It might help to keep in mind that Open Source began as a marketing campaign for Free Software. The point was to foster use by business by creating a more distinguishing name than "Free Software", which most people misinterpret as meaning low-quality shareware/adware/freeware.
It looks like the GP was pointing out that even "Open Source" and the OSI have seen their share of controversy, the name been very successful at getting Free Software to be used by both business and regular people.
It's a similar concept to the "hacker" vs. "cracker" debate, but this time, ESR got to be on the winning side the linguistic engineering effort.
Someone has already written AdBlock for FireFox. Since it allows you to block page elements by pattern, you can use it to block file extensions from being displayed as well, eg., *.swf to kill all flash. It also has a panel you can open up which shows each element of the page, so you can block elements you can't right-click to select like Flash and MIDI. One of the nicer aspects is that you can choose to collapse the blocked elements, so there isn't a big blank spot on the page where the blocked element was.
First of all, if you haven't changed the font itself, you have no obligation to provide it to anyone - Just like with GPL'd software.
You must be thinking of LGPL, which allows use in non-free works and only sharing modifications to the LGPL'd work itself.
Second, if you only use it for within an organization, you have no obligation to provide it to anyone - Just like with GPL'd software.
There are times when two organizations share information with each other under NDA. The GPL states that you must not place any further restrictions on the recipient of work than those the GPL places itself. So, in this context, it would be a GPL violation because the NDA attempts to prevent unlimited distribution.
Third, the license under which a given tool falls does not usually extend to what it creates - I can use GCC to compile non-GPL code, I can use GIMP to create non-GPL (or CC, in this case?) artwork, and I can use OO to produce non-GFDL documents.
According to the FSF, the reason the tool's license doesn't normally extend to what it creates is that the tool normally doesn't include parts of itself in the output. In cases where it does (eg., gcc and bison) there are explicit exceptions allowing the use of those portions in non-free programs.
See here:
http://www.fsf.org/licensing/licenses/gpl-faq.html #GPLOutput
So why would any of the above magically differ for a font?
That's exactly the problem. The position of the FSF is that shared libraries are derivative works, so non-free programs are not allowed to link to GPL'd libraries. Why would that principle apply to shared libraries and not to fonts?
I'm not a laywer, and there may be a case for fair use, but as the FSF website states, notions of fair use differ by jurisdiction. The fact that the FSF has come up with the experimental font exception to the GPL should be a tip-off, too.
I have been called to account for results of various scanning tools. First of all, I suggest taking a deep breath to calm down.
When I have worked with this type of "vulnerability report", I've considered it understood to add 'possible' to the title.
For instance, one of the scanners would report a piece of middleware which was used in the organization as w3-msql (the moral equivalent of php+mysql in the late 90's). It should be fairly easy to go down the results for an individual server, item-by-item and pick out which ones aren't sane.
Share those results with the security consultant. Ideally, you will be working with them, and your response will be included in any report (possibly by simply removing obvious false positives). After all, you're the expert on your own network. They're just poking around to see if anything looks amiss.
Their reaction to the false positive report may also help you gauge how to deal with them. For instance, if they insist that a false-positive is actually a problem, you will need to get solid facts together to demonstrate them as being wrong. When you lay out the facts, turn the emotions down as much as possible. If you look defensive and emotional, management will think you might the problem.
The second pass is vulnerabilities that you wanted to fix, but were prevented from fixing, whether it be by a vendor, app support team, or management. Ideally, you will give the other party a heads up to let them know their item has been identified in a security assessment to give them a chance to respond, too. It's entirely possible that the same guy who hired the security consultants who found the 'hole' pressured another team to put it there to begin with.
Third pass is low-hanging fruit. The stuff you can write a script to fix across the board on yoru servers. For instance, unneeded services listening? Take a few minutes to write an update script with perl or sed to turn them off.
Then, you put together a work estimate on how much time and effort will be required to fix the rest. Need low-priority local OS patches? Report the time it will take to do the work, then put together some good interview questions for the guy who will be working alongside you on the project!
Once management has identified security as a priority, it's in your interest to put together a process (signed off on by management) That way, when this kind of thing comes in the future, they will have been involved in the decisions.
This also applies when they have a hot project that takes precedence over security fixes. If your new process statest that low-priority local vulnerabilities should be fixed in 30 days, for instance, and a project will push it to 45, you simply ask them to decide between the competing projects. Once you get the sign-off, you're set.
If you handle this correctly, it can be to your advantage, since management will have a bit more of a view into what sort demands you face on your job. And, if they feel that you've handled the problem effectively, addressing their concerns rather than brushing them under the rug, that earns bonus points.
So the cost of content and the cost of reviewing the content is close to zero. But some journals cost individuals and especially the institutions a large amount of money. In this day of electronic typesetting and distribution, does it make any sense?
They have people skills. They are good at dealing with people. Can't you understand that?? WHAT THE HELL IS WRONG WITH YOU PEOPLE!?
There is a nasty bug that caused the server I installed FreeBSD 5.3 on (which ran FreeBSD 4.x for years, and currently runs FreeBSD 4.10 problem-free) take 2-3 hours to reboot under FreeBSD 5.3. The part where it fails is after the system is already offline, so that's 2-3 hours of solid downtime until the OS gets around to figuring out it should continue rebooting.
I checked the mailing lists, and apparently that was an improvement, as it used to panic on reboots. Anyway, that issue and the FreeBSD 4.x EOL announcement that came through a few days later have me seriously looking at DragonFly, as it will be the one carrying the 4.x torch. According to the docs, it's a simple CVSup and rebuild from FreeBSD 4.x, too.:-)
I could sell everything on my accounts right now, and be guaranteed of almost $2,000 USD.
