Here's my take on this issue, having developed one Android app and used many:
The real problem is developer education. There are LOTS of free (as in beer), or no cost, applications on the Android Market. Few of them, that I've found, are under a Free/Open Source license, if they even have a license at all. I'd guess that quite a few of those applications aren't intentionally kept closed, but are just written by developers who aren't used to the Open Source world, and aren't educated on why they should open their source (and I'm just thinking about the practical, have-someone-else-write-the-patch-for-you side of things). Google should be making more of an effort to educate developers, or at least point them in the right direction, about license choice.
My thoughts on what Google needs:
1) Add search functionality to the Market app to allow users to search both by price and by license.
2) ***IMPORTANT*** - there's currently a $25 listing fee on the Market. Drop it to $10 or $15 for apps with an open source license.
#2, while many will argue is not a good long-term business strategy, would at least boost app development by lowering the barrier for entry.
The HP T-series thin clients are quite nice. I have one in production driving a wall-mounted display. It's a t5000 series, specifically the t5735. It has DVI, VGA, parallel and serial, audio, USB, everything that a normal desktop has, AMD Sempron 2100+, 512MB RAM, 1 GB internal flash, and runs Debian Linux 4.0. By default, it has a stripped down Debian install, but has Gnome and gives you root access - I just added the packages that I needed and was ready to go (though it also has software for Citrix and RDP, etc.
HP lists it for around $500, I got an open box demo, with full warranty, for $130.
Having spent 2 years as a sysadmin suckered into supporting 40+ printers at a major University (luckily I got out of printer support a year or two ago), here's my advice:
1) "personal" = 2 years lifespan. Get something that's marketed as a "workgroup" or better printer. The home models are not built to last.
2) Don't buy anything without a wired Ethernet port.
3) In terms of OS compatibility, anything that supports IPP (port 9100) should work fine. If it has LPR or CUPS drivers for Linux, Mac will support it fine, and pretty much everything has Windows support. Generally if the manufacturer supports Linux, they support everything.
4) My personal experience is that Xerox is the best, HP is a close second. I'd stay away from Kyocera, even their million-plus-page models break all the time.
5) A laser is a must.
6) A good test for features is whether or not the printer supports SNMP. If it has both a web interface and SNMP support, it's actually designed for a business environment, and will generally support all OSes and have good functionality.
(Mind you, my personal printer at home is a 100-pound Xerox N4525. It does up to 11x17 borderless. I bought it as enterprise surplus with over 1,000,000 pages on it two years ago - for $20 - and I haven't even replaced the toner yet.)
Re:looks like it still loses history
on
BASH 4.0 Released
·
· Score: 1
1) passwords shouldn't appear in clear text on the command line. It's not BASH's problem... and program that doesn't have an argument to prompt for password is broken.
2) Realistically, while we should all work next to stenographers who take down every note that we mumble, we don't, I don't remember how many times I've asked myself "how the **** did I get that to work yesterday?" and found the answer in.bash_history.
Ahhh, generators, UPSs, and tigers, oh my!
I work at a University that supports close to 100,000 students, faculty, and staff. We've got lots of systems. We've got lots of backup plans. We've got multiple redundant UPSs, multiple generators, and machines with multiple PSs, split between different circuits.
I'm thoroughly convinced that the only way to have a truly redundant system is to have two mirrors --- on separate continents.
Murphy's Law. If you have *any* single point of failure, it WILL fail. At the worst possible time. If you have two generators, UPSs, etc. the one day the generators kick on, there WILL be a fire in the wiring closet.
Tandem folks weren't sure they knew how to power the system on properly - that's how long it had been running. Having a system that runs forever is a good thing. Letting your staff forget how to fix something (or even turn it on) because they haven't, is a bad thing.
When I was in high school, I worked in hardware support at a broadcast tv production house. They did everything from copying tapes to live feeds. We had a number of "legacy" systems - some of which came with envelopes of hand-written instructions, dating back 15 years. They were passed down from operator to operator, with the admonition, "Someone who worked here long before me left these, and said that someday, they'll same somebody's @$$."
