Slashdot Mirror

Myth? The link says: "Now, some of Spider's code (possibly all of it) was based on the TCP/IP stack in the BSD flavors of Unix. "

Yes, but the link also says that the only version of NT that used Spider's code is 3.1. The myth started when people ran strings on various commandline network utilities in Windows 2000, such as ftp.exe, and saw the UC Berkeley copyright message. Apparently, they confused the TCP/IP stack in the kernel with the usermode utilities or something. Bottom line is that NT doesn't use the BSD TCP/IP stack.

I get it - I dig that pun!

Who guarantees you that *all the other* packages are not taking a different path?

http://linux.die.net/man/1/tcptraceroute

http://manpages.ubuntu.com/manpages/gutsy/man1/paratrace.1.html

No one defrags drives under Linux.

xfs_fsr - filesystem reorganizer for XFS

It is clearly stated in the source, that /dev/urandom produces cryptographically strong random numbers.

Oh, really? Guess they'll have to update the Linux man page then...
http://stackoverflow.com/a/3690285
http://linux.die.net/man/4/urandom
http://en.wikipedia.org/wiki//dev/random#Linux

I once saw a piece of code written by a mathematician which said "pow(x, -1)". Ugh. I wonder if meteorologists know better.

It might be written that way to get a well-defined behavior depending upon the value of x. E.g. what if x is +0?

http://linux.die.net/man/3/pow

Maybe they do know better.

On *NIX, us real admins use apg(1) ref: http://linux.die.net/man/1/apg.

Even if you have the source, it doesn't mean you can confirm what the binary is doing. See the classic "Trusting Trust" attack which is decades old. In my experience the most common reason for binaries that are not reproducible is due to build timestamps being embedded into the binary. For example, the ar command added the D flag in the past few years exactly for the purpose of being able to output reproducible results. (see the man page at http://linux.die.net/man/1/ar) It's true that reproducible binaries are probably a good thing from a security stand point, but in practice it can be a lot of work to make sure the build produces these. And even then, as Thompson showed, that doesn't always guarantee that what you see is what you get.

LD is documented over several man pages. The 'environment' section of http://linux.die.net/man/8/ld-linux might contain the information you so desperately want to not exist.

Want a --->real world <--- example? UT2004 ships with its own libstdc++.so.5, openal.so, libSDL-1.2.so.0 binaries. It's self contained within it's own directory tree. It doesn't drop files in any binaries into any system system directory. It's worked just fine despite the fact that I've changed distributions gone through many many system upgrades, and etc. over the years. I just copied the ut2004 directory from one system to another and ran it. Worked fine many years ago, still works fine today (completely unmodified) despite the "drastic" changes in distributions I've gone through.

If you look at the ut2004 launcher script that comes with it you'll see the following lines:

LD_LIBRARY_PATH=.:${UT2004_DATA_PATH}:${LD_LIBRARY_PATH} export LD_LIBRARY_PATH

Check the current dir, check some UT2004 dir, then check whatever the distribution has set up. It's been in the "just works" category for a long time now.

They could have packaged it in .deb, .rpm, .pkg.tar.xz, or what ever package manager you fancy and still be self contained without the need for a new package format.

And even with system libraries we don't have nearly the "dll hell" that we've seen on Windows. The msvcrt.dll vs msvcrt.dll hardly exists on Linux. Unlike Windows where the ABI changes between msvcrt.dll and msvcrt.dll when the ABI changes on Linux so does the file name. It's some.so.1 vs some.so.2. Failing that you can do the same thing application developers on Windows do: ship with your own library version.

Linux is good for servers, and that's it.

We have a new hairyfeet, I see. I'm sorry, you're wrong, and there's nothing anyone can do to help you.

As in Secure Shell daemon?

Get your abbreviations right, stupid WD. No wonder you have to develop Windows-Only.

Does ldconfig allow for different versions of the same library to be requested by the application?

Yes.

