Slashdot Mirror

This was the filesystem that HP tried to port to HPUX and failed. They licensed Veritas instead.

http://news.zdnet.co.uk/hardware/0,1000000091,39175690,00.htm "It had initially planned to complete the migration of the TruCluster/AdvFS feature from Tru64 Unix to HP-UX 11i v3 in the middle of 2006."

http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1214253121145+28353475&threadId=754760 "No TruCluster or AdvFS for HP-UX after all"

It probably would have made the release too, except that it got canned after it was working.

It wasn't that HP failed to port ADVfs and trucluster to HPUX -- it was that they decided to stop it in favor of the other solution for arguably political and financial reasons. The people at HP in California were more than happy for the DEC people in New Hampshire to go away, even at the cost of licensing something that was no better than what they already owned outright, but would need to fund support for.

One wonders why they have bothered with this release at this point.

-dB

This was the filesystem that HP tried to port to HPUX and failed. They licensed Veritas instead.
I figured that the multithreading that I'd always heard worked so well in AdvFS/Tru64 was hard to port to the non-multithreaded HPUX kernel.

http://news.zdnet.co.uk/hardware/0,1000000091,39175690,00.htm
"It had initially planned to complete the migration of the TruCluster/AdvFS feature from Tru64 Unix to HP-UX 11i v3 in the middle of 2006."

http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1214253121145+28353475&threadId=754760
"No TruCluster or AdvFS for HP-UX after all"

Yes but > 90% of academic money comes (either directly or indirectly) from govt.

Besides many large corporations use research money as PR investments ... and will thus provide for research in popular stuff, like animal conservation, cancer research and ... pro-global warming research. Certainly not invest in stuff like energy research or theoretical physics.

Let's take for example one (big) sponsor of my alma mater ... HP.

http://www.hp.com/hpinfo/newsroom/feature_stories/2006/06globalwarming.html

'nuff said

So the govt (with the notable exception of the US govt, but this certainly applies to th EU), the largest researcher, does not sponsor ANY anti-AGW research. Most corporations don't actually risk it either, as it's a pr-disaster waiting to happen.

http://h20219.www2.hp.com/integrity/cache/342254-0-0-0-121.html
or http://www.sun.com/servers/x64/x4600/specs.xml
PCs may have higher shipping volume, but servers are no slouch either, and produce higher margins.

ProCurve link:
ProCurve

Heck, even small businesses can order laptops without Vista. Check Dell's Small & Medium Business laptop store. Or HP's Small & Medium Business laptop store. Or Lenovo's ThinkPad store. At all of these "small business" stores, it's just as easy to order a laptop without Vista as with Vista.

BTW, I think I may have you "beat" on the Win2K Pro box I'm typing this on. The motherboard is from an abandoned HP Pavilion xe783 that originally had WinME installed. Intel 810 chipset, 900MHz Celeron (Pentium 3 based), ATI Radeon 9200 PCI card. I just can't justify replacing this box (which serves as my "primary" desktop) when it works so well and Win2K continues to get extended support. It looks like Windows 7 will be released before Win2K's extended support ends in mid-2010.

Looks quite nice, but not as much as those new HP Mini-note - i have no use for a laptop these days, and i'm considering getting one if i travel to the US in the near future. Those things look great, and the hardware is really nice.

I recently bought an old Jornada 720 PDA for about $60 off ebay.

200MHz StrongARM processor with 32MB RAM, running Windows CE.

But the Jornadas can Run Linux (I run the Jlime distro), and it has a compact flash slot for storage (I put in a 4GB CF Card).

I can VNC, SSH, do X forwarding and do a host of other things. It also has a PCMCIA slot, so many standard PCMCIA cards would work, including wireless and 3G cards.

Also a hardware upgrade is in the works, within the next few months an upgrade will come that will boost the RAM to 128MB for about $100.

All in all, I am really happy with it. Initially typing on it was a bit tricky due to the smaller keys, but I am getting used to it, I can almost touch type now.

