It seems there is still no exploit for this flaw, and it's somehow hard to exploit.
If you read Sendmail's complete advisory, you can see that the vulnerability requires the exploitation of a race condition. You have to submit a request, and then before that one times-out submit another malformed one.
Irrelevant. FCC regulations require service providers to connect any 911 emergency calls. That's why you can [supposedly] connect a phone to a jack with no service and dial 911, or use a cell phone that has no account and dial 911. It is Vonage's responsibility to see that this happens each time every time. There is no burden on the consumer for this one. If Vonage doesn't like it, they can choose not to be in the telcom business in the US.
Now, some of the reports I've read do say that Vonage connected him, but that the operators put him on hold. In that case, Vonage is not to blame as they met the requirments of law.
Disabling ActiveX doesn't help. The workaround is to disable active scripting. That will also disable everything in , , and tags. That means everything from Java applets and Flash to JavaScript (and therefore stuff like AJAX and most DHTML events).
In other words, the "fix" is to use your browser in 1995 mode.
Well, hey, maybe IIS returns empty HTML documents faster than Apache.
Or maybe they hope to obfuscate their security by running Apache on Windows. Send all the malformed POST requests you want. Win32 isn't going to successfully execute your Linux code!
Ha. See, here HR would block the advancement because $Foo doesn't meet the specified minimum requirements.
Now, what they can do is post the job for only 3 days... and limit it to employees in a specified department. Then they can write up the job such that your target is the only person to apply for the job. Other persons who meet the qualifications would take a pay cut or already do the job. Nobody else meets the requirements.
Frankly, your best option is to start your own consulting firm. You can do the same work for three times the money, and at the end of the day you're your own boss.
That's a good point, techs vs engineers. The thing is, I don't think enough people draw that distinction with IT yet. It's still too new. I mean, if people in the IT field don't see it, how can we expect HR to?
Although I'd say an OS kernel is more analagous to manufacturing steel rather than building the pressure vessel. The engineer doesn't really care about the exact processes behind fabricating the steel, just like a systems engineer doesn't need to care about the processes behind writing a kernel. You just pick the type of steel or kernel or database engine that does your job best and implement it.
I'm not sure if I agree with you about COBOL, though. "Better" might mean "execute faster", but my [very limited] experience with COBOL suggests it was a language that really wasn't very extensible to massive projects, and it lacks a lot of the thought constructs that define modern programming languages. It also seemed rather low-level (although when designed it certainly wasn't) where you had to bother with thinking about how memory is organized and so forth. You still have to do that in C and C++, and that's one of the most often cited drawbacks of that language. I do remember seeing all kinds of FTE positions for COBOL programmers in the late 90's as the last of the old designers retired, though. I remember them paying pretty well, too.
Again, though, you ought to pick your programming language based on the job at hand. If it's time critical and processor intenseive, Java is probably not a good choice. If it's massively distributed and fundamentally asynchronous, COBOL probably wouldn't work so well.
Reminds me of a job opening that stated -- literally -- "requires 10 or more years experience administering a Windows 2000 Active Directory domain.". This was back in late 2002, mind you. I actually called and asked about the position just to ask if it was a mistake, but they said the position had been filled. I still wonder who they found....
The problem is that HR doesn't understand the tech field. Someone with 2 years of direct experience is *highly qualified* because nearly all knowledge in IT is stale in 5 years. They expect IT to be like engineering. A pressure vessel is a pressure vessel, and even if the materials change the basic design is unchanged in over 100 years or so. Asking for 20 years experience is appropriate. Asking for 2 or 3 is asking for someone with no experience at all. You'll get a junior engineer who probably spent their time redrawing other people's designs in AutoCAD.
There's really three types of jobs in IT:
1. Menial. Mainly, this is help desk, but it also includes things like moving hardware from place to place, swapping backup tapes in a data center, pulling CAT5, punching down network/phone jacks, etc. You can easily do this job for 10 or 20 years in a sufficiently large company with little training at all. It doesn't change much, but they are absolutely vital for getting anything done. These are the jobs that most people get for the first year or two, and most people loathe them. The people who really stick with them are generally not the kind of people you'd trust with much of anything else. While technical understanding is important, the jobs themselves are repetitive, dull, and (in the case of help desk) infuriating. Many of these jobs are easy to outsource, although those that require on-site presense obviously require local businesses.
