A 1kW power-supply? Was it for a 1970s mainframe?
Posts made by Vanders
-
RE: Planned server move!
@wonkoTheSane said:
3. There is no where in England that is 11 1/2 hours drive from london.... bearing in mind that the servers are staying in England... where is the rest of the time going?
Mandatory driver rest stops and speed limited lorries (They're not able to bomb down the motorway at 90MPH in a 7.5T wagon)
-
RE: The Method of Four Questionmarks
That's not terribly unusual. Some editors will even highlight such comments specially I.e. Vims C syntax highlighter will invert "XXX" at the start of a comment to make it easier to find.
-
RE: Paypal/Egg CC WTF?
@Volmarias said:
Paypal is technically not a bank
They are in Europe. PayPal Europe Sàrl & Cie, SCA (PayPal Luxembourg)
-
RE: Eee PC "security"
@morbiuswilters said:
If the server isn't running several distinct services, what's the difference between being root or being a restricted daemon account?
Most remote exploits of this type are not done by script kiddies who just want to trash your data. They are done by people who are looking for machines to add to their botnets, spam from, server illegal content from or otherwise do illegal or immoral things with on your dime.
The fact that you still aren't getting this leads me to believe you do not think critically about security but instead just parrot whatever you've read elsewhere.
The fact that you're disregarding over thirty years or learned experience of thousands of UNIX system administrators leads me to have lost a little more faith in humanity as a whole.
-
RE: Eee PC "security"
@morbiuswilters said:
@Vanders said:
Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges?
Interactive users should always log in under their own accounts. In many circumstances, running network-facing server processes with root privileges is no less secure than running them under a controlled account, but it all depends on your setup. If you are running several distinct services that have little-to-no interaction amongst them on the same machine, there should be separation of privileges. If you're running Apache and MySQL for a web app you wrote, what benefit are two different user accounts going to provide you with?
Remote exploits? If there is a remote exploit in whatever service you're running, and you're running the service as root, you've now got a remote root exploit running on your machine. If it's running as an unpriviliged user, it's an exploit still but the attacker is not going to automatically gain root access to your server.
Please tell me I don't need to explain why the possibility of allowing Joe Random Cracker gaining root on your servers is a bad idea? In fact, I'm kind of hoping you're going to tell me this entire thread has been a joke.
-
RE: Eee PC "security"
@morbiuswilters said:
@Vanders said:
I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.
The only thing that root can rm on my desktop machine that my user account cannot are system files. Since these are available for free on the Internet they are easily replaceable. My hard work which is not replaceable can be deleted by me. Also, all of my sensitive information like passwords, ssh keys and credit card numbers are all readable by my account. Also, if you're the type to "mash your keyboard" while doing an rm you are pretty much doomed to wipe out your home directory someday. Good luck with that.
You're basically saying "Yes, I can destroy my entire system, but I can just re-install it". Well sure, I guess. It just strikes me that taking reasonable steps to not destroy your system in the first place may be a better strategy here. Still, I'm heartened to learn that you never make a typo, so I guess it's never going to be an issue for you.
@morbiuswilters said:
@Vanders said:
Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.
In particular cirumstances, sure. If you have a machine that is only web and db server for your own app with nothing else running on it, where would be problem be?
Again, are you talking about interactive users, or are you seriously advocating running network-facing server processes with root privileges?
-
RE: Eee PC "security"
@morbiuswilters said:
Look, if you are working on a single-user machine there is no protection afforded by not running as root.
I know that there have been a few times where being a non-privileged user has saved my ass. Usually when I've mashed the keyboard when I'm doing something like an rm.
There's not a lot of sense to having different user accounts for a single-user machine. The same applies for dedicated web, db or mail servers.
Wait...what? I'm sure you're not suggesting that it's fine to run a server process under the root account, are you? Even if you're only talking about interactive user accounts, I can think of at least two reasons why it could be a good idea to have non-privileged users configured.
-
RE: EBay learns to add up
@belgariontheking said:
Not to mention that Euros aren't measured in the thousanths, just to the cents.
