Here is an extract :
This is not the first time AOL has come under fire by gay and lesbian rights groups. The
most notable instance came when AOL admitted it had disclosed the member account of
Timothy McVeigh, a naval officer, to a naval investigator. Because of the disclosure, the
Navy discharged the sailor for "Homosexual Conduct Admittance" because he typed the
word "gay" on his member profile under "Marital Status." He has since been reinstated.
Disclaimer : I work for AOL Time Warner and opinions are my own, not those of AOL Time Warner
I work on multiple platforms at the Sun-Netscape Alliance. We develop the web server on IBM AIX, HP-UX 11.0, DEC OSF1 4.0/5.0, Linux 2.2, IRIX 6.5, Solaris 2.6/2.8, NT 4.0. The web server is inherently a multithreaded application and a good debugger has been a must in the part of my day job. I find the two best platforms for debugging to be Solaris and WINNT. Sun has with its Workshop by far the best multithreaded debugging tools on any Unix I have seen. Microsoft has a very nice debugger as well for NT as part of VC++.
IMHO the very worst Unix platform for doing anything thread-related is Linux. And it's got nothing to do with gdb, but with the Linux kernel. On Solaris, Irix and HP, gdb is available and works fine with threads.
It doesn't work with Linux threads because threads are independent processes in Linux. When you have one applications with 500 threads, it's just not practical to launch 500 copies of gdb on each of the processes in order to set one breakpoint accross all threads. You have to use another platform with decent debugging tools in order to do that.
FYI, at home I use OS/2, and IBM has an excellent multithreaded debugger too, as part of Visual Age C++ 3.0/3.6 for OS/2. IMHO it's the best debugger of all for threads. Unfortunately IBM hasn't got anything remotely close to it in its VisualAge C++ for AIX.
I use an HP Surestore DAT40 at home. This was a $1400 drive a year ago.
It stores 20 GB on a $35 DDS-4 tape. (40 GB is with assumed 2:1 compression).
The backup is speed is quite good - I have done 10 GB backups in less than an hour. Average speed is 2.5MB to 3 MB/s.
Here are some stats from one recent backup :
Backup Bytes: 9,709,919,024 Files: 213,105 Errors: 2
Started: 01:23:50 Ended: 02:10:32 Data Rate: 3,048 kB/min
This backup was done by Bakupwiz for OS/2. This was from a local 10,000rpm Quantum SCSI disk, on an Adaptec PCI controller, in an AMD K6-2/450 machine.
If you backup remotely, you will probably get lower speed - but it depends on what type of network, protocols and OS the other systems are using. On my 100 BT with NetBEUI, backing up other OS/2 machines over Ethernet is down to only about 2.5 MBytes per sec from 3MB.
Depending on how much your 100 GB of data will compress, you might have to change the tape twice, or up to four times to backup everything if no data will compress at all.
If you can't handle that many tape changes, you can get a DDS4 changer. But it will run you quite a lot of extra money...
Netscape Navigator/Communicator is a hybrid browser that supports the host header, and therefore will work with name-based virtual hosting for HTTP, but it still advertises itself as a 1.0 browser, because it is not compliant with many other features of HTTP/1.1, like chunked encoding, which are listed as "MUST" requirements for user-agents in RFC2616 (HTTP/1.1). The other 1.1 features are neat, and I went through careful coding to support them in our iPlanet Web Server, that I should point out is available for Linux in a free Fasttrack edition.
I wouldn't be surprised if almost all your HTTP/1.0 traffic came in fact from Netscape browsers, which are capable of navigating name-based virtual hosted sites.
There is in fact a big problem with doing name-based hosting for secure sites.
As pointed out before, the SSL handshake happens before any name can be transmitted, so that the server must always present the same certificate for a given IP/port combination.
The TLS upgrade draft as proposed doesn't really solve the problem. What is proposed is to start a connection insecurely, have the browser send a host header, and then have both the server and the client upgrade the connection to TLS.