Can you please point out which setting in the man page allows you to set this, oh great wizard of Linux? Because I think you're just being a contrarian right now, and haven't actually read the damn page.

Better than that. You as a user can see what libraries are loaded from where and which ones are missing precisely.

Again, read the man page. You can specify which directories it uses to build its cache. That's it. There's no "precision" in that; And if you think I'm going to grep a few thousand lines of output to figure out which library it matched first, you've clearly spent too much time as a user and not enough time as a system administrator. I want something that just works... not having to screw around with a dozen /etc/ config files and another half dozen commands to suss out what went wrong everytime I upgrade a library or application.

The "superior alternative" is just a black box.

It's a black box that happens to meet the business needs of most organizations I have worked for. Linux has not. So, at least as far as usability is concerned, it is a superior alternative. MacOS is even superior from an administration perspective. Linux is good for servers, and that's it. You can build a linux system and then let it happily chortle away for years, even decades -- as long as you don't change anything. Keeping hundreds of linux boxes up to date and patched is a fucking nightmare.

I'm wondering what's wrong with "scp -rp ~/.ssh user@host:~/" (assuming pword auth can be enabled momentarily).

ssh-copy-id is what's wrong with scp. Your "solution" also copies your private key to the remote host, which is almost certainly undesired behavior.

Beyond that, your "solution" doesn't address the other issues mentioned in TFA, such as key rotation, key removal, centralized key administration, etc.

What is this "git --mirror"? It's in the summary but not the original article. There are different git commands that have the --mirror option and they work differently.

My simple experiment, with an old version of git, shows that "git clone" succeeds whether or not you specify --mirror, that "git pull" doesn't have a --mirror option (maybe because I'm out of date but http://linux.die.net/man/1/git-pull doesn't show it either) and "git push" fails (hangs, in fact) if it tries to push a corrupt blob.

A discussion about whether you should use the safe method for backups wouldn't be very interesting because of course you should. The issue here is that they didn't know they weren't doing integrity checks and they may not be the only ones.

Cloning new repositories rather than pulling to existing ones sounds risky to me. If that's what they were doing I don't know why. A forced pull ("git pull --force") will keep old branches and a reflog and so on. It will also, as it happens, abort if an integrity check fails. So this seems like good practice. But I haven't seen any discussions of good practice in backing up git repositories and I'll excuse anybody not knowing the clone operations didn't do the integrity checks. (Especially if they also saved tarballs, whatever the problems with those may have been.)

Alt-f2, Alt-tab, Alt-f4, and Alt-Space work everywhere

The hell they do.

Sure they do.

http://linux.die.net/man/8/mount
http://en.wikipedia.org/wiki/NTFS_junction_point

Unless you are coding for 16-bit and smaller devices, those differences are negligible for getting your code to work.

Incorrect. Endian-ness is always an issue when working with structs, unions, or bitfields. I recently worked on a chunk of code that dealt with bit fields in a structure. Naively one would define it like:

typedef struct {
        unsigned short bitfield1 : 3;
        unsigned short bitfield2 : 5;
etc...

The behavior of bitfields with regard to endian-ness is UNDEFINED! You're probably too young to remember the mess that endianness caused with IP addresses stored in ints. Those tasty 4 octets fit perfectly into an int (everyone assumed) and they were always stored big-endian. NOT! When 386-based unix came along all of the networking structs and netmask routines had to be changed, and things like htons had to be created.

Part of the portability problem is that C is so close to the bare metal. The other part is that the C language spec is horribly weak when it comes to handling architectural differences. The only reason code works at all across platforms of differing endianness is due to kludges and workarounds.

Having said all that, I do like C a lot. Not as much as Java, though.

C could be a better language if it got rid of some idiosyncrasies, like its weird declarator syntax (it's the only language I know of that had tools like cdecl written for it), or stillborn features like separate namespaces for structs/enums/unions (that everyone works around by using typedefs), or certain unsafeties in the language itself - e.g. implicit downcast from void* to any pointer type and from double to int, or mixed signed/unsigned arithmetic being perfectly a-ok but not doing what you expect half of the time.