So tell me, how am I stupid here?;)
If the dot com bubble was any indication, you'll end up OK as long as you sell before the bubble bursts. As it is, gamer time is only worth a certain amount. If speculation drives prices up so high that no new users start playing because it's too expensive, your investment will be worth nothing.
If the company running the game notices that no one is joining because there it costs too much money, they only need to introduce homesteading to the game and virtual land ownership might not look so hot anymore.
Ultimately, the market value for gamer time might settle at around twice what ebay rates on everquest items are (since the cash transactions are approved by the company and less risky). I wouldn't put it much higher than that, though. After all, I can think of more appealing ways to spend a chunk of change than paying a guy to play games for me.
Of course, heaven/hell wouldn't necessarily be the way to go with each type of game, so having something along the lines of being sent to Australia (in the days it was England's prison colony) for PK'ing could be nice.
In any case, it does a nice job of addressing a problem I experienced in BBS games (eg., Wilderlands for MBBS) - after a while, you would run out of quests (or the quests would become repetetive) So, forming alliances and player killing became the entertaining aspect of the game. Of course, it sucked for newbies and casual players, because they took on the fodder role and would be killed so often they would just give up because it wasn't any fun.
You're talking about Legend of the Red Dragon, right? I remember playing LoRD and have vague recollections of using a game with a time bank, but
couldn't connect these games together.
Yeah, LoRD was one of turn-limited BBS games. I never came across a BBS game with a time (or turn) bank. The reason I brought up the time bank feature was to draw on another BBS concept which could be used to help translate this into the context of the current MMORPG environment.
The point being that you would have a real limit of 2 hours per day, but be able to withdraw some extra for those 1-2 days per week when you have more free time. Oppose that to no limits, but character degradation until you rest.
Of course, the time bank concept isn't the crucial aspect. I was just trying to come up with something that would fit more with a work schedule while not requiring a set schedule (eg., unlimited weekends, which would punish people with alternate schedules... or screw you if you had to work Saturday but got a Tuesday off in return)
You're right, I did miss the rest system debate. However, that sort of rest system isn't what I had in mind. A rest system such as that will have the effect you mentioned: just serve to annoy the "powergamers".
My idea is to segregate server classes, so you'd have both a time limited server and an unlimited server. That way, the wage slaves could use the time-limited server and the "powergamers" could have at it on the unlimited server, unhobbled by attempts to balance the game against them.
This would have the added benefit of allowing the gameplay to be tailored to the amounts of time spent in the game. i.e., if you're only spending 2 hours per day on the game, the levels and monsters' stats could be adjusted so it doesn't take 10 hours of play to obtain any goal.
As it stands, it looks mostly like superman vs. fodder, where the casual gamers all have the distinction of being fodder.
I think we would be better off separate the leagues, like in baseball. After all, we don't pit little leaguers against major leaguers and tell the little leaguers to find a game other than baseball.
Back in the Old Days on bbses, games had turn limits. The bbs would usually have a time limit on how long you could be connected, too. Some bbses also featured a time bank which allowed you to deposit unused connection time for a particular day and withdraw at a later time.
This could be adapted to MMORPG by having a casual gamer class of servers that would give you 2-3 hours of playing time per day, perhaps giving you 8 two hour blocks you could withdraw extra for occasional weekend playing.
That way, you wouldn't have to spend 10-14 hours per day to keep up. And, there could be associated chat/spectator service for the people who still wanted to stick around and socialize with gaming buddies after their playing time had been spent.
Just think of all the lives and relationships that could be salvaged by bringing this terrible addiction to a manageable level!
That can be said about many things. Many things could continue along a path to the point where the public suffers. To me, this seems like a razor/razor-blade issue where the manufacturer makes a relatively cheap razor and profits on the sales of blades for its razor (which has been around for over 80 years I believe).
Or printer cartridges whose ink costs more per ounce than fine wine... But both Gilette and Lexmark rely on patent protection for this, which expires after a limited time. They also need something which is legally defensible as patentable.
All Microsoft needs to do for the same sort of protection for the Xbox is call their file-signing scheme a copyright protection mechanism. Then it becomes illegal forever to interoperate in ways they consider circumvention.
Also, I'd consider personal rights more valuable than not pushing Microsoft to the point of needing to tweak it's business model. But I suppose that's personal preference. Some people thought slavery was necessary to help cotton plantations maximize profits, after all.
If Microsoft can't enforce copy protection for its games on the XBox then it would lose control over what may be played on it, (partly) removing its profit vehicle.
And the ability for me not having my car serviced at the dealer impacts their profit potential. Legal. Refilling printer cartridges with those little syringes impacts the printer manufacturers' profit potential. Also legal. I don't see any reason console manufacturers deserve a higher degree of protection than anyone else.
Now, if they made the XBox into a general purpose PC then you would certainly have a legitimate gripe as it would then have many uses rather than the single one it currently has.
I think my gripe is legitimate as it is. The Xbox does have many uses if you load Linux on it. It's simply a PC with a BIOS which tries to enforce what the user can run on it.
And, back to the razor blade model, there is the danger of the market being flooded with these systems on the basis of being "real PC's", except you need Microsoft's permission to run anything on them. Of course, "not a legitimate gripe" as long as they have browsers, office suites and media players (with mandatory DRM, naturally) that 90% of users need, right?;)
Even if the ensuing backlash caused the laws to fall, anyone dealing in straight PC's could be put out of business in the meantime. Why open the doors to creating arbitrary government-enforced monopolies when there isn't a net gain for society?
Not being able to mod proprietary hardware designed for the sole purpose of playing proprietary games (and clearly advertised as such) is a world away from true risks to your freedom. Come back when you have a legitimate gripe (such as not being able to run home-built software on a PC).
