| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 2003/3/4 [Uncategorized] UID:27590 Activity:nil |
3/4 I've got absolutely nothing interesting to say this morning. Just
wanted to let you know. Thanks! |
| 2003/3/4 [Computer/SW/OS/Linux] UID:27591 Activity:low |
03/03 Novice question again: I have notice that we have rpm installed.
I thought RPM is redhat/linux thingy. how come it is avaliable
for BSD? Also... can normal monkeys (i.e. non-root) install rpm
packages in their own directories?
\_RPM is just a package format. You can conceivably RPM any type of
binary, but I am assuming that Sloda is running Linux binaries in
binary compatibility mode or whater. Just know that
Net/Free/FooBSD can also run Linux binaries.
You can't typically install an RPM unless you have the right
permissions to read/write to /var and /usr/local.
\_ RPM is just a package format. You can conceivably RPM any type
of binary, but I am assuming that Sloda is running Linux binaries
in binary compatibility mode or whater. Just know that *BSD can
also run Linux binaries. You can't typically install an RPM unless
you have the right permissions to read/write to /var and /usr/local.
\_ RPM works on many platforms (I've seen it run on *BSD, Solaris,
Linux and MacOS X) but it is most popular on RH based systems.
If you have relocatable rpms and you can create your own
rpm db in ~me/var/lib/rpm it is possible to get this to
work. Most rpms aren't relocatable so in reality using
rpm as a not root user isn't terribly useful. |
| 2003/3/4-6 [Computer/SW/Mail] UID:27592 Activity:very high |
3/3 There's a new sendmail root-exploit out there. Time to patch/upgrade.
(soda isn't vulnerable, but anyone running versions below 8.12 are)
\_ Incorrect. Every version since 5.19 or something is vulnerable
up to and including 8.12.7. Looks like soda still needs to be
upgraded. There's a patch out from FreeBSD, plus patches and
8.12.8 distributions at http://sendmail.org. Please correct your
misinformation. -- randal <rand@sendmail.com>
\_ soda was patched with a 8.12.6 patch.
\_ Email to root.
\_ So what? Sendmail is so buggy wrt security that it might as well
have been written by M$ code monkeys. If you want a secure mail
server try postfix or qmail.
\_ yeah, that's what, the second root hole in the past 3
years! what a piece of shit!
\_ yes. use qmail.
\_ you're deluding yourself if you think that qmail
wouldn't have just as many security problems if
it were as widely used as sendmail. Reference:
Theo and openssh. -tom
\_ Meaning what? That as openssh became more
popular more holes were discovered or that theo
is a jerk so we should all not like openssh?
\_ Theo is specifically a jerk who used to
crow all the time about how secure his
software was, then when it became more
popular more holes were discovered. The
exact same thing would happen with qmail
if djb ever tried to make it into a
generally useful program. -tom
\_ So exactly how many remote root holes
have been discovered in OpenSSH in
the default config? Exactly 1. How
many in OpenBSD's 7 yr history?
Exactly 1. Theo might be an ass but
his software is secure. Same for DJB.
Coding secure software requires a
particular mindset that the people
working on Sendmail (and Bind) don't
have.
\_ since November 2001, there have been
three remote root and two local root
holes found in openssh--that's far
worse than sendmail over the same
period. -tom
\_ tom, you make somewhat of a valid point, but i'm not talking
about theo here, i'm talking about djb. qmail is the #2 MTA.
how many qmail exploits have there been? besides, even if
you are right, in practice it is still less vulnerable bc
it is less targeted. the way i see it:
unix is to windows as qmail is to sendmail.
windows is more targeted, dumber people use windows, and
windows is generally easier to find holes in.
\_ I'm sure qmail is not the #2 MTA--#1 and #2 have to be
sendmail and Exchange. In any case, it may be true that
qmail is inherently more secure than sendmail, but if so,
it's at least partly because of design decisions which
make qmail difficult to use in the real world. -tom
\_ Exchange? I guess technically it's an MTA but using
Exchange in the same sentence as "security" seems
pointless. Anyway, I agree qmail sucks to use in the
real world. Actually it more than sucks.
\_ Qmail doesn't suck any worse than sendmail.
