|
2003/3/4 [Uncategorized] UID:27590 Activity:nil |
3/4 I've got absolutely nothing interesting to say this morning. Just wanted to let you know. Thanks! |
2003/3/4 [Computer/SW/OS/Linux] UID:27591 Activity:low |
03/03 Novice question again: I have notice that we have rpm installed. I thought RPM is redhat/linux thingy. how come it is avaliable for BSD? Also... can normal monkeys (i.e. non-root) install rpm packages in their own directories? \_RPM is just a package format. You can conceivably RPM any type of binary, but I am assuming that Sloda is running Linux binaries in binary compatibility mode or whater. Just know that Net/Free/FooBSD can also run Linux binaries. You can't typically install an RPM unless you have the right permissions to read/write to /var and /usr/local. \_ RPM is just a package format. You can conceivably RPM any type of binary, but I am assuming that Sloda is running Linux binaries in binary compatibility mode or whater. Just know that *BSD can also run Linux binaries. You can't typically install an RPM unless you have the right permissions to read/write to /var and /usr/local. \_ RPM works on many platforms (I've seen it run on *BSD, Solaris, Linux and MacOS X) but it is most popular on RH based systems. If you have relocatable rpms and you can create your own rpm db in ~me/var/lib/rpm it is possible to get this to work. Most rpms aren't relocatable so in reality using rpm as a not root user isn't terribly useful. |
2003/3/4-6 [Computer/SW/Mail] UID:27592 Activity:very high |
3/3 There's a new sendmail root-exploit out there. Time to patch/upgrade. (soda isn't vulnerable, but anyone running versions below 8.12 are) \_ Incorrect. Every version since 5.19 or something is vulnerable up to and including 8.12.7. Looks like soda still needs to be upgraded. There's a patch out from FreeBSD, plus patches and 8.12.8 distributions at http://sendmail.org. Please correct your misinformation. -- randal <rand@sendmail.com> \_ soda was patched with a 8.12.6 patch. \_ Email to root. \_ So what? Sendmail is so buggy wrt security that it might as well have been written by M$ code monkeys. If you want a secure mail server try postfix or qmail. \_ yeah, that's what, the second root hole in the past 3 years! what a piece of shit! \_ yes. use qmail. \_ you're deluding yourself if you think that qmail wouldn't have just as many security problems if it were as widely used as sendmail. Reference: Theo and openssh. -tom \_ Meaning what? That as openssh became more popular more holes were discovered or that theo is a jerk so we should all not like openssh? \_ Theo is specifically a jerk who used to crow all the time about how secure his software was, then when it became more popular more holes were discovered. The exact same thing would happen with qmail if djb ever tried to make it into a generally useful program. -tom \_ So exactly how many remote root holes have been discovered in OpenSSH in the default config? Exactly 1. How many in OpenBSD's 7 yr history? Exactly 1. Theo might be an ass but his software is secure. Same for DJB. Coding secure software requires a particular mindset that the people working on Sendmail (and Bind) don't have. \_ since November 2001, there have been three remote root and two local root holes found in openssh--that's far worse than sendmail over the same period. -tom \_ tom, you make somewhat of a valid point, but i'm not talking about theo here, i'm talking about djb. qmail is the #2 MTA. how many qmail exploits have there been? besides, even if you are right, in practice it is still less vulnerable bc it is less targeted. the way i see it: unix is to windows as qmail is to sendmail. windows is more targeted, dumber people use windows, and windows is generally easier to find holes in. \_ I'm sure qmail is not the #2 MTA--#1 and #2 have to be sendmail and Exchange. In any case, it may be true that qmail is inherently more secure than sendmail, but if so, it's at least partly because of design decisions which make qmail difficult to use in the real world. -tom \_ Exchange? I guess technically it's an MTA but using Exchange in the same sentence as "security" seems pointless. Anyway, I agree qmail sucks to use in the real world. Actually it more than sucks. \_ Qmail doesn't suck any worse than sendmail. People are just so used to the pointless complexity of sendmail that they don't really