Thing is, it's just not worth the bother to fix. All of those issues are relatively minor, especially given the amount of attention you need when writing at in a low-level language like this in the first place, and when there are billions of lines of code written in it already, backwards compatibility is just far more important.

So C is not a bad language. It's also not a good language. It's a "good enough" language.

how do i set things up so that %User% is treated as being the same as Root

Perhaps you could run Windows 95.

Sudoers just controls who can use SU

Or you could read the man pages for sudo and su, which are two different commands.

I understand that it can be annoying to have to authenticate to do administrative actions, but understanding how things like sudo or fstab work will solve most of the problems you described, while logging in and running everything as root can create problems you didn't even know existed.

how do i set things up so that %User% is treated as being the same as Root

Perhaps you could run Windows 95.

Sudoers just controls who can use SU

Or you could read the man pages for sudo and su, which are two different commands.

I understand that it can be annoying to have to authenticate to do administrative actions, but understanding how things like sudo or fstab work will solve most of the problems you described, while logging in and running everything as root can create problems you didn't even know existed.

It's called sudoers. Try it sometime.
Sudoers man page

For those of you trying to figure out what he's talking about, here's a list of *at syscalls.

http://linux.die.net/man/2/openat

Notice at the bottom of the page the group of similar file access system calls ending in "at". So for handling files with certain kinds of paths you use openat() instead of open()

I learned something.

Back up the machine after you install the games but before you hand it over to your son. Use backup software that will generate a disk image like Macrium Reflect Free Edition. Restore this disk image from a live CD (Reflect can create one for you) if your son has any problems. You have to use a full disk image for Windows because restoring an install is not just a matter of copying the files and rerunning update-grub.

Or just use a Linux boot disk with ntfsclone. (Link points to a copy of the man page.) I have successfully restored my Windows system this way on more than one occasion.

1) Segment your home network so that a compromised windows box can't reach your other computers. Use 2 or more NAT/wired/wireless boxes between your cable-modem and your computers. (I do much the same to keep my wireless and guest traffic away from my personal machines.)

1a) Ideally put a hub in there and silently monitor the network traffic (ON A SECOND MACHINE!) from the WIndows box by port, destination, and TIME OF DAY!

2) Get a bootable CD/DVD of Linux, a 2gig (or larger, though many older computers can't support larger than 2gigs) external drive, and make ntfsclone your friend. ntfsclone runs under linux. I've used it numerous times to back up and restore winNTFS partitions. Nothing like turning back the clock.

3) Restore frequently.

4) Use chrome rather than IE for webbrowsing. Put IE on its most restrictive settings anyway.

5) Watch out the "freebies" and downloadable stuff. To say nothing of drive-bys.

6) Reconsider Macs. They just work. You can get something decent for $1k new, or even $600 new, or for a lot less off cowboom. ($350? Though watch out for older hardware not running the latest versions of OSX.) (Also, you might check on educational pricing. Don't know if Apple does that for grade-school, but they've been lenient in the past.)

N) Graphics are pretty lean on the Lenovo T400 laptop. Processing power is low too. It might work on the lowest settings. Or you might need to consider a desktop. Newegg often has good sales, if you are comfortable putting the parts together. Try: http://hot-deals.org/ or http://slickdeals.net/.

N+1) You might suggest his friends try LOTRO too. It's a lot cheaper without the monthly fee! The recent release (as of last monday) now works with WINE on macs & linux, though you need a patch... And an official mac port is on the way.

1) Segment your home network so that a compromised windows box can't reach your other computers. Use 2 or more NAT/wired/wireless boxes between your cable-modem and your computers. (I do much the same to keep my wireless and guest traffic away from my personal machines.)

1a) Ideally put a hub in there and silently monitor the network traffic (ON A SECOND MACHINE!) from the WIndows box by port, destination, and TIME OF DAY!