2. Consultant or contract. Here, the employer needs a specific skill set for a given period of time, and after that time they don't want to maintain the employee. All the employer wants is someone to get a single task done. App and web devs, infrastructure installation, and various "we need a person to give us X" jobs most often. These are were very popular in the earlier years of this decade, but IMX people are also beginning to see the severe limitations of consultant and contract work. Particularly, quality seems to suffer because the responsibility of a consultant is much less than that of an employee, and that's because the accountability is much less as well. A good consultant or contractor still does good work, of course, but since manageers tend to go for contractors that are at a cheaper rate than an FTE (IMX) they also tend to pay a lot of money for bad quality work. You get what you pay for. These jobs are always of a limited (often fixed) duration, so they can often be outsourced to a remote or overseas company easily enough.
3. Technical employee. Most often an FTE, these people get hired because they're able to learn something new quickly enough to adapt, and they have enough technical expertise to understand what's going on. These people tend to be the most expensive payroll-wise, but they also tend to be the highest quality since you get an adaptive expert in exactly the fields you want. In fields where the pool of quality employees is particularly small, such as OpenVMS, Unix, LISP programmers etc., the employee is almost never outsourced.
I agree. Even looking at Windows XP, the following applications could be written with managed code:
IE (considering IE 6's security "model", this would be a really good idea)
Outlook Express (ditto)
Media Player (yeah, ditto again)
WordPad
Movie Maker
Paint
Image & Fax Viewer
Solitare and every other game
Exact same thing happened to me when I tried Slackware once, but IIRC the distro was mistakenly shipped with the wrong binaries. The kernel was compiled with a different version of gcc than was installed on the distro disk, and at the time I couldn't figure out how to fix the problem after discovering what it was (this was my second or third Linux experience). The whole thing soured me for a few weeks on *nix as a whole.
Nevertheless, AC is right. If it was relvealed that the local Administrator account or the domain Administrator account was stored anywhere as plain text in Windows 2000, XP, or 2003, then MS would be reamed endlessly and very harshly here. Or do you honestly think people would be saying "oh, well, at least MS has a patch!" I'm no fan of Microsoft as a company, but denying that a bias exists on Slashdot about this kind of thing -- apologising for *nix, criticising Windows -- is just outright absurd.
Be honest. Everyone here knows that storing the root password as plain text is a clear program error. And since GNU/Linux is a rather secure OS that doesn't have this vulerability in any other distro, this code was added by the Ubuntu team. If this is the quality of code that the Ubuntu team is developing for it's distro, though, I do have to question why it is so popular. Why was such an obvious mistake missed? Who forgot to check how the root password is stored? Who forgets that kind of thing? Not the kind of developer I'd want to trust with my security, I'll tell you what.
More to the point, it's going to screw everyone equally. It seems highly unlikely for, say, Ford and GM to expect significant market gains because half the labor force in Europe and Japan just dropped dead. In case you hadn't noticed, half your market just dropped dead, too.
If theres anything sophisticated enough to bypass this level of paranoia then it can damn well have my credit card number and I'll gladly send spam for them.
The payload for the Chernobyl virus wrote zeros to sector 0 of your hard drive (which generally contians partition table information) and also tried to write garbage to any present Flash BIOS. You had to have a manual EEPROM reprogram to recover a so damaged BIOS.
However, this virus dates back to the innocent days where a virus would just destroy your data or computer, rather than steal your information for profit or turn your PC into another node in some botnet collective.
In our old style system, you had to have had a modicum of liberal arts before you went to school, not expecty to be taught it at the expense of your degree.
Sooo... I'm not getting it. Where's the difference? Either you already have to have it to apply, or you have to take it after you're there. No real difference, except for where the money goes. It should be no surprise that the American system tends to send all the money to one place.