The first big flaw is that this requires new clients and servers. There are no servers out there that support this, and no clients either. I work on one of the most popular commercial servers - the iPlanet web server - which, incidently, is available for Linux for free at www.iplanet.com . So I can fix the server part in our next release. And our browser folks could fix that in Mozilla/Communicator too...
But, IMHO, we will not do that. The second flaw is that the TLS draft makes the upgrading of the connection "option" and reuses the existing http:// URL scheme. The connection is supposed to be upgraded to TLS only if the server requests it, or the browser requests it, based on the user preferences. This is very bad because a server-side application has no way of enforcing security on its content. It is forced to use conventional http:// links and relies on the browser being TLS-upgrade compliant to do the magic. If not, the connection will just proceed, insecurely.
I think making security optional is a terrible idea. You either want it or you don't, and if you do, there must be no circumstances under which the connection will be insecure.
The right thing to do would be to extend the TLS protocol to support virtual hosts. Failing that, a new URL scheme ("httpt://"?) could be devised specifically to mean "connect insecurely and immediately upgrade the connection to TLS after VS negotiation". Then the security could be enforced by the clients, servers as well as applications.
Even internally in the Sun Netscape Alliance, known as iPlanet, we didn't know about this other JDK for Linux.
We developed and tested the iPlanet Web Server, Enterprise Edition 4.1, formerly known as Netscape Enterprise Server, with Blackdown's JDK for servlet/JSP support. The product supports pluggable JVM so you can try using IBM's JDK for Linux (when they release 1.2 for Linux, that is), or the new Sun/Inprise JDK 1.2.2 . But we don't know how well they will work. Blackdown is the way to go for now.
The multithreaded Netscape Enterprise Server also provides NSAPI which lets you write much more efficient applications than CGI. The interface is a C callback so that dictates the language that the NSAPI application is written in : C or C++.
I have been using Pacbell DSL since the end of 1997 when they started the trial. It's been running great at 384/384 kbps speed ever since, with my OS/2 servers at home. Pacbell no longer offers 384/384 to new customers, but they "grandfathered" the service which means I still get it until I decide to cancel it.
It's pretty unlikely that I will : it's now october 1999 and the cumulated downtime I have had over the last two years is less than a day.
BTW, I don't use PBI as my ISP - I use DNAI. In 1997 when I got my Pacbell DSL, PBI was an analog ISP only - you had to choose among 2 or 3 ISPs that partnered with Pacbell for the trial, and DNAI was one of them. DNAI has ended their partnership with Pacbell and now all their new customers must use Covad DSL. But they still provide ISP service to me through Pacbell DSL. Again, pretty unlikely that I'd cancel it given the reliability of the DNAI/Pacbell DSL combination.
Except if you build a browser with such an SSL library that doesn't support RSA, you won't be able to connect to 99% of secure web sites which use RSA certificates and require the algorithm in the client in the SSL handshake.
So it would be a pretty useless implementation of SSL/TLS today.
Yes, there are more gays and lesbians in the Silicon Valley than in other parts of the US, but not nearly as many as in San Francisco where they outnumber the straight. The majority of men in Silicon Valley are straight men.
I think when you live in an environment that's as fast-paced as Silicon Valley, it makes it pretty hard for a straight couple to raise a family. The cost of living is very high and it's not easy for a couple to make it if both are not working. Check this Mercury News report at http://www.mercurycenter.com/svtech/news/special/w ealth/ to see how tough it can be . For instance I am the sole breadwinner in my household and my boyfriend is still studying. My pay is enough for a decent house for us, but if we ever wanted to adopt and raise children, it would be a stretch. Straight couples get extra tax breaks that we don't, but even then, they can have a hard time raising a family on single-income. For all we know all those single men probably wouldn't have the time to deal with a family. Unless they left Silicon Valley.
A million is the same for Europeans. It's at the billion level that it starts being different. 10E+9 is a billion in English but a milliard in French. 10E+12 is a trillion in English but a billion in French.
