Slashdot Mirror

I don't actually use the Linux command line very much these days. If you use tools like webmin you never need to use the command line. The main difference between Linux tools and windows tools is that most Windows tools a native Applications/Dlls so you have to use remote desktop (I know there are command line versions that's not the way it is done) whereas most linux tools are commandline with multiple Guis.

cdrecord is a wonderful example. It used to be just a commandline program. Here are some of the interfaces for it that I know:
Webmin - remote backups.
Nautilus - like windows explorer.
Perl scrips - automated backups.

What seems to be happening if most linux appliactions have 3 interfaces:
*A Web interface
*A commandline interface
*An appliaction interface

Some more examples that I know of:
*Dia
*Graphviz

To be honest generally the command line version have aditional options that aren't in the appliaction version but most windows appliactions that I know of are the same they just use the registry instead (Look in the Windows Knowledge base).

To be honest I can't think of anything that can't be done through a gui know. I'd still recomend doing some of them through the command line incase there are errors but it's not required.

The C++ people have some justification for putting the * next to the type name, because of C++'s references.

string &x;

&x is a string? Huh? How can the address of x be a string? Of course & does not really mean address-of in the above line, it means a reference to the type.

string& x;
string* x;

Not great, and pretty bad when you have multiple declarations on the same line, but probably better. Stroustrup gives his reasons for preferring this second style.

A lot of people have a /8 network. From what I remember from my networking class, there was a scheme for how the ips should be divided.

If the first digit is less than 128 (ok, in reality, it is 127), they get a /8. If it is less than 192 (I think this is about where it is) they buy in a /16. If it is over 192, they get a /24.

Of course these can be subdivided.

Other examples of people who have /8 networks

MIT 18.0.0.0/8
Merck & Co., Inc 54.0.0.0/8
General Electric 3.0.0.0/8
US Department of Defence 6.0.0.0/8, 7.0.0.0/8, and 11.0.0.0/8
Genuity 4.0.0.0/8 and 8.0.0.0/8
American Telephone and Telegraph (AT&T) 12.0.0.0/8.

And that is just barely touching the surface.

--CPM

I'm trying to figure out how useful this would be given the range and the sensitivity. I'd love to see an affordable version of the BATs used at AT&T labs to track movement within my house and personalize the environment. I don't see GPS being as responsive and there are so many other ways to tell if "Johnny made it to school". A 1-2 mile range seems limiting but it could serve as an early wife-on-her-way-home warning system.

Someone who knows best may disagree with you on that statement.

1984 was cool because everyone got thin and flat, big screen tvs in the apartments - for free!
Sure, the downside was that you were monitored, but the units were shiny!

The Big Brother type stuff has always been a dualism for me - part of me thinks it cool to be able to track XYZ and watch the stats of it all, but then there is the part of me that doesn't really personally want to be watched so much.

Of all of the Big Brother type things, my favorite of all time was the AT&T Labs thing where there were units installed into the ceiling tiles that would monitor locations of id trasnmitters that were in id cards, worn by employees.
It would allow someone to finger a user and see what room in a building he/she is in. Or a room could be fingered and then you could see a list of users that are in that room.
That is cool as hell - you could set it up to have a GUI with the building blueprints, and you could setup stats. Show that Joe User spends 5 hours everyday at his desk, and 3 hours at the watercooler.
Cool in the sense that I like it and I'm a stats junkie, but in reality, I'm not so sure I want someone to be able to track that I spend N minutes of the day in the toilet, and then the rest curled up in a ball under my desk, crying. Although I'm pretty certain the resolution on these things isn't good enough to determine the difference between sitting at my desk or sleeping under my desk.
Also, it is an id badge that one wears - one could easily leave it anywhere and bypass the system. That is why we must all get them implanted immediately. Did I just say that?
I am pretty sure this is it here, the Active Badge (the same people that brought us VNC, antoher incredibly cool tool).

I work in AT&T (In fact, in the same building as Bjarne Stroustrup), and I can assure you that AT&T doesn't own him or me.

Rather than just rushing into designing yet more features for the language, shouldn't existing proposals such as This 5-year-old proposal for overloading be taken into consideration? :-)

One big advantage of Java is that it is a platform, not just a language. You don't have to reinvent the wheel for basic things like threading that modern systems do. In the pdf linked from the article Stroustrup proposes filling out the standard library in ways that Java already does, and think this is a good thing. STL was a start in that direction, but every C++ system I come accross seems to do threading and many other common operation over again (pwlib used in openh323 for example). I'm glad to see the C++ world recognize this type of developer need.