People are just so used to the pointless
complexity of sendmail that they don't really
notice it. Has anyone written a 500 page book
on how to use qmail? No. This is because it is
not as hard to use. -ausman
\_ don't be silly--qmail's configuration is
simpler than sendmail's, but it doesn't
support anything near the same level of
configurability. -tom
\_ And for most folks a standard install of
sendmail works fine, btw. qmail requires
all sorts of tedious bullshit. So although
making any serious changes to sendmail can
be nearly impossible, most people won't need
to anyway.
\_ installing qmail is a breeze. the
only tedious bullshit here is your
comment. --aaron
\_ Having used both extensively I'll simply
disagree as a matter of personal choice.
Sendmail is bad but qmail is worse. |
| 2003/3/4 [Reference/Tax, Industry/Jobs] UID:27593 Activity:high |
3/3 I have been searching Google and also contacting some friends regarding
the going rate for a 3 month contracting position that might become
full time at a big internet company in Mountain View. The duties
consist of works for a backend Java and Java-related technologies
developer. I have about 5 years of working experience with about 2
years of Java and Java-related technologies working experience. I have
a BS in EECS from Cal. However, I have never done any contracting work
before, but have a very broad set of skills, very capable, and very
fast learner. The numbers that I found seem a bit high for the current
market; $100-$200/hr DOE. Will anyone here point me to some recent
surveys (2003 or late 2002) and/or provide some comments based on their
own (or people that know) experiences and also how to best negotiate
while keeping the door open for the full time conversion? Thanks!!
\_ holy sh*t that's a lot of money
\_ no it isnt.
\_ DOE is the key. A fresh-out-of-college type should be happy with
$40/hr. A senior with a decade of seasoning and reasonably
being a contractor so they *have* to charge what looks like an
obscene amount of money to make it worth it. The guy I replaced
was making $300/hr but by in the last few months he was only doing
an hour or two a day. Sometimes none. His only duty was doing
interviews to repalce himself. My salary? 20% of his rate plus
some minor benefits. If they like you and need you, they'll convert
your expensive contractor ass as fast as possible, so don't worry
about that part. See if you can get them to blink first by making
an offer or stating a range or something. If not, then say that
you'd like $X (I suggest $200/hr) but that the rate really isn't
the issue since your goal is to convert to FTE after a reasonably
short time period.
agressive skills maintainance can expect substantially more.
Generally we take the FTE equivalent and multiply by 0.75 to get
a reasonable rate for short term contractors.
\_ that assumes full time employee
\_ here's why: contractors get screwed on taxes and benefits and are
the first to go when heads roll and a bunch of other badness about
\_ screwed on benefits: true. screwed on head roll: true
screwed on taxes, not even close. Self employment tax comes
out exactly the same as regular exempt employees making the
same amount of $$$.
\_ They suggested a range of $60-$65/hr. They are really
low-balling me then? -op
\_ I've read $1/hour for every $1K/year you'd make on salary.
\_ Industry standard is 0.6 to 0.75 these days. -hiring mgr
\_ As a contractor, you need to cover your own benefits and
unemployment insurance (i.e., savings).
$1.5-$2/hour for every $1k/year is where I start.
\_ assuming you contract for 2k hours per year, this works
out to 3 to 4x regular salary for a contract. i did 3x
in '98 '99, and i was close to 4x '00 '01. i'm down to
hmmm 2.5x now. where are you getting contracts today
that are in the 3 to 4x range?
\_ $60-$65/hour seems really fair now adays. I've seen rates
as low as $40/hour for some senior level contract gigs.
Email me if you wanna take it offline --chris
\_ That's really low for contracting. I suggest you ask them
flat out when/IF you'd convert to FTE and what the salary
would be. If you like the final salary, get them to put it
in writing that after X months (I suggest 2-3 max) at their
super low-ball rate, they convert you to FTE at the previously
agreed upon salary. If they'll do that and you're happy with
the FTE, then consider the contract rate as a sort of
probationary period and just do it at whatever rate. If they
won't do that, then your odds of converting are near zero and
you should ask for more. --same long winded person from above
\_ This is a silly idea. If they were willing to commit to
a full time hire, they wouldn't be using a contractor
probation period in the first place.