I can't seem to find any mentions of someone figuring out exactly what this exploit/problem/etc. is. Seems really weird. I mean, *someone* has to have an infected machine that can be looked at. And what about SysAdmins doing something to at least perform post-compromise analysis? Even my *personal* webserver logs over syslog-ng to an append-only filesystem, and Bacula runs nightly MD5sums of pretty much the whole FS (not to mention remotely downloading the bacula binary every night and MD5summing that). At the very least, someone should be able to verify the technical details.
Something here reeks of FUD....
"GUIs provide metaphors for users, they have no place in administration." - GREAT quote.
And as to IIS/Apache/whatever else... telling people to use IIS when a problem is found that may involve Apache is as stupid as telling IIS people to use Apache when (another) IIS bug is found. Software is buggy. When the likes of Amazon, Google, etc. use Apache (or base their servers on it), I think it can be considered stable enough for production use. All software has flaws. That's a fact of life. Telling people to use a different package becaause of one bug is as narrow-minded as telling people to sell their Hondas/Fords/Chevys/Toyotas because you saw one in the shop.
Yes, I feel sorry for the people caught in the middle of this - and especially for the EBay buyers who don't know how to check out a potential seller, and get pinched. I was screwed over on ebay once, though from a seller with relatively high feedback who seemed to turn bad (though I did end up getting my item, with assistance from some friends in the local police detective bureau;) ).
But realistically... if people are so stupid to fall for this, don't they deserve it? I don't see it as being any different from walking down the street and a man in a dark alley asks you to drive this car to a user car dealer, when you sell it you get to keep 10%. Most people are supposed to find something fishy about that.
The bottom line is that the solution lies in education of the Internet citizenry. If people aren't smart enough to figure out what's kosher and what isn't (like doing a Google search for the company and seeing more than one almost identical web site with different contact information, or even better pulling WhoIs data) then there's a serious problem in security education. Moreover, I wonder how many people, who gave away PayPal information, would give their ATM PIN code to someone they've never met?
This being said, I went to high school with a kid - not the sharpest tool in the shed - who got an email a few years ago stating that if he deposited $5,000 in this offshore account, a month later they'd pay him $8,000. He did it - used almost all of his savings. He waited the month. He tried to contact them. Only two months later did he walk into the police department and tell them that he gave all of his money to a man from Nigeria who promised to give him more back, but he never got anything...
Give up on learning anything technical in school. The technology changes too fast for most schools to come up with working curricula in time, and when they do get that figured out, it's not enough knowledge to help with a job.
Learn business, management, maybe some financial or accounting stuff in school.
In your personal time, try to learn as much as possible. Learn a few things *really* in depth, but also remember that variety is good. If you're mostly a Java person, learn a bit of Python or PHP, and get some Unix knowledge.
Take a look at: http://www.inter-sections.net/2007/11/13/how-to-recognise-a-good-programmer/
Also remember that job experience is good, but personal experience is good too. Make some contributions to F/OSS projects or start your own.
Yes, the drinking age is a miserable 21. IMHO, a lot more kids drink irresponsibly just because it's illegal and frowned down upon.
The students should have been smart enough to restrict their photos so only people marked as friends could view them. But I don't know how this works with minifeeds.
Given the explosion of facebook outside of students, I think it would be a good move for Facebook to require users to register as a specific type, i.e. administrator, student, teacher, etc. and allow restriction of profile views by type.
As to the administrators, however, there has to be a line drawn between what the school concerns themselves with and what isn't any of their business. Sure, privacy isn't really at stake (they posted it on the 'net) but why is this the school's business? If the act didn't occur on school grounds, and the students didn't post the photos from school computers (that seems like the big issue) it seems like an issue for parents or local law enforcement. I don't see how schools could issue suspensions or detentions for something that didn't happen on school premises (though I'm 20, and I remember it happening quite often).