There go the plans for the French remake of [i]Superman III[/i]
-
RE: Geek Dating
@MasterPlanSoftware said:
@morbiuswilters said:
@Da' Man said:
There is a group called "Geek Dating" - you know, the kind of place where geek boys pretending to be girls and geek boys can get together.
FTFY.
Exactly. Everyone knows there are no girls on the intertubez! Just fat hairy guys pretending to be girls.
Which makes lesbian chat rooms hilarious...
[url=http://www.bash.org/?768122]Obligatory bash.org entry[/url]
-
RE: I hate cmd.exe
@morbiuswilters said:
No offense, but you seriously need to go back and re-read the entire thread instead of chiming in at the end.
No offence taken, because I did and I'm not. You're replying to things I never said, which is probably why you seem to think I'm disagreeing with you when in fact, we agree on most points.
I know bash is superior to cmd.exe. The point is it doesn't really matter that much since there are so many rich alternatives to batch scripting for Windows. I'm trying to shut up the UNIX freaks who keep pointing out cmd.exe's weakness as some kind of win for UNIX. I brought up the limitations of bash to point out that it's not perfect either and that most non-trivial scripts should be written in a higher language, although bash will go further than cmd.exe will.
Sure, but my point was that your limitions you highlighted were weak, and the argument that Windows has alternatives is just as valid on UNIX anyway, so you're right back at the question of "Who has the better shell scripting?" and not "Who has the better available scripting?" I personally don't really care that Windows cmd scripting is crap: my days of writing thousand-line scripts spread across multiple files are long behind me, thankfully.
@morbiuswilters said:
@Vanders said:
When was the last time you saw any moderately complex Bourne script that had to be portable across that many UNIX systems anyway? Most scripts tend never to leave the system they were written on, making it largely a moot point.
Plenty of times. However, I generally have more problems with different makes, ccs and libcs. Not everyone is writing scripts that only run on one server or one platform.
I'm not denying they exist, just that anyone who is trying to write any serious scripts that have to be multi-platform are doing it wrong and should be using a higher-level language. Which was sort of my point last time, but I didn't make it clear enough.
This is one place where Microsoft clearly wins because their higher-level scripting languages are ubiquitous across their OSes (or are incredibly easy to install) whereas the same isn't necessarily true in the UNIX world.
I'd say Perl fits the bill as a ubiquitous language on UNIX, even if I am allergic to it. I'm sure some spirited individuals might make a case for Python, too. Heck if push to comes to shove, what UNIX doesn't have a Postscript interpreter?
O.K, maybe not that last one.
-
RE: I hate cmd.exe
@morbiuswilters said:
The original point is that bash is more expressive than batch scripting but honestly both are pretty weak for any serious task and you will be better off using a higher-level language like perl or vbs which are pretty much standard for the respective platforms.
I'm not disagreeing with you on the last point, but having written large scripts in both I know which I prefer. Trying to do anything that requires much more than a list of commands to be executed in sequence using cmd scripts is tortuous, where at least Bourne has a proper series of flow control statements and comparison operators. It also doesn't rely on heavily abusing the 'for' statement for basic tasks, which I think we should both be able to agree has to be a bonus.
@morbiuswilters said:
@Vanders said:
Yes, different argument forms for certain commands such as find & dd are a pain, especially if you're new to *nix, but syntax issues are just One Of Those Things are arn't exactly a huge issue.
I'm not new to UNIX and I'm not talking about the difference in argument syntax between different programs, I'm talking about the different versions of the same program. If you haven't run into this problem, I would posit that it is you who are new to UNIX. The fact is, most applications have different arguments depending if you are using the BSD versions, GNU versions or some commercial variant.
"You" in the second person, not "You" personally.
You (1st) can posit if you must, but the last time I actually ran into this problem in the real world was when I had to log into a Solaris 7 machine, and I can't remember how long ago that was. When was the last time you saw any moderately complex Bourne script that had to be portable across that many UNIX systems anyway? Most scripts tend never to leave the system they were written on, making it largely a moot point.
I'm trying to bring balance to the discussion because I get tired of people comparing cmd.exe and bash and concluding that "Windows sucks".
It is a valid comparison if the comparison you are making is "Which has the better default command line language?". If the comparison is "Who has the best scripting language?" then you're asking the wrong question in a world of PERL, Python, Ruby and the like, most of which run on both systems anyway.