It looks like has laid the legal groundwork for Trusted Computing. With the High Court upholding a law forbidding the user from disabling this sort of technology, it's much more significant than simply an unwise law being passed by the legislature.
This is essentially prior restraint. i.e., requiring permission before publishing something, as opposed to being punished for any violations of a law after publication. To give a concrete example of the effects this could have, take a look at Xbox Linux - Microsoft wants to hold the keys of who can run what on the Xbox, and are pushing for the same on the PC.
You can read details at http://www.xbox-linux.org/docs/xboxpc.html which points out that Microsoft is planning to turn the Xbox into more of a PC. For instance, they are considering adding MSIE and WMP to the current version, which would mean it's not for the "sole purpose of playing proprietary games". Yet modchips for it would presumably still be illegal under this ruling.
Luckily, there are flaws in the Xbox protection which allow Linux to be run without a modchip. The method which allows you to add an extra hard disk, however, requires a modchip. Since these modchips have been declared illegal, there would also seem to be a distinct possibility of the software method also being upheld as illegal. After all, it's bypassing the same mechanism, just in a different way.
The argument that this is irrelevant because the device is sold as a proprietary device to run proprietary programs could also be applied to a PC sold as a "Windows PC". Sure, the owner of a Windows PC shouldn't expect to be able to make courtroom demands of the hardware vendor that Linux can (easily) be run on it. But, making him subject to criminal prosecution for doing so is quite a departure from that.
As it stands, Microsoft could withdraw permission to ship Windows on ordinary PC's, and use their desktop monopoly to divert everyone to XBox or similarly equipped hardware which doesn't allow free (er... unTrusted) operating systems to run. I think it may have been a good idea to nip this in the bud rather than having the legality your OS and software choices subject to the whim of a software vendor and a judge.
I run a mail server which hosts several domains. My personal domain gets almost no spam, because I haven't used any addresses there in public.
However, there is another domain which has had banner ads for its services. After getting a particularly bad spam attack (around 30k/day to random addresses @ that domain from the same spammer), I spoke with the owner about killing wildcard handling and instead only handling the ones being used.
Btw, three months later, that spammer is *still* being hosted by CW/Savvis. http://www.sheckmedia.com/ is the site of the spam domain owner, but the spamming subnnets, 64.70.43.0/24 and 216.39.64.0/24 are different than the website. Anyway, talk about bulletproof hosting...
After setting up individual boxes for that domain, I decided to direct the rest into a file just to see what kind of crap comes through. For the month of June, there were over 107000 emails. For the month of July there have been 41969 so far. The July numbers are probably a bit lower because I recently added njabl.org blocking (w/o dialup blacklisting) with rbldns. During both months, spamhaus.org's lists and spamcop.net's lists were in use.
So, it's not really a matter of whether or not you handle wildcard addresses, but whether the spammers to decide to use dictionary attacks on your domain.
you can make wget the default download tool by editing/etc/urpmi/urpmi.cfg
My whine is that I think http/ftp download should be more integrated into urpmi to begin with. A solid built-in mechanism would obviate the need for switching around downloading backends. It's clumsy to have to switch around backends for something so basic and which had been solved by Debian years before.
and if you use rsync sources it will resume your downloads.
Very cool! Thanks for the tip.:-)
rsync sounds like the optimal way to approach this anyway, since ftp is aging and was designed before NAT was pervasive (active vs. passive).
Re:Sounds like the cure is worse than the disease
on
An Online ID Registry
·
· Score: 1
My previous comment was really about multiple issues -
How you mitigate your risk
How your describe the level of risk involved to potential users
How you will convince users to use your system
As I said, I don't think this is such a bad idea using credit cards. Oppose that to having all manner of personal data, and advertising yourself as a convenient place to store sensitive data. Fending off most attacks doesn't count if you hemmorage personal data when a few do succeed.
Even banks aren't 100% safe from crackers. However, they do aggressively mitigate risk.
For instance, I've noticed in my experiences with on-line banking that if you're asked for some information for verification, it's the last 4 digits of your social security number. Not the whole thing.
Presumably, if they only ask for the last four digits, they're only storing the last four digits in their web-accessible databases.
The customer is entering less personal information over the net. There is less sensitive data going around that way. Keyloggers don't have the chance to capture the whole SSN, because it's not typed in. No one can crack your webserver grab a password, then use that to decrypt the Blowfish-encrypted SSN in your database, because the Blowfish encrypted SSN isn't there. Only the last four digits are.
Also, consider government levels of security. The really sensitive stuff isn't allowed to touch the internet. "Air gap" is used to eliminate the possibility of network-based attack. There are no electronic connections between these systems and those connected to networks at a lower level of security.
This ties into the statements to the effect of "you'd have to break blowfish to get these records". That's possibly the strongest point of your system. The overall security of your system doesn't usually break down at the strongest point, it usually breaks down at one of the weaker points.
It calls to mind countless sites I've seen touting their iron-clad security because they're using SSL. Of course, much of the time they were also using webservers with trivially exploitable holes that rendered the SSL meaningless.
Even allowing lesser SSL ciphers over the net plays into this. Unless you're paying attention, you may take the default, which might allow people to make 40 bit des connections.
Regarding proper employees - far more important is proper management. Managment are the ones who ultimately direct how employee resources are used and track progress. The "proper" employee might throw a fit and refuse to do something he knows will break security. But I've seen first-hand what happens to employees who behave that way (hint: it isn't get a raise....)
So, I could say that taking your argument to the logical conclusion would be you as management firing that employee because he wouldn't just "make it work" in a way that it wouldn't. Telling him that you're sure there's lots of money to be made if he'd just stop whining. And besides, there are a lot of other programmers looking for jobs right now...