Who would stick their drive out on the Internet anyway? Sounds pretty scary to me... Western Digital makes good hard drives, that doesn't mean I trust their (closed-source) software's idea of security.
First of all, if the device is running Linux, the development team was probably using Linux, too. So you can bet that somewhere, their internal dev team has an update utility on Linux. Sure, it might be a command-line hack with no man page, let alone documentation, but it works!
Two main points-
1) The real issue here isn't supporting one OS vs. another, it's supporting multiple OS's. If TomTom stopped coding their desktop client in VB or C++ or whatever they use, and wrote it in Java or Python or Perl or anything else, they could have it up and running on any OS the users wanted. Yes, it's proprietary code. But I know that both Java and Python have the capability for pre-compiled, obfuscated code.
2) The fact is that, for the most part, the majority of the Linux community is still fairly technical. I know that I don't speak for all, but if I could get a Linux map update client for my Mio, I wouldn't ask for much. I don't need a fancy GUI like the Windows client. How 'bout a simple CLI program, something like "mapUpdate/dev/ttyS0/media/cdrom"
Aside from my personal ideas about censorship and about conservative views on parenting ("if we don't tell him about it, he'll never find out"), the big question is how much effort is this worth? Realistically, (especially since most kids know a lot more about computers than their parents, on average) the more controls you add, the more a kid will want to beat them, just because he can.
"The fact that middleware and operating system competition is taking place today is encouraging and an indication that the final judgments are enabling the competition that they are designed to protect," noted the DoJ and New York Group in their filing."
Aside from backend server OS's and middleware on systems that are already free of Window, where is the competition? I haven't seen much...
When I was an undergrad at RIT two years ago, they would regularly send the names of the top 10 or 20 uploaders to RIAA for investigation. With the speed of their networks, the "Top 10" class meant gigs per month.
I was in a philosophy class with one guy who had been fined around $40,000 by RIAA. He had to sell his car and drop out of school for a year. He said that he still shares music and movies, after all, "They took my car and a year of my college education. Now I feel like I DESERVE the music!"
Is Google doing this for US Government installations?
Personally, I think it's insane. Corrupting a global information source to prevent terrorists (or legitimate soldiers) from getting free satellite photos. So, what, the idea is that the bad guys don't have the $100 to purchase a custom hi-resolution photo?
Slashdot Mirror
Here's my take on this issue, having developed one Android app and used many:
The real problem is developer education. There are LOTS of free (as in beer), or no cost, applications on the Android Market. Few of them, that I've found, are under a Free/Open Source license, if they even have a license at all. I'd guess that quite a few of those applications aren't intentionally kept closed, but are just written by developers who aren't used to the Open Source world, and aren't educated on why they should open their source (and I'm just thinking about the practical, have-someone-else-write-the-patch-for-you side of things). Google should be making more of an effort to educate developers, or at least point them in the right direction, about license choice.
My thoughts on what Google needs:
1) Add search functionality to the Market app to allow users to search both by price and by license.
2) ***IMPORTANT*** - there's currently a $25 listing fee on the Market. Drop it to $10 or $15 for apps with an open source license.
#2, while many will argue is not a good long-term business strategy, would at least boost app development by lowering the barrier for entry.
The HP T-series thin clients are quite nice. I have one in production driving a wall-mounted display. It's a t5000 series, specifically the t5735. It has DVI, VGA, parallel and serial, audio, USB, everything that a normal desktop has, AMD Sempron 2100+, 512MB RAM, 1 GB internal flash, and runs Debian Linux 4.0. By default, it has a stripped down Debian install, but has Gnome and gives you root access - I just added the packages that I needed and was ready to go (though it also has software for Citrix and RDP, etc. HP lists it for around $500, I got an open box demo, with full warranty, for $130.