We can go back and forth over this all day, but I think we should just agree on who the real scripting villain is here: m4
-
RE: I hate cmd.exe
@morbiuswilters said:
@Spacecoyote said:
Exactly what, pray tell, makes bash a pain in the ass?
Well, for starters, you have to call to external programs to do most everything for you.
To be fair, that is pretty much a central design point of UNIX.
There's no telling what version of that program will be available or what arguments it will like or choke on. Also, there are differing formats for arguments to these programs like grep, sed and awk. Additionally, handling variable is pain. Want to compare strings? Oh, that's a different syntax than comparing numbers, unless you're using double-brackets! Better make sure you encase all strings in double-quotes and prepend with a dummy character just in case one of the strings is null! Oh, you want to atomically lock a resource? You're gonna need to write an external program in C to handle that so you can use O_EXCL.
Yes, different argument forms for certain commands such as find & dd are a pain, especially if you're new to *nix, but syntax issues are just One Of Those Things are arn't exactly a huge issue. There are plenty of modern languages that have multiple comparision operators, for example. Shell scripts arn't supposed to be a replacement for full blown applications, after all. Bourne (Again) shell scripting is usually more than adequate for small jobs.
-
RE: Beggars Belief
@RayS said:
@dancer said:
this particular marvel was the creation of a government employee,
Just wait until project version n+1, when this operating procedure will be added to the spec, because "that'sthe way we do things", and this will become the official and only supported method of bulk importing.
Hey, at that point you can then create a new full-time position within whichever department you work for, neatly creating a shiney new "important" job for one of your chums. It's genius I tell you!
I'll stop now before this becomes a political rant.
-
RE: Beggars Belief
@dancer said:
As one of the many techs involved in the UK national bus pass scheme
Is this a government scheme, and does it in some way involve one of the big five consulting firms? Because I'm far less surprised by the idiocy, if so. I think I've become desensitized to it.
-
RE: Lets just call them Bob and George
@emurphy said:
The original non-anonymized version might have had good reason to avoid renaming the arguments (e.g. the language allows passing arguments in a different order by specifying their names, or includes the arguments in auto-generated documentation)
Nope, it's C. You don't even have to name the arguments in the prototype if you don't feel like it, and it was from a small piece of self-contained code that doesn't warrant anything as grand as generated documentation.
-
Lets just call them Bob and George
Something I saw today in something I was looking at. This is one of those simple things that still left me scratching my head.
int function( type_t arg0, type_t arg1, int foo ) { type_t a0 = arg0; type_t a1 = arg1; ...
arg0 & arg1 are never used again throughout the rest of the function. I was inside a couple of nested code blocks when I saw this, so it took me some time to work my way back and find where a0 & a1 came from.
I guess this must have seemed easier than just changing the name of the arguments, at the time.
-
RE: Ubuntu Negative Packet Loss
More to the point, how did you ever get such horendously out of sequence replies on the loopback interface?
-
RE: Teach an idiot to phish, and he starves.
@wk633 said:
Except that the 'From:' was an obviously spoofed 'webmaster@wtfstate.edu' so even if I were dumb as a stump, there's no place for me to send my password to.
Are you sure there wasn't a valid "Reply-To:'?
-
RE: Stupid project manager remarks
@Lysis said:
That's because IT manager are too stupid to realize that QA is important. It's a common attitude that QA time is a "nice-to-have" rather than a necessity.
Or the ones who know you need testing, but assume that no bugs will be found so then never allocate any time for development to fix those bugs, nor any additional time for those bug fixes to be tested.
-
RE: You fail
So he didn't fully understand how the virtual networking in a Virtual Machine worked? Nothing really WTFy about that: lots of people don't get it. Hell, I was porting Qemu to a different OS last week and I was confused at times: bridging, NAT, virtual lans (Which Qemu unhelpfuly calls VLANs, which are something totally different), virtual adaptors, LANs, IP forwarding and any all combinations of the above. Anything moderatly complicated can get confusing real fast if you're not paying attention, because there are just so many layers and abstractions and translations going on.
