If you write software, ask yourself: what if the whole world were using your product? Could you handle it? Whatever your answer, if you feel sure of your answer, it's probably because you don't yet understand exactly what it means to scale.
This reminds me of some advice I took from "Getting Real" by 37 Signals: don't worry about scaling issues until you actually need to. I think this is great advice. Firstly because delaying a product to make sure it scales well just makes it less likely that it will get enough users to need to. Secondly because when you have scaling problems, they probably won't be where you thought - unless you're amazingly good at predicting usage patterns (or your software has one huge bottleneck). To quote from their book:
"Create a great app and then worry about what to do once it's wildly successful. Otherwise you may waste energy, time, and money fixating on something that never even happens.
Believe it or not, the bigger problem isn't scaling, it's getting to the point where you have to scale."
According to a poster further up, the figure is based on the number of users that have logged in in the last 30 days. While that number will still be a bit high it shouldn't be awful.
In the Wild West, people got killed and robbed, and people lived in fear of being visited by bandits. If you needed security for something - a train, or a shop - it was extremely expensive and unreliable. Armed men were frequently killed, since it turns out that when you get shot it doesn't make much difference whether you've got a gun or not.
In contrast, I occasionally have to stand up on my train to work, but it hasn't yet been robbed by armed bandits.
So tell me, which part of the "Wild West" is it that was so fantastic that we should copy it today, after everyone has moved on to such a degree that the Wild West doesn't exist any more?
The expression comes from a poem - "Mending Wall" - by Robert Frost, which is an ironic criticism of peoples' need to separate themselves from one another without understanding why - or indeed whether - they should. Walls are by their very nature divisive, and hamper cooperation by design. It is foolish, therefore, just to blindly put them up wherever we can in the name of "security".
To quote: '"Why do they make good neighbors? Isn't it Where there are cows? But here there are no cows. Before I built a wall I'd ask to know What I was walling in or walling out, And to whom I was like to give offence. Something there is that doesn't love a wall, That wants it down!"' (Lines 29-34, taken from http://www.bartleby.com/104/64.html )
And on a less literary note:
Walling off every separate bit of the internet is necessary, since the internet by design has no inside and outside that you can separate. However, as we've pretty much proved by trying, that isn't enough to make the internet secure. It's the same lesson that you learn in physical security; if there's no response, it doesn't matter how good your defences are. There needs to be some sort of globalised response to online criminals, because the internet is both global and in need of defense. Otherwise we just carry on with the problem we have now - that a criminal gang in Russia/China/wherever can attack our computers with impunity, safe in the knowledge that there is nothing we can do to stop them, so they have as much times as they need to break in.
I dunno, I'd translate it as "un changement en ce que nous pouvons croire". But then, I'd be correcting the grammar as well. Not sure if it was an intentional thing or not.
I think "le changement auquel on peut croire" is probably the best translation. It's the translation I've seen used in the papers here in France.
They usually use a rootkit, which attempts to hide the activity from antivirus software; according to FireEye (the lab in the article), AV software detects these bots less than half the time. Still, it's worth using.
If you're worried that you might be infected, the best thing to do would be to watch the traffic being sent by your PC, by logging the traffic on another box. Many routers can do this. If the traffic seems oddly high, you might have a problem. FireEye have made available examples of typical traffic from a variety of different bots, so you could try to identify the bot based on its traffic, although the binaries and commands are updated regularly.
If you're worried that you have this specific bot, there are detection/removal instructions at http://blog.fireeye.com/research/2008/11/srizbi-removal-instructions.html . If you think you have a bot but can't work out what it is, your best bet may well be starting over. Some rootkits can attempt a reinstall even after a format, so take the opportunity to upgrade your harddisk. Install Windows (or Linux if you're so inclined) from scratch, and patch it before going online (you can download the patches on a different box, or they're frequently available on computer magazine cover discs). Keep your antivirus software up to date, use a firewall, hide behind a router, and never touch suspicious files, and hopefully you'll manage to avoid an infection.
