Then just transfer your src files (the text files with 1,000-2,000 lines), that's all you need provided you have the libraries installed on your machines. VS uses libraries from the.NET framework that need to be installed as system libraries on each machine. Try transferring them to your flash drive along with your VS project and tell me how long it takes.
So your eclipse project is more portable because you do not need to install system libraries. It's all self contained within your project. It doesn't mean you have to transfer the whole thing to your flash drive every time !;-)
Seriously, I have been using eclipse for years and I don't even know how to invoke the debugger. Nothing I hate more than an IDE falling into debugging mode when an error is encountered. A stack trace is fine with me. When really stuck, I insert debugging statement in the code in the relevant places.
Of course, I realize that this is my old way to view things. I also know that modern development teams would go on strike if I tried to impose them an IDE without a debugger;-)
On a 4 GB RAM server, we can smoothly run 8 instances of eclipse + 8 instances of Xvnc that the developers access remotely to work in their development environment, this is on linux. Are you on windows ? Could there be issues with your environment that impact performances when running eclipse ?
I also run 1 eclipse instance quite smoothly on my IBM thinkpad 1GB RAM and windows XP.
Or, can Google engine handle the load of being/dotted ? I guess I will wait an hour then try it out since the article just got posted. I will report back;-)
Exactly the kind of mentality I was referring to. I will have been using Linux for 20 years in a couple of years;-) I remember how amazed I was the first time I installed it on a 386;-) Boy ! you really felt superior compared to others running win 3.1. (dos in realty);-) Ok, I have been enjoying it long enough, so I guess I do not mind sharing now;-)
Also, remember the mentally back then -> you are running linux, you must be a hacker -> you to encrypt your data, you must have something to hide;-)
In realty, I do not mind Linux making it to the masses. In 2000, I predicted that the alternative would be dead by 2015 if it kept going with the same marketing techniques (people slowly get smarter).
Linux making it to the masses might help proving my prediction right;-)
If that happens, the alternative you might be reffering to will most likely disappear because it has a poor penetration rate in other areas than the general public and once its wide adoption is gone, there not much more reasons to use it;-)
I experimented with it, but not in depth. As far as I remember, ionice didn't help a lot compared to real mainframe I/O scheduler. I have always felt that Linux was weak on I/O scheduling and other posts tend to confirm what I suspect.
Now, if you tell me that I can do real I/O scheduling with ionice and that you have managed to accomplish that. I might give it a second try, more in depth this time.
Also, please specify kernel tweaking parameters to cause ionice to act as a real I/O scheduler.
Again, I might not have experimented with ionice enough to possess an accurate picture but other posts on this thread seem to lead to what I assumed so far.
Although I personally do not care about that feature, I view it as a positive step towards mass adoption of Linux. I have to admit it scares me a bit although. Once mass adopted, we won't have the satisfaction to know we are running a better OS anymore;-)
Read other posts about I/O. nice on linux only works on CPU cycles and is close to useless because I/O speeds haven't raised at the same rate as CPU speeds have. I mean. I have quad core CPUs that have a lot of spare cycles. Still, even if I renice 19 some process, it can still choke the machine because it is an I/O intensive process that takes.01 % of the CPU. So even at nice 19, one process can bring your machine down. We need a better I/O scheduler. Something similar to software raid (mdX_raidX processes) which only takes a little portion of I/O bandwidth available when you add a new partition to an array.
But no one understands what's really broken in the kernel.
Hi ! This is Steeven Baldmer. See, that's why we, at ms, offer the only reliable solution. I can assure you that every ms developer knows exactly what is going on everywhere in our systems.
Don't the real trsts know enough not to fall into this ?
I mean there is people monitoring the net to prevent trsts actions. If they are feared in the sense that they could take important internet infrastructures down and cause considerable economic lost, would it be possible that they might have already learned to protect their data?
I mean we aren't talking about getting into child prX0m amateur computers here.
Probably not but the link to the Guardian is wrong and you end up on http.com which is a dummy front site, using firefox 2 and linux, using open link in new window (or tab) because Firefox then completes http with.com for its target domain. The link to the Guardian in the article is http://http//politics.guardian.co.uk/foreignaffair s/story/0,,2160256,00.html
Well, I assume you could mix-up the digits or code to be entered on the display at login time. You would then need two view points to capture everything. One at the screen and one at the user eyes. A lot of digital door looks where you have to enter digits to get in already work that way. They have LEDs behind the keys to display the digits and every time time you need to get in, you need to press different keys because the digits you need to enter have changed location on the keyboard.