Etymology: Latin laconicus Spartan, from Greek lakOnikos; from the Spartan reputation for terseness of speech
Date: 1589
: using or involving the use of a minimum of words : concise to the point of seeming rude or mysterious

"I designed and implemented the C++ programming language." --Bjarne Stroustrup

AT&T UK's research division (the same people who took over the VNC project) have been exploring similar ideas within buildings in the Sentient Computing Project.

But my friendly AC, even you are duly uninformed.

If you had written int main(void) you would still have been wrong as you are supposed to return a value, with return 0 or exit(0) (or possibly some other integer).

From Stroustrup's C++ Style and Technique FAQ:

In C++ main() need not contain an explicit return statement. In that case, the value returned is 0, meaning successful execution.

Yes, You're welcome.

They didn't have email back in the 18th century when Thomas Bayes came up with this statistical method. It is simply being applied to spam, but has been used for other more "useful" purposes as well.

Actually, I think spam is a major problem and not a trivial application of statistics.

Additions:

Compiler: Tendra
Shells: rc, ksh
Unix tools: *BSD

for the past couple years, i've been using rcn rather than sbc/pacbell for my local dialtone (650 area code). during that time, i've been paying a "local number portability fee" to -er- somebody. i recently moved about seven blocks. rcn doesn't provide service at my new location so i switched to att. could i move my phone number? ha!

to continue my subject line: unfortunately, the incumbent phone company (sbc/pacbell) is even worse and will never get me back as a directly-paying customer...

three little letters that will save you and your company ALOT of money. VNC. Where i work we do this all the time. I can in 5 minutes drive to work and dial into any customer site in all 50 states. I also live CLOSE to work. Comutes are just a freebee to the company.

vnc

The best is to get a customer that REFUSES to use it. Thats ok we will NOT support you. We will have someone here from 8-7 EST and we will walk you through it on the phone. Past that good luck. Its amazing after about the 3rd time through that they cave and just let you in...

Now every once and awhile you will get a boss who thinks YOU MUST BE THERE. Thats ok bring them ALONG. They will quickly see the value of VNC or a similar tool. Make them sit in the noisy server room with you. That way they can do the face time thing and you can get the work done more efficantly. Also a few 'i can dial in and have it fixed by the end of the day' With NO travel time is a amazing thing...

Also do not let your sales force drive what you do. Make your OWN deadlines. But stick to em. They will quickly see how effective it is to have your buy in. Because they are tied to your success not the other way around. Their bonus DEPENDS on you making the date. Not the other way around... Sometimes you will get customers that think they can dictate to you whatever their whim is. Remind them this is a busness relationship (this is the sales droids job). Do they want things that works, or just something on a random madeup date that may or may not work?

It's a lot easier to audit one C/C++ implementation, even if it is something gigantic like a compiler, than it is to audit an entire system's worth of code. In any case, it's the translation stage that provides safety -- when the language can guarantee safety, it translates directly to C/C++; when it cannot, it inserts runtime checks in the translation. The only way this would fail is if the translation stage was too aggressive in optimizing and failed to insert a runtime check where it should have. This doesn't happen very often though, and is in any case much better than C/C++, where the only runtime checks are those inserted by the programmer (who in large systems almost always leaves out checks that were necessary).

The other argument is often "well it's bad coders' fault, not C/C++'s fault." If that's the case, then all major software, including nearly all Linux security and server software, is coded by bad coders. There's been overflows in: Apache, Sendmail, BIND, Samba, OpenSSH, the Linux kernel, ProFTPd, WuFTPd, XFree86, and many more.

So basically, if you use C/C++, it's going to be insecure, no matter how much effort you put into it. Even OpenBSD, which spent an inordinate amount of effort auditing their code, has had a remote root exploit in their default install (and many more in stuff not installed by default but commonly used).

My preferred solution would be to use either a high-level safe language where feasible (SML, Java, Scheme, etc.), or to use a low-level safe language where not (Cyclone is probably the best of these).

And don't forget those other distributors of other fine UNIX utilities with source licensed in a fairly open way AST-OPEN including ksh93 [research.att.com]. Not that it's GPL, or even patent-unencumbered, but some useful, modifiable stuff just the same.