\_ C2H is pretty common. I'd be surprised if less than
a majority lead to conversion, or end if you suck.
\_ Only if you're looking for FTE....
\_ The big hit is self-employment tax. Basically, you pay your
own payroll tax. Plus paying for benes. And you're only
paid after you bill. Overhead costs (not including time to
do your own paperwork) is easily 30%, less if you want to
skimp on benes (ie. covered by spouse insurance, etc.). So
$60/hr contract -> $42/hr FTE -> $80K yearly + minor benes.
\_ Wrong! Most bene packages are only worth about $10k/year
or less (usually a lot less).
\_ Cost to employer is on order of 30% of salary - this
includes benefits, sick/vacation/holiday, 401k match
if present, and their share of the employment tax.
Also, no one is listing 1099 vs W2 contracting.
\_ Is anyone even able to get a contract job in the past few years?
-ax
\_ They are popping up more often now. I've still got a few
friends recruiting and that's what I'm seeing/hearing. --chris
\_ I just updated my job search profile for the first time in 18
months and got my first set of new job emails this morning. It
looks like 1998 out there for full timers! |
| 2003/3/4 [Transportation/Bicycle] UID:27594 Activity:low |
3/3 Ok I'm considering one of the two options on my bike:
http://www.hyperlites.com
http://www.riderstation.com
Which one would you guys recommend?
\_ I'm not so sure that having flashing lights on the back of your
bike would be legal, but then again, I'm not the one considering
doing this. Make sure it's legal first.
\_ I think the flash 5 secs then solid would be legal, but not
the continuous mode. I'm not sure either is a good idea -
distracting drivers may not be fully effective.
\_ i just bought lifebrites, cheaper than hyperlites for universal use.
also be sure you can be seen from the front, too.
\_ where'd you mount them, on the side of the plates? |
| 2003/3/4-5 [Uncategorized] UID:27595 Activity:moderate |
3/3 Formula for interpreting contractor salary vs FTE.
X = $/hr FT contract; Y k$/yr FTE
Y = X*2 - benefit allowance - instability margin
benefit allowance is a constant around $5000(bachelor)-$10000(family4)
instability margin is an allowance for the time you will spend
finding a new job after your contract expires (season to taste)
\_Reality check: charge as much as you can get away with.
No, the world doesn't work according to arbitrary formulas, son...
\_ It's better than nothing. Thanks! |
| 2003/3/4 [Politics/Foreign/Europe] UID:27596 Activity:very high |
3/4 Umberto Eco on the US, France, and Iraq:
http://csua.org/u/a2c
(from http://Haaretz.com)
\_ I like that. "We should let evil assert itself fully
before we do anything about it." Apparently nobody
informed the UN that an ounce of prevention is worth
a pound of cure.
\_ you're an idiot.
\_ I admire your intellectual prowess and quick wit!
You've completely won me over to your point of view
with a clever sense of the moment intertwined with
a rich philosophy of the state of mankind.
\_ How 'bout this. The sentiment expressed above is
exactly what Mr. Eco is talking about. And if you
weren't blinded (deafened?) by sabre rattling, you
might be able to see that. A first-strike aggression
is not "an ounce of prevention." --scotsman
\_ First strike is prevention. Waiting them to
strike is like waiting for Hilter to invade
Poland before taking him out.
\_ Just because Umberto Eco wrote it, it's true?
Besides, he was saying that it is prevention,
he was just saying that prevention is not
necessarily prudent. And his main point had
nothing to do with that anyways. -mlee
\_ Mike, you're talking over yourself. (pronoun trouble)
What comments are you disputing? --scotsman
\_ The first line was a rhetorical question so "it"
clearly refers to anything that Eco may write.
The "it" in the second line refers to
first-strike aggression. Eco was writing more to
the effect of how improper emotional responses
can be--especially in these times--regardless of
whether they are emotional pro-war or anti-war
sentiments, much like the sentiment you wrote
in response to the op. -mlee
\_ I was actually referring to the plethora of
"he"'s, but I see what you're getting at.
Mine was less of an emotional response than
the "op"'s [sic]. His is a fear based response.