-
RE: (Amazon) One of these things is not like the others.... one of these things just doesn't belong
@tdittmar said:
I wouldn't have thought of storage boxes if you'd just told me the name...
I dunno, the "Rubbermaid Storage Chest" sounds perfectly fine to...never mind.
-
RE: Meeeeeee toooooooo
Surely vandalising Wikipedia stopped being funny roughly five minutes after the first article was written?
-
RE: Hello World! Slashdot style
@Random832 said:
@Vanders said:
If the value of status is zero or EXIT_SUCCESS, an implementation-defined ... is returned. If the value of status is EXIT_FAILURE, an implementation-defined ... is returned. Otherwise the status returned is implementation-defined.
So, when is it not implementation-defined?
You've cut the important bits from the quote. When exit() is called with 0 OR EXIT_SUCCESS, the implementation should inform the system that the application has exited successfully. When exit() is called with EXIT_FAILURE, the implementation should inform the system that the application has exited but something was wrong. If exit() is called with any other value besides, 0, EXIT_SUCCESS or EXIT_FAILURE, it's upto the implementation (& the system) what happens: maybe calling exit() with a value of 461 will cause all of your user processes to be suspended? The standard doesn't say.
-
RE: Hello World! Slashdot style
@joemck said:
@Vanders said:
The only valid portable return values from main() are 0, EXIT_SUCCESS or EXIT_FAILURE.
Technically, you're only supposed to use EXIT_SUCCESS and EXIT_FAILURE, as not every imaginable system must use 0 for EXIT_SUCCESS. (despite the fact that they all do...)No, 0 is valid. As someone else kindly quoted from the C specification:
7.20.4.3 The exit function
Synopsis
1 #include <stdlib.h>
void exit(int status);
Description
2 The exit function causes normal program termination to occur. If more than one call to
the exit function is executed by a program, the behavior is undefined.
3 First, all functions registered by the atexit function are called, in the reverse order of
their registration.
4 Next, all open streams with unwritten buffered data are flushed, all open streams are
closed, and all files created by the tmpfile function are removed.
5 Finally, control is returned to the host environment. If the value of status is zero or
EXIT_SUCCESS, an implementation-defined form of the status successful termination is
returned. If the value of status is EXIT_FAILURE, an implementation-defined form
of the status unsuccessful termination is returned. Otherwise the status returned is
implementation-defined.
Returns
6 The exit function cannot return to its caller.#5 is the important bit.
-
RE: Hello World! Slashdot style
If nothing else, this thread seems to support the corollary!
-
RE: Hello World! Slashdot style
@asuffield said:
Which only goes to show that in order to do anything useful, you need to narrow your goals more. "Portable to any C implementation" is about as useful as "portable to run on any computer and also on my underpants", and about half as practical. The language and platform specs are useful, but an application written to the specs is an application that doesn't work on any actual systems.
I agree with your general sentiment, but in this particular instance I think it's more a case of being aware of the limitations of your tools and when and how they apply. In this particular case it doesn't even apply: Hello World! is an obvious contrived case where you're not expecting to produce a useful application. Anyone familiar enough with a language to claim competency should be able to write a Hello World! without introducing bugs, or at least they should be aware of where they have cut corners and bugs may be possible.
-
RE: Hello World! Slashdot style
@Tibby Lickle said:
I suppose the worst thing you can say is that the return value is unconventional - usually 0 is returned for success, but printf() returns the number of characters outputted. Apparently.
Pretty much. printf() will return the number of characters written or a negative value if an error occurs. The only valid portable return values from main() are 0, EXIT_SUCCESS or EXIT_FAILURE.
The WTF is not so much that one example: the WTF was that this was posted as an example of how easy it is to write scalable bug free code, handily proving the complete opposite. It's actually very hard to write even the most simple application and not to have any bugs or potential bugs. I also still think my proposed new law has merit :)
-
RE: Hello World! Slashdot style
@RichardNeill said:
What's the bug? Maybe I'm being daft, but I can't spot it. And it compiles and runs fine...
I'm wondering whether to point it out or to let TDWTF work it out :)
-
Hello World! Slashdot style
I've been thinking of formulating a new law of the internet: whenever someone attempts to write "Hello World!" in an online forum, they resulting code will always have at least one bug. Take this recent Slashdot example of a "bug free" example:
#include <stdio.h>
int main()
{
return printf("Hello world\n");
}There is a potential corollary that the thread will then dissolve into a discussion about how wrong the example is.