You're setting up a system that could potentially be more sensitive than a bank. The attitude of "nevermind those pesky security issues, it will be taken care of later" doesn't strike me as productive. Putting your head in the sand doesn't make the risks disappear.
Mitigating your risks doesn't make them disappear either, but saying that banks pay attention to security... and then planning to undo some of their mitigation doesn't strike me as the way to accomplish that.
Anyway, on the topic of making money, you'll need users for that. To get users, you'll need to convince them to provide something to you to begin with.
If it's a birth certificate, I think you'll have trouble getting many of those. The only times I remember having to produce my birth certificate in the past 10 years is getting a job and crossing the US/Canada border. I don't just m
It is really no better or worse. Apt has more conveient commands for some things, URPMI does for others.
I've used Debian in the past and have been using Mandrake for about 3 years. While urpmi is in the same application category, I wouldn't say "no better or worse". In my experience, apt wins hands down. I wish Mandrake would use apt-rpm instead of urpmi.
When I used apt and something bad happened, like a lost internet connection, apt-get would pick up on the byte it left off (as would dselect before it).
I never had any connection difficulties with it.
urpmi, on the other hand, sometimes requires using the --wget option, because it will hang trying to download with its default curl (why is urpmi using external programs for download, anyway?) And, when something goes wrong, it tends to want to re-download everything, not pick up exactly where it left off.
I use Mandrake because it's kept up-to-date, menus are synced across window managers, and I can order cheap CD's to upgrade (I have a modem connection at home). urpmi is a weakness for me compared to apt-get, not a strength.
Re:Sounds like the cure is worse than the disease
on
An Online ID Registry
·
· Score: 2, Insightful
In the interest of a reality check, I saw your work on oreilly.com and perl.com, including that you were a conference speaker. That leads me to believe that you're not just trying to run a phishing scam on slashdot.
That out of the way... What appears to be the lynchpin of your model is false:
Your information is securely encrypted in the database using your password so that only you can read it.
Even if hackers stole the entire database, they couldn't read it because all the data is encrypted using individual users' passwords.
Three simple and likely ways for Bad Guys to get the data immediately come to mind:
A keystroke logger. Maybe it was installed by a trojan or worm. Maybe a kiddie put it there on a public terminal. Maybe it was that creepy guy who crashed your party last week.
Backdooring your perl code to capture the passwords used to encrypt the records
Reading the passwords from your server out of system memory. i.e.: strings/proc/kcore
For this data to be safe, it has to be safe from the moment the user enters it on the keyboard until it is stored onto the disk of the database server.
A true statement might read:
Your information is encrypted in the database using your password, so only you can read it -- unless a keylogger has found its way onto your computer (eg., by a worm or that creepy guy who showed up at your party last week), or our system is backdoored to harvest your password, or your information is pulled out of our server's system memory or swap.
This plan looks like an attractive nuisance - giving people a false sense of security so they give information over the net. And it would be gathered all in one place to create the juiciest of juicy targets.
Beyond the issue of the basic security of the users' data, your system will never be able to prove the user is really that user as long as worms are around installing keyloggers.
Since we know it will never be airtight, why gather such a large amount of personal data to begin with? You seemed to think giving a credit card number for a free sample was adequate to discourage duplicate requests. Why not do something like paypal, and get a bank account or credit transaction? That way you could offer a database of checking account/credit-card authenticated users.
I see in your whitepaper that you're worried about credit card fraud. Sure, that's a possible problem. But, afaik, the most you would be out is whatever the fees you charged to that credit card. And, a chargeback would work as a measure to weed out bad records. As it stands now, you're asking the users to shoulder all the risk by sending their identities to you.
If they send their credit card number and it's compromised, they might have a few charges to dispute and a week or two to wait while their bank issues a new card. If they send you their identities, and something goes wrong, they're in for what I've seen calculated at over $1000 in direct monetary expense and over a year to clean up.
With further regard to storing data, all you're doing by holding more data is creating more risk. When you do the bank transaction, the bank information should be completely separated the your authentication system that users touch. It shouldn't even be an option to retrieve it over the web.
The more valuable your data, the more resources the Bad Guys will spend to crack it, and the less your effective security will be. And the more personl information you request, the more trust your users will have to place in you. At the current level that would likely lead to near-zero adoption.
Re:Sounds like the cure is worse than the disease
on
An Online ID Registry
·
· Score: 1
Please remember that this is a prototype, I think *that* is fairly clear, and the Terms and Conditions do let you know that it's a demo.
I'm aware it's a prototype, but no claims should be made in the present tense about offering any sort of security. I think everyone knows how closely "Terms and Conditions" are read by end users. 25 million adware-infected PC's can't be wrong.;)
The real point is that the combination of making claims of security, then rescinding them in the Terms of Service, and not using SSL reeks of plausible deniability. "Your honor, he can't PROVE it was me who stole his identity! I wasn't using SSL on my site, and my Terms and Conditions link (which he even checked to indicate he read them!) clearly stated there was no SSL! His data could have been intercepted by ANYONE!"
This isn't the type of behavior I like to see from people setting themselves up in a position of trust. If you want to build trust, any appearance at all of playing fast and loose with personal information is to be avoided.
Sounds like the cure is worse than the disease
on
An Online ID Registry
·
· Score: 4, Insightful
Sure, you could require registration with a credit card, but this immediately turns many people off and negates the whole point of a free trial.
So, people don't want to give out their credit card numbers for free trial... But they will want to give you their DOB/Address/Passport/etc? Sure, the individual site wouldn't be the one causing the immediate nuisance, but you still have the problem of getting people on the system to begin with. If they were loathe to provide you with a credit card number, what would make them more willing completely hand over their identities?