According to FireEye, they do indeed have an uninstall function, and their researchers could have issued it to 250,000 bots. They decided not to because they didn't want to make unauthorised changes to users' computers.
What exactly are you proposing to put on the server side? If it's the authentication module, you're going to struggle to validate someone's install if your code is on a different computer. If it's the network code, well, if the network code is at the other end of the network I think there might be some slight problems...
Putting the authentication and netcode modules in a "black box" gives them a "secure" conduit from authentication to server. Opening up links in that chain seems like it would be a mistake.
All our source code available through this project page is licensed under the GPLv3 license. This excludes any dependencies and our net modules for both the client and server: these are still covered under our proprietary license. These modules have been excluded because of reasons involving security and cheating, but contain only a minimal amount of code.
No reason not to include them in source form.
These modules are the ones containing the authentication code designed to verify that it's a genuine build distributed by MTA. If you open source them, you make it easier for people to compile their own build where they have superpowers and play on the public servers with it. That's what they want to avoid.
They're allowed to, as long as they claim it's for "quality control checks". Seriously, if the telco says it's for quality control checks, you cannot prove them wrong. Thus, they effectively have free license to listen to calls.
Of course you can. If they've been doing "routine maintenance" that requires listening in to my conversations for the last week I don't think anyone would believe them.
And that's beside the point - you said it was legal, not that it was "illegal but if you're super sneaky no one notices".
The second snippet only says they can't give the contents of the communication to anyone except the parties involved. The telecommunication company is implicitly an involved party (by actually transmitting the communication).
No it doesn't. If it said 'the parties involved' you might have a point, but it says "other than an addressee or intended recipient". Unless you're trying to phone your Grandmother and the phone company that seems pretty cut and dry.
I would direct you to look at 18 USC 119 section 2511, in particular sections 2(a)(i) and 3
To quote: "...a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks."
"...a person or entity providing an electronic communication service to the public shall not intentionally divulge the contents of any communication (other than one to such person or entity, or an agent thereof) while in transmission on that service to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient. "
It is not legal for the phone company to listen in on your calls. It is also not legal for them to record them. Think of what it would mean if they were allowed to - business over the phone would be a problem for a start.
No one wants to be treated by a surgeon with a medical problem. When it's your life on the line you want someone who doesn't need pills to keep them concentrating.
No one wants their lawyer to be on treatment for alcoholism.
Lots of people don't want their daughters to take contraceptive pills.
The list goes on and on. There are a lot of valid reasons not to want your medical history public, and given that it's YOUR medical history that shouldn't be a problem.
I saw an amusing clip on the news this morning - it was an American woman stating that she didn't like the way elections work in other countries because the parties are too different.
She was only on for maybe 15 seconds, but her reasoning seemed to be that the parties should have broadly the same manifesto so that they can cooperate more easily after the election.
Absolutely agree with everything you've posted - I was going to say the same thing. To add to that though, this isn't new at all. My exercise book from 2-3 years ago has exactly the same information - stretching will reduce performance, but it's still worth it.
Slashdot Mirror
If you write software, ask yourself: what if the whole world were using your product? Could you handle it? Whatever your answer, if you feel sure of your answer, it's probably because you don't yet understand exactly what it means to scale.
This reminds me of some advice I took from "Getting Real" by 37 Signals: don't worry about scaling issues until you actually need to. I think this is great advice. Firstly because delaying a product to make sure it scales well just makes it less likely that it will get enough users to need to. Secondly because when you have scaling problems, they probably won't be where you thought - unless you're amazingly good at predicting usage patterns (or your software has one huge bottleneck). To quote from their book:
"Create a great app and then worry about what to do once it's wildly successful. Otherwise you may waste energy, time, and money fixating on something that never even happens.