Hmm. So they view it as a loss center ? Doesn't that mean they are going to sell their internet service below cost to run AOL out of business, just as they did Netscape with their browser ? Is the DOJ paying attention ?
Indeed, even today, standard C++ still does not have nested procedures. This is one of the features I miss the most from Pascal. The string support in the language was also much better.
Turbo Pascal ran on DOS only up to and including version 6.0 . I should know, as it is the last version of TP that I used - having started using TP3.0 on a PC when I was 12.
It was a different product that supported Windows, called TP for Windows, and they reset the version number to 1.0.
The insane price of $35k per CPU is for NAS, the application server.
NES - the Netscape Enterprise Server is a web server, and priced around $1k, offering legally licensed SSL and many features not found in the free web servers.
>Based on the attrition rate here, within four months, no engineers will be left.
Not true - there have been hardly any departures in the netscape server groups that are now part of the Sun Netscape Alliance - or shall I call us iPlanet...
Actually SSL uses a combination of both assymetric and symmetric.
The symmetric key is used for encrypting the data itself. However, obviously both sides need to have the key for it to work. The first step in SSL is a key exchange mechanism. Typically a symmetric RC4 key is generated by the client, then sent to the server encrypted with the server's public RSA key. Other ciphers are available as well but the RSA / RC4 combination is the most common.
SGI has made an X version of OpenGL source code public. See http://www.sgi.com/software/o pensource/glx/index.html. I don't see why this would not apply to the OS/2 version of OpenGL. Even so, you could use XFree86 for OS/2 to do an OS/2 implementation of OpenGL with hardware acceleration.
Slashdot Mirror
See http://aolcom.cnet.com/news/0-1006-200-921517.html
Here is an extract :
This is not the first time AOL has come under fire by gay and lesbian rights groups. The most notable instance came when AOL admitted it had disclosed the member account of Timothy McVeigh, a naval officer, to a naval investigator. Because of the disclosure, the Navy discharged the sailor for "Homosexual Conduct Admittance" because he typed the word "gay" on his member profile under "Marital Status." He has since been reinstated.
Disclaimer : I work for AOL Time Warner and opinions are my own, not those of AOL Time Warner
VMware never supported OS/2 - presumably the OS the poster is running - as a host OS.
I wonder what that place would be.
...
Not the US, by any chance ?
I'm sorry, but I don't expect anything good from Mr Bush
OS/2 is a PC OS and it runs Netscape Communicator 4.61
I work on multiple platforms at the Sun-Netscape Alliance. We develop the web server on IBM AIX, HP-UX 11.0, DEC OSF1 4.0/5.0, Linux 2.2, IRIX 6.5, Solaris 2.6/2.8, NT 4.0. The web server is inherently a multithreaded application and a good debugger has been a must in the part of my day job. I find the two best platforms for debugging to be Solaris and WINNT. Sun has with its Workshop by far the best multithreaded debugging tools on any Unix I have seen. Microsoft has a very nice debugger as well for NT as part of VC++.
IMHO the very worst Unix platform for doing anything thread-related is Linux. And it's got nothing to do with gdb, but with the Linux kernel. On Solaris, Irix and HP, gdb is available and works fine with threads.
It doesn't work with Linux threads because threads are independent processes in Linux. When you have one applications with 500 threads, it's just not practical to launch 500 copies of gdb on each of the processes in order to set one breakpoint accross all threads. You have to use another platform with decent debugging tools in order to do that.
FYI, at home I use OS/2, and IBM has an excellent multithreaded debugger too, as part of Visual Age C++ 3.0/3.6 for OS/2. IMHO it's the best debugger of all for threads. Unfortunately IBM hasn't got anything remotely close to it in its VisualAge C++ for AIX.
