it could be years before the Linux server developed a fault which needed the admin. That's really going to bring the PHBs to thier knees... not.
> The problem here is a question of scale: can I > fit all of Quake 3's rendering pipeline into > the hardware? If I can, it should > cream a dedicated processor. If I can't, I > lose major amounts of speed switching the > gate array, or to using a less-efficient > general layout on one part of the array.
> To my understanding, FGPAs are slower and > larger than dedicated circuitry, which limits > the transistor count if you're looking at a > reasonable die size.
Bearing this in mind, I fail to see how useful these devices would be for something like a 3D application. By putting a 3D pipeline on a FGPA you're just using it as a dedicated 3D chip like your typical nVidia TNT, 3dfx VoodooX etc, except that your FGPA is built on slower bigger technology compared to the CMOS competition (TNT, Voodoo etc). Which do you think is going to perform better?
But thinking again, perhaps FGPAs could be produced cheaper than normal chips. Should be possible as you only have to produce one kind of chip, instead of a different chip for CPU, FPU, DSP, 3D, etc. Then instead of buying computer with a CPU and a DSP (sound) *and* a gfx 3D chip etc, you just get a box that's packed full of these cheap FPGAs and configure them for what you need. Since the FPGAs are so much cheaper, you just buy a lot more of them and beat 'standard' computing using sheer numbers (and parallelism). (and then all the 3D chip companies transform into software companies and live happily ever after).
You obviously don't understand what is going on here. Code has nothing to do with it. The test data is such that it is static and just the right size to fit in IIS's cache and not the cache of other servers. This test data does not represent anything in the real world.
I've used it a bit in the past and I must say that it really is nothing like C. To me it feels very LISP like. The heavy use of []. Blocks (which are often just lists of things) being used to store most data, and the everything-is-data-until-executed way of working. Also, Rebol is a hell of a lot more dynamic and lose than C. Any 'word' (or function) can be redefined anywhere, anytime.
Try it out, it's fun. But you won't get very far using a C like programming mentality.
I really don't understand how a fully armed society is preferrable to an unarmed society.
What about all the victims who were shot *only* because the criminal feared that they had a gun?
BTW, statistics about lives saved due to guns don't make any sense when you simply do *not* *know* what would have happened if a gun had not be involved.
Is an instant death penalty fair for a punk kid who just wants to steal a few extra bucks?
Is a society really 'free' when you have to sleep with a gun under your pillow? do you really want to live in a society where that is neccessary?
If someone reallys wants kill you they will just do it. Do you really think that they will give a sporting chance and let you reach for your gun? or will they just empty your skull as soon as they see you? what do you think is more likely?
I thought the writer had some interesting examples, but I think that he missed some very important points that these examples show.
"Close Enough is Often Good Enough" aka "The Best Technology Doesn't Always Win"
I thought the VCR examples would have jolted his memory about good old VHS vs Beta story. Simply put, the technology with the best playback quality doesn't always win when there are other issues like play length for example. (You can fit a lot more music using MP3 on a CD than normal audio CD.)
Email. The writer missed the most important point here that it's not format that counts (true, he got that right), but the fact that *everyone* uses it, and that everyone exchanges information using it. If the writer thinks that the format for email is not important then he should try to use an alternate format for email for a while. (Hint: Only being able to send email to yourself gets very boring very quickly). MP3 looks set to provide a standard that everyone can agree to use.
The cornerstone of MS's hold on the desktop is based on the control and use of nonpublic proprietry APIs and file formats. 'Freeing' up the OS won't make much of a difference while MS still has everyone who uses Office by the nuts. Or should I say by "the data".
Q: Why can't people move to a different productivity suite?
A: They can't. All thier data is locked away in proprietry MS file formats.
Q: Why can't people write filters for other programs?
A: MS is reluctant to give up the format info.
Q: Yes, but people have written filters anyway, what's wrong with those?
A: They're often incomplete and by the time they are written the latest version of Office is out and the file formats have changed again.
Q: But couldn't people just settle on using an older version of the Word file format?
A: People and businesses need to stay up to date wrt to MSOffice so that they can handle.doc files from thier peers that have been written in the latest MSWord.
A workable solution to the MS problem would also have to handle the file format issue. Maybe with a requirement to have the file format public. Maybe XML will help here. I think that making all info wrt interchange and file formats would be a good lesson for the SW industry in general.
Even the mailbox format in Outlook is non-standard!
Does anyone know the format for NS mailbox summary files?
Although it may only take 15minutes to actually put the links up on the site, the real work is in what you *don't* see. Only select items make it to the front page of/.. The real work is identifying which links go up from the hundreds that are submitted each day. There is a lot I imagine below the surface.
Slashdot Mirror
..trying to work out what is on a billboard by using a microscope. At that level everything looks the same...
Anyone who has spent time with a disassembler knows what I mean.
--
Simon
I can recommend "Maximum Security: A Hacker's Guide to Protecting your Internetsite and Network" by Anonymous, published by SAMS. It's a real hacker's/cracker's eye view of network security. Concentrating on explaining techniques and software for cracking and defending against attacks. It's really heavy on catelogueing the different attacks and exploits and explaining how they work, but being (comparatively) light on the "ensuring security" side. But this is made up for by the fact that the book is full of links to RFC's, BUGTRAQ postings etc. Basically you read about a class of attacks here, then follow the links to the Web and the detailed info. This also helps stop the book from immediately becoming out of date.