2) Get a bootable CD/DVD of Linux, a 2gig (or larger, though many older computers can't support larger than 2gigs) external drive, and make ntfsclone your friend. ntfsclone runs under linux. I've used it numerous times to back up and restore winNTFS partitions. Nothing like turning back the clock.

3) Restore frequently.

4) Use chrome rather than IE for webbrowsing. Put IE on its most restrictive settings anyway.

5) Watch out the "freebies" and downloadable stuff. To say nothing of drive-bys.

6) Reconsider Macs. They just work. You can get something decent for $1k new, or even $600 new, or for a lot less off cowboom. ($350? Though watch out for older hardware not running the latest versions of OSX.) (Also, you might check on educational pricing. Don't know if Apple does that for grade-school, but they've been lenient in the past.)

N) Graphics are pretty lean on the Lenovo T400 laptop. Processing power is low too. It might work on the lowest settings. Or you might need to consider a desktop. Newegg often has good sales, if you are comfortable putting the parts together. Try: http://hot-deals.org/ or http://slickdeals.net/.

N+1) You might suggest his friends try LOTRO too. It's a lot cheaper without the monthly fee! The recent release (as of last monday) now works with WINE on macs & linux, though you need a patch... And an official mac port is on the way.

I'd like to see more vanilla versions of this software.

Well sure.

Here's the protocol extension: http://www.x.org/releases/X11R7.5/doc/randrproto/randrproto.txt

Here's the xlib API:
http://xcb.freedesktop.org/manual/group__XCB__RandR__API.html

Here's the command line tool:
http://linux.die.net/man/1/xrandr

And here are a bunch of GUI wrappers:
http://christian.amsuess.com/tools/arandr/
http://wiki.lxde.org/en/LXRandR

Which would you like?

Open Source Software has become almost as bad as the commercial counter parts in wanting to wrap everything up as one big GUI package. I don't want a bunch of bologna to download and run to configure dual monitors if I want to use a very lightweight window manager, or setup an embedded solution such as a kiosk.

Some times yes, but this isn't one of those cases. It's one of the nice really well designed parts, and not only that but any of those tools will work with any system. They modify the monitor layout, X sends a RANDR XEvent to the window manager and everything just works.

Got my stepdaughter an old 1 ghz Dell laptop a few years ago, it has 256 megs of RAM so I went with Lubuntu.

WTF is the idea behind "Gigolo"?

http://linux.die.net/man/1/gigolo

When I asked the maintainer what is up with the name "Gigolo" for a program, he replied that it is named Gigolo because "it does what it is told".

What a douche.

So I ended up going with Xubuntu instead.

Both the tool and you, make a (I assume wilfully) massively ignorant assumption: You assume ASCII or any similar 8 bit character set and matching keyboard.
Except for the US maybe, we all have Unicode with 110182(!) characters. Not 255. Let alone 127.

I just add a random true math symbol, double arrow or something in there (let alone a re-mapped skull and crossbones), and voila, it turns out your pseudo-argument is ignorant nonsense.

I don't think there is a problem with signals, http://linux.die.net/man/3/pthread_mutex_lock [die.net]: "If a signal is delivered to a thread waiting for a mutex, upon return from the signal handler the thread shall resume waiting for the mutex as if it was not interrupted."

I don't know what acquireLock() is, but the function to acquire a pthread mutex is called pthread_mutex_lock().

And you've given an example of why exceptions suck. There are good things about exceptions, but that's one of the bad things.

The control flow implemented by exceptions occurs in C programs as well, it is simply not made explicit. By making it explicit, constructs like with: and try:finally: can then ensure cleanup in a consistent, lexically apparent way. In C, there is no consistent or lexically apparent way in which non-local exits happen, and there is no consistent or lexically apparent way in which resources are released on those cases.

I don't think there is a problem with signals, http://linux.die.net/man/3/pthread_mutex_lock: "If a signal is delivered to a thread waiting for a mutex, upon return from the signal handler the thread shall resume waiting for the mutex as if it was not interrupted."