Unfortunately, this can be trivially broken as described in the following presentation about OpenID security
I had a quick look, interesting. So if I understand, trivially means that slashdot would just have to refuse my login to cause me to enter my bank userid/password on slashdot in desperation to login into slashdot ?
Maybe I am missing the point.
As a rule of thumb, nothing is 100% hack proof and secure. I posted another follow-up where I mention client-cert (or at least a pair of private/public keys) is the closest thing to reliable single-signon. I mean, isn't it already used to authenticate reliably the sender of an email ?? It will work just as fine authenticating web users.
Here is how it would work :
1 ) Web site sends you a random phrase or a random series of chars.
2 ) You sign that phrase with your private key ( kept only on your computer or on some usb key and generated locally by yourself) then, you send it back to the web server.
3 ) Web server authenticate you by verifying the signature with the help of your public key.
4 ) Note that you don't even need encryption.
So why isn't this implemented yet for mister Joe Citizen ? I don't know for sure but I guess certificate and key management could be a factor.
Note that this method of authentication is already widely used in big organizations that really need serious authentication. Unfortunately, PKI compagnies charge way to much for that. Maybe that is why things don't change, they just want to keep on charging the big $ for certificates. Making the technology widely available to citizen at reasonable prices might make it harder for them to justify charging the big $ to corporation. As I said, I don't know for sure;-(
The beauty of this is that each machine/user has its own private key generated LOCALLY. If a given machine/user private key is compromised. It doesn't affect other machines/users. PKI has been around for a while you know;-)
I wrote I use only dedicated passwords for the ones I really trust. Still for the ones I do not really trust, 3 passwords is better than live ID unique password;-) For the one I do really have to trust, I assume (I sure hope), they don't keep the password in plain text in their systems and that they use something similar to/etc/passwd hash (long version, not the old short one;-)
If you want a challenge, crack my/. password, find my Google mail user name and login to Google to read my mail and post to/. under my name. I use the same password. I have nothing critical on either Google or/. so that won't keep me from sleeping at night. Good luck;-)
I sure wouldn't use my main "master password" (Live ID style / equivalent to your private passphrase or private key) to login to/. or Google.
If you really want secure single-sign on, you need a client certificate or at least a pair of private/public keys. As soon as somebody else (anybody) knows your private key, you need to change your cert/private key. That's an another conclusion we came up with back then.
Unfortunately, marketing people though that it would be too difficult for Mr. Joe Citizen to install a client cert in its browser;-))
So we went with a solution that all security specialists were against. Still, it is much less simplistic than MS live ID. Client certs are still used but (hold your breath), they are kept centrally;-))) One concern was that if the cert was kept locally on the citizen computer, compromised citizen machines would reveal the citizen cert without the citizen knowledge. Security specialists replied that the hacker would still need the private key passphrase in order to be able to use it but that did not fly. So the implemented solution isn't that bad; certs are kept centrally and downloaded to the client machine when needed. Client needs to enter its passphrase to use it and only the client knows the passphrase. Weak point is that the certificate request is made centrally so at some point the central system is aware of the passphrase for a given amount of time. Security purists will tell you that certificate request has to be made locally so that your passphrase is never transmitted to ANY other computer. But what if the machine is already compromised when you make the certificate request locally ? etc.
As you can see, the holy Grail of single-on has not been found yet, but client certs with an encrypted private key that requires a passphare is the closest thing in my humble opinion.
I use 3 passwords for all sites I access mapping to 3 levels of trust. I try to use the same user id when possible :
Level 1 : risky
Level 2 : less risky
Level 3 : almost trustable
For sites that I really trust (banking, etc...) I use dedicated passwords. I, also, can forecast problems with a single sign-on scheme that would be more or less like giving away your social security number if hacked.
I have been working on this problematic before for big organizations and one conclusion we came up with was that we needed to re-use the old assembly language "indirection" principle, called pointers in higher level languages.
So basically, one has to be able to authenticate with multiples set of usernames/passwords combinations. Once the unique user is authenticated, the central authentication authority limits its role to just that, authenticating the user.
All authorization is managed by the local system that interacts with the user.
Do a search for MBUN on Google. In Canada, a user can have multiple MBUNs to deal with the government. This solution was implemented to cope with privacy concerns and still allow the citizen to deal with the government with the same level of privacy that was previously achieved with paper forms. Basically, what has been done is creating a mapping between the MBUN and the real userid and the choice has been given the citizen to have as many MBUN as he wishes to deal with the government.