Also, you're being incredibly disingenuous with statements like this (in the Quick Tour section):
Register - this is free, and involves entering some basic personal information about yourself, such as Name, Address, Date of Birth and Sex. These are attributes that can be verified via documentation.
All of your personal information is encrypted, so nobody but you can ever see it.
But, the registration is non-SSL and requests name/DOB/address. I see that buried in the "Terms and Conditions" and "Implementation" section, but, saying "nobody but you can ever see it" anywhere on the site when you're not even using SSL in transit shouts loud and clear that you aren't the one to trust with any sensitive data.
You should have a big highly-visible warning on the registration page about being a prototype and that there is no SSL, and that having no SSL means all information is sent insecurely to you. Not statements that "no one but you can ever see this information" in big print, and "Oh, I was lying about that" in small print.
Stating "no one but you should ever see it" regarding the database being encrypted is also a big false sense of security. Since the password is being given to your server, it can be intercepted on the server. If someone has access to steal the database, they've most likely got access to harvest some passwords first, too. Of course, since you're doing everything in cleartext in-transit right now, it could be intercepted over the network, too.
The core product of Veritas (Foundation Suite) is a bundle of Veritas Filesystem (VxFS) and Veritas Volume Manager (VXVM) FWIW, it's ported to Linux, so it's not Linux or Veritas Foundation Suite, but, Veritas Foundation suite or the free software equivalents.
VXVM + VxFS is basically a very flexible software RAID system. For instance, VXVM allows you to do things like convert between different RAID levels, resize the filesystem (and underlying volume) working together with VxFS to complete the filesystem part of the resize. VxFS can do other thing, too, like defrag the filesystem. etc... And all this happens while the system is running. No umounting, shutdown, etc.
There are also lots of tuning options such as defining extent sizes at the filesystem level (allowing a big of a chunk a file to be retrieved at a time without wasting disk space as you would by using a large block size with ext2)
I'm not sure where LVM (+ insert other fs of choice) on Linux stands comparatively. The strength of the Veritas offering is both that you don't have to shutdown the system to completely change your filesystem and disk setup, and they have amazing support.
Regarding support, I was present for a support call after a tech had pulled the wrong disk from a running system when he was supposed be replacing the failed disk in a RAID1. Once the mistake was realized, it was put it back in, and the sysadmin issued a command to encapsulate the disk (which is supposed to be done to bring it under VXVM control without destroying the contents -- not the right thing to instruct the system to do). Once it was clear that things had gotten quite hosed up, Veritas support was called.
The tech stayed on the line for about 2-3 hours, walking the intermediate level SA with essentially no Foundation Suite experience through a series of intricate procedures to evaluate the state of the volume, correct any the problems that were caused, and get everything back on-line.
I've worked with them on other issues (Foundation Suite and VCS) and have always gotten the problem immediately addressed, and not go unresolved.
This is in stark contrast to almost every other vendor support I've worked with. With other vendors (not specifically for this product type, but IT-wide), the standard procedure I've encountered is being sent on a goose chase while they find a loophole for why they won't support you (or the tech can't fathom the problem, and just repeatedly has you try the procedure that didn't work to begin with).
The other important product is VCS - Veritas Cluster Server (also available on Linux). It's a failover-oriented clustering system which has been popular for important databases on Solaris.
For instance with VCS you might have two servers set up as a cluster, one as primary for a database, the other as secondary (you can add tertiary, etc too, or have 2 databases, with the primary server for one being the secondary for the other). When a failure is detected with the database, or a resource the database uses (it does dependencies), VCS will stop anything associated with that databse on the primary server, and bring it back on the secondary.
It works nicely with shared disks in conjunction with Foundation Suite, as it can take disk volumes offline on one server, then bring them on-line on the other server. Additionally, they have a very good training class where they explain to you how to write your own custom agents for resource types there is no existing agent and how to modify existing agents if you have specific needs. (It's not only for databases, that's just a popular deployment scenario).
The primary bad thing, aside from being proprietary and costing money, is that these products require managing licence keys on your servers. Although Veritas is fairly responsive about sending them to you, if you're working late to get a system built it sucks to have to wait any amount of time for a vendor to give you a license key.
Besides, Dickens is not hard to read, at least not compared to titles like Canterbury Tales, Dante's Inferno or most of Shakespeare's plays.
I wouldn't agree with Dickens not being hard to read. I remember picking up Bleak House with its paragraph-long sentences. I would have to re-read the first part of the sentence to put the end of it back into context.
Sure, the language Dickens writes in is closer to current English than Shakespeare's Early Modern English or Chaucer's Middle English in The Canterbury Tales. But "don't have to work out a translation while reading" does not equate with "easy to read". Much of what makes something easy to read isn't simply being able to understand the sentences, but engaging the reader and writing in a style that can be absorbed rather than decoded.
Also, "easy to read" implies easy to read relative to the rest of the books you're likely to encounter. For example, if a Dean Koontz novel were 1 on the scale of difficulty and Canterbury Tales a 10, Bleak House at 8 would still fall into the difficult range.
Of course, as you gain experience as a reader, things seem easier to read. I remember thinking Conrad's Heart of Darkness was impenetrable when I picked it up before high school. Later, after reading quite a few books in the intervening period, it seemed like a breeze.
In an educational setting, I think a better idea would be to find something that would be engaging to the students to pique their interest, but without being trash. Once their interest has been piqued, you can branch out into "important works that shaped our culture".
If you turn them off early with stuff they either can't relate to, find impenetrable, or sounds like the cliched things their parents have been saying and they're busy rebelling against, you won't get to that point.