Believe it or not, the bigger problem isn't scaling, it's getting to the point where you have to scale."
According to a poster further up, the figure is based on the number of users that have logged in in the last 30 days. While that number will still be a bit high it shouldn't be awful.
Nor blogs.
I'm currently studying a variety of blogs as part of a research project - examining their content, presentation and language use.
My main conclusion so far has been that they're God-awful.
You think you're disappointed? I read it as "rogue gynecologist".
Once again reality has let me down.
My ex-flatmate sprained his ankle playing Pro-Evolution Soccer.
It was an impressive accident, but the really impressive part was him keeping a straight face when he told people it was a "sports injury".
The credit card companies have a stranglehold on paying by any form of credit card.
Well, yeah. Kinda like how the car companies have a "stranglehold" on car production.
It just goes to show how uncompetitive America is - you can only buy things from people that sell them.
You know you're on Slashdot when people are willing to risk their lives and drag society back by hundreds of years... in order to pay for women.
In the Wild West, people got killed and robbed, and people lived in fear of being visited by bandits. If you needed security for something - a train, or a shop - it was extremely expensive and unreliable. Armed men were frequently killed, since it turns out that when you get shot it doesn't make much difference whether you've got a gun or not.
In contrast, I occasionally have to stand up on my train to work, but it hasn't yet been robbed by armed bandits.
So tell me, which part of the "Wild West" is it that was so fantastic that we should copy it today, after everyone has moved on to such a degree that the Wild West doesn't exist any more?
Don't good fences make good neigbors?
No.
The expression comes from a poem - "Mending Wall" - by Robert Frost, which is an ironic criticism of peoples' need to separate themselves from one another without understanding why - or indeed whether - they should. Walls are by their very nature divisive, and hamper cooperation by design. It is foolish, therefore, just to blindly put them up wherever we can in the name of "security".
To quote:
'"Why do they make good neighbors? Isn't it
Where there are cows? But here there are no cows.
Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offence.
Something there is that doesn't love a wall,
That wants it down!"' (Lines 29-34, taken from http://www.bartleby.com/104/64.html )
And on a less literary note:
Walling off every separate bit of the internet is necessary, since the internet by design has no inside and outside that you can separate. However, as we've pretty much proved by trying, that isn't enough to make the internet secure. It's the same lesson that you learn in physical security; if there's no response, it doesn't matter how good your defences are. There needs to be some sort of globalised response to online criminals, because the internet is both global and in need of defense. Otherwise we just carry on with the problem we have now - that a criminal gang in Russia/China/wherever can attack our computers with impunity, safe in the knowledge that there is nothing we can do to stop them, so they have as much times as they need to break in.
I dunno, I'd translate it as "un changement en ce que nous pouvons croire". But then, I'd be correcting the grammar as well. Not sure if it was an intentional thing or not.
I think "le changement auquel on peut croire" is probably the best translation. It's the translation I've seen used in the papers here in France.
If you want to be really cruel, your "virus" would randomly alter a few numbers on any Excel spreadsheet it could access.
Fortunately Microsoft cleverly protect their users against this by using closed file formats. Thank God for Microsoft!
The land owner is at fault - but it would be both short-sighted and selfish to keep on grazing your sheep if you knew it was destroying the land.
http://ask.slashdot.org/comments.pl?sid=1045201&cid=25919525
They usually use a rootkit, which attempts to hide the activity from antivirus software; according to FireEye (the lab in the article), AV software detects these bots less than half the time. Still, it's worth using.
If you're worried that you might be infected, the best thing to do would be to watch the traffic being sent by your PC, by logging the traffic on another box. Many routers can do this. If the traffic seems oddly high, you might have a problem. FireEye have made available examples of typical traffic from a variety of different bots, so you could try to identify the bot based on its traffic, although the binaries and commands are updated regularly.