Having spent 2 years as a sysadmin suckered into supporting 40+ printers at a major University (luckily I got out of printer support a year or two ago), here's my advice: 1) "personal" = 2 years lifespan. Get something that's marketed as a "workgroup" or better printer. The home models are not built to last. 2) Don't buy anything without a wired Ethernet port. 3) In terms of OS compatibility, anything that supports IPP (port 9100) should work fine. If it has LPR or CUPS drivers for Linux, Mac will support it fine, and pretty much everything has Windows support. Generally if the manufacturer supports Linux, they support everything. 4) My personal experience is that Xerox is the best, HP is a close second. I'd stay away from Kyocera, even their million-plus-page models break all the time. 5) A laser is a must. 6) A good test for features is whether or not the printer supports SNMP. If it has both a web interface and SNMP support, it's actually designed for a business environment, and will generally support all OSes and have good functionality. (Mind you, my personal printer at home is a 100-pound Xerox N4525. It does up to 11x17 borderless. I bought it as enterprise surplus with over 1,000,000 pages on it two years ago - for $20 - and I haven't even replaced the toner yet.)
1) passwords shouldn't appear in clear text on the command line. It's not BASH's problem... and program that doesn't have an argument to prompt for password is broken. 2) Realistically, while we should all work next to stenographers who take down every note that we mumble, we don't, I don't remember how many times I've asked myself "how the **** did I get that to work yesterday?" and found the answer in .bash_history.
Ahhh, generators, UPSs, and tigers, oh my! I work at a University that supports close to 100,000 students, faculty, and staff. We've got lots of systems. We've got lots of backup plans. We've got multiple redundant UPSs, multiple generators, and machines with multiple PSs, split between different circuits. I'm thoroughly convinced that the only way to have a truly redundant system is to have two mirrors --- on separate continents. Murphy's Law. If you have *any* single point of failure, it WILL fail. At the worst possible time. If you have two generators, UPSs, etc. the one day the generators kick on, there WILL be a fire in the wiring closet.
I can't seem to find any mentions of someone figuring out exactly what this exploit/problem/etc. is. Seems really weird. I mean, *someone* has to have an infected machine that can be looked at. And what about SysAdmins doing something to at least perform post-compromise analysis? Even my *personal* webserver logs over syslog-ng to an append-only filesystem, and Bacula runs nightly MD5sums of pretty much the whole FS (not to mention remotely downloading the bacula binary every night and MD5summing that). At the very least, someone should be able to verify the technical details.
Something here reeks of FUD....
"GUIs provide metaphors for users, they have no place in administration." - GREAT quote.
And as to IIS/Apache/whatever else... telling people to use IIS when a problem is found that may involve Apache is as stupid as telling IIS people to use Apache when (another) IIS bug is found. Software is buggy. When the likes of Amazon, Google, etc. use Apache (or base their servers on it), I think it can be considered stable enough for production use. All software has flaws. That's a fact of life. Telling people to use a different package becaause of one bug is as narrow-minded as telling people to sell their Hondas/Fords/Chevys/Toyotas because you saw one in the shop.
Yes, I feel sorry for the people caught in the middle of this - and especially for the EBay buyers who don't know how to check out a potential seller, and get pinched. I was screwed over on ebay once, though from a seller with relatively high feedback who seemed to turn bad (though I did end up getting my item, with assistance from some friends in the local police detective bureau ;) ).
But realistically... if people are so stupid to fall for this, don't they deserve it? I don't see it as being any different from walking down the street and a man in a dark alley asks you to drive this car to a user car dealer, when you sell it you get to keep 10%. Most people are supposed to find something fishy about that.
The bottom line is that the solution lies in education of the Internet citizenry. If people aren't smart enough to figure out what's kosher and what isn't (like doing a Google search for the company and seeing more than one almost identical web site with different contact information, or even better pulling WhoIs data) then there's a serious problem in security education. Moreover, I wonder how many people, who gave away PayPal information, would give their ATM PIN code to someone they've never met?