For the time invested, reading is a very poor way of getting information, especially with regards to fiction. Yes, there are advantages (ability to use imagination, etc.) but really, reading at 50 pages an hour I might spend 10 hours reading a new Tom Clancy book.
I agree with regard to popular mass-targetted fiction vs. movies. In both cases, they're designed for mass appeal, to match with the mood of the moment. Sometimes it's ok for light entertainment, and a great way for the producers to make money. But, not anything particularly fulfilling, and the repetitiveness and predictability can get a bit boring after you've seen (or read) enough.
I mean, how many repetitions does it take of "Alpha Male meets beautiful girl, something bad happens, the alpha male overcomes it, and either saves the girl or wins her over in the end"? Sure, you've got the ones with the twist of "it really is what's on the inside that counts", but that's cliched, too.
I think, it's pointless to debate over the relative merits of consuming that type of material in book or movie form. I don't care whether one "stimulates my imagination" more than the other or has the extra tidbit about how the Alpha Male grew up an orphanage, so he's even more of "interesting" than you saw in the movie. I'd rather just see that type of thing as a movie.
However, what you're completely missing out on are all the books with stories from a different point view, different themes, and deep insights. Stuff that would cause weeks of national debate were it ever to make it into movie form because it's not "safe" enough, or might interfere with someone's political agenda. Or just because it just doesn't appeal to a studio exec's concept of what people want...
Sure, there are some books that cause this uproar, too, but they're baldly political and not in the same category as literature which might contain a similar theme, but not as unenlightened "hope the audience doesn't think any of this through" propaganda.
Of course, there are differing levels of how "serious" a work is and how accessible it is, too. I'm not writing from the standpoint of "I was hardcore enough to read this important book that wasn't engaging at all, and since I've gotten through it, I'm better than you!" There are books with a high degree of entertainment value which don't just repeat the same theme from the same point of view.
To give a concrete example, take a look at "Still Life with Woodpecker" by Tom Robbins. For those who have read it, it should be obvious why you won't see that on the big screen anytime soon.
On the other end of the spectrum (less "entertainment", yet more deep and insightful... But still easy to read (at least, with a good modern translation) is Leo Tolstoy's Anna Karenina. It walks a mile in the shoes of several different types of people.
In a sense, it's a love story, but not in the sense of a Harlequin romance. That is, it wasn't written to pander to teenage girls or unfulfilled housewives. The more thoghtful of the bunch might like it, too, of course, but it doesn't pander. It has nuances, different points of view and a soul. And the information content is so high, that watching it (rather than reading it) for merely "story" value would compeletely miss the essence of the book.
With regard to memetic potential, debating over the points in a hollywood film doesn't really seem to have much meme value. Sure, it might spark a little discussion and give you something to talk about... But they're mainstream themes which often trigger mainstream canned responses.
With literature, you might find yourself better able to connect to people in a slightly deeper way instead of "supporting your team" in the topic of day. Even if you're discussing the latest Hollywood film that your friends are in an uproar about, you might have some cutting insight that triggers an even better discussion (even without mentioning the book...)
Where would microsoft be if they were required to send a patch CD to every registered customer for every security patch (and you thought AOL CDs were annoying) and if requested pay for a technician to apply the patch or replace the product?
My guess is ditching Windows and gearing up to sell Firefox on OpenBSD... With a bunch of proprietary device drivers, of course.
Slashdot Mirror
It might help to keep in mind that Open Source began as a marketing campaign for Free Software. The point was to foster use by business by creating a more distinguishing name than "Free Software", which most people misinterpret as meaning low-quality shareware/adware/freeware.
It looks like the GP was pointing out that even "Open Source" and the OSI have seen their share of controversy, the name been very successful at getting Free Software to be used by both business and regular people.
It's a similar concept to the "hacker" vs. "cracker" debate, but this time, ESR got to be on the winning side the linguistic engineering effort.
Someone has already written AdBlock for FireFox. Since it allows you to block page elements by pattern, you can use it to block file extensions from being displayed as well, eg., *.swf to kill all flash. It also has a panel you can open up which shows each element of the page, so you can block elements you can't right-click to select like Flash and MIDI. One of the nicer aspects is that you can choose to collapse the blocked elements, so there isn't a big blank spot on the page where the blocked element was.
So why would any of the above magically differ for a font?
That's exactly the problem. The position of the FSF is that shared libraries are derivative works, so non-free programs are not allowed to link to GPL'd libraries. Why would that principle apply to shared libraries and not to fonts?I'm not a laywer, and there may be a case for fair use, but as the FSF website states, notions of fair use differ by jurisdiction. The fact that the FSF has come up with the experimental font exception to the GPL should be a tip-off, too.
I have been called to account for results of various scanning tools. First of all, I suggest taking a deep breath to calm down.
When I have worked with this type of "vulnerability report", I've considered it understood to add 'possible' to the title.
For instance, one of the scanners would report a piece of middleware which was used in the organization as w3-msql (the moral equivalent of php+mysql in the late 90's). It should be fairly easy to go down the results for an individual server, item-by-item and pick out which ones aren't sane.
Share those results with the security consultant. Ideally, you will be working with them, and your response will be included in any report (possibly by simply removing obvious false positives). After all, you're the expert on your own network. They're just poking around to see if anything looks amiss.
Their reaction to the false positive report may also help you gauge how to deal with them. For instance, if they insist that a false-positive is actually a problem, you will need to get solid facts together to demonstrate them as being wrong. When you lay out the facts, turn the emotions down as much as possible. If you look defensive and emotional, management will think you might the problem.
