apcupsd is indeed nice, and I used it for awhile. A little while back, though, I switched to nut, the Network UPS Tools. nut supports multiple types of UPSes, from many different manufacturers, provides a consistent interface to the available data, and is nicely network-aware, for shutting down multiple computers on a single UPS. There's even a windows client, so the lone NT machine at work gets to shut down properly, too.
nut might be a little overkill for a single computer home setup on an APC UPS (as I believe apcupsd supports slightly more of APC's features), but nut is excellent for anything scaling beyond that.
Well, LaBrea operates below the level of most Windows network programs. From the program's point of view, it establishes a TCP connection to the server and issues the necessary HTTP commands. More things happen "on the wire" though. Here's a simplified timeline:
Program calls connect() to reach the other host.
OS's TCP/IP stack sends a SYN packet to the other host.
One of several things happens:
The host does not respond and the connection eventually times out. Result: failed connection attempt after a short timeout.
The host is reachable but isn't listening on that port. It sends a RST packet. Result: The connection fails almost immediately.
Some other network error. At most, the connection will time out in a relatively short period of time.
The host is listening on the port and sends back a packet with both the SYN and ACK bits set
Presuming the TCP/IP stack got a SYN ACK, it sends its own ACK and considers the connection established.
The TCP/IP stack reports to the calling program the result of the connection attempt. If the three-way handshake went as normal (SYN, SYN ACK, ACK), it considers the connection open.
If the connection was successful, the program starts sending data.
The TCP/IP stack accepts the data, breaks it into packets to be sent, and doesn't return to the program until it's done.
For each packet of data the TCP/IP stack sends out, it waits for an ACK of that packet, retransmitting the packet if it doesn't receive the ACK with a certain period of time. It will wait longer and longer after each transmission before eventually giving up on the connection altogether. The ultimate timeout on an established TCP session is relatively large (and possibly implementation-dependent; I don't remember exactly that part of the spec).
Most firewalls only deal with the first SYN used to set up the connection. Either they reject it (send a RST) or drop it, leaving the connection to time out. La Brea responds to the initial SYN, then ignores everything else, leaving the TCP session to time out. That timing out usually takes a while (the author estimates about 15 minutes for Windows machines), and the program is unable to do anything while it's waiting for the TCP/IP stack to finish sending its data.
Ok, enough background. The point is that, with standard programming practices, the program doesn't get to pick how long it waits before giving up. That is dependent on the OS's TCP/IP stack. The ways around it are harder. One workaround is to use raw TCP sockets (and this may not even work; I'd have to check my copies of Unix Network Programming, and they're at home). (Anyway, Windows XP will be the first WIndows to support raw TCP sockets.) The other is to use nonblocking I/O, which requires a lot more state keeping in the program. (But it would allow the program to fire off connections to a number of hosts and wait to deal with the responses as they come in.) I suspect most work writers would just count on very few people running things like LaBrea and write the simpler code.
So, in summary: LaBrea is pretty nifty and a program can't just shorten its timeout period to get around the delay. The only workaround I can think of at the moment is nonblocking I/O, but that has its own drawbacks (and, depending on the program design, could still be slowed down by LaBrea).
The First Amendment promises the right to free speech, and this speech includes the right to criticize your government. It doesn't say anything about having to vote first.
Perhaps, but voting gives you more leverage with the government. The US is a representational democracy, and it is up to the citizens to: a) vote for people who they think will best represent them and b) tell their representatives how they feel about issues. If you don't vote, you have missed item a; you have not registered your preference for representation. (For this point, I concede the argument involving not liking any of the candidates, but only partially. In the absence of "None of the Above", find an obscure candidate that you do like or vote for someone nonsensical, like Dogbert.) For point b, you will be lent far more credence if you have a voting history. (Compare "I voted for you in the election because of your stand on , and I now feel that you should vote in manner on issue," to Robin's "i have nevir voted, but you suck" fomr some extreme examples.)
