Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment If you have 1 Apache admin, they better know Apach (Score 5, Insightful) 465

There is a good reason and a bad reason.

Where I work, there is very little overlap in skills between the IT people. One person is responsible for the old IBM database, for example. It's not a relational (sql) database, so nothing I know from MySQL applies. When we replace the IBM database guy, we're going to need someone else who knows that exact system. In fact, because there are so few people remaining who know the system, we are engaging in an 18 month project to rewrite everything for MS SQL shortly before the person retires.

My own job is programming Moodle, an LMS with over a million lines of code. That's roughly equal to an entire Linux distribution. Hiring someone with no Moodle experience would be roughly similar to hiring a Linux programmer with no Linux experience.

On the other hand, I once spoke to someone who wanted to hire a "PHP guru". I tried to explain there's no such thing. What he SHOULD have been looking for would be a web PROGRAMMER who knows PHP well. In many cases, skill in the field is far more important than above-average proficiency with a particular tool, but management sometimes doesn't understand that. If the person doing the hiring isn't particularly skilled in the job they are hiring for, they just don't know what is most important. For example, I would argue that for web programming, the WEB part is super important - good programmers who aren't web programmers aren't in the habit of thinking about security at every step, or scalability, nor are they necessarily skilled at stateless programming. A manager who isn't a very web programmer herself wouldn't know that though, so the best they can do sometimes is to look for someone experienced with the tools the company uses.

Comment same for Slashdot "foes" list? (Score 1) 170

Should you be fined if you put someone on your Slashdot "foes"list? It's pretty much the same thing. It's a list of IPs that Spamhaus is wary of because their system detected [criteria].

As it happens, some of their lists also works pretty well as an element to feed Spamassassin to help determine the likelihood that a message is spam. How that's weighted and if it's considered at all is entirely up to the admin of the system you're sending mail to.

Comment very clear in context, and easy configuation fix (Score 1) 170

While it's certainly possible for Pelosi or her UK counterpart to pass a dumb law so that they can find out what's in it, I don't think that's what Spamhaus is suggesting. In context, they could be talking about either of two things:

First, one could get a ticket for the specific issue that caused the problem in the article. The law doesn't say "your car must be safe", it explicitly says "your turn signals must work". Same here, you could specifically say that this particular common problem could result in a ticket.

Alternatively, TFA made reference to "once you know that your server is participating in an attack". A law could be made that once you're notified that your server is being used in an attack, you then need to take reasonable measures to prevent that from continuing or recurring. Here again "vulnerable" is clearly defined - if your server is still participating in the attack 48 hours after being notified, you can get a ticket. You can defend that ticket if you show that you took reasonable measures to address the problem.

Comment ROFTL no. Would have done so by 40 (Score 3, Insightful) 629

There are people who RUN businesses, and there are people who are EMPLOYED by businesses. If they haven't "taken over the company" by age 40, they almost certainly won't. If they've been an employee for 20-30 years, that's probably because that's their preference or where their strengths lie. They aren't going to take over anything.

Of course, there's the rare case of someone has has run several businesses by age 40 taking non-executive employment for some reason, but that's not the usual case. I've run a few companies and I took an 8-5, but I think I'm the only one in a building with ~200 people. Nobody else here is going to take over squat because they'd rather show up at 8, leave at 5, and and collect their steady paycheck and benefits.

Comment Wrong. POST for actions. REFERER, logs, SEs (Score 1) 629

> The difference in security between GET and POST is about the same as level ground vs. a finger nail sized piece of tissue paper on that same level ground, since it would have only stopped someone so incompetent to not have been a threat anyway.

Query strings (GET) are visible to other sites as the referer, and end up in their logs, which may well end up on Google. So if you're okay with the information being displayed with someone does a search for your domain name, it's okay for it to be in the query string. GET is for GETting publicly available documents, and the query string can be used to identify the document. The query string is also visible to third-party JavaScript and .. well just about everybody. So it's in no way private. Additionally, note that any number of people can GET this post and read it and that causes no problems. It can be cached and people can get it without the server knowing and that's fine.

POST is used to take actions, such as POSTing a message on Slashdot, logging in, logging out, deleting something, etc. That data isn't visible to other sites you visit. It's not part of the REFERER, or document.location, etc. Assuming either SSL or no MITM by someone with access to your network, POST data is private. Additionally, POST explicitly means it has some effect, so it should not be repeated, cached, etc. If you confuse the two, doing something (such as creating a Slashdot post) based upon a GET request, you my well end up doing the action multiple times when it should have been done only once, or not doing it at all when it should have been, because the request was answered by a cache. It's not okay to add four hard drives to my shopping cart when I click "Add to cart" once, so not knowing and respecting the difference is a significant security issue.

Comment ha you're one. like knowing what "arithmetic" is (Score 1) 242

If you want to compare it to mathematics, knowing that economics refers to either macroeconomics or microeconomics is more like knowing what "arithmetic" is.

Since you mentioned names, I'm guessing you thought the two main branches are "Keynesian and some other guy". That's fine, nobody is competent in EVERY field.

  If you didn't know the difference between arithmetic and calculus, you wouldn't argue math with mathematicians, would you? If you didn't know the difference between an Ethernet cable and power cable, you wouldn't argue about computer technology.

  Just know that since you clearly haven't so much seen the cover of an economics text, YOU DON'T KNOW ECONOMICS. If you're arguing about economics and you don't know whether you're discussing microeconomics or macroeconomics, you don't know what you're talking about, simple as that.

Comment specific, popup free, not weird. Girls Gone Wild (Score 1) 172

As you mentioned, people pay to get exactly what they want, something specific. Not so much sick and depraved, but specific. Either specific niches like Amelia G's work, or a specific style like Perfect 10. Girls Gone Wild is just flashing of boobs and they have a LOT of customers. See also Netvideogirls.com, a specific style / story line.

Aside from that, the megasites offer a plethora of porn with no popups, no viruses, no bullshit. The value proposition is there for anyone whose time has value.

Comment Obvious troll is obvious. Try more subtle next tim (Score 3, Insightful) 494

Next time try being a little more subtle - not even Obama himself thinks this mess will be fixed in six months.
If you want to pretend to be a left wing loony, "keep the gov't out of my medicare/obamacare" is a little too stupid.
Try "keep the evil businesses out of my business".

Comment Most /. opinions have no interest, vested or other (Score 0) 242

> You can easily have an opinion on something in which you have no vested interest.

I would venture to say that most opinions posted on Slashdot are from those with little or no interest in the subject.
I say this based on the manifest truth that most have little to no knowledge of the subjects upon which they opine.

For example, everyone on Slashdot has strong opinions on economic theory. Yet, fewer than 1% know the two main branches of economics - something you learn by merely looking looking at the TITLES of economics courses or textbooks, without attending a single day of class.

Slashdot Top Deals

You have a tendency to feel you are superior to most computers.