Serious concerns should apply to too simplistic solutions;-)
Now for all/. MS bashers to enjoy : Although a qualified partner in the project, none of MS products where used to implement the solution. Given the money and the visibility at stakes, this caused a commotion in Canada with MS canadian VP putting pressure on everybody to reverse the decision.
Hey Sam, your products are just too simplistic and too proprietary. Phone us next year please;-) That was really funny, the guy just couldn't understand that Macdonald's like marketing techniques did not work in this case. I mean, they even flew us for a week to Redmond at the campus to try to brainwash us, but still no go for MS.
It's not shifting at all. I've done my share of hacking when I was younger (ahem)
Agreed, nothing new to see here, I had people getting in the data center through the roof 10 years ago to get at the data so we needed to install better locks and better PHYSICAL intrusion detection systems;-)
Author is just defining their algorithm. An algorithm can be implemented in any programming language with any programming techniques. They may have a better algorithm or a better way to do things, but it has nothing to do with the tools and techniques they choose to implement it.
It is kind of like a sale pitch; because our product X uses technique Y, it will do everything automagically, you don't even need to know what you are doing, hence you don't even need an algorithm !
The author seems to be confusing algorithms with tools and techniques.
I still use an external US Robotics SupraFax Modem 14,400 baud to pop mail from accounts that do not allow internet access;-) It uses a serial cable to connect to the server. All mails sent to me converge to a unique account. I then read my mail with Pine. I have all sorts of filters, rules and roles setup to handle all accounts centrally and transparently.
Note that I am not trying to proove any point beside the fact that some of us still use older technologies because they work well for us;-)
Then just transfer your src files (the text files with 1,000-2,000 lines), that's all you need provided you have the libraries installed on your machines. VS uses libraries from the .NET framework that need to be installed as system libraries on each machine. Try transferring them to your flash drive along with your VS project and tell me how long it takes.
So your eclipse project is more portable because you do not need to install system libraries. It's all self contained within your project. It doesn't mean you have to transfer the whole thing to your flash drive every time ! ;-)
Real programmers do not need debuggers ;-)
Seriously, I have been using eclipse for years and I don't even know how to invoke the debugger. Nothing I hate more than an IDE falling into debugging mode when an error is encountered. A stack trace is fine with me. When really stuck, I insert debugging statement in the code in the relevant places.
Of course, I realize that this is my old way to view things. I also know that modern development teams would go on strike if I tried to impose them an IDE without a debugger ;-)
So, view this as my 2 cents, nothing more ;-)
On a 4 GB RAM server, we can smoothly run 8 instances of eclipse + 8 instances of Xvnc that the developers access remotely to work in their development environment, this is on linux. Are you on windows ? Could there be issues with your environment that impact performances when running eclipse ?
I also run 1 eclipse instance quite smoothly on my IBM thinkpad 1GB RAM and windows XP.
Actually, in my case, I found that RAM was a cheaper bang for the buck than a fast array of drives ;-)
http://slashdot.org/comments.pl?sid=252305&cid=199 10521
Of course, the best solution depends on the use case, what you suggest could be needed for some applications ;-)
Reminds me of copper phone lines (PSTN). I have been playing with VOIP lately and it sure fits the pattern you describe ;-)
Or, can Google engine handle the load of being /dotted ? I guess I will wait an hour then try it out since the article just got posted. I will report back ;-)
Exactly the kind of mentality I was referring to. I will have been using Linux for 20 years in a couple of years ;-) I remember how amazed I was the first time I installed it on a 386 ;-) Boy ! you really felt superior compared to others running win 3.1. (dos in realty) ;-) Ok, I have been enjoying it long enough, so I guess I do not mind sharing now ;-)
Also, remember the mentally back then -> you are running linux, you must be a hacker -> you to encrypt your data, you must have something to hide ;-)
In realty, I do not mind Linux making it to the masses. In 2000, I predicted that the alternative would be dead by 2015 if it kept going with the same marketing techniques (people slowly get smarter).
Linux making it to the masses might help proving my prediction right ;-)
If that happens, the alternative you might be reffering to will most likely disappear because it has a poor penetration rate in other areas than the general public and once its wide adoption is gone, there not much more reasons to use it ;-)
I experimented with it, but not in depth. As far as I remember, ionice didn't help a lot compared to real mainframe I/O scheduler. I have always felt that Linux was weak on I/O scheduling and other posts tend to confirm what I suspect.