The second pass is vulnerabilities that you wanted to fix, but were prevented from fixing, whether it be by a vendor, app support team, or management. Ideally, you will give the other party a heads up to let them know their item has been identified in a security assessment to give them a chance to respond, too. It's entirely possible that the same guy who hired the security consultants who found the 'hole' pressured another team to put it there to begin with.
Third pass is low-hanging fruit. The stuff you can write a script to fix across the board on yoru servers. For instance, unneeded services listening? Take a few minutes to write an update script with perl or sed to turn them off.
Then, you put together a work estimate on how much time and effort will be required to fix the rest. Need low-priority local OS patches? Report the time it will take to do the work, then put together some good interview questions for the guy who will be working alongside you on the project!
Once management has identified security as a priority, it's in your interest to put together a process (signed off on by management) That way, when this kind of thing comes in the future, they will have been involved in the decisions.
This also applies when they have a hot project that takes precedence over security fixes. If your new process statest that low-priority local vulnerabilities should be fixed in 30 days, for instance, and a project will push it to 45, you simply ask them to decide between the competing projects. Once you get the sign-off, you're set.
If you handle this correctly, it can be to your advantage, since management will have a bit more of a view into what sort demands you face on your job. And, if they feel that you've handled the problem effectively, addressing their concerns rather than brushing them under the rug, that earns bonus points.
If you try this, don't just upgrade and leave.
:-)
There is a nasty bug that caused the server I installed FreeBSD 5.3 on (which ran FreeBSD 4.x for years, and currently runs FreeBSD 4.10 problem-free) take 2-3 hours to reboot under FreeBSD 5.3. The part where it fails is after the system is already offline, so that's 2-3 hours of solid downtime until the OS gets around to figuring out it should continue rebooting.
I checked the mailing lists, and apparently that was an improvement, as it used to panic on reboots. Anyway, that issue and the FreeBSD 4.x EOL announcement that came through a few days later have me seriously looking at DragonFly, as it will be the one carrying the 4.x torch. According to the docs, it's a simple CVSup and rebuild from FreeBSD 4.x, too.
If the dot com bubble was any indication, you'll end up OK as long as you sell before the bubble bursts. As it is, gamer time is only worth a certain amount. If speculation drives prices up so high that no new users start playing because it's too expensive, your investment will be worth nothing.
If the company running the game notices that no one is joining because there it costs too much money, they only need to introduce homesteading to the game and virtual land ownership might not look so hot anymore.
Ultimately, the market value for gamer time might settle at around twice what ebay rates on everquest items are (since the cash transactions are approved by the company and less risky). I wouldn't put it much higher than that, though. After all, I can think of more appealing ways to spend a chunk of change than paying a guy to play games for me.
Of course, heaven/hell wouldn't necessarily be the way to go with each type of game, so having something along the lines of being sent to Australia (in the days it was England's prison colony) for PK'ing could be nice.
In any case, it does a nice job of addressing a problem I experienced in BBS games (eg., Wilderlands for MBBS) - after a while, you would run out of quests (or the quests would become repetetive) So, forming alliances and player killing became the entertaining aspect of the game. Of course, it sucked for newbies and casual players, because they took on the fodder role and would be killed so often they would just give up because it wasn't any fun.
The point being that you would have a real limit of 2 hours per day, but be able to withdraw some extra for those 1-2 days per week when you have more free time. Oppose that to no limits, but character degradation until you rest.
Of course, the time bank concept isn't the crucial aspect. I was just trying to come up with something that would fit more with a work schedule while not requiring a set schedule (eg., unlimited weekends, which would punish people with alternate schedules... or screw you if you had to work Saturday but got a Tuesday off in return)
My idea is to segregate server classes, so you'd have both a time limited server and an unlimited server. That way, the wage slaves could use the time-limited server and the "powergamers" could have at it on the unlimited server, unhobbled by attempts to balance the game against them.
This would have the added benefit of allowing the gameplay to be tailored to the amounts of time spent in the game. i.e., if you're only spending 2 hours per day on the game, the levels and monsters' stats could be adjusted so it doesn't take 10 hours of play to obtain any goal.
As it stands, it looks mostly like superman vs. fodder, where the casual gamers all have the distinction of being fodder.
I think we would be better off separate the leagues, like in baseball. After all, we don't pit little leaguers against major leaguers and tell the little leaguers to find a game other than baseball.
This could be adapted to MMORPG by having a casual gamer class of servers that would give you 2-3 hours of playing time per day, perhaps giving you 8 two hour blocks you could withdraw extra for occasional weekend playing.
That way, you wouldn't have to spend 10-14 hours per day to keep up. And, there could be associated chat/spectator service for the people who still wanted to stick around and socialize with gaming buddies after their playing time had been spent.
Just think of all the lives and relationships that could be salvaged by bringing this terrible addiction to a manageable level!
10 years later, after the advent of the 3-eyed Hanford cod... "You mean, we were supposed to put BATTERIES in those radiation detector thingies??"
Or printer cartridges whose ink costs more per ounce than fine wine... But both Gilette and Lexmark rely on patent protection for this, which expires after a limited time. They also need something which is legally defensible as patentable.
All Microsoft needs to do for the same sort of protection for the Xbox is call their file-signing scheme a copyright protection mechanism. Then it becomes illegal forever to interoperate in ways they consider circumvention.
Also, I'd consider personal rights more valuable than not pushing Microsoft to the point of needing to tweak it's business model. But I suppose that's personal preference. Some people thought slavery was necessary to help cotton plantations maximize profits, after all.
And the ability for me not having my car serviced at the dealer impacts their profit potential. Legal. Refilling printer cartridges with those little syringes impacts the printer manufacturers' profit potential. Also legal. I don't see any reason console manufacturers deserve a higher degree of protection than anyone else.