In any case, while lowering our standards -- effectively what you're suggesting -- certainly would produce a greater number of engineers and scientists, it probably would not produce a greater number of quality engineers and scientists.
CG done in moderation or with good direction is excellent. So many entire scenes in Star Wars were shot with full green screen. George simply wasn't up to the task of directing the actors properly, and they needed more direction since no props existed at all. I mean, Natalie Portman and Hayden Christiansen are good actors. Look at their other work.
The editing was good. The cast was good. The special effects were really good. But the scripts sucked, and the direction was lacking.
I agree. Much like how creationists draw the wrong meaning from "theory" in "theory of evolution", the article is drawing incorrect conclusion by asserting that "reasonable" is not a reasonable standard.
Our laws are full of these subjective terms: "Reasonable doubt" -- The standard for determination of guilt in a criminal trial.
"Probable cause" -- The standard for search and arrest warrants. (With exceptions of "plain view" and "open fields", which are also phrases with specific legal requirements.)
"Reasonable suspicion" -- The standard for a police office to stop-and-frisk.
Probably because Virtual Racer didn't use the FX chip? Games that used the generic FX coprocessor got to benefit from the economics of scale. Or, you know, maybe it was just a lower quality chip.
Not that I know anything about Virtual Racer. I would never pay that much for a racing game.
No, read what you quoted again. The new study doesn't contradict previous studies at all. Indeed, it's not even studying the same thing.
"Previous studies have shown that people with high levels of education are less likely to develop Alzheimer's disease."
In other words, there is a negative correlation between education level and developing Alzheimer's.
"The new study shows that the brains of more educated people can tolerate changes for longer periods of time, meaning signs of decreased mental agility typical of Alzheimer's disease appear later."
The new study suggests that, among persons who already have Alzheimer's, persons with higher education have a much longer "incubation period" (meaning the time from initial infection to onset of symptoms -- placed in quotes because no parasite causes Alzheimer's and it's just conceptual here).
That is, there is a positive correleation between education level and duration of pre-symptomatic Alzheimer's.
"When those signs do appear, the disease progresses faster than it does in less educated patients."
All this says is that once symptoms appear -- the conceptual "incubation period" has ended -- persons with higher education levels progress more quickly. That is, there is a positive correlation between education level and rate of progression of symptom severity.
So if you're highly educated, you appear to be less likely to get it. And if you do get it, it takes a long time to develop into something that affects you. But if you do get it, once it does affect you, you're going downhill pretty fast.
Slashdot Mirror
Irrelevant. FCC regulations require service providers to connect any 911 emergency calls. That's why you can [supposedly] connect a phone to a jack with no service and dial 911, or use a cell phone that has no account and dial 911. It is Vonage's responsibility to see that this happens each time every time. There is no burden on the consumer for this one. If Vonage doesn't like it, they can choose not to be in the telcom business in the US.
Now, some of the reports I've read do say that Vonage connected him, but that the operators put him on hold. In that case, Vonage is not to blame as they met the requirments of law.
Oops. Forgot extrans. That's , , and tags.
Disabling ActiveX doesn't help. The workaround is to disable active scripting. That will also disable everything in , , and tags. That means everything from Java applets and Flash to JavaScript (and therefore stuff like AJAX and most DHTML events).
In other words, the "fix" is to use your browser in 1995 mode.
Well, hey, maybe IIS returns empty HTML documents faster than Apache.
Or maybe they hope to obfuscate their security by running Apache on Windows. Send all the malformed POST requests you want. Win32 isn't going to successfully execute your Linux code!
Ha. See, here HR would block the advancement because $Foo doesn't meet the specified minimum requirements.
Now, what they can do is post the job for only 3 days... and limit it to employees in a specified department. Then they can write up the job such that your target is the only person to apply for the job. Other persons who meet the qualifications would take a pay cut or already do the job. Nobody else meets the requirements.
Frankly, your best option is to start your own consulting firm. You can do the same work for three times the money, and at the end of the day you're your own boss.