I believe calling for measured response based
on a multilateral platform is far less
emotional than saying "bomb them before they
bomb us" --scotsman
\_ True. op was emotional. But we should
bomb them--so that our bombs don't rust.
-mlee
\_ why isn't this 'intellectual' protesting the invasion of Ivory
Coast by France?
Coast by France? And he states 'as the Western democracies
eventually managed to eliminate the Soviet dictatorship
without launching atomic weapons.' Sorry Eco, you are
wrong- it was overwhelmingly the UNITED STATES, with the
help of Koreans, Vietnamese, etc. that defeated the Soviets.
The US taxpayer payed for it and the US soldier died for it.
France tried to play the Soviets against the US, all the
while secure under the US nuclear umbrella. All of Europe
treaded towards massive socialist behemoths, all subsidized
by Uncle Sam. Exactly how are France and Germany able to conduct
billions of dollars of business in Iraq with 17 UN sanctions
in place. Sorry, this article is trash.
\_ You should learn history before spouting. Korea? Vietnam?
Chinese supplied. They're still around. How many left-wing
terrorists were there in the US during the Cold War? Europe
took the brunt of that. And the US has companies that have
bypassed the sanctions too. See Dick Cheney? He partnered up
with Haliburton and helped Iraq out. There are 6000 pages of
the report given by Iraq about who supplied them with their
suspected WoMD. US, France, Germany, Britain, and Russia have
had the UN censor them out so the companies listed aren't
exposed. Viva Capitalism! Viva Free Market!
\_ Umm yea, a country who finished one civil war,
and in which 10-20 million died in the Cultural Revolution,
provided the material support for the Cold War - please.
My point was both the Koreans and the Vietnamese suffered
large casualties. The same can not be said of any European
country. France turned tail and ran after Bien Dien Phu.
I did not deny US businesses have operated in Iraq - however
this activity is not a full-scale blatant ignoring
UN sanctions as is for Germany and France.
this activity is not a full-scale, government sanctioned
flagrant disregard for the UN sanctions in place,
as is for Germany and France.
The point is thugs need to be removed once they exhaust
their usefulness. Also, I'd be very interested in
what 'brunt' Europe endured - it would be very
enlightining.
\_ So it was the Soviets that fought in Korea and Vietnam?
And those 30+ million who died in the Soviet Union during
WWII made them helpless? And if the US didn't give the
okay to ship stuff from US to Iraq who did? During the
Cold War, Europe endured ongoing assasinations, terrorist
bombings and actual invasion threats by the USSR.
\_ Regardless of who footed the bill, "the Western Democracies
eventually managed to eliminate the Soviet dictatorship
without launching atomic weapons." His argument stands.
\_ I find your cavalier attitude about 100,000 + dead
US troops and several trillion US taxpayer dollars
pathetic. |
| 2003/3/4-5 [Computer/Networking] UID:27597 Activity:kinda low |
3/4 Anybody gotten telemarketing calls from ATT broadband telling you to
switch from DSL to cable internet. And when you talk to them some
more they tell you that it's not available in your area yet? WTF?
\_ maybe they're researching the feasibility of brining the service
to your area.
\_ No. !!! |
| 2003/3/4 [Uncategorized] UID:27598 Activity:nil |
3/4 G-Spot rocks the G-Spot! |
| 2003/3/4-5 [Computer/SW/Languages/Perl] UID:27599 Activity:moderate |
3/4 perl god, I want to match AAA but not AAAA, so I tried
perl -ne 'print if /A{3}/'
How come it still matches both AAA and AAAA? - perl tyro
\_ /(?<!A)A{3}(?!A)/
\_ try /[^A]A{3}[^A]/ (edited)
your syntax matches AAAA because AAA is within AAAA (ie, it could
be AAA or AAAA or AAAAA or sdfAAAsdfa, and it'd match). This syntax
says after the 3 A's, match any character that's NOT A.
\_ you probably want something like
/^(.*[^A])?A{3}([^A].*)?$/
(otherwise you won't match "AAAfgdsfg" or "dsgffdsAAA") -alexf
\_ This won't match multiple AAA's on the same line, will it?
(i'm still a grade schooler in regexp foo)
\_ Yes, it will match the first set, so that's still a match.
But it makes assumptions about lines and so forth. |