I learnt a hell of a lot. Go get it.
>> P.S. How in the hell are we supposed to remember addresses like. 227.12.215.134?
s ol.milkyway....?
>>127.12.255.234.127.123.55.234.124.121.253.231
> You're not. The obvious solution is to make sure you use DNS so you don't have to worry about what the IP is.
How in the hell are we supposed to remember DNS names like www.toaster.upstairskitchen.myhouse.org.au.earth.
In image processing speak what I'm about to explain is basically "alpha trimmed mean".
1. The moderators score an article on a scale of -1 to 5 (or what ever).
2. Slashdot takes the list of scores for an article and sorts them.
3. Slashdot discards the top and bottom 20% (or whatever, aka 'alpha') of the scores from the sorted list. (This is the trimming bit).
4. Slashdot them averages the remaining list of scores and uses the result as the actual score for the article. (statistical mean bit here).
Problem solved. Articles get moderated. Bad moderators have no effect. No meta-moderation is needed. No race conditions either. A few more moderators and moderator points would need to be handed around.
As a bonus, a background process can hunt for bad moderators and eliminate them. It would just have to find moderators that constantly score articles way different from thier peers. (Insert statistically analysis here).
Whatdoyathink?
--
Simon
That's an interesting observation, and you are right. But in C once you've overflowed the stack or a buffer a few times you quickly learn that you certainly can manipulate code as data. Especially when you don't want to!
But C really is a higher level asm. Every construct and feature in C maps very closely to an asm analogy(? you know what I'm trying to say?). While features like type checking, array bounds checks, garbage collection and virtual functions and classes from high level languages don't really match anything in the asm world at all.
I guess it's more a question of how much asm is needed per statement in a high level language than anything else...
I'm sorry, but you are speaking bullshit.
Let's have another look at this. The old program has a Customer class with one address. All the other classes are happy and work fine with this one address customer class. Now we add the ability of extra addresses to the customer class. The GetAddress() method can still return the old/default address just like in the original customer class. While new code that needs the extra addresses can use a new GetAddresses() method. The old GetAddress() method works just like it always did for the old code, and the new GetAddresses() method works for the new code. No problem.
Extra functionality can be added to a class while maintaining the functionality of the old interface (GetAddress() for example) and the old dependant code. This is a big part of the advantage of OO. Provided GetAddress() returns the customer address, the dependant code doesn't care how the address is stored by the customer class. Hell you could then replace the DB under the customer class with a brain in a jar and still keep the dependant code!
Hardcoding SQL queries all over the place is it's own punishment.
-- Simon
You have forgotten one of the biggest reasons why software sucks. Most programmers are poor and write bad code, don't understand multithreading issues, can't manage memory, don't appreciate security issues, don't take the time consider other things that will influence thier code etc etc. Of course I'm being a bit harsh here. Poor programmers can become good ones with time, learning and practice. But time for learning and practice is rare when you have management breathing down your neck. Hence most people can't improve.... sad state of affairs..
The ability of a program to always be able to detect if it had been modified is the Holy Grail of the Software Anti-piracy world.
I have never seen an anti-piracy scheme that couldn't (read: hasn't) been cracked. There is no such thing.
..and the RCX would have been the size of VCR. :-) Imagine the size of the motors and the batteries you would need. Not too mention the amount of bricks just to build something half useful. The Mindstorms kit would come with buckets and buckets of bricks too.
Can anyone comment on the security of these messaging protocols/systems?
An insecure messaging system used in a business context is less than useless. It's dangerous.
I'm just wondering how raising an animal without parents will affect it. For many 'simplier' creatures it won't matter. But imagine trying to recreate a more 'social' species like ants or chimps. What would the first ant do by itself? How would the first chimp learn to act like an chimp? There is a lot of 'stuff' which make up a species but is not contained in its genes. Learnt behaviours would be lost.
Disclaimer: I'm just guessing here.
Generally, open source licenses don't cover scripts/programs written in the OSS script/programming language. For example if you write a C prog and compile it with GCC, the input source does not become GPL'ed, and the output does not become GPL'ed either. As you pointed out PHP4 would be quite useless if the QPL didn't have the same 'idea' in mind. Most of the stuff in the QPL will apply to programs derived from the zend program source I guess.
I can't remember the number of times I've done that. Just today I had a "sheeesh, this page is taking ages" moment again...
When buying a CPU Mhz doesn't matter, it is price vs performance that matters. CPUs of equal price should be compared in these kinds of tests.
It's a pity that they don't have a price vs performance graph etc.
Equal Mhz. Who cares. It's equal $ that matters. Anyone got prices and benchmarks for these chips?
The only problem I have with this idea is that it would give NT admin geeks too much leverage when it comes to strikes. If a strike was called, which admin to you think people would miss first? The NT guy or the Linux (or *nix-whatever) guy? sheesh.. it could be years before the Linux server developed a fault which needed the admin. That's really going to bring the PHBs to thier knees... not.
