While this may work for you, being a careful, knowledgeable slashdotter that I'm sure you are, it would be unthinkable in a business environment. Sophos only makes business products, there is no "Sophos Home Edition," so I don't think your method really applies in this case.
Totally fair point. But I still believe that providing a science degree in acupuncture is misleading. A biologist studying why acupuncture worked so well with your son using scientific methods is certainly science. But the practice of acupuncture itself is not scientific; as far as I know (and I may not have the most up-to-date information, so please excuse me if that is the case), there are no known mechanisms which can explain how or why acupuncture works, and indeed, again to the best of my knowledge, when double blind studies are performed comparing acupuncture to standard western medicine there is no statistically significant correlation between the application of acupuncture and positive effects beyond those of a placebo. That being said, acupuncture is the only thing that, at least temporarily, alleviated some joint pain my mother was experiencing. But anecdotal evidence is not scientific evidence. It's because of these reasons that people are up in arms about acupuncture degrees being classified as science degrees.
OK. Fair enough. I can totally accept that. If my premise is incorrect, and alternative medicine is not meant to improve an objective, measurable, scientifically-derived notion of the health of a human being, but instead is meant to improve a subjective, philosophical, personal characteristic such as "wealth," then it is not science. The whole point of this article is that these universities are providing science degrees for these subjects. If they were philosophy or anthropology then there would most likely not be a discussion like this. I think your argument really reinforces the point of the article.
So how do you explain all the intelligent people using it?
Well - how do you explain the fact that there are a vast number of intelligent people who follow a religion, as well as a vast number of intelligent people who do not believe in a religion? I'm really not saying anything about religion, I'm just saying that your argument is very, very flawed. I will apologize, though for using "alternative medicine" as a catch-all when I was really referring specifically to homeopathy. If you set up a double blind study on a specific ailment and treat one group with a placebo, one group with a homeopathic remedy, and one with modern medicine (assuming modern medicine has a treatment for the specific ailment), then you will find that the homeopathic remedy is equally as effective as a placebo. If you can show me a peer-reviewed study that shows a homeopathic remedy which is more effective than a placebo, then I (and I would imagine a large number of other folks on/.) would accept your argument. I'm not trying to be mean here, I just don't believe that you are making sound arguments, and you're not really addressing my argument directly, either.
I think you're missing a piece - the measurement of the health of a human is well within the realm of human perception and instrumentation. The goals of standard medicine and alternative medicine are the same: improve the health of a human. If standard medicine works and alternative medicine doesn't, well, you should be able to figure the rest out from there.
Actually, according to Merriam Webster, "bold faced" is 400 years older than "bare faced," see http://www.mtannoyances.com/?p=384. They are both commonly used today.
Again, I disagree, and I'll add that I'm basing this off of personal experience. With proper training any reasonable policy should be able to be implemented, the hard part is actually making sure that people are trained and understand the repercussions. "Hard" is the operative word, it's not "impossible," and can even be easy if you do it a lot. If you have important data, like medical records, credit card numbers, socials and people don't follow simple policies like that, then they should be terminated. If you're telling me that in your organization anyone can just walk in and plug a laptop into a jack as long as they're wearing coveralls and a Verizon badge, then I truly hope that you don't have my SSN or credit card info. An inability to enforce such a simple policy in an organization that deals with sensitive data is a terrifying thought.
I respectfully disagree, it's very easy to put a policy in place which states that any visitor to the office needs to have a representative from within the company vouch for them and act as an escort on premises. If everyone knows the policy it's not very difficult to enforce, all it takes is proper training. It's a pretty small price to pay if your data is important enough to worry about it in the first place.
At Towson University, which is located outside Baltimore, they have a "guest," unencrypted, open WiFi network that anyone can join, but which is out in a DMZ. After you connect to that you're brought to a landing page about the secure, authenticated, WiFi network, which is tied into AD. They have a java auto-configurator applet that works on any OS. Should that fail, or should you be running a linux box without a JVM, they have a shell script you can download right there to get you running. I believe that also have a dmg, but I don't remember. This is a university with a full lab of Linux boxes, exclusively Samba-based student storage, and automatic SSH access to a dev environment for every single student, though, so YMMV. There are definitely universities out there that support Linux, there's no reason they shouldn't aside from, well... the money it takes to hire people who know anything about Linux.