In order for your comment to be true the exact opposite of what I illustrated happening in my post must be happening. Since I provided links, it would be fair to ask you for some.

PC sales are up in a big way in units, dollars of sales and dollars of profit. Windows sales are off by 24%. Make of that what you will. I choose to believe that Microsoft is getting a lot less for Windows than they used to especially in emerging markets, they're bleeding share on high end retail units and they've fully booked the sales under Software Assurance. I also choose to believe this is because nobody wants Vista, especially on the cost effective platforms that don't run it well.

We have run the circle:

• Pre-vista PCs unavailable with anything but XP
• machines available with Vista only
• units that come with Vista by default with optional XP downgrade licenses
• The pre-downgrade to XP option available
• units pre-downgraded to XP with no pre-installed Vista available

We're back at nothing but XP for you. All your base are belong to XP. Now you just also have to take the Vista License so they can book another Vista sale for their marketeering. That way Ballmer can say stuff like "almost 100% of retail PCs are Vista." If you'll remember, Saddam Hussein also got 100% of the "popular vote" in the last election before his execution. At least they aren't making you take a SuSE coupon as well -- yet.

When "Vista downgraded to XP" is an option on PC's, we're still pretending Vista might have legs. When it's the only available option we're done pretending it's anything but an albatross around the neck of major vendors.

The XW4400 is discontinued. Try the XW4600 which comes with XP downgrades.

The XW4400 is discontinued. Try the XW4600 which comes with XP downgrades.

I used to have this machine and used it for exactly what you describe. http://h18000.www1.hp.com/products/quickspecs/10381_div/10381_div.HTML

Dell's probably going to take a larger hit than Sun. Customers may still want some of Dell's lower end servers and desktops where HP can't compete on price. While HP's desktops and x86 servers can easily replace Dell's, there are more dependencies and loyalties when it comes to Unix. With Unix, it's not just the hardware but also the OS.

When HP comes up with marketing to get Solaris customers, the plan is to migrate them to Linux, not HP/UX. I don't think that HP has put the same effort into HP/UX that Sun has in Solaris. IBM seems to at least be trying to play catch-up.

HP does offer and certify Solaris on their x86 servers I wonder if they may take the plunge and make an OpenSolaris port for their HP 9000 and even Alpha based servers. There's are a couple projects to port OpenSolaris to IBM's Power and Z series mainframes, both of which seem to have some support from IBM. I doubt that IBM would give up on AIX but it would be an interesting scenario for HP to move to OpenSolaris on their hardware. In the Unix world, Solaris seems to have the most momentum. But then again in the unix world, most people are probably still running OS versions that are 2 release behind current.

Now if only C++ got real garbage collection

and lambda functions (two features that are really necessary for high end development)...

I just read the article and this one also. http://www.hpl.hp.com/news/2008/apr-jun/memristor.html I just don't see why it is not called a semiconductor device like the transistor is instead of a forth basic element. I do consider it important like the transistor is, but not a basic building block like Caps, resistors, or inductors. It is not a passive discrete component like they are. Tim S

When it is running Vista, there's no reason to upgrade of course.

if you're running Vista more than likely you got a new PC or you upgraded an old PC to be Vista capable.

Photoshop

Adobe recommends that if you're running Photoshop on Vista that you get CS3. And it cost $650 while Photoshop CS3 Extended cost $1000.

Upgrades to stuff like Photoshop would surely be cheaper than a decent new PC?

First, to install an upgrade for Photoshop, Photoshop already has to be installed, I believe, and as I state above Adobe recommends CS3 for Vista, so it may be foolish to install CS2 on a Vista PC. Next, a decent PC should cost less than $1000, even to run Photoshop CS3 on. The following are headless: An HP that beats Photoshop's minimum requirements is less than $900, though this one's on sale. A Dell that exceeds CS3's minimum configuration is less than $820.

However even photographers are likely to get software other than Photoshop, perhaps a design suite and an office suite. Add all the software cost up and they can easily exceed the hardware cost.