This being said, I went to high school with a kid - not the sharpest tool in the shed - who got an email a few years ago stating that if he deposited $5,000 in this offshore account, a month later they'd pay him $8,000. He did it - used almost all of his savings. He waited the month. He tried to contact them. Only two months later did he walk into the police department and tell them that he gave all of his money to a man from Nigeria who promised to give him more back, but he never got anything...
Give up on learning anything technical in school. The technology changes too fast for most schools to come up with working curricula in time, and when they do get that figured out, it's not enough knowledge to help with a job. Learn business, management, maybe some financial or accounting stuff in school. In your personal time, try to learn as much as possible. Learn a few things *really* in depth, but also remember that variety is good. If you're mostly a Java person, learn a bit of Python or PHP, and get some Unix knowledge. Take a look at: http://www.inter-sections.net/2007/11/13/how-to-recognise-a-good-programmer/ Also remember that job experience is good, but personal experience is good too. Make some contributions to F/OSS projects or start your own.
Yes, the drinking age is a miserable 21. IMHO, a lot more kids drink irresponsibly just because it's illegal and frowned down upon.
The students should have been smart enough to restrict their photos so only people marked as friends could view them. But I don't know how this works with minifeeds.
Given the explosion of facebook outside of students, I think it would be a good move for Facebook to require users to register as a specific type, i.e. administrator, student, teacher, etc. and allow restriction of profile views by type.
As to the administrators, however, there has to be a line drawn between what the school concerns themselves with and what isn't any of their business. Sure, privacy isn't really at stake (they posted it on the 'net) but why is this the school's business? If the act didn't occur on school grounds, and the students didn't post the photos from school computers (that seems like the big issue) it seems like an issue for parents or local law enforcement. I don't see how schools could issue suspensions or detentions for something that didn't happen on school premises (though I'm 20, and I remember it happening quite often).
Who would stick their drive out on the Internet anyway? Sounds pretty scary to me... Western Digital makes good hard drives, that doesn't mean I trust their (closed-source) software's idea of security.
First of all, if the device is running Linux, the development team was probably using Linux, too. So you can bet that somewhere, their internal dev team has an update utility on Linux. Sure, it might be a command-line hack with no man page, let alone documentation, but it works! Two main points- 1) The real issue here isn't supporting one OS vs. another, it's supporting multiple OS's. If TomTom stopped coding their desktop client in VB or C++ or whatever they use, and wrote it in Java or Python or Perl or anything else, they could have it up and running on any OS the users wanted. Yes, it's proprietary code. But I know that both Java and Python have the capability for pre-compiled, obfuscated code. 2) The fact is that, for the most part, the majority of the Linux community is still fairly technical. I know that I don't speak for all, but if I could get a Linux map update client for my Mio, I wouldn't ask for much. I don't need a fancy GUI like the Windows client. How 'bout a simple CLI program, something like "mapUpdate /dev/ttyS0 /media/cdrom"
Aside from my personal ideas about censorship and about conservative views on parenting ("if we don't tell him about it, he'll never find out"), the big question is how much effort is this worth? Realistically, (especially since most kids know a lot more about computers than their parents, on average) the more controls you add, the more a kid will want to beat them, just because he can.
"The fact that middleware and operating system competition is taking place today is encouraging and an indication that the final judgments are enabling the competition that they are designed to protect," noted the DoJ and New York Group in their filing."
Aside from backend server OS's and middleware on systems that are already free of Window, where is the competition? I haven't seen much...
When I was an undergrad at RIT two years ago, they would regularly send the names of the top 10 or 20 uploaders to RIAA for investigation. With the speed of their networks, the "Top 10" class meant gigs per month. I was in a philosophy class with one guy who had been fined around $40,000 by RIAA. He had to sell his car and drop out of school for a year. He said that he still shares music and movies, after all, "They took my car and a year of my college education. Now I feel like I DESERVE the music!"
Is Google doing this for US Government installations?
Personally, I think it's insane. Corrupting a global information source to prevent terrorists (or legitimate soldiers) from getting free satellite photos. So, what, the idea is that the bad guys don't have the $100 to purchase a custom hi-resolution photo?