I use an HP Surestore DAT40 at home. This was a $1400 drive a year ago. It stores 20 GB on a $35 DDS-4 tape. (40 GB is with assumed 2:1 compression). The backup is speed is quite good - I have done 10 GB backups in less than an hour. Average speed is 2.5MB to 3 MB/s. Here are some stats from one recent backup : Backup Bytes: 9,709,919,024 Files: 213,105 Errors: 2 Started: 01:23:50 Ended: 02:10:32 Data Rate: 3,048 kB/min This backup was done by Bakupwiz for OS/2. This was from a local 10,000rpm Quantum SCSI disk, on an Adaptec PCI controller, in an AMD K6-2/450 machine. If you backup remotely, you will probably get lower speed - but it depends on what type of network, protocols and OS the other systems are using. On my 100 BT with NetBEUI, backing up other OS/2 machines over Ethernet is down to only about 2.5 MBytes per sec from 3MB. Depending on how much your 100 GB of data will compress, you might have to change the tape twice, or up to four times to backup everything if no data will compress at all. If you can't handle that many tape changes, you can get a DDS4 changer. But it will run you quite a lot of extra money...
Netscape Navigator/Communicator is a hybrid browser that supports the host header, and therefore will work with name-based virtual hosting for HTTP, but it still advertises itself as a 1.0 browser, because it is not compliant with many other features of HTTP/1.1, like chunked encoding, which are listed as "MUST" requirements for user-agents in RFC2616 (HTTP/1.1). The other 1.1 features are neat, and I went through careful coding to support them in our iPlanet Web Server, that I should point out is available for Linux in a free Fasttrack edition.
I wouldn't be surprised if almost all your HTTP/1.0 traffic came in fact from Netscape browsers, which are capable of navigating name-based virtual hosted sites.
Actually, funny you would mention that, as I am spending the next couple of days solving that problem in our iPlanet web server.
It's completely possible to limit the bandwidth based on the host header.
There is in fact a big problem with doing name-based hosting for secure sites.
...
As pointed out before, the SSL handshake happens before any name can be transmitted, so that the server must always present the same certificate for a given IP/port combination.
The TLS upgrade draft as proposed doesn't really solve the problem. What is proposed is to start a connection insecurely, have the browser send a host header, and then have both the server and the client upgrade the connection to TLS.
The first big flaw is that this requires new clients and servers. There are no servers out there that support this, and no clients either. I work on one of the most popular commercial servers - the iPlanet web server - which, incidently, is available for Linux for free at www.iplanet.com . So I can fix the server part in our next release. And our browser folks could fix that in Mozilla/Communicator too
But, IMHO, we will not do that. The second flaw is that the TLS draft makes the upgrading of the connection "option" and reuses the existing http:// URL scheme. The connection is supposed to be upgraded to TLS only if the server requests it, or the browser requests it, based on the user preferences. This is very bad because a server-side application has no way of enforcing security on its content. It is forced to use conventional http:// links and relies on the browser being TLS-upgrade compliant to do the magic. If not, the connection will just proceed, insecurely.
I think making security optional is a terrible idea. You either want it or you don't, and if you do, there must be no circumstances under which the connection will be insecure.
The right thing to do would be to extend the TLS protocol to support virtual hosts. Failing that, a new URL scheme ("httpt://"?) could be devised specifically to mean "connect insecurely and immediately upgrade the connection to TLS after VS negotiation". Then the security could be enforced by the clients, servers as well as applications.
We developed and tested the iPlanet Web Server, Enterprise Edition 4.1, formerly known as Netscape Enterprise Server, with Blackdown's JDK for servlet/JSP support. The product supports pluggable JVM so you can try using IBM's JDK for Linux (when they release 1.2 for Linux, that is), or the new Sun/Inprise JDK 1.2.2 . But we don't know how well they will work. Blackdown is the way to go for now.
The multithreaded Netscape Enterprise
Server also provides NSAPI which lets you write much more efficient applications than CGI. The interface is a C callback so that dictates the language that the NSAPI application is written in : C or C++.
What issues do you have with Pacbell DSL ?
I have been using Pacbell DSL since the end of 1997 when they started the trial.