So, monospace, aliased white text on a black background is illegal unless you pay royalties?

No, but light grey characters printed on paper in response to characters typed on a tty are illegal unless you pay The Telephone Company. If the two are connected and there is not a computer between them you have to pay The Typewriter Company. :)

If you want to be anonymous, it's just as easy to do it from a wireless endpoint as wired: you do it by proxy. Anonymous remailers (for your death threats), and non-logging proxies (for your spam), and anonymous p2p like FreeNet, Hacktivismo, or even AT&T's own Crowds (for everything else.)

(You must be a terrorist to desire anonymity eh? I mean just what are you trying to hide?! Everybody knows that only government has the right to keep secrets without looking suspiciously unpatriotic! :)

--

Did you know that the "q" in qmail stands for "queer"??? That's SO cool!!!

Top results for one-letter google searches as of Sat May 17
a : Apple
b : B'Tselem, The Israeli Information Center for Human Rights in the ...
c : CNET.com
d : D-Link Systems, Inc.
e : Welcome to E! Online
f : Welcome to F-Secure, Securing the Mobile Enterprise
g : G*Loomis
h : H-Net, Humanities & Social Sciences Online
i : Yahoo!
j : J-???
k : KDE Homepage - Conquer your Desktop!
l : LEXPRESS.fr : l'info au quotidien. L'actualité économique, ...
m : 3M Worldwide
n : SBC Pacific Bell Knowledge Network Explorer : Online Learning : ...
o : www.oreilly.com -- Welcome to O'Reilly & Associates -- computer ...
p : Alfred P. Sloan Foundation
q : Q4music.com - The World's Greatest Music Magazine Online
s : GNU's Not Unix! - the GNU Project and the Free Software ...
t : AT&T
u : The whatUseek Network
v : Welcome to Bobby WorldWide
w : Welcome to the White House
x : Netscape.com
y : Yahoo!
z : HealthAtoZ - Your Family Health Site

More to the point; GoToMyPC.com at $19 per month?!! Get real!! VNC is free, multiplatform, and there's a Java applet so you can even use it from libraries and kiosks.

Good old tricks,
but I would just suggest the free VNC instead of the quoted GoToMyPc.Com which costs $19.95/month.
It has versions for PC, unix, PDAs, etc.

Tells a running copy of WinVNC to initiate an outgoing connection to a listening viewer running on the specified machine. This is the equivalent of the 'Add New Client' menu option. You can put multiple -connect options on one command line to connect to multiple viewers at once.

vncconnect host

Tells a running copy of WinVNC to initiate an outgoing connection to a listening viewer running on the specified machine. This is the equivalent of the 'Add New Client' menu option. You can put multiple -connect options on one command line to connect to multiple viewers at once.

vncconnect host

They manage to plug the RIM BlackBerry Handheld, GoToMyPc.Com, and Yahoo By Phone

Especially when VNC is dirt free and works just great as a remote management tool.

And no, I don't use it to slack, I use it to remote connect to desktops, especially since all those crappy Java apps don't seem to work properly via Terminal Server, oh, and it's cross-platform on both Client and Server too.

"GoToMyPc.Com: Download software to your office PC that allows you to control your work computer screen over the Internet from anywhere. You can even operate your mouse remotely. Costs $19.95 a month."

Why pay $19.95 a month when there is VNC ?

Seems a bit silly to me... And of course there is SSH if you are not part of the Borg.

This is what he said about Java and the likes.

Also here.

This is what he said about Java and the likes.

Also here.

This is what he said about Java and the likes.

Also here.

This takes the cake. I'm not motivated by cost of telco services (as I used to tell the people trying to get me to switch long distance carriers), but I am motived by outrageous corporate behavior. I'm calling ATT right now to switch to their local calling service. Here is the link: ATT Local and here is a search for press releases that shows you get to keep your phone number (though it does say in most cases).

ATT may not be perfect either, but at least they're not trying to patent part of my life.

This takes the cake. I'm not motivated by cost of telco services (as I used to tell the people trying to get me to switch long distance carriers), but I am motived by outrageous corporate behavior. I'm calling ATT right now to switch to their local calling service. Here is the link: ATT Local and here is a search for press releases that shows you get to keep your phone number (though it does say in most cases).

ATT may not be perfect either, but at least they're not trying to patent part of my life.