--Phil (Please, if these issues are important to you, tell your representatives.)
Ok, since this post actually elicited email response (which the Kuro5hin one didn't), I've put up a description of my prompt at http://www.geeksimplex.org/phil/prompt/. Enjoy.
--Phil (Yep, I'm replying to one of my own posts.)
I seem to recall reading somewhere that Stephenson has said the two books aren't really related; he just put the YT/Miss. Matheson thing in as an easter egg.
--Phil (Owner of a signed copy of Cryptonomicon. (Hi, Jay))
I think you're wrong there. FF8 wasn't all that great, but I thought that FF9 was quite fun and a worthy successor to FF6. Judging by what I've seen in various places on the 'net, a lot of people agree with me.
Perhaps Final Fantasy X will be horrid, but, judging by Final Fantasy IX, there's still good game design coming out of Square.
--Phil (Coincidentally, XMMS just decided to play something from the FF9 soundtrack.)
/usr/local is structured in the same manner as/usr and is intended to be used for locally installed programs in the same way that/usr is used for distribution-provided programs./opt is also for non-distribution-provided programs, but is structured differently. Each program (or logical group of programs, like StarOffice) gets its own directory in/opt,/etc/opt, and/var/opt. This is (I believe) intended to make it easier to manage third-party programs--when you want to remove the program, you only have to delete (at most) three directories instead of hunting down files all over the place.
I personally don't see a great deal of use for/opt anymore, because (on Linux, at least) package management is so prevalent./opt was designed to make it easier for human administrators to manage programs on their systems. Package management programs provide (IMHO) a much better method for doing the same thing. Ah, well. Enough ranting for the day.
--Phil (I was glad to see the appearance of SGML directories in the new FHS.)
The FHS makes an effort to group sections of the filesystem by the type of data that goes in the directories. It differentiates based on two criteria: shareable vs. unshareable and variable vs. static./usr is designed to be static and shareable. However, some parts of/usr are architecture-dependent, such as the/usr/bin and/usr/lib./usr/share is designed to be a hierarchy of shareable, architecture-independent files.
The two examples you give (/usr/share/doc and/usr/share/dict/words) are both things that are architecture-independent and so are put in/usr/share.
To see SPP failing in action, look at what happened to Stephen King. After the novelty wore off, not enough people paid. Fortunately, King released the next installment anyway.
Stephen King was not using the SPP. The SPP calls for a couple things that Stephen King didn't do. First, in the SPP, there is a target dollar amount that must be reached in order for the work to be released. Stephen King set a limit that a certain percentage of the downloaded copies must be paid for. The SPP's approach seems more reasonable to me, as people could pay an amount proportional to how much they think they would value the result. Also, release is not dependent on some percentage of the consumers, but on a preset amount that (presumably) the artist thought was reasonable.
Secondly, the SPP specifies that the money contributed by consumers be held in escrow and, if the set amount of money is not received in a prespecified amount of time, the money is returned to the contributors. Stephen King was not giving refunds in the event of a non-release of a poriot of the book. The escrow is important, because it assures the contributors that their money will not be wasted if nothing is released.
So, please don't point to Stephen King as a failure of the Street Performer Protocol. Perhaps the SPP isn't viable, but I don't know of any instances of it actually being tested. In the absence of any evidence, it seems to me that the protocol would work, and I would be willing to participate if an artist whose works I liked released those works via the SPP.
--Phil (As I listen to mp3s ripped from CDs owned by me...)
Certainly it's possible to create a really excellent game while
contravening some of the rules of Dogma 2001. It's quite possible to
make good movies while breaking the rules of Dogme 95. I don't think
that's the point.
It seems to me that the point is that modern game designers
concentrate too much on the technology available to them and not
enough on actually designing a good game. At best, following all of
the rules of Dogma 2001 will force you away from any modern
conventions and technology that could provide undue distraction. In
order to comply with all of the rules, you have to be quite creative,
and that's part of the point.