Okay I took a look at that list. All I can say is what!!!!!
C++ fell .77%
C is still number two.
And list rates what? Search engine hits?
D is ranked 12???? who the heck uses D?
As to garbage collection vs manual memory management I have to say that I do like managed languages but feel there is room for both.
But if you want grabage collection in c and c++ you can get it.
http://www.hpl.hp.com/personal/Hans_Boehm/gc/

Apple is driving the market and has been doing so since introducing the iMac. Apple invests in technology years in advance while the Dells and HPs are running their businesses on a quarterly basis.

You do know that HP is waaaaaaaaaay more than PCs and Laptops don't you?

There exists hardware where the manufacturer refuses to disclose how it operates. The only purpose for this is to prevent it from working with open systems. The cure is simple. Don't buy it. Do not reward vendors for limiting your choices. In time they'll learn to stop including toxic stuff in their box.

Read the label. In this case, read the specifications for the stuff you buy. If the ingredients aren't on your preferred list of safe ingredients then just don't buy it. These days there are plenty of vendors eager to brag about how their platform will run any software you want to run including Dell, IBM and HP. In fact if your hardware won't work with an OS so flexible it runs on x86, alpha, sparc, arm, powerpc, hppa, ia64, mips and s390 then it must be truly broken. After all, Linux supports more hardware devices out of the box than any other.

If they won't tell you what's in the box and you buy it anyway then you're stuck. Fortunately the list of toxic ingredients and their sponsors get shorter every day.

Look, if anyone just does a basic analysis, you'll see that there's this circular process where the heavier operating system requires new hardware, forcing people to buy both to keep up with the times, which both them and the manufacturer want.

According to this basic analysis(pdf), debian Etch is an order of magnitude larger and more complex than Vista. And yet it doesn't require this "new hardware" you're speaking of.

In fact in addition to the x86-32 and x86-64 targets Vista aims for it also runs on alpha, sparc, arm, powerpc, hppa, ia64, mips and s390. From the toys to spacecraft, from webservers to 85.2% of the world's top 500 supercomputers it'll run on almost anything. That's engineering.

This will not end until they have a solid competitor, period, and that means the linux geeks have got to get off their high horse and make an easy, packaged, "buy your box from dell with it pre-loaded" version of it your grandma can use.

You have been able to buy PCs preloaded with linux from Walmart, Dell, IBM, HP and many others for several years.

Because, personally, i'm getting a little sick of getting these operating systems from Microsoft which I swear to God have code running several extra loops just to bog it down so that only the most bleeding edge (aka money I don't want to spend) boxes can handle it reasonably.

So switch. It's time. Ballmer says Vista is a work in progress. Gates says its replacement is a year out. Let's take their word for it. This is a great window of opportunity to justify looking at alternatives.

Good links. The HP Linux stuff is amazingly hard to find on their site, but it's there:
http://h71028.www7.hp.com/enterprise/cache/321152-0-0-0-121.html

Lenovo is easier to find:
www.lenovo.com/think/linux

EmperorLinux.com is popular, too.

Otherwise, there are very few makes of onboard 802.11x currently in circulation that don't have at least one open-source driver available. See http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ for a list of supported makes and models. I think you might be pleasantly surprised.

A final note: there's no need to be unpleasant to those who disagree with you. For the record, I'm an OS agnostic, as I have one of each major OS represented in my home, and I can't say that I've suffered any massive problems, wireless or otherwise, with any of them. I and the other posters you've replied to were simply pointing out exceptions to your blanket statement that no wireless cards work under Linux. I don't think I or anyone else ever claimed that anyone who has or has had difficulties with wireless under Linux must be lying. Moreover, the cards that tend to give trouble under Linux also tend to give similar trouble under Windows and other operating systems - the problems lie with poorly written drivers, not Vista, Linux or any other OS.

Thank you for your consideration.