Huh? There are thousands of researchers working dilligently every day to figure out how "computer space" works. Computer science is a very young field, and at present, we are unable to answer even the most basic of questions concerning the nature of computation and its relation to time, space, information, randomness, and the universe.

You want extreme programs? Look at Nisan's pseudorandom generator, the PCP theorem, Shor's quantum factoring algorithm, etc. These are all efficient programs that changed the way people thought about the world.

The problem is that you STILL have a LD carrier. When I tried to sign up with MCI's neighborhood plan, they wouldn't allow me to get the package without getting MCI as my LD plan. All they did was to put a "block" on the line to prevent LD calls. Stupid, eh? I Found AT&T's Local/Local Toll service to be the same price, and less restrictive than MCI's neighborhood plan.

BTW, looking for a new local carrier has been an eye opening experience. Now I know what a LATA is.

Everybody here is saying "just fix the NAT code to not decrement the TTL and we're cool", but it's not that easy. At the end of the article (you did read the article, right?) it refers to an AT&T research paper (PDF) on counting the number of hosts behind a NAT box. This is done by looking at packet sequence numbers, using the fact that each host generates its own sequence. This chart shows what happens. If you see one set of packets starting at 20,000 and another at 50,000, all overlapping in time, it's a good bet there are two hosts. It also points out that the default high port numbers NAT uses are another good clue to the presence of NAT.

Port numbers are easy to change, but if your ISP wants to do traffic analysis on your IP address, there's not a lot you can do to hide. I'm just very, very glad that I have an ISP that doesn't suck. In fact, they're pretty damn cool.

It seems like Cyclone is designed explicitly for this -- somewhere where safety guarantees are worth some slight (but not major) performance penalties. It's a low-level language designed to be very compatible with C, but adds a bunch of safety features to the language (with a mind towards optimization; for example, you can declare a pointer "never-NULL" to avoid run-time NULL-pointer checking). And it gets rid of pretty much all buffer-overflow or pointer-dereferencing style errors, rather than just catching some of them as these ad hoc approaches do.

Here's the advantage: I can't afford AT&T's excellent Natural Voices and other commercial offerings that make the standard free stuff that comes with your OS sound like crap. Its not just aesthetics, the free voices are simply difficult to understand most of the time. Download Coolspeech(share) or Readplease(free) and find out for yourself. Yuck.

Considering the link has been slashdotted already, I can't listen to tell you what kind of voice they're using, but if its a good commercial voice then more power to them. If its just Microsoft Mary, or whomever, then you're right its a waste of effort and bandwidth.

http://www.consumer.att.com/contact/

===
I just read Wired article about AT&T's charging customers for a voicemail exploit which allowed overseas "hackers" to make fraudulent collect calls.

http://www.wired.com/news/infostructure/0,1377,585 17,00.html

I am appalled that AT&T would try to charge the customers for a mistake that is clearly AT&T's. It is AT&T's fault that the automated system accepted a long distance collect call without proper "real" authorization. AT&T was tricked into accepting a fraudulent call, not the customer. The customer did not choose to be involved in this automated system designed by AT&T. Therefore it is AT&Ts fault and it must not charge the customer! Expect a lot more comments on this subject if AT&T doesn't get a conscience soon.
===

There are already several remote access solutions for PDA users. Best of all they're freeware and cross platform.

Using the VNC graphical protocol (servers for Linux, Solaris, Windows, Mac, Dec Alpha):

• PalmVNC for Palm OS.
• VNC Viewer for PocketPC (a version for Windows CE is also available on the official site.

Text remote access using SSH (which may be all you need if you want access to the command line and to, for example, send/read email with something like PINE):

• Top Gun SSH for Palm OS.
• SSH (port of BSD SSH) for the PocketPC (aka: Windows CE).

You should know this before buying an expensive commercial solution that may not be what you really want. The only advantage the article's commercial solution is that I think VNC doesn't include encryption by default (although I bet it wouldn't be difficult to add).

There are already several remote access solutions for PDA users. Best of all they're freeware and cross platform.

Using the VNC graphical protocol (servers for Linux, Solaris, Windows, Mac, Dec Alpha):

• PalmVNC for Palm OS.
• VNC Viewer for PocketPC (a version for Windows CE is also available on the official site.

Text remote access using SSH (which may be all you need if you want access to the command line and to, for example, send/read email with something like PINE):

• Top Gun SSH for Palm OS.
• SSH (port of BSD SSH) for the PocketPC (aka: Windows CE).