At the very least, I think the points of Dogma 2001 are intended to
make you at least think about the current state of the gaming industry
and hopefully avoid many of the pitfalls awaiting you on your path to
pure creativity. Even if you break some of the rules (you put wizards
in your game, for example), you will hopefully have considered the
ramifications of doing so.
--Phil (I *still* want to see a Linux port of Thief.)
As mentioned previously, Paul and Jessica appear in the desert (after a commercial break:-) with no explanation whatsoever.
Actually, there was a brief explanation. One of the Harkonnens says to another that Paul and Jessica were left out in the desert with no way to return.
--Phil (So far, I am not impressed with the miniseries.)
What happens, however, if a user turns his PC off with out shutting it down - It happens, especially when they want to get out of the office as fast as possible on a Friday evening. Chances are that Linux will not boot up again,/dev/hda2 was not cleanly unmounted, cannot find superblock, kernel panic etc...
Linux tends to recover fairly well from an improper shutdown. Most of the time, it only runs into things that fsck can fix automatically. Even if it doesn't, you can set fsck to run with the -y option, which will automatically fix just about anything. (In Debian, there is even an option in a config file to set for this.)
Windows is about the same as the default Linux behaviour, at least as presented to the users. When Windows is rebooted without properly shutting down first, it will run scandisk and will pop up a box asking what to do if it finds errors.
However, neither of these is really that much of a problem if you have your users shut down the machine before turning it off. I only have about 15 users that I support, but every one of them has been able to understand the concept of telling the computer to shut down before turning it off.
--Phil (And to think I just barely missed your UID cutoff point.)
One comment complained about not seeing any reviews of Blue Submarine #6. Since I've seen all four episodes, I figured I'd oblige.
Well, as everyone has said, the best thing about this anime is the soundtrack. If you have a 5.1 stereo system, you ought to be quite pleased. If you're lucky, you won't have any neighbors to bother and can crank the volume too.
The story is also fairly good. The first episode is almost all action and very little plot, but the arc picks up in the second and is in full swing through the third and fourth episodes.
The CG, while pretty impressive in its own right, doesn't always mesh well with the hand drawn stuff, especially when they cut from a CG scene to a hand-drawn version of the same scene.
One thing I especially liked about it is that they don't hand you the story on a platter. A lot of what you see isn't necessarily explicitly explained or is left for later. I thought it was nice to see a story that let me draw my own inferences about ancillary details.
I recommend that you see it from DVD, though. (Or, if you don't like the $20/episode cost, do as I did--watch a friend's copy.) To my knowledge, cable only transmits Dolby pro-logic, so people with 5.1 setups will miss a little of the soundscape. Also, according to the end of this about.com story, Toonami will be digitally editing out Hayami's cigarettes.
The few times I've used gnutella (I've never used napster), I've been
looking for artists that I've heard of but not heard much of, if any of
their music. While this isn't exactly "discovering" artists through
online mp3 sharing, it did allow me to hear songs that I probably wouldn't
have otherwise, and I know own several CDs that I would not otherwise have
purchased. (And yes, there's at least one case where I didn't buy
a CD due to gnutella. I don't remember the artist, but I liked one song
by the artist and went to look for more. I didn't like the others enough
to buy a CD. In the absence of gnutella, I might have bought the CD and
found out that it only had one song that I liked.)
As for actually dicovering someone via napster, I do know people that
use napster to find people sharing artists they like. Then they browse
the rest of that person's collection and look for bands they've never
heard of. "This person had bands X and Y. I like band X, but I don't
know anything about band Y. Maybe I'll like them, too."
--Phil (I like having my entire CD collection available as mp3s.)
In this age of the Internet, intellectual property has become a very important concept to many people. Many companies make their living on the artificial scarcity provided by intellectual property laws, selling information that they have either created or aggregated. Some others, mostly in the Free Software world, make their living seemingly in spite of these laws, selling their services based on information that is freely given.