Now, if you tell me that I can do real I/O scheduling with ionice and that you have managed to accomplish that. I might give it a second try, more in depth this time.
Also, please specify kernel tweaking parameters to cause ionice to act as a real I/O scheduler.
Again, I might not have experimented with ionice enough to possess an accurate picture but other posts on this thread seem to lead to what I assumed so far.
Although I personally do not care about that feature, I view it as a positive step towards mass adoption of Linux. I have to admit it scares me a bit although. Once mass adopted, we won't have the satisfaction to know we are running a better OS anymore ;-)
Read other posts about I/O. nice on linux only works on CPU cycles and is close to useless because I/O speeds haven't raised at the same rate as CPU speeds have. I mean. I have quad core CPUs that have a lot of spare cycles. Still, even if I renice 19 some process, it can still choke the machine because it is an I/O intensive process that takes .01 % of the CPU. So even at nice 19, one process can bring your machine down. We need a better I/O scheduler. Something similar to software raid (mdX_raidX processes) which only takes a little portion of I/O bandwidth available when you add a new partition to an array.
Hi ! This is Steeven Baldmer. See, that's why we, at ms, offer the only reliable solution. I can assure you that every ms developer knows exactly what is going on everywhere in our systems.
Seriously, mod parent up
http://slashdot.org/comments.pl?sid=252305&cid=199 10521
Don't the real trsts know enough not to fall into this ?
I mean there is people monitoring the net to prevent trsts actions. If they are feared in the sense that they could take important internet infrastructures down and cause considerable economic lost, would it be possible that they might have already learned to protect their data?
I mean we aren't talking about getting into child prX0m amateur computers here.
Do real big shot trsts run linux ? ;-)
Or look at TFA ;-)
There a picture of the 2 presidents side by side.
See ? that's scientific bulletproof evidence right there.
So no more waiting for you, we already have all the evidence we will ever need, if you had just looked at TFA in the first place ;-)
just kidding of course ;-)
Probably not but the link to the Guardian is wrong and you end up on http.com which is a dummy front site, using firefox 2 and linux, using open link in new window (or tab) because Firefox then completes http with .com for its target domain. The link to the Guardian in the article is http://http//politics.guardian.co.uk/foreignaffair s/story/0,,2160256,00.html
Well, I assume you could mix-up the digits or code to be entered on the display at login time. You would then need two view points to capture everything. One at the screen and one at the user eyes. A lot of digital door looks where you have to enter digits to get in already work that way. They have LEDs behind the keys to display the digits and every time time you need to get in, you need to press different keys because the digits you need to enter have changed location on the keyboard.
I had a quick look, interesting. So if I understand, trivially means that slashdot would just have to refuse my login to cause me to enter my bank userid/password on slashdot in desperation to login into slashdot ?
Maybe I am missing the point.
As a rule of thumb, nothing is 100% hack proof and secure. I posted another follow-up where I mention client-cert (or at least a pair of private/public keys) is the closest thing to reliable single-signon. I mean, isn't it already used to authenticate reliably the sender of an email ?? It will work just as fine authenticating web users.
Here is how it would work :
1 ) Web site sends you a random phrase or a random series of chars.
2 ) You sign that phrase with your private key ( kept only on your computer or on some usb key and generated locally by yourself) then, you send it back to the web server.
3 ) Web server authenticate you by verifying the signature with the help of your public key.
4 ) Note that you don't even need encryption.
So why isn't this implemented yet for mister Joe Citizen ? I don't know for sure but I guess certificate and key management could be a factor. Note that this method of authentication is already widely used in big organizations that really need serious authentication. Unfortunately, PKI compagnies charge way to much for that. Maybe that is why things don't change, they just want to keep on charging the big $ for certificates. Making the technology widely available to citizen at reasonable prices might make it harder for them to justify charging the big $ to corporation. As I said, I don't know for sure ;-(
The beauty of this is that each machine/user has its own private key generated LOCALLY. If a given machine/user private key is compromised. It doesn't affect other machines/users. PKI has been around for a while you know ;-)
-ls
I wrote I use only dedicated passwords for the ones I really trust. Still for the ones I do not really trust, 3 passwords is better than live ID unique password ;-) For the one I do really have to trust, I assume (I sure hope), they don't keep the password in plain text in their systems and that they use something similar to /etc/passwd hash (long version, not the old short one ;-)
If you want a challenge, crack my /. password, find my Google mail user name and login to Google to read my mail and post to /. under my name. I use the same password. I have nothing critical on either Google or /. so that won't keep me from sleeping at night. Good luck ;-)
I sure wouldn't use my main "master password" (Live ID style / equivalent to your private passphrase or private key) to login to /. or Google.