notice it. Has anyone written a 500 page book on how to use qmail? No. This is because it is not as hard to use. -ausman \_ don't be silly--qmail's configuration is simpler than sendmail's, but it doesn't support anything near the same level of configurability. -tom \_ And for most folks a standard install of sendmail works fine, btw. qmail requires all sorts of tedious bullshit. So although making any serious changes to sendmail can be nearly impossible, most people won't need to anyway. \_ installing qmail is a breeze. the only tedious bullshit here is your comment. --aaron \_ Having used both extensively I'll simply disagree as a matter of personal choice. Sendmail is bad but qmail is worse. |
2003/3/4 [Reference/Tax, Industry/Jobs] UID:27593 Activity:high |
3/3 I have been searching Google and also contacting some friends regarding the going rate for a 3 month contracting position that might become full time at a big internet company in Mountain View. The duties consist of works for a backend Java and Java-related technologies developer. I have about 5 years of working experience with about 2 years of Java and Java-related technologies working experience. I have a BS in EECS from Cal. However, I have never done any contracting work before, but have a very broad set of skills, very capable, and very fast learner. The numbers that I found seem a bit high for the current market; $100-$200/hr DOE. Will anyone here point me to some recent surveys (2003 or late 2002) and/or provide some comments based on their own (or people that know) experiences and also how to best negotiate while keeping the door open for the full time conversion? Thanks!! \_ holy sh*t that's a lot of money \_ no it isnt. \_ DOE is the key. A fresh-out-of-college type should be happy with $40/hr. A senior with a decade of seasoning and reasonably being a contractor so they *have* to charge what looks like an obscene amount of money to make it worth it. The guy I replaced was making $300/hr but by in the last few months he was only doing an hour or two a day. Sometimes none. His only duty was doing interviews to repalce himself. My salary? 20% of his rate plus some minor benefits. If they like you and need you, they'll convert your expensive contractor ass as fast as possible, so don't worry about that part. See if you can get them to blink first by making an offer or stating a range or something. If not, then say that you'd like $X (I suggest $200/hr) but that the rate really isn't the issue since your goal is to convert to FTE after a reasonably short time period. agressive skills maintainance can expect substantially more. Generally we take the FTE equivalent and multiply by 0.75 to get a reasonable rate for short term contractors. \_ that assumes full time employee \_ here's why: contractors get screwed on taxes and benefits and are the first to go when heads roll and a bunch of other badness about \_ screwed on benefits: true. screwed on head roll: true screwed on taxes, not even close. Self employment tax comes out exactly the same as regular exempt employees making the same amount of $$$. \_ They suggested a range of $60-$65/hr. They are really low-balling me then? -op \_ I've read $1/hour for every $1K/year you'd make on salary. \_ Industry standard is 0.6 to 0.75 these days. -hiring mgr \_ As a contractor, you need to cover your own benefits and unemployment insurance (i.e., savings). $1.5-$2/hour for every $1k/year is where I start. \_ assuming you contract for 2k hours per year, this works out to 3 to 4x regular salary for a contract. i did 3x in '98 '99, and i was close to 4x '00 '01. i'm down to hmmm 2.5x now. where are you getting contracts today that are in the 3 to 4x range? \_ $60-$65/hour seems really fair now adays. I've seen rates as low as $40/hour for some senior level contract gigs. Email me if you wanna take it offline --chris \_ That's really low for contracting. I suggest you ask them flat out when/IF you'd convert to FTE and what the salary would be. If you like the final salary, get them to put it in writing that after X months (I suggest 2-3 max) at their super low-ball rate, they convert you to FTE at the previously agreed upon salary. If they'll do that and you're happy with the FTE, then consider the contract rate as a sort of probationary period and just do it at whatever rate. If they won't do that, then your odds