Do you feel that out current system of intellectual property is a good one? Which parts of it (e.g. trademarks, patents, copyrights) do you feel are well suited to the world of the Internet and which do you think need to be changed (and, if changes are needed, what changes are needed)?
--Phil (I'm quite glad to see this article and look forward to the responses.)
Using an X.0 release of just about anything for any mission critical, potentially embarassing and market image damaging application is just poor judgement
Why do people keep saying this? It is indeed currently true for many programs, but it should not be. I am continually amazed by the number of people that just accept "never use x.0 versions, because they're going to be buggy". Software should be tested extensively before a x.0 release, and the new major version number only applied when the program is ready.
</rant>
Now, I've never used Redhat, so I'm not really qualified to comment on it, but I like the way Debian releases. When they put out a new "stable" release, it has gone through extensive public testing. There are still things that fixed subsequently--nobody is ever going to be perfect--but the problems are very few.
--Phil (I'm going to have to install Redhat one of these days, just so I can compare it to Debian.)
Remembering many different passwords isn't that hard if you have a computer do the remembering for you. The catch is that the passwords need to be stored securely enough that you're the only person that can get to them. Someone already mentioned a Windows program that does this. I use Strip, a GPLed password-storing program for the Palm. It stores the passwords in an encrypted database (encrypted in either DES or Idea, whichever you prefer). It also has a decent random password generation feature.
--Phil (Just don't ever forget the password with which Strip's database is encrypted.)
Generated passwords (emailed to you) opens you up to some sort of randomization attacks.
Not really. If you generate a random, alphanumeric, mixed-case, eight character password, there are roughly 2.18E14 possible passwords. Trying to brute force that would be practically impossible. If you also use a good random number generator, random number prediction isn't going to get you anything, either. At most, you could temporarily DoS someone by having their password changed on them. Even that can be avoided by not activating the new password until the user logs in with it.
As far as I can see, storing a one-way hash of the password and creating a new, random password when if the original has been forgotten is the best approach.
--Phil (All of my passwords are randomly generated--but I'm paranoid.)
That's why you don't create a hard-coded central location like Napster has. Ideally, each set of 'adjacent' hosts should hold an election amongst themselves to determine which one will hold the index. The election could be weighted by factors such as bandwidth and processor speed. With a setup like this, there's still no central location, but there are dynamically-determined common indexing points.
--Phil (Why does Slashdot go on and on about Napster and Gnutella but never mention Hotline?)
Slashdot Mirror
apcupsd is indeed nice, and I used it for awhile. A little while back, though, I switched to nut, the Network UPS Tools. nut supports multiple types of UPSes, from many different manufacturers, provides a consistent interface to the available data, and is nicely network-aware, for shutting down multiple computers on a single UPS. There's even a windows client, so the lone NT machine at work gets to shut down properly, too.
nut might be a little overkill for a single computer home setup on an APC UPS (as I believe apcupsd supports slightly more of APC's features), but nut is excellent for anything scaling beyond that.
--Phil (Yes, I'm a big fan of UPSes.)
Well, LaBrea operates below the level of most Windows network programs. From the program's point of view, it establishes a TCP connection to the server and issues the necessary HTTP commands. More things happen "on the wire" though. Here's a simplified timeline:
Most firewalls only deal with the first SYN used to set up the connection. Either they reject it (send a RST) or drop it, leaving the connection to time out. La Brea responds to the initial SYN, then ignores everything else, leaving the TCP session to time out. That timing out usually takes a while (the author estimates about 15 minutes for Windows machines), and the program is unable to do anything while it's waiting for the TCP/IP stack to finish sending its data.
