Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment bah, next you'll claim MDs better than paperwork (Score 1) 356

Bah. I bet you think it would be more effective for doctors to spend 20 minutes with the patient rather than 4 minutes with the patient and 16 minutes on t government paperwork.

I bet you also think eating healthy foods like vegetables and whole grains works better than eliminating $15 copays by exchanging them for $163 tax expenditures.

Comment yes! the UK did remove guns and what happened was (Score 2) 784

Indeed that is the proper question. Does outlawing guns mean that you've assured bad guys that the law-abiding citizens are now defenseless victims, or will the criminals stop commiting crimes? The UK did ban guns, so we can actually see what happens.

Comparing the five years before the ban and the five years after, violent crime doubled. Murder increased about 70%. Rape increased by about 80%, as I recall. I can link to all the exact numbers if anyone cares to see them, but the overall trend is extremely clear - you should ban guns if you want more rapes, murders, and robberies. You should support self-defense if you prefer less violent crime.

Comment If you have 1 Apache admin, they better know Apach (Score 5, Insightful) 465

There is a good reason and a bad reason.

Where I work, there is very little overlap in skills between the IT people. One person is responsible for the old IBM database, for example. It's not a relational (sql) database, so nothing I know from MySQL applies. When we replace the IBM database guy, we're going to need someone else who knows that exact system. In fact, because there are so few people remaining who know the system, we are engaging in an 18 month project to rewrite everything for MS SQL shortly before the person retires.

My own job is programming Moodle, an LMS with over a million lines of code. That's roughly equal to an entire Linux distribution. Hiring someone with no Moodle experience would be roughly similar to hiring a Linux programmer with no Linux experience.

On the other hand, I once spoke to someone who wanted to hire a "PHP guru". I tried to explain there's no such thing. What he SHOULD have been looking for would be a web PROGRAMMER who knows PHP well. In many cases, skill in the field is far more important than above-average proficiency with a particular tool, but management sometimes doesn't understand that. If the person doing the hiring isn't particularly skilled in the job they are hiring for, they just don't know what is most important. For example, I would argue that for web programming, the WEB part is super important - good programmers who aren't web programmers aren't in the habit of thinking about security at every step, or scalability, nor are they necessarily skilled at stateless programming. A manager who isn't a very web programmer herself wouldn't know that though, so the best they can do sometimes is to look for someone experienced with the tools the company uses.

Comment same for Slashdot "foes" list? (Score 1) 170

Should you be fined if you put someone on your Slashdot "foes"list? It's pretty much the same thing. It's a list of IPs that Spamhaus is wary of because their system detected [criteria].

As it happens, some of their lists also works pretty well as an element to feed Spamassassin to help determine the likelihood that a message is spam. How that's weighted and if it's considered at all is entirely up to the admin of the system you're sending mail to.

Comment very clear in context, and easy configuation fix (Score 1) 170

While it's certainly possible for Pelosi or her UK counterpart to pass a dumb law so that they can find out what's in it, I don't think that's what Spamhaus is suggesting. In context, they could be talking about either of two things:

First, one could get a ticket for the specific issue that caused the problem in the article. The law doesn't say "your car must be safe", it explicitly says "your turn signals must work". Same here, you could specifically say that this particular common problem could result in a ticket.

Alternatively, TFA made reference to "once you know that your server is participating in an attack". A law could be made that once you're notified that your server is being used in an attack, you then need to take reasonable measures to prevent that from continuing or recurring. Here again "vulnerable" is clearly defined - if your server is still participating in the attack 48 hours after being notified, you can get a ticket. You can defend that ticket if you show that you took reasonable measures to address the problem.

Comment ROFTL no. Would have done so by 40 (Score 3, Insightful) 629

There are people who RUN businesses, and there are people who are EMPLOYED by businesses. If they haven't "taken over the company" by age 40, they almost certainly won't. If they've been an employee for 20-30 years, that's probably because that's their preference or where their strengths lie. They aren't going to take over anything.

Of course, there's the rare case of someone has has run several businesses by age 40 taking non-executive employment for some reason, but that's not the usual case. I've run a few companies and I took an 8-5, but I think I'm the only one in a building with ~200 people. Nobody else here is going to take over squat because they'd rather show up at 8, leave at 5, and and collect their steady paycheck and benefits.

Comment Wrong. POST for actions. REFERER, logs, SEs (Score 1) 629

> The difference in security between GET and POST is about the same as level ground vs. a finger nail sized piece of tissue paper on that same level ground, since it would have only stopped someone so incompetent to not have been a threat anyway.

Query strings (GET) are visible to other sites as the referer, and end up in their logs, which may well end up on Google. So if you're okay with the information being displayed with someone does a search for your domain name, it's okay for it to be in the query string. GET is for GETting publicly available documents, and the query string can be used to identify the document. The query string is also visible to third-party JavaScript and .. well just about everybody. So it's in no way private. Additionally, note that any number of people can GET this post and read it and that causes no problems. It can be cached and people can get it without the server knowing and that's fine.

POST is used to take actions, such as POSTing a message on Slashdot, logging in, logging out, deleting something, etc. That data isn't visible to other sites you visit. It's not part of the REFERER, or document.location, etc. Assuming either SSL or no MITM by someone with access to your network, POST data is private. Additionally, POST explicitly means it has some effect, so it should not be repeated, cached, etc. If you confuse the two, doing something (such as creating a Slashdot post) based upon a GET request, you my well end up doing the action multiple times when it should have been done only once, or not doing it at all when it should have been, because the request was answered by a cache. It's not okay to add four hard drives to my shopping cart when I click "Add to cart" once, so not knowing and respecting the difference is a significant security issue.

Comment ha you're one. like knowing what "arithmetic" is (Score 1) 242

If you want to compare it to mathematics, knowing that economics refers to either macroeconomics or microeconomics is more like knowing what "arithmetic" is.

Since you mentioned names, I'm guessing you thought the two main branches are "Keynesian and some other guy". That's fine, nobody is competent in EVERY field.

  If you didn't know the difference between arithmetic and calculus, you wouldn't argue math with mathematicians, would you? If you didn't know the difference between an Ethernet cable and power cable, you wouldn't argue about computer technology.

  Just know that since you clearly haven't so much seen the cover of an economics text, YOU DON'T KNOW ECONOMICS. If you're arguing about economics and you don't know whether you're discussing microeconomics or macroeconomics, you don't know what you're talking about, simple as that.

Slashdot Top Deals

The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay

Working...