I bought a suplused HP Jornada 720 for $100. A very usable ultra portable except The OS cannot be upgraded, so one is stuck with Windows CE 3.01, no way of transferring files off the machine except by sneakernetting the memory card, and a browser than can't do SSL2, Javascript, Java, iFrames, PNG's ... But for plain web pages it's outstanding.

It cost $900 when it came out in the late 90s, they could probably make it for less than $500 today.

http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&product=61677

Here's the HP
HP security notice. This was discovered in January/February, according to HP, but not announced by them until April.

Where's the recall notice? HP should be recalling these items. Failure to do so immediately is willful negligence.

Here are the part numbers:

• Part # 442084-B21 HP 256MB USB 2.0 Floppy Drive Key
• Part # 442085-B21 HP 1GB USB 2.0 Floppy Drive Key

They're still for sale on Amazon, for example.

In a situation like this, HP should recall the product and reissue a replacement product with a new part number to distinguish old product from new product.

Product link

Here's the HP HP security notice. This was discovered in January/February, according to HP, but not announced by them until April.

Where's the recall notice? HP should be recalling these items. Failure to do so immediately is willful negligence.

Here are the part numbers:

• Part # 442084-B21 HP 256MB USB 2.0 Floppy Drive Key
• Part # 442085-B21 HP 1GB USB 2.0 Floppy Drive Key

They're still for sale on Amazon, for example.

In a situation like this, HP should recall the product and reissue a replacement product with a new part number to distinguish old product from new product.

It's called the Mini-Note. It's aimed at the education market in general as well as "mobile professionals", not just schools. It can be configured with SuSE, Vista Home Basic, or Vista Business, and storage goes from 4GB SSDs to 160GB 7200RPM hard drives (accelerometer-based drive protection features are included for the HDD versions). The Netbook is something else entirely, and is made by Intel. There are dozens of reviews of the machine out already with better info than that Yahoo article. The HP press release is a good start.

MS didn't think this through very carefully - it seems like a giant "oops!" waiting to happen.

Though I'm really looking forward to Linux with Wine being better at running existing Windows applications, than Windows 7. That's an amusing thought, isn't it? I'm also giggling inside at the thought that the company to jump on the idea of Windows 7 will be HP, since they have developed a habit to embrace doomed technologies of this sort.

I keed, I keed... Besides, I really doubt the veracity of this rumour. MS would be crazy to do this (they might as well rewrite their corporate strategy as "shoot ourselves in the feet with machine guy").

On Groklaw we learned today that Hewlett Packard participated in overt political interference along side Microsoft

"Here's the scoop from Les Echos.fr on France's sudden change from its No vote to Abstain. Microsoft France's President Eric Boustouller sent AFNOR a letter [PDF] in French, of course. He tells a tale about OOXML and ODF progressing side by side and how if OOXML is approved, a group will be working hard to make the two more interoperable. Attached was a HP statement of support for OOXML. HP sings the same song. And AFNOR?"

Take a look at HP's Ethics and Compliance Page and you will see how concerned HP is of public perceptions after recent events connected with HP's investigation into leaks of confidential information from the Board of Directors tarnished HP's reputation in this area.

HP tells us they have a long-standing commitment to conducting business with uncompromising integrity, which is core to everything they stand for as a company. I am sure that if they really understood that by supporting MSOOXML they are headed for another scandal, they would distance themselves from OOXML. Even more, since their ambition is to provide a leadership role in corporate ethics, they would help to turn the tide against OOXML.

In light of this, you may wish to help them understand the errors presented by the "HP Position Statement on Standardization of Office Document Formats" and you may comment directly to their Board of Ethics on the Comments page. That is where I just posted the following letter...

Dear members of the Board of Ethics and Compliance at HP

It is clear that your company is deeply concerned about conducting business with uncompromising integrity. In light of your commitment to being a leader in global citizenship and corporate ethics, I wish to direct your attention to a serious error in judgment by somebody there at HP who formulated the "HP Position Statement on Standardization of Office Document Formats".

I refer to the following statements...