Ok, enough background. The point is that, with standard programming practices, the program doesn't get to pick how long it waits before giving up. That is dependent on the OS's TCP/IP stack. The ways around it are harder. One workaround is to use raw TCP sockets (and this may not even work; I'd have to check my copies of Unix Network Programming, and they're at home). (Anyway, Windows XP will be the first WIndows to support raw TCP sockets.) The other is to use nonblocking I/O, which requires a lot more state keeping in the program. (But it would allow the program to fire off connections to a number of hosts and wait to deal with the responses as they come in.) I suspect most work writers would just count on very few people running things like LaBrea and write the simpler code.
So, in summary: LaBrea is pretty nifty and a program can't just shorten its timeout period to get around the delay. The only workaround I can think of at the moment is nonblocking I/O, but that has its own drawbacks (and, depending on the program design, could still be slowed down by LaBrea).
--Phil (Crazy network programmer.)
Perhaps, but voting gives you more leverage with the government. The US is a representational democracy, and it is up to the citizens to: a) vote for people who they think will best represent them and b) tell their representatives how they feel about issues. If you don't vote, you have missed item a; you have not registered your preference for representation. (For this point, I concede the argument involving not liking any of the candidates, but only partially. In the absence of "None of the Above", find an obscure candidate that you do like or vote for someone nonsensical, like Dogbert.) For point b, you will be lent far more credence if you have a voting history. (Compare "I voted for you in the election because of your stand on , and I now feel that you should vote in manner on issue ," to Robin's "i have nevir voted, but you suck" fomr some extreme examples.)
--Phil (Please, if these issues are important to you, tell your representatives.)
Ok, since this post actually elicited email response (which the Kuro5hin one didn't), I've put up a description of my prompt at http://www.geeksimplex.org/phil/prompt/. Enjoy.
--Phil (Yep, I'm replying to one of my own posts.)
Kuro5hin ran an article on shell prompts recently. Rather than retype everything ('cause I'm lazy), I'll just provide a link to my post about my prompt.
--Phil (Still need to add APM stuff to my prompt.)
The people at RFC.net have a link to An epitaph for RFC822 that turned up on their discussion mailing list.
--Phil (Sure it's MLP, but it's interesting MLP.)
I'm sure everyone has their own favorite mirror, but I like x42.com's RFCs. You can get these two at rfc2821.x42.com and rfc2822.x42.com.
--Phil (x42.com even has anchors on the sections of the RFCs.)
I seem to recall reading somewhere that Stephenson has said the two books aren't really related; he just put the YT/Miss. Matheson thing in as an easter egg.
--Phil (Owner of a signed copy of Cryptonomicon. (Hi, Jay))
I think you're wrong there. FF8 wasn't all that great, but I thought that FF9 was quite fun and a worthy successor to FF6. Judging by what I've seen in various places on the 'net, a lot of people agree with me.
Perhaps Final Fantasy X will be horrid, but, judging by Final Fantasy IX, there's still good game design coming out of Square.
--Phil (Coincidentally, XMMS just decided to play something from the FF9 soundtrack.)
I personally don't see a great deal of use for /opt anymore, because (on Linux, at least) package management is so prevalent. /opt was designed to make it easier for human administrators to manage programs on their systems. Package management programs provide (IMHO) a much better method for doing the same thing. Ah, well. Enough ranting for the day.
--Phil (I was glad to see the appearance of SGML directories in the new FHS.)
The FHS makes an effort to group sections of the filesystem by the type of data that goes in the directories. It differentiates based on two criteria: shareable vs. unshareable and variable vs. static. /usr is designed to be static and shareable. However, some parts of /usr are architecture-dependent, such as the /usr/bin and /usr/lib. /usr/share is designed to be a hierarchy of shareable, architecture-independent files.
The two examples you give (/usr/share/doc and /usr/share/dict/words) are both things that are architecture-independent and so are put in /usr/share.