I'm not doubting you, however I run reverse proxies with Squid3 using both SSL offloading onto the proxy server as well as SSL passthrough and I've had absolutely zero issues. Are there documented cases of problems with SSL through modern proxies?
once you get past say six programs, it starts taking way longer to alt-tab than it's worth
At that point I just start closing programs. I don't often encounter situations where I have more than six programs open at once and am actually using all of them.
...which means taking a good 300% more time to maximize a window
I disagree, I feel that the time it takes me to center my mouse over a tiny little button and click it is about the same amount of time as it takes me to quickly swipe the pointer up the screen dragging the titlebar to the top. In addition, if you use multiple monitors, this feature rocks - you can drag a maximized window from one monitor to another and keep it maximized. This may sound trivial, however if you used multiple monitors in XP you would know how annoying it is to have to minimize or restore a window, then drag, then maximize. In addition, I rarely actually use the mouse for these functions (indeed I rarely use these functions), I use meta+up for maximize, meta+left/right for side-snap, and meta+down for minimize. I guarantee that's quicker than doing anything with a mouse.
I also never, ever minimize, I just keep everything maximized and alt-tab. I can't stand using an application that's not taking up the whole screen. If I really need to look at two things at once I use the Win7 side-snap. That's what the Gnome designers are saying, as well: just don't minimize, ever, because what's the real point? And with maximize - are you really claiming that double-clicking anywhere in the titlebar is 3x slower than getting your pointer into the maximize button? In the end It still does just come down to personal preference, though; if you have two programmers watch each other use a computer for 30 minutes, I guarantee each of them will walk away thinking that the other wastes time in navigation.
Imagine a PC dealership trying to enforce such harsh software usability limitations like "never ever install any other software than the one you got it with, or forget the warranty"
Fair enough, but If I then imagine a car dealership saying this, it makes pretty good sense that installing custom software on my car would void its warranty. I'm not saying that cell phones are like cars, but I am saying that cell phones are different than PCs. If you brick your phone because you accidentally overwrote the bootloader, they should not be held responsible, you should. You can always say "well, you can always put the bootloader back on if you know what you're doing," but the truth is that a lot of people don't, and the manufacturer shouldn't have to shell out for their mistakes. That being said, I do feel that locking people in with certain software options is really, really crappy. You should be physically able to install whatever software you want in an ideal world.
They weren't given to companies, they were given to to APNIC, the Asia Pacific regional Internet registry, so they could be split up and sold to private companies in reasonably-sized chunks.
Seconded - these were great for any age and I think there are still new versions of them with nice prototyping boards built in. Look on the shelves near the dwindling supply of components in the now tiny bins at the back of the store.
If the ad blockers would actually follow the links and give the
people the clicks they desire, without displaying the advertisement,
would that help?"
Are you asking if illegal click fraud would help Arstechnica? I think the answer is an unequivocal "no;"
...the demographic studies these revenue
sources depending upon the click analysis would fail. How nice.
Why is that nice? Because then you'll see the ads that should have gone to 90-year-old widows instead of the video game ad you would normally see? How nice because Ars would go out of business? What exactly is your point here... because if it's what it seems to be on the surface then it's really dumb.
Simply sending a reboot command, or a single command that causes the machine to hang, isn't a DOS
This is a common view of a DoS because flood-style attacks are the types you hear about on the news and on Slashdot, however what you said is simply not true. Crashing a webserver remotely is, without a doubt, a denial of service attack, as you are denying service to the end user. It makes absolutely no difference what means you use to accomplish this goal. If you don't believe me, just take a look at this week's CERT security bulletin: http://www.us-cert.gov/cas/bulletins/SB10-040.html.
For Wireshark:
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
For Asterisk:
Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.
Postgresql:
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."
So we have malformed packet, bad handshake, and a poorly handled statement, all of which cause what the CERT is classifying as "denial of service," and none of which even remotely match what you describe as a DoS attack.
Scientific notation does not work like that.
1e1 = 1*10^1 = 10
1e10 = 1*10^10 = 10000000000
1e100 = 1*10^100 = Slashdot doesn't let you write 100 zeros in a row. You get the idea.
Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms.
First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security. What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed? Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?" ("computer school?"...seriously?). How many privilege escalation vulnerabilities were found in the Linux kernel last year? I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter, but the poster is being sensationalist here, and, honestly, comes across as undereducated in the subject matter. I wouldn't consider myself an expert, but this person doesn't seem to have a clear understanding of the issue. It's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password.
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.