"HP believes that the international standardization process is working."

It is now blatantly obvious that quite the contrary is true, specifically, that the standardization process was seriously flawed. Please see the current discussion on Groklaw about this at http://www.groklaw.net/article.php?story=20080331212042460#c684749 and you will quickly realize that your statement is a serious error.

"additional evolution of it will take place under control of the global community"

...another error - in no way whatsoever could we conclude that the decision for MSOOXML to become an ISO standard was made by the "global community". I believe that decision was made by Microsoft and its partners who overwhelmed the ISO voting process, and AFAIK, additional evolution will be done by ECMA, who is controlled by Microsoft.

"Hewlett-Packard Company ...believe[s] that the two standards will co-exist interoperably, and that customers should have the opportunity to select the standards which best fit their needs."

The phrase boggles the mind when you try to parse it. Let us imagine that the two standards, MSOOXML and ODF are interoperable - then why would we need both? Why would the end user choose one over the other if they both do the same job? Interoperability implies that we could easily convert from one to the other. If this were possible, than that in itself is a demonstration that MSOOXML is a duplication of an existing standard - ODF - and therefore should not be/have been approved.

...and if they do

On Groklaw we learned today that Hewlett Packard participated in overt political interference along side Microsoft

"Here's the scoop from Les Echos.fr on France's sudden change from its No vote to Abstain. Microsoft France's President Eric Boustouller sent AFNOR a letter [PDF] in French, of course. He tells a tale about OOXML and ODF progressing side by side and how if OOXML is approved, a group will be working hard to make the two more interoperable. Attached was a HP statement of support for OOXML. HP sings the same song. And AFNOR?"

Take a look at HP's Ethics and Compliance Page and you will see how concerned HP is of public perceptions after recent events connected with HP's investigation into leaks of confidential information from the Board of Directors tarnished HP's reputation in this area.

HP tells us they have a long-standing commitment to conducting business with uncompromising integrity, which is core to everything they stand for as a company. I am sure that if they really understood that by supporting MSOOXML they are headed for another scandal, they would distance themselves from OOXML. Even more, since their ambition is to provide a leadership role in corporate ethics, they would help to turn the tide against OOXML.

In light of this, you may wish to help them understand the errors presented by the "HP Position Statement on Standardization of Office Document Formats" and you may comment directly to their Board of Ethics on the Comments page. That is where I just posted the following letter...

Dear members of the Board of Ethics and Compliance at HP

It is clear that your company is deeply concerned about conducting business with uncompromising integrity. In light of your commitment to being a leader in global citizenship and corporate ethics, I wish to direct your attention to a serious error in judgment by somebody there at HP who formulated the "HP Position Statement on Standardization of Office Document Formats".

I refer to the following statements...

"HP believes that the international standardization process is working."

It is now blatantly obvious that quite the contrary is true, specifically, that the standardization process was seriously flawed. Please see the current discussion on Groklaw about this at http://www.groklaw.net/article.php?story=20080331212042460#c684749 and you will quickly realize that your statement is a serious error.

"additional evolution of it will take place under control of the global community"

...another error - in no way whatsoever could we conclude that the decision for MSOOXML to become an ISO standard was made by the "global community". I believe that decision was made by Microsoft and its partners who overwhelmed the ISO voting process, and AFAIK, additional evolution will be done by ECMA, who is controlled by Microsoft.

"Hewlett-Packard Company ...believe[s] that the two standards will co-exist interoperably, and that customers should have the opportunity to select the standards which best fit their needs."

The phrase boggles the mind when you try to parse it. Let us imagine that the two standards, MSOOXML and ODF are interoperable - then why would we need both? Why would the end user choose one over the other if they both do the same job? Interoperability implies that we could easily convert from one to the other. If this were possible, than that in itself is a demonstration that MSOOXML is a duplication of an existing standard - ODF - and therefore should not be/have been approved.

