Something banks should probably start doing is notifying customers when their account is logged in from more than one place. AIM does this with Instant Messenger, although it doesn't give me IP addresses. It's not quite enough to just tell me when I last logged in, I think.
Part of me also wishes that they'd record the operations performed in each session. If I know that I only logged into my account once last week, but I notice that there are 4 sessions with transfers going on, then I might get a clue that there's something to look into. The tools available to online financial institutions are HUGE. If I can do this sort of tracking with things like simple helpdesk tickets, why can't a bank do so with my money?
Until recently only Internet Explorer has support XMLHttpRequest, which is why GMail first worked on IE, and Firefox but not other browsers (Firefox implemented a version).
XMLHttpRequest *WAS* (still is) an ActiveX control. OWA wouldn't work with it.
Why should there be? Almost NO ONE dies because of software bugs. Every other possible crime, like embezzlement and fraud, is covered by other laws. Why target developers?
Something that OSes need, is sandboxing. You install program a in/sandbox/app. Can even run as root but any changes to the system get throw out when/sandbox/app is removed.
Hell, after personally working with my father's SOHO for a while, I'm convinced EVERY app needs to be sandboxed.
In order to install software to perform the "shatter attack" you must *BE* an administrative user. No such software is installed by default in Windows. As such, it must be installed by the end user.
Hence, all spyware/worms of this nature are end-user issues.
Please note that X11 is not immune to similar attacks. If you have certain filesystem permissions, you can most certainly hijack other windows on your system, and Linux and many Unixes have been plagued with privilege escalation bugs over the years.
I've just built an order taking system Java/SWing for laptops for trade-show personnel to take orders in real time with 1000 listed products. I developed the system on a PII-600 (a nearly 6yo HP Omnibook 6000) to deploy on something equal to or better. It's almost indistinguishable from a C++/MFC app I might have authored in my youth.
I think there's something to be said for bloated frameworks (cough - weblogix) but Java itself is not overly handicapped wrt performance.
If an operation can block, and prevent system responsiveness, then a thread is a viable means of working around the issue.
With that in mind, worker pools of 50 threads in apache make sense, since each thread can iterate [select()] amongst 1-n sockets, and the case of 1 socket blocking abnormally will not render the entire webserver immobile.
In a GUI application, when a user executes a long-running task, like "generate a report", you'd trigger it in a thread so that your message pump can get back to work keeping the window drawing primitives going.
Other uses of threads, such as compute tasks, are less wise, IMHO, but sometimes they have their places.
I've had issues with MSCS (homebrews and Dell/HP solutions) with mysterious service migration, and one instance where the whole thing got fubared because someone put a SQL TXN Log on the quorum disk, but on the whole I've not had issues with them
I think Dell hardware just sucks, and it figures that the cluster I manage now with this migration issue, and the previous one are both Dell configurations.
It's certainly nothing I'd want enabled on a system wide basis. I mean, the simple process of walking a bitmap or list of thread handles could increase the time required to touch/access a page O(1), which would suck in a system of lots of threads (I've only seen one design that actually was better off with 600 threads than 60 threads with 10 WFMO/select() handles per).
I guess what I want is a fast fork() on WIN32.:-/ AFAIK, it's the only commonly available OS at the moment without one. Java doesn't quite have that feature either, and with Java, the usefulness of such a feature (thread protected memory) is open to debate.
<quote> Some platforms just don't support the fork() mechanism... </end-quote>
And multitasking with processes sucks when fork() is not available. 90% of OSes treat processes as threads these days (if they support threading, that is) and provide memory protection to processes. Why cannot they do the same on a threadly basis? Hmm?
Threads aren't the end-all be-all of multi-processing, but they sure are useful.
Now what I'd like to see is thread-protected heaps. Where malloc()d memory is accessible only to the thread that created it. Yes, some mechanism would have to be created where a thread could delegate access to it's heap, I suppose. There are times where I'd want to start a series of threads from a message dispatcher, and allow the children to only access the parent's message queue, and not allow the parent access to the child's message queue (Yes, I understand there are better mechanisms for this like pipes, but it's a simple example).
Some platforms just don't support the fork() mechanism, and I'd like one more tool to help make threaded system design a little more robust.
Trust me, they care. There are certain logistical problems in rolling out this system, which is why only a small number of the states are pursuing it at this time. Certainly, if it's a success, and the cost is low compared to the effect required, you'll probably see more jump on, and something similar occur over in the EU in the next few years.
I'll disagree with you. As a user of GPLd software, I am more free than someone who purchases some BSDd agglomeration from ABC Co.
Even if I paid the same amount of money as him, if my vendor goes tits up, I still have 100% of the code and, more importantly, access to my data than the other guy. As a user, I am more *Free* under the GPL than BSD. As a developer, on the other hand, I am more free under BSD.
Competing interests, perhaps. But I am a user of software first, a developer second.
This GPL (likely) change wouldn't affect those companies.
Only those who take GPLd software, enhance it, and resell services to other end-users. If a company then wants to take those changes and move from your hosted environment to their own, or even set up a competing environment, you would have to distribute your changes.