--Phil (If only they'd deprecate
Stephen King was not using the SPP. The SPP calls for a couple things that Stephen King didn't do. First, in the SPP, there is a target dollar amount that must be reached in order for the work to be released. Stephen King set a limit that a certain percentage of the downloaded copies must be paid for. The SPP's approach seems more reasonable to me, as people could pay an amount proportional to how much they think they would value the result. Also, release is not dependent on some percentage of the consumers, but on a preset amount that (presumably) the artist thought was reasonable.
Secondly, the SPP specifies that the money contributed by consumers be held in escrow and, if the set amount of money is not received in a prespecified amount of time, the money is returned to the contributors. Stephen King was not giving refunds in the event of a non-release of a poriot of the book. The escrow is important, because it assures the contributors that their money will not be wasted if nothing is released.
So, please don't point to Stephen King as a failure of the Street Performer Protocol. Perhaps the SPP isn't viable, but I don't know of any instances of it actually being tested. In the absence of any evidence, it seems to me that the protocol would work, and I would be willing to participate if an artist whose works I liked released those works via the SPP.
--Phil (As I listen to mp3s ripped from CDs owned by me...)
Certainly it's possible to create a really excellent game while contravening some of the rules of Dogma 2001. It's quite possible to make good movies while breaking the rules of Dogme 95. I don't think that's the point.
It seems to me that the point is that modern game designers concentrate too much on the technology available to them and not enough on actually designing a good game. At best, following all of the rules of Dogma 2001 will force you away from any modern conventions and technology that could provide undue distraction. In order to comply with all of the rules, you have to be quite creative, and that's part of the point.
At the very least, I think the points of Dogma 2001 are intended to make you at least think about the current state of the gaming industry and hopefully avoid many of the pitfalls awaiting you on your path to pure creativity. Even if you break some of the rules (you put wizards in your game, for example), you will hopefully have considered the ramifications of doing so.
--Phil (I *still* want to see a Linux port of Thief.)
Also note that ftp.kernel.org maintains a lot of mirrors at ftp.<country code>.kernel.org. Just a useful shortcut for getting to mirrors.
--Phil (150 kB/s from a ftp.us.kernel.org site--I like this cable modem)
Actually, there was a brief explanation. One of the Harkonnens says to another that Paul and Jessica were left out in the desert with no way to return.
--Phil (So far, I am not impressed with the miniseries.)
Linux tends to recover fairly well from an improper shutdown. Most of the time, it only runs into things that fsck can fix automatically. Even if it doesn't, you can set fsck to run with the -y option, which will automatically fix just about anything. (In Debian, there is even an option in a config file to set for this.)
Windows is about the same as the default Linux behaviour, at least as presented to the users. When Windows is rebooted without properly shutting down first, it will run scandisk and will pop up a box asking what to do if it finds errors.
However, neither of these is really that much of a problem if you have your users shut down the machine before turning it off. I only have about 15 users that I support, but every one of them has been able to understand the concept of telling the computer to shut down before turning it off.
--Phil (And to think I just barely missed your UID cutoff point.)
Also, don't forget Otakon, which will recur next August, probably at the Baltimore Convention Center.
--Phil (Who was it that observed anime cons were better than trek cons because anime girls look better than female Klingons?)
One comment complained about not seeing any reviews of Blue Submarine #6. Since I've seen all four episodes, I figured I'd oblige.
Well, as everyone has said, the best thing about this anime is the soundtrack. If you have a 5.1 stereo system, you ought to be quite pleased. If you're lucky, you won't have any neighbors to bother and can crank the volume too.
The story is also fairly good. The first episode is almost all action and very little plot, but the arc picks up in the second and is in full swing through the third and fourth episodes.
The CG, while pretty impressive in its own right, doesn't always mesh well with the hand drawn stuff, especially when they cut from a CG scene to a hand-drawn version of the same scene.
One thing I especially liked about it is that they don't hand you the story on a platter. A lot of what you see isn't necessarily explicitly explained or is left for later. I thought it was nice to see a story that let me draw my own inferences about ancillary details.