If you're worried that you have this specific bot, there are detection/removal instructions at http://blog.fireeye.com/research/2008/11/srizbi-removal-instructions.html . If you think you have a bot but can't work out what it is, your best bet may well be starting over. Some rootkits can attempt a reinstall even after a format, so take the opportunity to upgrade your harddisk. Install Windows (or Linux if you're so inclined) from scratch, and patch it before going online (you can download the patches on a different box, or they're frequently available on computer magazine cover discs). Keep your antivirus software up to date, use a firewall, hide behind a router, and never touch suspicious files, and hopefully you'll manage to avoid an infection.
According to FireEye, they do indeed have an uninstall function, and their researchers could have issued it to 250,000 bots. They decided not to because they didn't want to make unauthorised changes to users' computers.
What exactly are you proposing to put on the server side? If it's the authentication module, you're going to struggle to validate someone's install if your code is on a different computer. If it's the network code, well, if the network code is at the other end of the network I think there might be some slight problems...
Putting the authentication and netcode modules in a "black box" gives them a "secure" conduit from authentication to server. Opening up links in that chain seems like it would be a mistake.
The important thing to note isn't the number, it's that they said "16 worldwide developers" not "16 developers worldwide".
There may only be 17 of them, but each of them is as wide as the world.
And I think we all know of the connection between code quality and waist size.
All our source code available through this project page is licensed under the GPLv3 license. This excludes any dependencies and our net modules for both the client and server: these are still covered under our proprietary license. These modules have been excluded because of reasons involving security and cheating, but contain only a minimal amount of code.
No reason not to include them in source form.
These modules are the ones containing the authentication code designed to verify that it's a genuine build distributed by MTA. If you open source them, you make it easier for people to compile their own build where they have superpowers and play on the public servers with it. That's what they want to avoid.
They're allowed to, as long as they claim it's for "quality control checks". Seriously, if the telco says it's for quality control checks, you cannot prove them wrong. Thus, they effectively have free license to listen to calls.
Of course you can. If they've been doing "routine maintenance" that requires listening in to my conversations for the last week I don't think anyone would believe them.
And that's beside the point - you said it was legal, not that it was "illegal but if you're super sneaky no one notices".
The second snippet only says they can't give the contents of the communication to anyone except the parties involved. The telecommunication company is implicitly an involved party (by actually transmitting the communication).
No it doesn't. If it said 'the parties involved' you might have a point, but it says "other than an addressee or intended recipient". Unless you're trying to phone your Grandmother and the phone company that seems pretty cut and dry.
I would direct you to look at 18 USC 119 section 2511, in particular sections 2(a)(i) and 3
To quote:
"...a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks."
"...a person or entity providing an electronic communication service to the public shall not intentionally divulge the contents of any communication (other than one to such person or entity, or an agent thereof) while in transmission on that service to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient. "
It is not legal for the phone company to listen in on your calls. It is also not legal for them to record them. Think of what it would mean if they were allowed to - business over the phone would be a problem for a start.
No one wants to be treated by a surgeon with a medical problem. When it's your life on the line you want someone who doesn't need pills to keep them concentrating.
No one wants their lawyer to be on treatment for alcoholism.
Lots of people don't want their daughters to take contraceptive pills.
The list goes on and on. There are a lot of valid reasons not to want your medical history public, and given that it's YOUR medical history that shouldn't be a problem.
I saw an amusing clip on the news this morning - it was an American woman stating that she didn't like the way elections work in other countries because the parties are too different.
She was only on for maybe 15 seconds, but her reasoning seemed to be that the parties should have broadly the same manifesto so that they can cooperate more easily after the election.
I guess she would agree with you!
Slashdot doesn't need stickies. Everything gets regularly reposted anyway.
Especially the articles.
Absolutely agree with everything you've posted - I was going to say the same thing. To add to that though, this isn't new at all. My exercise book from 2-3 years ago has exactly the same information - stretching will reduce performance, but it's still worth it.
It may not have been your fault - correlation is not causation.