And you've given an example of why exceptions suck. There are good things about exceptions, but that's one of the bad things.

http://linux.die.net/man/1/spew

While you can't predict against future failures, if you want to make sure that your drive media is okay today, there is a tool that will fill your disk with garbage and then verify that your disk has the right garbage on it: spew. Spew isn't the friendliest tool, but it does the job.

As a side effect, it stresses your I/O systems and memory. Years ago, I discovered that some Dell 2550's I had couldn't pass this test with the SATA controller I had shoved into them that seemed to work fine otherwise.

You pretty much only get daily backups though since the kernel in linux does not track filesystem changes so hourly backups would be very prohibitive.

inotify(7)

inotify only lets you add a watch for a single directory. Watching an entire tree, or even the whole file-system, can be done but is quite painful to do at the application layer. It is useful for a program to watch its own private directory of configuration files (for example), but not so useful for a "tell me everything that changed in the file-system in the last hour" case. The application has to manage watches as directories are added, deleted, or moved around. There are only a finite number of watches available, so it may not even be possible to watch the whole file-system without mucking around with max_user_watches.

An API like gimme_filesystem_changes_since_i_last_checked() is the kind of thing needed for an sane incremental backup program. I suspect Time Machine would do something like this (don't know for sure, since I'm a Linux guy...)

You pretty much only get daily backups though since the kernel in linux does not track filesystem changes so hourly backups would be very prohibitive.

inotify(7)

Turns out on compiler 'a' random() doesn't return a value from 0 to the maximum value of a long, but returns up to a value less than the maximum value

One word: RAND_MAX. http://linux.die.net/man/3/random

We're in the process of installing a 700TB array with a 1.5PB tape library backup. You just have to do the backups using filesystem snapshots and run them pretty much constantly.

And XFS is pretty brilliant for taking filesystem snapshots. Using the command xfs_freeze you can make good snapshots of XFS in what appears to have no downtime at all see XFS manpage like http://linux.die.net/man/8/xfs_freeze
And then run these commands:

xfs_freeze -f /mount/point && block_level_snapshot && xfs_freeze -u /mount/point

Last time I checked that did not work with EXT4.

Hmm, I guess I might accidentally run the R statistics package someday?

Have no worry. That one's executable is capitalized.

See "take" is the word you don't understand.

If you still _have_ "it" whatever "it" may be, then it hasn't been "taken" from you.

I am serious, please go read up at http://dictionary.die.net/take and contemplate.

Now go read http://dictionary.die.net/copy and contemplate.

Copying is not taking, it's copying.

In the absence of "take" there is no "theft".

I know, ideas this simple can be hard to fathom.

So yes, if I _took_ those bits and bytes from you I would have engaged in theft. But you still have them, so I didn't take them. I copied them. This is a different thing. If words have any meaning in law (that hyperbole of course, the the specific meaning of words is the entire exercise of law) then copying cannot be theft.

See how take and copy are different?

So now, if your position is honest, we are in complete agreement. If I took from you it would be theft, but I copied from you so it was not.

As to your "identity theft" argument, in that case, the act of copying your vital details is not the crime, you give those away all the time. The acto of "stealing your identity" is the crime. In that case I would be taking "your good name" by using it to its detriment and leaving it damaged. i.e. by using your credit up, by selling off your hard-earned reputation to by 74 big-screen televisions and leaving you on the hook, I actually took something from you. You were factually deprived, and likely you will have to expend time to straighten things out and people will want to attach your money to regain their own because they think I was you.

If I "stole your identity" and did great works with it, enriching the poor and feeding the hungry, you probably woudn't consider it "identity theft" unless it maid your syndicate bosses suspect you weren't the criminial they needed.

See, in terms of trading on someone else's name, the definition of "to use up" is widely variable because the the inherent "loss" or "deprivation" is very subjective.

But "lost money" is very objective, so for my copying to in any way "deprive" you of your money, you needs _must_ be able to demonstrate that my act "used up" and therefor "deprived" you of money to claim monitary loss from theft. In the cases where some guy was selling bootlegs on the street, his gain is measurable loss maybe.