...and if they do

On Groklaw we learned today that Hewlett Packard participated in overt political interference along side Microsoft

"Here's the scoop from Les Echos.fr on France's sudden change from its No vote to Abstain. Microsoft France's President Eric Boustouller sent AFNOR a letter [PDF] in French, of course. He tells a tale about OOXML and ODF progressing side by side and how if OOXML is approved, a group will be working hard to make the two more interoperable. Attached was a HP statement of support for OOXML. HP sings the same song. And AFNOR?"

Take a look at HP's Ethics and Compliance Page and you will see how concerned HP is of public perceptions after recent events connected with HP's investigation into leaks of confidential information from the Board of Directors tarnished HP's reputation in this area.

HP tells us they have a long-standing commitment to conducting business with uncompromising integrity, which is core to everything they stand for as a company. I am sure that if they really understood that by supporting MSOOXML they are headed for another scandal, they would distance themselves from OOXML. Even more, since their ambition is to provide a leadership role in corporate ethics, they would help to turn the tide against OOXML.

In light of this, you may wish to help them understand the errors presented by the "HP Position Statement on Standardization of Office Document Formats" and you may comment directly to their Board of Ethics on the Comments page. That is where I just posted the following letter...

Dear members of the Board of Ethics and Compliance at HP

It is clear that your company is deeply concerned about conducting business with uncompromising integrity. In light of your commitment to being a leader in global citizenship and corporate ethics, I wish to direct your attention to a serious error in judgment by somebody there at HP who formulated the "HP Position Statement on Standardization of Office Document Formats".

I refer to the following statements...

"HP believes that the international standardization process is working."

It is now blatantly obvious that quite the contrary is true, specifically, that the standardization process was seriously flawed. Please see the current discussion on Groklaw about this at http://www.groklaw.net/article.php?story=20080331212042460#c684749 and you will quickly realize that your statement is a serious error.

"additional evolution of it will take place under control of the global community"

...another error - in no way whatsoever could we conclude that the decision for MSOOXML to become an ISO standard was made by the "global community". I believe that decision was made by Microsoft and its partners who overwhelmed the ISO voting process, and AFAIK, additional evolution will be done by ECMA, who is controlled by Microsoft.

"Hewlett-Packard Company ...believe[s] that the two standards will co-exist interoperably, and that customers should have the opportunity to select the standards which best fit their needs."

The phrase boggles the mind when you try to parse it. Let us imagine that the two standards, MSOOXML and ODF are interoperable - then why would we need both? Why would the end user choose one over the other if they both do the same job? Interoperability implies that we could easily convert from one to the other. If this were possible, than that in itself is a demonstration that MSOOXML is a duplication of an existing standard - ODF - and therefore should not be/have been approved.

...and if they do

>It introduces a sort of concurrency into otherwise sequential programs, leading to timing jitter (at least), stalls (maybe), and nonrepeatable bugs.

Not at all. IBM even has a real time Java (hard real time).

That's WebSphere Real Time Java, a research effort from IBM. You can order it (with mandatory and expensive technical support), but it's more of a semi-custom product. They had to make some drastic compromises to get that to work. Arrays are split into "arraylets", so that no one chunk is so big that it can't be moved during the garbage collection freeze. This allows them to get the freeze time down below a millisecond. There are still freezes, but they're shorter.

>Garbage collection and destructors do not play well together. See "Managed C++".

No, that's not true either. C++ has RAII, so the point is not valid.

That's the problem. Resource Allocation as Initialization and garbage collection do not play well together. Do you want to wait until the next GC before a window closes?

> Concurrent garbage collection requires some support from the memory management unit and operating system, so the hardware can detect "dirty pages"

No, it does not. All that's required is CAS operations.

If you want to avoid freezes during garbage collection, you need more than that. IBM's concurrent collector for Java still has brief freezes for the "mark" phase. Microsoft's patented approach (U.S. Patent #6,502,111) has a freeze: "The application is paused after the marking act is complete. Next, a second marking act of marking all reachable memory objects...". Boehm's collector is "mostly concurrent", and requires "the write protect facilities that are now widely available". The general idea is to write protect pages while the program is running, then run the marking phase of garbage collection on them. If the running program writes to a write-protected page, the page is unlocked and the write performed, but the garbage collector has to do that page again.