If you really want secure single-sign on, you need a client certificate or at least a pair of private/public keys. As soon as somebody else (anybody) knows your private key, you need to change your cert/private key. That's an another conclusion we came up with back then.
Unfortunately, marketing people though that it would be too difficult for Mr. Joe Citizen to install a client cert in its browser ;-))
So we went with a solution that all security specialists were against. Still, it is much less simplistic than MS live ID. Client certs are still used but (hold your breath), they are kept centrally ;-))) One concern was that if the cert was kept locally on the citizen computer, compromised citizen machines would reveal the citizen cert without the citizen knowledge. Security specialists replied that the hacker would still need the private key passphrase in order to be able to use it but that did not fly. So the implemented solution isn't that bad; certs are kept centrally and downloaded to the client machine when needed. Client needs to enter its passphrase to use it and only the client knows the passphrase. Weak point is that the certificate request is made centrally so at some point the central system is aware of the passphrase for a given amount of time. Security purists will tell you that certificate request has to be made locally so that your passphrase is never transmitted to ANY other computer. But what if the machine is already compromised when you make the certificate request locally ? etc.
As you can see, the holy Grail of single-on has not been found yet, but client certs with an encrypted private key that requires a passphare is the closest thing in my humble opinion.
-ls
I use 3 passwords for all sites I access mapping to 3 levels of trust. I try to use the same user id when possible :
Level 1 : risky
Level 2 : less risky
Level 3 : almost trustable
For sites that I really trust (banking, etc...) I use dedicated passwords. I, also, can forecast problems with a single sign-on scheme that would be more or less like giving away your social security number if hacked.
I have been working on this problematic before for big organizations and one conclusion we came up with was that we needed to re-use the old assembly language "indirection" principle, called pointers in higher level languages.
So basically, one has to be able to authenticate with multiples set of usernames/passwords combinations. Once the unique user is authenticated, the central authentication authority limits its role to just that, authenticating the user.
All authorization is managed by the local system that interacts with the user.
Do a search for MBUN on Google. In Canada, a user can have multiple MBUNs to deal with the government. This solution was implemented to cope with privacy concerns and still allow the citizen to deal with the government with the same level of privacy that was previously achieved with paper forms. Basically, what has been done is creating a mapping between the MBUN and the real userid and the choice has been given the citizen to have as many MBUN as he wishes to deal with the government.
Serious concerns should apply to too simplistic solutions ;-)
Now for all /. MS bashers to enjoy : Although a qualified partner in the project, none of MS products where used to implement the solution. Given the money and the visibility at stakes, this caused a commotion in Canada with MS canadian VP putting pressure on everybody to reverse the decision.
Hey Sam, your products are just too simplistic and too proprietary. Phone us next year please ;-) That was really funny, the guy just couldn't understand that Macdonald's like marketing techniques did not work in this case. I mean, they even flew us for a week to Redmond at the campus to try to brainwash us, but still no go for MS.
-ls
I think it is medeco http://www.medeco.com/ not "medico". Medico locks are for locking up your girlfriend so nobody can access her private parts.
These locks are harder, but not impossible to bump for a very skilled locksmith. Nothing is 100% hack-proof, just harder to hack.
Agreed, nothing new to see here, I had people getting in the data center through the roof 10 years ago to get at the data so we needed to install better locks and better PHYSICAL intrusion detection systems ;-)
Author is just defining their algorithm. An algorithm can be implemented in any programming language with any programming techniques. They may have a better algorithm or a better way to do things, but it has nothing to do with the tools and techniques they choose to implement it.
It is kind of like a sale pitch; because our product X uses technique Y, it will do everything automagically, you don't even need to know what you are doing, hence you don't even need an algorithm !
The author seems to be confusing algorithms with tools and techniques.
Nope, a signed hash is enough
I still use an external US Robotics SupraFax Modem 14,400 baud to pop mail from accounts that do not allow internet access ;-) It uses a serial cable to connect to the server. All mails sent to me converge to a unique account. I then read my mail with Pine. I have all sorts of filters, rules and roles setup to handle all accounts centrally and transparently.
Note that I am not trying to proove any point beside the fact that some of us still use older technologies because they work well for us ;-)
Cheers,