Have a look at the SugarCRM Public License to get an idea of what the GPL (v3) is trying to accomplish.
I start company XYZ, selling osCommerce, SQL-Ledger and SugarCRM to people. I then create modifications to all of the above, allowing them to integrate better, and work seamlessly with one another without special cron jobs, db import/export jobs, etc.
I get 1000's of customers using my product.
Company ABC decides he needs to grow, and needs to move off of my services. He should be provided with my code changes, since except for SugarCRM, the above are GPLd. At the moment, with GPLv2, I would not be required to give Company ABC my changes. SugarCRM Public License on the other hand, would FORCE me to give him my changes, since that is a component of the license distribution clauses. I also cannot CHARGE for those code changes. That is because SugarCRM wants to encourage app hosting, but not screw end users.
That is the hole in the GPL that RMS/FSF is trying to plug. I personally consider that a giant hole, and counter to the spirit and intent of the GPL. This was a simple failure of the FSF to forsee a return to application hosting in the general computing landscape, when the trend of the late 80's/early 90's was the exact opposite.
You do know that almost all of the APICallA()'s are just stubs to to the W() versions, right? So that every application in the world wouldn't be forced to use Unicode? It was a deliberate design choice nearly 12 years ago, and it would be silly to undo it now. In fact, it's probably impossible, since the number of non-Unicode apps DWARFS the number of Unicode apps.
Yea, I don't want a developer mucking around with that, thank you very much.
As to their choices of what to run, you have to remember that Server is aimed at the lowest common denominator: the SOHO office. There, UPNP *COULD* be useful with Printer discovery and the like. Why that, and Remote Registry aren't off by default, I can't say.:-)
I had the same problem with my Kyocera 7035 that would need a hard reset every other day (bad hardware). I started using my flash card for backup. Now, instead of being fubard on the road, a simple run of BackupBuddy off the card, and a restore later, I'm back to normal. Paper can't beat that. And I never have a pen when I need one.:-)
But this is a recent feature of Palms. CE machines have had flashcard support since day 1.
Slashdot Mirror
Something banks should probably start doing is notifying customers when their account is logged in from more than one place. AIM does this with Instant Messenger, although it doesn't give me IP addresses. It's not quite enough to just tell me when I last logged in, I think.
Part of me also wishes that they'd record the operations performed in each session. If I know that I only logged into my account once last week, but I notice that there are 4 sessions with transfers going on, then I might get a clue that there's something to look into. The tools available to online financial institutions are HUGE. If I can do this sort of tracking with things like simple helpdesk tickets, why can't a bank do so with my money?
Yet they could let NBC broadcast Schindlers List in it's unedited entirety, sponsored by Ford, commercial free...
Go figure.
You could have skipped a step:
peat
skip pent/rent
pest
rest
Until recently only Internet Explorer has support XMLHttpRequest, which is why GMail first worked on IE, and Firefox but not other browsers (Firefox implemented a version).
XMLHttpRequest *WAS* (still is) an ActiveX control. OWA wouldn't work with it.
I think it was George Carlin who said it...
Once upon a time, it was called ShellShock.
Then Battle Fatigue.
Then Post Traumatic Stress Disorder.
It's just a symptom of the times...
Why should there be? Almost NO ONE dies because of software bugs. Every other possible crime, like embezzlement and fraud, is covered by other laws. Why target developers?
Ever try for Windows?
Something that OSes need, is sandboxing. You install program a in /sandbox/app. Can even run as root but any changes to the system get throw out when /sandbox/app is removed.
Hell, after personally working with my father's SOHO for a while, I'm convinced EVERY app needs to be sandboxed.
In order to install software to perform the "shatter attack" you must *BE* an administrative user. No such software is installed by default in Windows. As such, it must be installed by the end user.
Hence, all spyware/worms of this nature are end-user issues.
Please note that X11 is not immune to similar attacks. If you have certain filesystem permissions, you can most certainly hijack other windows on your system, and Linux and many Unixes have been plagued with privilege escalation bugs over the years.
I think his point WAS so that he could keep in touch with work while he could BE with his wife...
I disagree.
I've just built an order taking system Java/SWing for laptops for trade-show personnel to take orders in real time with 1000 listed products. I developed the system on a PII-600 (a nearly 6yo HP Omnibook 6000) to deploy on something equal to or better. It's almost indistinguishable from a C++/MFC app I might have authored in my youth.
I think there's something to be said for bloated frameworks (cough - weblogix) but Java itself is not overly handicapped wrt performance.
The general rule of threading is this:
If an operation can block, and prevent system responsiveness, then a thread is a viable means of working around the issue.
With that in mind, worker pools of 50 threads in apache make sense, since each thread can iterate [select()] amongst 1-n sockets, and the case of 1 socket blocking abnormally will not render the entire webserver immobile.
In a GUI application, when a user executes a long-running task, like "generate a report", you'd trigger it in a thread so that your message pump can get back to work keeping the window drawing primitives going.
Other uses of threads, such as compute tasks, are less wise, IMHO, but sometimes they have their places.
That's why I keep a 3 foot 1/2" dowel with "ODI(former employer) Training" near at hand. It doubles as my LART.