Page level write protection/dirty page bit hardware, or periodic freezes. Pick one.

> Calling destructors from another thread in the garbage collector can introduce race conditions or deadlocks.

It depends on what your destructor is doing.

And that's the problem. There are some subtle no-nos in destructors called from garbage collectors. C++ doesn't prevent them. Errors here result in very intermittent bugs that are very hard to find. Garbage collection is fine for programs at a somewhat higher level, like Java, but you probably don't want it inside your operating system kernel or media player. You mix two totally unrelated domains. A OS kernel can have GC, but usually it is too low level to have one. On the other hand, a media player can have GC, since a media player does not constantly allocate and deallocate memory blocks. In Java, programmers worry about garbage collection and finalizers.

Don't underestimate the power of cycles! cycles can be introduced indirectly, through inheritance, and then it's very very difficult to track them...trust me, I've been hunting a memory leak introduced by a subclass which obtained a shared ptr from a factory interface, only to discover that the the base class was already already referenced somewhere from the object returned by the factory; the cycle was not obvious, until the program accumulated lots of craft after a long operation.

I'm arguing for a debug mode in which cycles are detected at the moment of creation. Cycles are typically a design time problem; if a program generates cycles, it will probably generate cycles on every execution. This tells you when you need weak pointers.

If your data structure is anything like a tree, the cycle problem can usually be fixed

The article hints that the storage is HP SFS; basically a turn-key lustre system built on loads of SATA raid arrays.

http://h20219.www2.hp.com/HPC/cache/276636-0-0-0-121.html

Slightly offtopic, Hans Boehm had it's say in 2006, but author, who promotes his own book/project using it as a base for his "research", is obviously one of opposers of these claims.

Adoption problem, IMnsHO, arises because there is real friction between usual C* approaches and threading. Experienced programmers (as other posters claim) are used to their ways and easily discouraged by these frictions. Java's threading approach is a bit of pain in the ass too, so this leaves big majority of programmers out in the cold when it comes to threading.

Threading goes against usual development style in US, where problems are attacked with workforce, not with any kind of optimized approach. Or original. "Why experiment, when we make tons of money old-style all these years?"

dd

Oh really?

What's this then?

(For the lazy "HP provides diverse support services for the Debian GNU/Linux operating system on selected HP ProLiant and HP BladeSystem servers")

You can already buy computers with 2 TB of ram, silly reporters/bloggers and their outdated articles.
http://h20341.www2.hp.com/integrity/cache/342254-0-0-0-121.html

Even in the Intel world, HPs new DL785 can do 0.25 Tb now and soon to do 0.5Tb http://h18004.www1.hp.com/products/servers/proliantdl785g5/index.html

As can HP Superdomes. (I know for a fact there's a 1Tb one not far from me, 2Tb is possibly out there [the machine can do it, I just don't know personally if there's one extant.. surprise me if there isn't (see http://h20341.www2.hp.com/integrity/cache/342370-0-0-0-121.html) ]). It wouldn't at all shock me that IBM has machines in this class.

This whole discussion is so PC-centric it is hilarious. Oracle will find a way to make their SGA take 1Tb if you let them.

http://www.hpl.hp.com/news/2004/jan-mar/casualcapture.html

I got myself a used HP nc4010 for cheap. I maxed out its RAM, put a big HDD in it, installed the 802.11g wireless board, and got the optional travel battery. To cap it off I got a mini bluetooth mouse, and its been great. I can dual boot it to windows or gentoo and it runs just dandy. It can even play WoW at about 7fps. Total investment was about $500. Its small and light even with the extra battery.

You could probably do as well with something similar, I've read that the IBM ultra-portables are pretty nice also.

-FL

Of the Operating Environments you mentioned, source is available. The last "hold-out" was Microsoft -- even they make source licenses available now.