No such loss is in evidence when some 13 year old is watching a grainy hand-held-camera-in-a-theater version of random aneme flick over eDonkey.

See "take" is the word you don't understand.

If you still _have_ "it" whatever "it" may be, then it hasn't been "taken" from you.

I am serious, please go read up at http://dictionary.die.net/take and contemplate.

Now go read http://dictionary.die.net/copy and contemplate.

Copying is not taking, it's copying.

In the absence of "take" there is no "theft".

I know, ideas this simple can be hard to fathom.

So yes, if I _took_ those bits and bytes from you I would have engaged in theft. But you still have them, so I didn't take them. I copied them. This is a different thing. If words have any meaning in law (that hyperbole of course, the the specific meaning of words is the entire exercise of law) then copying cannot be theft.

See how take and copy are different?

So now, if your position is honest, we are in complete agreement. If I took from you it would be theft, but I copied from you so it was not.

As to your "identity theft" argument, in that case, the act of copying your vital details is not the crime, you give those away all the time. The acto of "stealing your identity" is the crime. In that case I would be taking "your good name" by using it to its detriment and leaving it damaged. i.e. by using your credit up, by selling off your hard-earned reputation to by 74 big-screen televisions and leaving you on the hook, I actually took something from you. You were factually deprived, and likely you will have to expend time to straighten things out and people will want to attach your money to regain their own because they think I was you.

If I "stole your identity" and did great works with it, enriching the poor and feeding the hungry, you probably woudn't consider it "identity theft" unless it maid your syndicate bosses suspect you weren't the criminial they needed.

See, in terms of trading on someone else's name, the definition of "to use up" is widely variable because the the inherent "loss" or "deprivation" is very subjective.

But "lost money" is very objective, so for my copying to in any way "deprive" you of your money, you needs _must_ be able to demonstrate that my act "used up" and therefor "deprived" you of money to claim monitary loss from theft. In the cases where some guy was selling bootlegs on the street, his gain is measurable loss maybe.

No such loss is in evidence when some 13 year old is watching a grainy hand-held-camera-in-a-theater version of random aneme flick over eDonkey.

Perhaps, but I (personally) had trouble using apt on the command line. What are the equivalents of rpm -qs package or rpm -qf file? The first lists the files in package package, and the seconds returns the package that contains file.

apt-cache

real pirates use scp

Lets so how non-Windows we can get. There's VMware ESXi, the bare-metal hypervisor that's not even a POSIX operating system. It has PowerShell support. So does Citrix XenServer, which is Linux/Xen based. (So does Microsoft Hyper-V, of course, but that doesn't count as non-Windows). That's just off the top of my head. Not that it matters, because Windows PowerShell is not surprisingly, a Windows technology. No Windows administrator cares that their Windows automation scripts don't run on their Solaris boxes.

Anyway, bash scripts aren't cross-platform either. I mean, sure, the actual bash interpreter is written in just POSIX C and can be ported to anything (I've used it on Windows myself), but that's useless with the external commands. ALL OF WHICH ARE DIFFERENT, even on one platform! Have you seen the horror that is a truly "cross-platform" script? It begins with pages and pages of if-else statements to figure out what's what, and how stuff works. Then there's ten lines of actual script.

Here's a random example from a script found with this google search:

elif [ "$os" = "OpenBSD" ] ; then
    $echo "/etc/passwd.conf :"
    egrep -v "$comments" /etc/passwd.conf

elif [ "$os" = "HP-UX" ] ; then
    $echo "/etc/pam.conf :"
    egrep -v "$comments" /etc/pam.conf

else
    $echo "/etc/pam.d/passwd :"
    egrep -v "$comments" /etc/pam.d/passwd
fi

if [ "$os" = "Linux" ] ; then
    $echo "pwck -l"
    pwck -r
    grpck -r
fi

Cross platform my ass.