-
RE: Banner Ads - are they even trying anymore?
None of them. Ce n'est pas une langoustine.
-
RE: Mbox
Yeah, mbox is a strange one. Even in it's "standard" format it's pretty bad: using "From" as a separator in a format that is used to store email was such a poor design decision I can't decide if it was just ill thought out or outright malicious. Of course other developers have recognised the problem and then "fixed" it in their own variants by using a different separator. At last count the mbox importer I wrote for Whisper (my own mail client) can handle four different "mbox" formats, all with different separators.
Of course all of this pales in comparison to CSV files. Those have all sorts of interesting escaping and quoting rules depending on which variant you're dealing with.
-
RE: Frames Are Amazing!
Secure multi-mediation is the future of all webbing.
My God, that's brilliant. Has Gary considered advancing to the Sales Team?
-
RE: Those Pesky Hiding Viruses
I rename .ZIP to .XIP on the basis the .XIP is a registered file extension for WinZIP on Windows (& other platforms don't give a hoot what the file extension is anyway). Blocking .ZIP files is very irritating though. SourceForge have been doing it for years now, and it still occasionally trips me up when I forget to rename something before I send it.
-
RE: If you loved "third class programmer", you'll love "Life of an IT Grunt"
I kept thinking of CPound as I read the entire thing, except that CPound isn't racist.
-
RE: Why I Love BT
@valerion said:
Telwest (Virgin now) are equally hopeless.
Telewest were so hopeless they managed to drive me to switch my telephone service to BT. The complete story is too long and boring to go into fully, but it went something like this:Me: Hello Telewest, I'm moving house. Please transfer my TV, broadband and 'phone to my new house.
TW: You'll have to have a new 'phone number. We can't transfer that one to your new area.
Me: But that number was given to me when I originally lived in that same area two years ago. It was transferred here, now I want to transfer it back.
TW: Oh O.K then.
When the engineer installed the cable & phone he handed me the paperwork with...our new 'phone number on it. Oh. Right.
Me: We wanted our old number transferred.
TW: Oh dear, I'm not sure why that happened. We'll fix it.
Then we discover that my wifes mother had tried to call us and had instead spoken to a rather surprised couple who had just had their new Telewest 'phone installed. Apparently, Telewest gave them our number...
That took about a week to sort out. After that it went downhill. We had cross-connections (in this day and age?) and the line would just die, repeatedly. Every single time we reported it they would take upto four days to fix it. Every single time we spoke with someone, they would make a different excuse for it: "Kids got into the box and ripped the wires out.", "You're cross-connected via. a BT exchange and a BT engineer disconnected you.", "There's a problem in the amplifier on your street." We must have been the unluckiest 'phone customers on the planet.
When I'd finally had enough, even after all that they tried to pin me to the 12 month contract they claimed I had and tried to charge me for the remaining 10 months!
Still got Virgin for broadband & TV though.
-
RE: Why I Love BT
Having done a stint inside BT (Actually several, in different departments) I can at least point out that it isn't that simple. It shouldn't be much of a surprise to learn that the engineers can "tell Sales to connecting new customers to the wonky exchange" but that there is no way for Sales to know who they are connecting to what: Customer Services just hit the buttons on the application and the order gets entered and sent off. Even if the phone monkeys could see which exchange would be used and that the engineers had asked them not to connect people to it, what are they supposed to say to the punter? "I'm sorry, your house is in an area with a dodgy exchange. No 'phone for you!"
I'm not going to defend BT, but doesn't it seem like the logical thing to do would be for the engineers to actually test the line correctly when they punch it down, and for Engineering to actually fix the dodgy exchange and make everyone happy?
-
RE: Scat.ebay.co.uk
Microsoft Visual SourceSafe comes with a database "repair" tool named analyze.exe
Having had to admin Visual SourceSafe in the past I can tell you that tool is certainly well named. If you're not feeling wretched enough simply because of VSS, you'll certainly feel a lot worse after you've been anal-yzed.