I recommend that you see it from DVD, though. (Or, if you don't like the $20/episode cost, do as I did--watch a friend's copy.) To my knowledge, cable only transmits Dolby pro-logic, so people with 5.1 setups will miss a little of the soundscape. Also, according to the end of this about.com story, Toonami will be digitally editing out Hayami's cigarettes.
--Phil (Gotta find more music by The Thrill.)
The few times I've used gnutella (I've never used napster), I've been looking for artists that I've heard of but not heard much of, if any of their music. While this isn't exactly "discovering" artists through online mp3 sharing, it did allow me to hear songs that I probably wouldn't have otherwise, and I know own several CDs that I would not otherwise have purchased. (And yes, there's at least one case where I didn't buy a CD due to gnutella. I don't remember the artist, but I liked one song by the artist and went to look for more. I didn't like the others enough to buy a CD. In the absence of gnutella, I might have bought the CD and found out that it only had one song that I liked.)
As for actually dicovering someone via napster, I do know people that use napster to find people sharing artists they like. Then they browse the rest of that person's collection and look for bands they've never heard of. "This person had bands X and Y. I like band X, but I don't know anything about band Y. Maybe I'll like them, too."
--Phil (I like having my entire CD collection available as mp3s.)
Nader, at least, supports binding "none of the above" voting. (Near the bottom of that page.)
--Phil (I'm probably voting Nader, but I look forward to the responses from this interview.)
In this age of the Internet, intellectual property has become a very important concept to many people. Many companies make their living on the artificial scarcity provided by intellectual property laws, selling information that they have either created or aggregated. Some others, mostly in the Free Software world, make their living seemingly in spite of these laws, selling their services based on information that is freely given.
Do you feel that out current system of intellectual property is a good one? Which parts of it (e.g. trademarks, patents, copyrights) do you feel are well suited to the world of the Internet and which do you think need to be changed (and, if changes are needed, what changes are needed)?
--Phil (I'm quite glad to see this article and look forward to the responses.)
Why do people keep saying this? It is indeed currently true for many programs, but it should not be. I am continually amazed by the number of people that just accept "never use x.0 versions, because they're going to be buggy". Software should be tested extensively before a x.0 release, and the new major version number only applied when the program is ready.
</rant>
Now, I've never used Redhat, so I'm not really qualified to comment on it, but I like the way Debian releases. When they put out a new "stable" release, it has gone through extensive public testing. There are still things that fixed subsequently--nobody is ever going to be perfect--but the problems are very few.
--Phil (I'm going to have to install Redhat one of these days, just so I can compare it to Debian.)
Remembering many different passwords isn't that hard if you have a computer do the remembering for you. The catch is that the passwords need to be stored securely enough that you're the only person that can get to them. Someone already mentioned a Windows program that does this. I use Strip, a GPLed password-storing program for the Palm. It stores the passwords in an encrypted database (encrypted in either DES or Idea, whichever you prefer). It also has a decent random password generation feature.
--Phil (Just don't ever forget the password with which Strip's database is encrypted.)
Not really. If you generate a random, alphanumeric, mixed-case, eight character password, there are roughly 2.18E14 possible passwords. Trying to brute force that would be practically impossible. If you also use a good random number generator, random number prediction isn't going to get you anything, either. At most, you could temporarily DoS someone by having their password changed on them. Even that can be avoided by not activating the new password until the user logs in with it.
As far as I can see, storing a one-way hash of the password and creating a new, random password when if the original has been forgotten is the best approach.
--Phil (All of my passwords are randomly generated--but I'm paranoid.)
That's why you don't create a hard-coded central location like Napster has. Ideally, each set of 'adjacent' hosts should hold an election amongst themselves to determine which one will hold the index. The election could be weighted by factors such as bandwidth and processor speed. With a setup like this, there's still no central location, but there are dynamically-determined common indexing points.
--Phil (Why does Slashdot go on and on about Napster and Gnutella but never mention Hotline?)