:)
> The problem here is a question of scale: can I
> fit all of Quake 3's rendering pipeline into
> the hardware? If I can, it should
> cream a dedicated processor. If I can't, I
> lose major amounts of speed switching the
> gate array, or to using a less-efficient
> general layout on one part of the array.
> To my understanding, FGPAs are slower and
> larger than dedicated circuitry, which limits
> the transistor count if you're looking at a
> reasonable die size.
Bearing this in mind, I fail to see how useful these devices would be for something like a 3D application. By putting a 3D pipeline on a FGPA you're just using it as a dedicated 3D chip like your typical nVidia TNT, 3dfx VoodooX etc, except that your FGPA is built on slower bigger technology compared to the CMOS competition (TNT, Voodoo etc). Which do you think is going to perform better?
But thinking again, perhaps FGPAs could be produced cheaper than normal chips. Should be possible as you only have to produce one kind of chip, instead of a different chip for CPU, FPU, DSP, 3D, etc. Then instead of buying computer with a CPU and a DSP (sound) *and* a gfx 3D chip etc, you just get a box that's packed full of these cheap FPGAs and configure them for what you need. Since the FPGAs are so much cheaper, you just buy a lot more of them and beat 'standard' computing using sheer numbers (and parallelism). (and then all the 3D chip companies transform into software companies and live happily ever after).
I hope I have made some sense.
--Simon
You obviously don't understand what is going on here. Code has nothing to do with it. The test data is such that it is static and just the right size to fit in IIS's cache and not the cache of other servers. This test data does not represent anything in the real world.
--Simon
I've used it a bit in the past and I must say that it really is nothing like C. To me it feels very LISP like. The heavy use of []. Blocks (which are often just lists of things) being used to store most data, and the everything-is-data-until-executed way of working. Also, Rebol is a hell of a lot more dynamic and lose than C. Any 'word' (or function) can be redefined anywhere, anytime.
Try it out, it's fun. But you won't get very far using a C like programming mentality.
Open Your Mind (tm)
--Simon.
Does that mean that anyone with a magnet or anything that produces an electric charge can easily alter the little ball thingies?
raises some interesting possiblities... at least any damage would be easy to 'clean up'.
I really don't understand how a fully armed society is preferrable to an unarmed society.
What about all the victims who were shot *only* because the criminal feared that they had a gun?
BTW, statistics about lives saved due to guns don't make any sense when you simply do *not* *know* what would have happened if a gun had not be involved.
Is an instant death penalty fair for a punk kid who just wants to steal a few extra bucks?
Is a society really 'free' when you have to sleep with a gun under your pillow? do you really want to live in a society where that is neccessary?
If someone reallys wants kill you they will just do it. Do you really think that they will give a sporting chance and let you reach for your gun? or will they just empty your skull as soon as they see you? what do you think is more likely?
I thought the writer had some interesting examples, but I think that he missed some very important points that these examples show.
"Close Enough is Often Good Enough"
aka
"The Best Technology Doesn't Always Win"
I thought the VCR examples would have jolted his memory about good old VHS vs Beta story. Simply put, the technology with the best playback quality doesn't always win when there are other issues like play length for example. (You can fit a lot more music using MP3 on a CD than normal audio CD.)
Email. The writer missed the most important point here that it's not format that counts (true, he got that right), but the fact that *everyone* uses it, and that everyone exchanges information using it. If the writer thinks that the format for email is not important then he should try to use an alternate format for email for a while. (Hint: Only being able to send email to yourself gets very boring very quickly). MP3 looks set to provide a standard that everyone can agree to use.
Can anyone explain in English what effect the change to the es1370 an es1371 sound drivers was.
--Some-guy-who-would-like-to-have-CD-audio.
The cornerstone of MS's hold on the desktop is based on the control and use of nonpublic proprietry APIs and file formats. 'Freeing' up the OS won't make much of a difference while MS still has everyone who uses Office by the nuts. Or should I say by "the data".
.doc files from thier peers that have been written in the latest MSWord.
Q: Why can't people move to a different productivity suite?
A: They can't. All thier data is locked away in proprietry MS file formats.
Q: Why can't people write filters for other programs?
A: MS is reluctant to give up the format info.
Q: Yes, but people have written filters anyway, what's wrong with those?
A: They're often incomplete and by the time they are written the latest version of Office is out and the file formats have changed again.
Q: But couldn't people just settle on using an older version of the Word file format?
A: People and businesses need to stay up to date wrt to MSOffice so that they can handle
A workable solution to the MS problem would also have to handle the file format issue. Maybe with a requirement to have the file format public. Maybe XML will help here. I think that making all info wrt interchange and file formats would be a good lesson for the SW industry in general.
Even the mailbox format in Outlook is non-standard!
Does anyone know the format for NS mailbox summary files?
Although it may only take 15minutes to actually put the links up on the site, the real work is in what you *don't* see. Only select items make it to the front page of /.. The real work is identifying which links go up from the hundreds that are submitted each day. There is a lot I imagine below the surface.
--Simon Edwards