That's a good point, techs vs engineers. The thing is, I don't think enough people draw that distinction with IT yet. It's still too new. I mean, if people in the IT field don't see it, how can we expect HR to? Although I'd say an OS kernel is more analagous to manufacturing steel rather than building the pressure vessel. The engineer doesn't really care about the exact processes behind fabricating the steel, just like a systems engineer doesn't need to care about the processes behind writing a kernel. You just pick the type of steel or kernel or database engine that does your job best and implement it. I'm not sure if I agree with you about COBOL, though. "Better" might mean "execute faster", but my [very limited] experience with COBOL suggests it was a language that really wasn't very extensible to massive projects, and it lacks a lot of the thought constructs that define modern programming languages. It also seemed rather low-level (although when designed it certainly wasn't) where you had to bother with thinking about how memory is organized and so forth. You still have to do that in C and C++, and that's one of the most often cited drawbacks of that language. I do remember seeing all kinds of FTE positions for COBOL programmers in the late 90's as the last of the old designers retired, though. I remember them paying pretty well, too. Again, though, you ought to pick your programming language based on the job at hand. If it's time critical and processor intenseive, Java is probably not a good choice. If it's massively distributed and fundamentally asynchronous, COBOL probably wouldn't work so well.
Reminds me of a job opening that stated -- literally -- "requires 10 or more years experience administering a Windows 2000 Active Directory domain.". This was back in late 2002, mind you. I actually called and asked about the position just to ask if it was a mistake, but they said the position had been filled. I still wonder who they found....
The problem is that HR doesn't understand the tech field. Someone with 2 years of direct experience is *highly qualified* because nearly all knowledge in IT is stale in 5 years. They expect IT to be like engineering. A pressure vessel is a pressure vessel, and even if the materials change the basic design is unchanged in over 100 years or so. Asking for 20 years experience is appropriate. Asking for 2 or 3 is asking for someone with no experience at all. You'll get a junior engineer who probably spent their time redrawing other people's designs in AutoCAD.
There's really three types of jobs in IT:
1. Menial. Mainly, this is help desk, but it also includes things like moving hardware from place to place, swapping backup tapes in a data center, pulling CAT5, punching down network/phone jacks, etc. You can easily do this job for 10 or 20 years in a sufficiently large company with little training at all. It doesn't change much, but they are absolutely vital for getting anything done. These are the jobs that most people get for the first year or two, and most people loathe them. The people who really stick with them are generally not the kind of people you'd trust with much of anything else. While technical understanding is important, the jobs themselves are repetitive, dull, and (in the case of help desk) infuriating. Many of these jobs are easy to outsource, although those that require on-site presense obviously require local businesses.
2. Consultant or contract. Here, the employer needs a specific skill set for a given period of time, and after that time they don't want to maintain the employee. All the employer wants is someone to get a single task done. App and web devs, infrastructure installation, and various "we need a person to give us X" jobs most often. These are were very popular in the earlier years of this decade, but IMX people are also beginning to see the severe limitations of consultant and contract work. Particularly, quality seems to suffer because the responsibility of a consultant is much less than that of an employee, and that's because the accountability is much less as well. A good consultant or contractor still does good work, of course, but since manageers tend to go for contractors that are at a cheaper rate than an FTE (IMX) they also tend to pay a lot of money for bad quality work. You get what you pay for. These jobs are always of a limited (often fixed) duration, so they can often be outsourced to a remote or overseas company easily enough.
3. Technical employee. Most often an FTE, these people get hired because they're able to learn something new quickly enough to adapt, and they have enough technical expertise to understand what's going on. These people tend to be the most expensive payroll-wise, but they also tend to be the highest quality since you get an adaptive expert in exactly the fields you want. In fields where the pool of quality employees is particularly small, such as OpenVMS, Unix, LISP programmers etc., the employee is almost never outsourced.
How long until they hackers then change the checksums or add the obvious GOTO 30 line?