Slashdot Mirror
While this may work for you, being a careful, knowledgeable slashdotter that I'm sure you are, it would be unthinkable in a business environment. Sophos only makes business products, there is no "Sophos Home Edition," so I don't think your method really applies in this case.
Totally fair point. But I still believe that providing a science degree in acupuncture is misleading. A biologist studying why acupuncture worked so well with your son using scientific methods is certainly science. But the practice of acupuncture itself is not scientific; as far as I know (and I may not have the most up-to-date information, so please excuse me if that is the case), there are no known mechanisms which can explain how or why acupuncture works, and indeed, again to the best of my knowledge, when double blind studies are performed comparing acupuncture to standard western medicine there is no statistically significant correlation between the application of acupuncture and positive effects beyond those of a placebo. That being said, acupuncture is the only thing that, at least temporarily, alleviated some joint pain my mother was experiencing. But anecdotal evidence is not scientific evidence. It's because of these reasons that people are up in arms about acupuncture degrees being classified as science degrees.
OK. Fair enough. I can totally accept that. If my premise is incorrect, and alternative medicine is not meant to improve an objective, measurable, scientifically-derived notion of the health of a human being, but instead is meant to improve a subjective, philosophical, personal characteristic such as "wealth," then it is not science. The whole point of this article is that these universities are providing science degrees for these subjects. If they were philosophy or anthropology then there would most likely not be a discussion like this. I think your argument really reinforces the point of the article.
Well - how do you explain the fact that there are a vast number of intelligent people who follow a religion, as well as a vast number of intelligent people who do not believe in a religion? I'm really not saying anything about religion, I'm just saying that your argument is very, very flawed. I will apologize, though for using "alternative medicine" as a catch-all when I was really referring specifically to homeopathy. If you set up a double blind study on a specific ailment and treat one group with a placebo, one group with a homeopathic remedy, and one with modern medicine (assuming modern medicine has a treatment for the specific ailment), then you will find that the homeopathic remedy is equally as effective as a placebo. If you can show me a peer-reviewed study that shows a homeopathic remedy which is more effective than a placebo, then I (and I would imagine a large number of other folks on /.) would accept your argument. I'm not trying to be mean here, I just don't believe that you are making sound arguments, and you're not really addressing my argument directly, either.
I think you're missing a piece - the measurement of the health of a human is well within the realm of human perception and instrumentation. The goals of standard medicine and alternative medicine are the same: improve the health of a human. If standard medicine works and alternative medicine doesn't, well, you should be able to figure the rest out from there.
Actually, according to Merriam Webster, "bold faced" is 400 years older than "bare faced," see http://www.mtannoyances.com/?p=384. They are both commonly used today.
Again, I disagree, and I'll add that I'm basing this off of personal experience. With proper training any reasonable policy should be able to be implemented, the hard part is actually making sure that people are trained and understand the repercussions. "Hard" is the operative word, it's not "impossible," and can even be easy if you do it a lot. If you have important data, like medical records, credit card numbers, socials and people don't follow simple policies like that, then they should be terminated. If you're telling me that in your organization anyone can just walk in and plug a laptop into a jack as long as they're wearing coveralls and a Verizon badge, then I truly hope that you don't have my SSN or credit card info. An inability to enforce such a simple policy in an organization that deals with sensitive data is a terrifying thought.
I respectfully disagree, it's very easy to put a policy in place which states that any visitor to the office needs to have a representative from within the company vouch for them and act as an escort on premises. If everyone knows the policy it's not very difficult to enforce, all it takes is proper training. It's a pretty small price to pay if your data is important enough to worry about it in the first place.
At Towson University, which is located outside Baltimore, they have a "guest," unencrypted, open WiFi network that anyone can join, but which is out in a DMZ. After you connect to that you're brought to a landing page about the secure, authenticated, WiFi network, which is tied into AD. They have a java auto-configurator applet that works on any OS. Should that fail, or should you be running a linux box without a JVM, they have a shell script you can download right there to get you running. I believe that also have a dmg, but I don't remember. This is a university with a full lab of Linux boxes, exclusively Samba-based student storage, and automatic SSH access to a dev environment for every single student, though, so YMMV. There are definitely universities out there that support Linux, there's no reason they shouldn't aside from, well... the money it takes to hire people who know anything about Linux.