of converting are near zero and you should ask for more. --same long winded person from above \_ This is a silly idea. If they were willing to commit to a full time hire, they wouldn't be using a contractor probation period in the first place. \_ C2H is pretty common. I'd be surprised if less than a majority lead to conversion, or end if you suck. \_ Only if you're looking for FTE.... \_ The big hit is self-employment tax. Basically, you pay your own payroll tax. Plus paying for benes. And you're only paid after you bill. Overhead costs (not including time to do your own paperwork) is easily 30%, less if you want to skimp on benes (ie. covered by spouse insurance, etc.). So $60/hr contract -> $42/hr FTE -> $80K yearly + minor benes. \_ Wrong! Most bene packages are only worth about $10k/year or less (usually a lot less). \_ Cost to employer is on order of 30% of salary - this includes benefits, sick/vacation/holiday, 401k match if present, and their share of the employment tax. Also, no one is listing 1099 vs W2 contracting. \_ Is anyone even able to get a contract job in the past few years? -ax \_ They are popping up more often now. I've still got a few friends recruiting and that's what I'm seeing/hearing. --chris \_ I just updated my job search profile for the first time in 18 months and got my first set of new job emails this morning. It looks like 1998 out there for full timers! |
2003/3/4 [Transportation/Bicycle] UID:27594 Activity:low |
3/3 Ok I'm considering one of the two options on my bike: http://www.hyperlites.com http://www.riderstation.com Which one would you guys recommend? \_ I'm not so sure that having flashing lights on the back of your bike would be legal, but then again, I'm not the one considering doing this. Make sure it's legal first. \_ I think the flash 5 secs then solid would be legal, but not the continuous mode. I'm not sure either is a good idea - distracting drivers may not be fully effective. \_ i just bought lifebrites, cheaper than hyperlites for universal use. also be sure you can be seen from the front, too. \_ where'd you mount them, on the side of the plates? |
2003/3/4-5 [Uncategorized] UID:27595 Activity:moderate |
3/3 Formula for interpreting contractor salary vs FTE. X = $/hr FT contract; Y k$/yr FTE Y = X*2 - benefit allowance - instability margin benefit allowance is a constant around $5000(bachelor)-$10000(family4) instability margin is an allowance for the time you will spend finding a new job after your contract expires (season to taste) \_Reality check: charge as much as you can get away with. No, the world doesn't work according to arbitrary formulas, son... \_ It's better than nothing. Thanks! |
2003/3/4 [Politics/Foreign/Europe] UID:27596 Activity:very high |
3/4 Umberto Eco on the US, France, and Iraq: http://csua.org/u/a2c (from http://Haaretz.com) \_ I like that. "We should let evil assert itself fully before we do anything about it." Apparently nobody informed the UN that an ounce of prevention is worth a pound of cure. \_ you're an idiot. \_ I admire your intellectual prowess and quick wit! You've completely won me over to your point of view with a clever sense of the moment intertwined with a rich philosophy of the state of mankind. \_ How 'bout this. The sentiment expressed above is exactly what Mr. Eco is talking about. And if you weren't blinded (deafened?) by sabre rattling, you might be able to see that. A first-strike aggression is not "an ounce of prevention." --scotsman \_ First strike is prevention. Waiting them to strike is like waiting for Hilter to invade Poland before taking him out. \_ Just because Umberto Eco wrote it, it's true? Besides, he was saying that it is prevention, he was just saying that prevention is not necessarily prudent. And his main point had nothing to do with that anyways. -mlee \_ Mike, you're talking over yourself. (pronoun trouble) What comments are you disputing? --scotsman \_ The first line was a rhetorical question so "it" clearly refers to anything that Eco may write. The "it" in the second line refers to first-strike aggression. Eco was writing more to the effect of how improper emotional responses can be--especially in these times--regardless of whether they are emotional pro-war or anti-war sentiments, much like the sentiment you wrote in response to the op. -mlee \_ I was actually referring to the plethora of "he"'s, but I see what you're getting at. Mine was less of an emotional response than the "op"'s [sic]. His is a fear based response. I believe calling for measured response based on a multilateral platform is far less emotional than saying "bomb them before they bomb us" --scotsman \_ True. op was emotional. But we should bomb them--so that our bombs don't rust. -mlee \_ why isn't this 'intellectual' protesting the invasion of Ivory Coast by France? Coast by France? And he states 'as the Western democracies eventually managed to eliminate the Soviet dictatorship without launching atomic weapons.' Sorry Eco, you are wrong- it was overwhelmingly the UNITED STATES, with the help of Koreans, Vietnamese, etc. that defeated the Soviets. The US taxpayer payed for it and the US soldier died for it. France tried to play the Soviets against the US, all the while secure under the US nuclear umbrella. All of Europe treaded towards massive socialist behemoths, all subsidized by Uncle Sam. Exactly how are France and Germany able to conduct billions of dollars of business in Iraq with 17 UN sanctions in place. Sorry, this article is trash. \_ You should learn history before spouting. Korea? Vietnam? Chinese supplied. They're still around. How many left-wing terrorists were there in the US during the Cold War? Europe took the brunt of that. And the US has companies that have bypassed the sanctions too. See Dick Cheney? He partnered up with Haliburton and helped Iraq out. There are 6000 pages of the report given by Iraq about who supplied them with their suspected WoMD. US, France, Germany, Britain, and Russia have had the UN censor them out so the companies listed aren't exposed. Viva Capitalism! Viva Free Market! \_ Umm yea, a country who finished one civil war, and in which 10-20 million died in the Cultural Revolution, provided the material support for the Cold War - please. My point was both the Koreans and the Vietnamese suffered large casualties. The same can not be said of any European country. France turned tail and ran after Bien Dien Phu. I did not deny US businesses have operated in Iraq - however this activity is not a full-scale blatant ignoring UN sanctions as is for Germany and France. this activity is not a full-scale, government sanctioned flagrant disregard for the UN sanctions in place, as is for Germany and France. The point is thugs need to be removed once they exhaust their usefulness. Also, I'd be very interested in what 'brunt' Europe endured - it would be very enlightining. \_ So it was the Soviets that fought in Korea and Vietnam? And those 30+ million who died in the Soviet Union during WWII made them helpless? And if the US didn't give the okay to ship stuff from US to Iraq who did? During the Cold War, Europe endured ongoing assasinations, terrorist bombings and actual invasion threats by the USSR. \_ Regardless of who footed the bill, "the Western Democracies eventually managed to eliminate the Soviet dictatorship without launching atomic weapons." His argument stands. \_ I find your cavalier attitude about 100,000 + dead US troops and several trillion US taxpayer dollars pathetic. |
2003/3/4-5 [Computer/Networking] UID:27597 Activity:kinda low |
3/4 Anybody gotten telemarketing calls from ATT broadband telling you to switch from DSL to cable internet. And when you talk to them some more they tell you that it's not available in your area yet? WTF? \_ maybe they're researching the feasibility of brining the service to your area. \_ No. !!! |
2003/3/4 [Uncategorized] UID:27598 Activity:nil |
3/4 G-Spot rocks the G-Spot! |
2003/3/4-5 [Computer/SW/Languages/Perl] UID:27599 Activity:moderate |
3/4 perl god, I want to match AAA but not AAAA, so I tried perl -ne 'print if /A{3}/' How come it still matches both AAA and AAAA? - perl tyro \_ /(?<!A)A{3}(?!A)/ \_ try /[^A]A{3}[^A]/ (edited) your syntax matches AAAA because AAA is within AAAA (ie, it could be AAA or AAAA or AAAAA or sdfAAAsdfa, and it'd match). This syntax says after the 3 A's, match any character that's NOT A. \_ you probably want something like /^(.*[^A])?A{3}([^A].*)?$/ (otherwise you won't match "AAAfgdsfg" or "dsgffdsAAA") -alexf \_ This won't match multiple AAA's on the same line, will it? (i'm still a grade schooler in regexp foo) \_ Yes, it will match the first set, so that's still a match. But it makes assumptions about lines and so forth. |