HP: see http://licensing.hp.com/slm/swl/view.slm?page=source (VMS, Tru64)

Solaris: completely open-source, see http://opensolaris.org/os/

IBM: not sure about them -- older releases of IBMs mainframe OS came with source, so I expect that z/OS comes with source. I *haven't* personally seen the source for AIX.

In general, OSs have ALWAYS come with source; back in the early '80s, for example, Digital VMS came with source (by default on microfiche AFAIR). The "closed source" OS was debuted by CP/M, and carried forward by MSDOS.

1) It would still seem that the decision to initially hand the capability to the user has to be made with knowledge of who the user is, and

You pose some good questions which I intend to address, but first there are a number of assumptions in this one statement which has lead people astray in the past, so I want to address those first.

The User: just about every single access control discussion, particularly informal ones like this thread, start by talking about "users". Talking about "users" quite naturally dovetails into discussions of identities, then authentication, and finally the natural access control abstractions end up looking identity-based like Unix/Windows. The problem with this approach is, users generally aren't a threat. The real threats are from programs.

Access control is mainly about maintaining the integrity of a system in the presence of malicious programs. When viewed this way, identity-based access control starts to look meaningless. The "identities" of programs is a much fuzzier concept than the identities of users, but this is the right way to view access control. You can deal with program identities ala Polaris, and the resulting system is usable, but it's far simpler to eschew identities entirely.

Once you eschew identities, dealing with authorizations as distinct entities looks more natural. The more fine-grained the authorization, the better. Since programs are the only entities handling these authorizations, it doesn't matter how fine-grained we make them. Most of the heavy-lifting is done behind the scenes, hidden from users. When accessing a resource, you have to name it, then provide the authorization token demonstrating you have permission access to it. Then you start to wonder why the designation and the authorization can't be combined into a single handle for convenience. They can! They're called capabilities. Some other designs maintain this separation, but I can't find the reference to the paper at the moment.

Now comes the question: where do these capabilities come from, and how do we get them? The simple answer is: initial conditions. Just like the Big Bang, the universe of objects inside a computer is constructed at installation time. The installer constructs the primordial storage manager, user manager, shell, etc. from which the primordial user can allocate more storage to create other users, and endow them with capabilities, and so on.

At this stage, I've only been talking about programs all contained within a single computer. Now we come full circle to your question: how does someone outside the computer get (re)connected to their session which exists inside the computer? Note first that this is only a problem for a computer shared amongst multiple users.

To maintain the security properties, you need: portable sessions, as you suggested, a portable authorization token, or some form of secure authentication. This is the only authentication step needed, and even then it's not necessarily required.

Your comment seems to imply that an authentication is needed for every interaction with a new object, when you only need to authenticate with one computer, your own, and if you can carry that computer with you (pda, cellphone, etc.), then no further authentication is ever needed. A portable authorization token can be a USB key or a secure card that holds a cryptographically-secure hash designating your session. I prefer the last option, as its the most user friendly, and the most secure.

2) I'm curious how you would go about restoring security were such a persisted capability stolen.

This is a long-standing fear of system administrators everywhere. "Capabilities grant you flexibility and POLA, but you lose control!" There is a thread going on right now on the cap-talk mailing list about this actually. There are many possible ways to address this concern actually, and the only answer t

Let me ask you this: what use is authentication without identity? Identity is generally irrelevant when making authorization decisions, particularly when using capabilities. Identity-based access control is the single cause of our vulnerable computing infrastructure. Identity-based security can be locked down somewhat, with Polaris being the epitome of what's achievable on Windows, but it has fundamental limits associated with the amount of information available to make appropriate authorization decisions.

Capabilities change the whole security game, as they enable principle of least authority designs to be easily constructed. Identity-based controls are not composable, so fine-grained permissions are simply impossible.

Capabilities are not the only authorization-based access control of course, but they are perhaps the most well-known. You can even start playing with capabilities today.