Anyway, lets go back to our earlier, trivial example: "ps"

Here's two google hits: Linux, and Solaris.

Sure, they're vaguely similar, and have a bunch of options in common, but that's where it ends. Formatting is all different. Filtering has different capabilities. I bet the output is different also.

So put or up shut up. Write me a script, quickly (and I stress that word for a reason -- time is money), to do exactly the following task, across a bunch of different unixes:

Output all processes with the name "bash" into an RFC 4180 compliant comma separated values (CSV) file. Do not include extraneous processes. Don't forget the header. Make sure quotes and spaces are correctly handled. Ensure Unicode is handled on platforms that support it (e.g.: Solaris). Make sure numbers are formatted consistently, irrespective of the operating system regional options. Ensure that every platform outputs exactly the same columns, in the same order. Have it work on, at a minimum: AIX, Solaris, HP-UX, OpenBSD, and Linux. Your time starts now... go!

I would strongly dispute the elegance of C declarator syntax (the fact that cdecl was written tells how messed up it actually is).

With this group, I doubt he did something so simple and easily recovered.

Some highly available tools for deletion:
http://linux.die.net/man/1/scrub
http://linux.die.net/man/1/shred

and if it was SD chip he only needed a boot heel.

With this group, I doubt he did something so simple and easily recovered.

Some highly available tools for deletion:
http://linux.die.net/man/1/scrub
http://linux.die.net/man/1/shred

and if it was SD chip he only needed a boot heel.

... since it might still not be obvious, from man calloc:

calloc() allocates memory for an array of nmemb elements of size bytes each and returns a pointer to the allocated memory. The memory is set to zero.

What's more important is that calloc is faster than malloc+memset for a number of reasons, most notably that OS can pre-zero free memory blocks while idling. So, given Carmack's love for micro-optimizations, it would be sacrilegious to suggest that he'd use something as comparatively inefficient as memset(0) in this context.

see "git clone --depth"

man finger

These generic privileges are defined system wide, whereas capabilities are specific to a single file, device, etc. If you have access to files a,b, and c, it's not possible to give another process access to only a and c with privileges, but it's trivial with capabilities.

I think you're running into a name conflict here. "Linux Capabilities" exists, but is separate from the filesystem and is basically a set of flags like "can reboot the system" and "can increase process priority".

SELinux is more like what you are looking for (in fact, modern systems with it on by default drive people up the wall when they try to put DocumentRoot in some weird place like /usr/www/ instead of where the distribution told SELinux apache should be able to read), but it's not really a runtime kind of setting (ie if I want to run the program once with permission to access "a" and then a second time with permission to access "b" I'll need to reconfigure selinux/relabel the files/possibly reboot)

There might be a user executable shut down command but i have yet to find it, chmod does work though.

There is. Creatively enough, its called "shutdown." http://linux.die.net/man/8/shutdown

let the OS know that instead of paging this memory to disk when low on memory, it should instead just free it and let the application know it has done so

madvise with MADV_DONTNEED or equivalently, or VirtualAlloc with MEM_RESET under Windows. Discardable memory isn't as useful as you think though.

the OS really doesn't have any intelligent insight into the usefulness of a particular allocation to an application

But applications can tell the OS what pages are important. On Unix, applications can use posix_fadvise and madvise. On NT. each page has a priority attached to it, and pages with lower priority are evicted only after those with higher priority are gone.

Adjustable-height monitors still exist, too. I just bought a replacement stand for mine last year that has both height and rotate. For $50.

They are not as common as they were when larger flatscreens first hit the market.

Anyway, that isn't the "screen height" the article refers to, which you would know if you had RTFA. It refers to the terminal height; you know, columns x rows/lines? Standard "screen height" is 24 lines but you can customize your terminal session to page by varying numbers of rows/lines.

Good starting points:

http://linux.die.net/man/1/setterm
http://linux.die.net/man/1/xterm
http://www.linuxquestions.org/questions/linux-general-1/console-resolution-vga-values-432910/