I agree. Even looking at Windows XP, the following applications could be written with managed code:
IE (considering IE 6's security "model", this would be a really good idea)
Outlook Express (ditto)
Media Player (yeah, ditto again)
WordPad
Movie Maker
Paint
Image & Fax Viewer
Solitare and every other game
Exact same thing happened to me when I tried Slackware once, but IIRC the distro was mistakenly shipped with the wrong binaries. The kernel was compiled with a different version of gcc than was installed on the distro disk, and at the time I couldn't figure out how to fix the problem after discovering what it was (this was my second or third Linux experience). The whole thing soured me for a few weeks on *nix as a whole.
Be honest. Everyone here knows that storing the root password as plain text is a clear program error. And since GNU/Linux is a rather secure OS that doesn't have this vulerability in any other distro, this code was added by the Ubuntu team. If this is the quality of code that the Ubuntu team is developing for it's distro, though, I do have to question why it is so popular. Why was such an obvious mistake missed? Who forgot to check how the root password is stored? Who forgets that kind of thing? Not the kind of developer I'd want to trust with my security, I'll tell you what.
Ah, see, then your problem is porn. You need two hands to make a good shadow puppet scene, and that's one hand too many when watching porn.
IMX, ATI sucks with Windows drivers (Catalyst Control Center, anyone?). nVidia is the only video vendor with any decent Linux driver support.
More to the point, it's going to screw everyone equally. It seems highly unlikely for, say, Ford and GM to expect significant market gains because half the labor force in Europe and Japan just dropped dead. In case you hadn't noticed, half your market just dropped dead, too.
No. In hell, all databases are Excel spreadsheets.
However, this virus dates back to the innocent days where a virus would just destroy your data or computer, rather than steal your information for profit or turn your PC into another node in some botnet collective.
In any case, while lowering our standards -- effectively what you're suggesting -- certainly would produce a greater number of engineers and scientists, it probably would not produce a greater number of quality engineers and scientists.
CG done in moderation or with good direction is excellent. So many entire scenes in Star Wars were shot with full green screen. George simply wasn't up to the task of directing the actors properly, and they needed more direction since no props existed at all. I mean, Natalie Portman and Hayden Christiansen are good actors. Look at their other work.
The editing was good. The cast was good. The special effects were really good. But the scripts sucked, and the direction was lacking.
I agree. Much like how creationists draw the wrong meaning from "theory" in "theory of evolution", the article is drawing incorrect conclusion by asserting that "reasonable" is not a reasonable standard.
Our laws are full of these subjective terms:
"Reasonable doubt" -- The standard for determination of guilt in a criminal trial.
"Probable cause" -- The standard for search and arrest warrants. (With exceptions of "plain view" and "open fields", which are also phrases with specific legal requirements.)
"Reasonable suspicion" -- The standard for a police office to stop-and-frisk.
Every time I see the program VisiCalc mentioned, it get irked by the fact that the stupid thing will be covered by copyright until like 2050.
Copyright law is so broken.
Probably because Virtual Racer didn't use the FX chip? Games that used the generic FX coprocessor got to benefit from the economics of scale. Or, you know, maybe it was just a lower quality chip.
Not that I know anything about Virtual Racer. I would never pay that much for a racing game.
"Previous studies have shown that people with high levels of education are less likely to develop Alzheimer's disease."
In other words, there is a negative correlation between education level and developing Alzheimer's.
"The new study shows that the brains of more educated people can tolerate changes for longer periods of time, meaning signs of decreased mental agility typical of Alzheimer's disease appear later."
The new study suggests that, among persons who already have Alzheimer's, persons with higher education have a much longer "incubation period" (meaning the time from initial infection to onset of symptoms -- placed in quotes because no parasite causes Alzheimer's and it's just conceptual here).
That is, there is a positive correleation between education level and duration of pre-symptomatic Alzheimer's.
"When those signs do appear, the disease progresses faster than it does in less educated patients."
All this says is that once symptoms appear -- the conceptual "incubation period" has ended -- persons with higher education levels progress more quickly. That is, there is a positive correlation between education level and rate of progression of symptom severity.
So if you're highly educated, you appear to be less likely to get it. And if you do get it, it takes a long time to develop into something that affects you. But if you do get it, once it does affect you, you're going downhill pretty fast.