I've had issues with MSCS (homebrews and Dell/HP solutions) with mysterious service migration, and one instance where the whole thing got fubared because someone put a SQL TXN Log on the quorum disk, but on the whole I've not had issues with them
I think Dell hardware just sucks, and it figures that the cluster I manage now with this migration issue, and the previous one are both Dell configurations.
Um, active/active has always been supported.
Active/Active with SQL Server or Exchange, however, has only recently been supported, and then only in the Enterprise versions.
It's certainly nothing I'd want enabled on a system wide basis. I mean, the simple process of walking a bitmap or list of thread handles could increase the time required to touch/access a page O(1), which would suck in a system of lots of threads (I've only seen one design that actually was better off with 600 threads than 60 threads with 10 WFMO/select() handles per).
:-/ AFAIK, it's the only commonly available OS at the moment without one. Java doesn't quite have that feature either, and with Java, the usefulness of such a feature (thread protected memory) is open to debate.
I guess what I want is a fast fork() on WIN32.
Methinks you doth misseth the point:
<quote>
Some platforms just don't support the fork() mechanism...
</end-quote>
And multitasking with processes sucks when fork() is not available. 90% of OSes treat processes as threads these days (if they support threading, that is) and provide memory protection to processes. Why cannot they do the same on a threadly basis? Hmm?
Threads aren't the end-all be-all of multi-processing, but they sure are useful.
Now what I'd like to see is thread-protected heaps. Where malloc()d memory is accessible only to the thread that created it. Yes, some mechanism would have to be created where a thread could delegate access to it's heap, I suppose. There are times where I'd want to start a series of threads from a message dispatcher, and allow the children to only access the parent's message queue, and not allow the parent access to the child's message queue (Yes, I understand there are better mechanisms for this like pipes, but it's a simple example).
Some platforms just don't support the fork() mechanism, and I'd like one more tool to help make threaded system design a little more robust.
Trust me, they care. There are certain logistical problems in rolling out this system, which is why only a small number of the states are pursuing it at this time. Certainly, if it's a success, and the cost is low compared to the effect required, you'll probably see more jump on, and something similar occur over in the EU in the next few years.
I'll disagree with you. As a user of GPLd software, I am more free than someone who purchases some BSDd agglomeration from ABC Co.
Even if I paid the same amount of money as him, if my vendor goes tits up, I still have 100% of the code and, more importantly, access to my data than the other guy. As a user, I am more *Free* under the GPL than BSD. As a developer, on the other hand, I am more free under BSD.
Competing interests, perhaps. But I am a user of software first, a developer second.
This GPL (likely) change wouldn't affect those companies.
Only those who take GPLd software, enhance it, and resell services to other end-users. If a company then wants to take those changes and move from your hosted environment to their own, or even set up a competing environment, you would have to distribute your changes.
Have a look at the SugarCRM Public License to get an idea of what the GPL (v3) is trying to accomplish.
Let me use an example:
I start company XYZ, selling osCommerce, SQL-Ledger and SugarCRM to people.
I then create modifications to all of the above, allowing them to integrate better, and work seamlessly with one another without special cron jobs, db import/export jobs, etc.
I get 1000's of customers using my product.
Company ABC decides he needs to grow, and needs to move off of my services. He should be provided with my code changes, since except for SugarCRM, the above are GPLd. At the moment, with GPLv2, I would not be required to give Company ABC my changes. SugarCRM Public License on the other hand, would FORCE me to give him my changes, since that is a component of the license distribution clauses. I also cannot CHARGE for those code changes. That is because SugarCRM wants to encourage app hosting, but not screw end users.
That is the hole in the GPL that RMS/FSF is trying to plug. I personally consider that a giant hole, and counter to the spirit and intent of the GPL. This was a simple failure of the FSF to forsee a return to application hosting in the general computing landscape, when the trend of the late 80's/early 90's was the exact opposite.
It wants it's rocks back.
:-P
And left a bill for trash disposal:
* Flag $3
* Rover $100
* 6 descent stages $10,000
* HAZMAT Fee $50,000
* MaidsOnCall to clean up all those dirty footprints, $1000
TERMS: 30 or we're turning off the tides.
You do know that almost all of the APICallA()'s are just stubs to to the W() versions, right? So that every application in the world wouldn't be forced to use Unicode? It was a deliberate design choice nearly 12 years ago, and it would be silly to undo it now. In fact, it's probably impossible, since the number of non-Unicode apps DWARFS the number of Unicode apps.
:-)
Yea, I don't want a developer mucking around with that, thank you very much.
As to their choices of what to run, you have to remember that Server is aimed at the lowest common denominator: the SOHO office. There, UPNP *COULD* be useful with Printer discovery and the like. Why that, and Remote Registry aren't off by default, I can't say.
I had the same problem with my Kyocera 7035 that would need a hard reset every other day (bad hardware). I started using my flash card for backup. Now, instead of being fubard on the road, a simple run of BackupBuddy off the card, and a restore later, I'm back to normal. Paper can't beat that. And I never have a pen when I need one. :-)
But this is a recent feature of Palms. CE machines have had flashcard support since day 1.