I'm not doubting you, however I run reverse proxies with Squid3 using both SSL offloading onto the proxy server as well as SSL passthrough and I've had absolutely zero issues. Are there documented cases of problems with SSL through modern proxies?
At that point I just start closing programs. I don't often encounter situations where I have more than six programs open at once and am actually using all of them.
I disagree, I feel that the time it takes me to center my mouse over a tiny little button and click it is about the same amount of time as it takes me to quickly swipe the pointer up the screen dragging the titlebar to the top. In addition, if you use multiple monitors, this feature rocks - you can drag a maximized window from one monitor to another and keep it maximized. This may sound trivial, however if you used multiple monitors in XP you would know how annoying it is to have to minimize or restore a window, then drag, then maximize. In addition, I rarely actually use the mouse for these functions (indeed I rarely use these functions), I use meta+up for maximize, meta+left/right for side-snap, and meta+down for minimize. I guarantee that's quicker than doing anything with a mouse.
I also never, ever minimize, I just keep everything maximized and alt-tab. I can't stand using an application that's not taking up the whole screen. If I really need to look at two things at once I use the Win7 side-snap. That's what the Gnome designers are saying, as well: just don't minimize, ever, because what's the real point? And with maximize - are you really claiming that double-clicking anywhere in the titlebar is 3x slower than getting your pointer into the maximize button? In the end It still does just come down to personal preference, though; if you have two programmers watch each other use a computer for 30 minutes, I guarantee each of them will walk away thinking that the other wastes time in navigation.
Fair enough, but If I then imagine a car dealership saying this, it makes pretty good sense that installing custom software on my car would void its warranty. I'm not saying that cell phones are like cars, but I am saying that cell phones are different than PCs. If you brick your phone because you accidentally overwrote the bootloader, they should not be held responsible, you should. You can always say "well, you can always put the bootloader back on if you know what you're doing," but the truth is that a lot of people don't, and the manufacturer shouldn't have to shell out for their mistakes. That being said, I do feel that locking people in with certain software options is really, really crappy. You should be physically able to install whatever software you want in an ideal world.
They weren't given to companies, they were given to to APNIC, the Asia Pacific regional Internet registry, so they could be split up and sold to private companies in reasonably-sized chunks.
Haven't they been on Nagios Exchange recently? check_catastrophe.pl has been out for like 3 years!
check_catastrophy -H blowout-preventer716.haliburton.com -w ANY_LEAKS - c ANY_FRIGGIN_LEAKS
Seconded - these were great for any age and I think there are still new versions of them with nice prototyping boards built in. Look on the shelves near the dwindling supply of components in the now tiny bins at the back of the store.
PININ' FOR THE FJORDS!?
Check out the graph for Perl! I might start using it again just because I feel like I owe it to the old friend...
Fair enough.
Are you asking if illegal click fraud would help Arstechnica? I think the answer is an unequivocal "no;"
Why is that nice? Because then you'll see the ads that should have gone to 90-year-old widows instead of the video game ad you would normally see? How nice because Ars would go out of business? What exactly is your point here... because if it's what it seems to be on the surface then it's really dumb.
This is a common view of a DoS because flood-style attacks are the types you hear about on the news and on Slashdot, however what you said is simply not true. Crashing a webserver remotely is, without a doubt, a denial of service attack, as you are denying service to the end user. It makes absolutely no difference what means you use to accomplish this goal. If you don't believe me, just take a look at this week's CERT security bulletin: http://www.us-cert.gov/cas/bulletins/SB10-040.html.
For Wireshark:
For Asterisk:
Postgresql:
So we have malformed packet, bad handshake, and a poorly handled statement, all of which cause what the CERT is classifying as "denial of service," and none of which even remotely match what you describe as a DoS attack.
Hahah, hell yeah I tried, gives you one of those goofy coversational "error: that's a really long string of characters!" errors.
Scientific notation does not work like that.
1e1 = 1*10^1 = 10
1e10 = 1*10^10 = 10000000000
1e100 = 1*10^100 = Slashdot doesn't let you write 100 zeros in a row. You get the idea.
First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security. What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed? Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?" ("computer school?" ...seriously?). How many privilege escalation vulnerabilities were found in the Linux kernel last year? I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter, but the poster is being sensationalist here, and, honestly, comes across as undereducated in the subject matter. I wouldn't consider myself an expert, but this person doesn't seem to have a clear understanding of the issue. It's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password.
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.
Usually pressing the Windows key or alt-tabbing works just fine in that kind of setup.