It's been running great at 384/384 kbps speed ever since, with my OS/2 servers at home. Pacbell no longer offers 384/384 to new customers, but they "grandfathered" the service which means I still get it until I decide to cancel it.
It's pretty unlikely that I will : it's now october 1999 and the cumulated downtime I have had over the last two years is less than a day.
BTW, I don't use PBI as my ISP - I use DNAI. In 1997 when I got my Pacbell DSL, PBI was an analog ISP only - you had to choose among 2 or 3 ISPs that partnered with Pacbell for the trial, and DNAI was one of them. DNAI has ended their partnership with Pacbell and now all their new customers must use Covad DSL. But they still provide ISP service to me through Pacbell DSL. Again, pretty unlikely that I'd cancel it given the reliability of the DNAI/Pacbell DSL combination.
Except if you build a browser with such an SSL library that doesn't support RSA, you won't be able to connect to 99% of secure web sites which use RSA certificates and require the algorithm in the client in the SSL handshake.
So it would be a pretty useless implementation of SSL/TLS today.
That name would be a true bomb !
Yes, there are more gays and lesbians in the Silicon Valley than in other parts of the US, but not nearly as many as in San Francisco where they outnumber the straight. The majority of men in Silicon Valley are straight men.
I think when you live in an environment that's as fast-paced as Silicon Valley, it makes it pretty hard for a straight couple to raise a family. The cost of living is very high and it's not easy for a couple to make it if both are not working. Check this Mercury News report at http://www.mercurycenter.com/svtech/news/special/w ealth/ to see how tough it can be . For instance I am the sole breadwinner in my household and my boyfriend is still studying. My pay is enough for a decent house for us, but if we ever wanted to adopt and raise children, it would be a stretch. Straight couples get extra tax breaks that we don't, but even then, they can have a hard time raising a family on single-income. For all we know all those single men probably wouldn't have the time to deal with a family. Unless they left Silicon Valley.
A million is the same for Europeans. It's at the billion level that it starts being different. 10E+9 is a billion in English but a milliard in French. 10E+12 is a trillion in English but a billion in French.
Hmm. So they view it as a loss center ? Doesn't that mean they are going to sell their internet service below cost to run AOL out of business, just as they did Netscape with their browser ? Is the DOJ paying attention ?
Indeed, even today, standard C++ still does not have nested procedures. This is one of the features I miss the most from Pascal.
The string support in the language was also much better.
Try CTRL K D .
Turbo Pascal ran on DOS only up to and including version 6.0 . I should know, as it is the last version of TP that I used - having started using TP3.0 on a PC when I was 12.
It was a different product that supported Windows, called TP for Windows, and they reset the version number to 1.0.
The insane price of $35k per CPU is for NAS, the application server.
NES - the Netscape Enterprise Server is a web server, and priced around $1k, offering legally licensed SSL and many features not found in the free web servers.
>Based on the attrition rate here, within four months, no engineers will be left.
...
Not true - there have been hardly any departures in the netscape server groups that are now part of the Sun Netscape Alliance - or shall I call us iPlanet
Yes, it's a very good bet that Sun would kill the OS/2 version of Staroffice if they bought Stardivision.
Then again, I work with Sun people daily and I'm pretty sure they would kill the Linux version of Staroffice too if they acquired them.
Actually SSL uses a combination of both assymetric and symmetric.
The symmetric key is used for encrypting the data itself. However, obviously both sides need to have the key for it to work. The first step in SSL is a key exchange mechanism. Typically a symmetric RC4 key is generated by the client, then sent to the server encrypted with the server's public RSA key. Other ciphers are available as well but the RSA / RC4 combination is the most common.
SGI has made an X version of OpenGL source code public. See http://www.sgi.com/software/o pensource/glx/index.html. I don't see why this would not apply to the OS/2 version of OpenGL. Even so, you could use XFree86 for OS/2 to do an OS/2 implementation of OpenGL with hardware acceleration.