You should know this before buying an expensive commercial solution that may not be what you really want. The only advantage the article's commercial solution is that I think VNC doesn't include encryption by default (although I bet it wouldn't be difficult to add).

Or for the rest of us who like to do it the free way (and use other OSes than Windows), we can all use the Windows CE VNC client or the EPOC VNC client. Both have been available for quite some time. If you want the encryption, use ssh.

Actually, the revolution already happened, and nobody noticed.

What self-respecting geek could pass up the chance to call it a "Light Side/Dark Side" bit! This "Steve Bellovin" sounds like a lightweight luser to me!

Anyway, how much evil can one bit do anyway? Perhaps it's only a quasi-evil bit.

(TightVNC and VNC are interchangeable for the purpose of this post...)
VNC is less secure and VNC Server doesn't allow multiple users to run different sessions at the same time.

From http://www.uk.research.att.com/vnc/winvnc.html:

"Because Windows in its present, standard incarnation, only supports a single graphical user being logged in at any one time, WinVNC makes the existing desktop of the PC available remotely, rather than creating a separate desktop as happens with the Unix server. It is only fair to emphasise this: VNC does not make an NT machine into a multi-user server in the same way that Citrix-based software, for example, does. A single NT machine can therefore be accessed by multiple users, but if they all connect at the same time they will all see the same desktop!"

Likewise, if there is someone looking at the monitor hooked up to the Windows server you're connected to with VNC, they'll see everything you're doing. It's possible to disable the local keyboard & mouse (via a VNC server config option) but you can't turn off the display. This could be a security issue.

Also, Terminal Server connections are encrypted, while VNC's are not. Yes, I know you can fix that with ssh; yes, I know Terminal Server uses Microsoft crypto... maybe it should be run over ssh also :)

Counting NAT'ed hosts. It's possible (due to the non-random way most OS's handle the IPid field (NOT sequence numbers) in TCP headers.

AFAIK OpenBSD has a side-project going to negate this technique. However, i seriously doubt your ISP is actually putting this method into practice - its just too much work.

How do you (or he) explain this? When did Bjarne change his mind (and forget to update his website)?

-Ed

I just want to mention that April Fools to me has always been to make up BELIEVABLE stories that you can gloat over later - which really adds to more of the fun.

Only up to a point. Ultimately the joke should be funny on its own merit. Simply telling a believable lie, then saying "Hey, I got you!" is stupid. Anyone can do that. As a modern civilization we rely on each other to provide largely accurate information. Misleading someone with a believable, otherwise non-funny lie doesn't require any skill. You're just abusing the core trust that allows society to function. You're not creating something that everyone involved will laugh at (boy, it sure was funny when you told me my spouse had died), you're laughing at someone's lack of omniscience. This is the sort of retarded humor I expect from insecure teenagers and morning "Krazy Krew" DJs, not mature human beings.

I can't locate the source, I recently stumbled across an article where someone had gone into a coffee shop and asked for an espresso. The kid behind the counter replied that they were out. As the potential customer turned away to leave, the kid announced that he was just kidding. Kidding about what? Restaurants are often out of various things. Congrats, you fooled someone into believing something entirely plausable and completely unverifiable (unless you're planning on heading into their stockroom to check). Shall I start challenging my server every time I'm told a restaurant is out of a given item?

April Fools jokes can be funny, it carefully done. The "Evil Bit" RFC was kinda funny, it pokes fun at the RFC process and lack of understanding on security issues. My favorite April Fool's joke is Bjarne Stroustrup's "Generalizing Overloading for C++." It's inspired. It's something Bjarne would never do, but starts out extremely plausibly. It slowly devolves into absurdity. That's funny.

The possibilites are endless. The generalized overloading mechanism described here has been in experimental use for some time and it is expected that most major C++ compiler vendors will ship it as an integral part of new releases in the near future.

double x = 1.4;
double y = 2.5 x;

string s("first");
string s2 = s "post";

It's a cool paper; check it out. If you have problems finding it, just Google for "B Stroustrup: Generalizing Overloading for C++2000. Overload, Issue 25. April 1, 1998."

-Ed

Here's that link for the VNC stuff, same as the one used in the story.

Newer versions are available here (for Win32, Linux, and Solaris, anyway...a version for Mac OS (classic, either 68K or PowerPC) is at the site you mentioned, and you can google for VNC ports to other OSen, such as Palm OS).