I think my gripe is legitimate as it is. The Xbox does have many uses if you load Linux on it. It's simply a PC with a BIOS which tries to enforce what the user can run on it.
And, back to the razor blade model, there is the danger of the market being flooded with these systems on the basis of being "real PC's", except you need Microsoft's permission to run anything on them. Of course, "not a legitimate gripe" as long as they have browsers, office suites and media players (with mandatory DRM, naturally) that 90% of users need, right? ;)
Even if the ensuing backlash caused the laws to fall, anyone dealing in straight PC's could be put out of business in the meantime. Why open the doors to creating arbitrary government-enforced monopolies when there isn't a net gain for society?
It looks like has laid the legal groundwork for Trusted Computing. With the High Court upholding a law forbidding the user from disabling this sort of technology, it's much more significant than simply an unwise law being passed by the legislature.
This is essentially prior restraint. i.e., requiring permission before publishing something, as opposed to being punished for any violations of a law after publication. To give a concrete example of the effects this could have, take a look at Xbox Linux - Microsoft wants to hold the keys of who can run what on the Xbox, and are pushing for the same on the PC.
You can read details at http://www.xbox-linux.org/docs/xboxpc.html which points out that Microsoft is planning to turn the Xbox into more of a PC. For instance, they are considering adding MSIE and WMP to the current version, which would mean it's not for the "sole purpose of playing proprietary games". Yet modchips for it would presumably still be illegal under this ruling.
Luckily, there are flaws in the Xbox protection which allow Linux to be run without a modchip. The method which allows you to add an extra hard disk, however, requires a modchip. Since these modchips have been declared illegal, there would also seem to be a distinct possibility of the software method also being upheld as illegal. After all, it's bypassing the same mechanism, just in a different way.
The argument that this is irrelevant because the device is sold as a proprietary device to run proprietary programs could also be applied to a PC sold as a "Windows PC". Sure, the owner of a Windows PC shouldn't expect to be able to make courtroom demands of the hardware vendor that Linux can (easily) be run on it. But, making him subject to criminal prosecution for doing so is quite a departure from that.
As it stands, Microsoft could withdraw permission to ship Windows on ordinary PC's, and use their desktop monopoly to divert everyone to XBox or similarly equipped hardware which doesn't allow free (er... unTrusted) operating systems to run. I think it may have been a good idea to nip this in the bud rather than having the legality your OS and software choices subject to the whim of a software vendor and a judge.
However, there is another domain which has had banner ads for its services. After getting a particularly bad spam attack (around 30k/day to random addresses @ that domain from the same spammer), I spoke with the owner about killing wildcard handling and instead only handling the ones being used.
Btw, three months later, that spammer is *still* being hosted by CW/Savvis. http://www.sheckmedia.com/ is the site of the spam domain owner, but the spamming subnnets, 64.70.43.0/24 and 216.39.64.0/24 are different than the website. Anyway, talk about bulletproof hosting...
After setting up individual boxes for that domain, I decided to direct the rest into a file just to see what kind of crap comes through. For the month of June, there were over 107000 emails. For the month of July there have been 41969 so far. The July numbers are probably a bit lower because I recently added njabl.org blocking (w/o dialup blacklisting) with rbldns. During both months, spamhaus.org's lists and spamcop.net's lists were in use.
So, it's not really a matter of whether or not you handle wildcard addresses, but whether the spammers to decide to use dictionary attacks on your domain.
My whine is that I think http/ftp download should be more integrated into urpmi to begin with. A solid built-in mechanism would obviate the need for switching around downloading backends. It's clumsy to have to switch around backends for something so basic and which had been solved by Debian years before.
Very cool! Thanks for the tip. :-)
rsync sounds like the optimal way to approach this anyway, since ftp is aging and was designed before NAT was pervasive (active vs. passive).
As I said, I don't think this is such a bad idea using credit cards. Oppose that to having all manner of personal data, and advertising yourself as a convenient place to store sensitive data. Fending off most attacks doesn't count if you hemmorage personal data when a few do succeed.
Even banks aren't 100% safe from crackers. However, they do aggressively mitigate risk. For instance, I've noticed in my experiences with on-line banking that if you're asked for some information for verification, it's the last 4 digits of your social security number. Not the whole thing.
Presumably, if they only ask for the last four digits, they're only storing the last four digits in their web-accessible databases.
The customer is entering less personal information over the net. There is less sensitive data going around that way. Keyloggers don't have the chance to capture the whole SSN, because it's not typed in. No one can crack your webserver grab a password, then use that to decrypt the Blowfish-encrypted SSN in your database, because the Blowfish encrypted SSN isn't there. Only the last four digits are.
Also, consider government levels of security. The really sensitive stuff isn't allowed to touch the internet. "Air gap" is used to eliminate the possibility of network-based attack. There are no electronic connections between these systems and those connected to networks at a lower level of security.
This ties into the statements to the effect of "you'd have to break blowfish to get these records". That's possibly the strongest point of your system. The overall security of your system doesn't usually break down at the strongest point, it usually breaks down at one of the weaker points.
It calls to mind countless sites I've seen touting their iron-clad security because they're using SSL. Of course, much of the time they were also using webservers with trivially exploitable holes that rendered the SSL meaningless.
Even allowing lesser SSL ciphers over the net plays into this. Unless you're paying attention, you may take the default, which might allow people to make 40 bit des connections.
Regarding proper employees - far more important is proper management. Managment are the ones who ultimately direct how employee resources are used and track progress. The "proper" employee might throw a fit and refuse to do something he knows will break security. But I've seen first-hand what happens to employees who behave that way (hint: it isn't get a raise....)
So, I could say that taking your argument to the logical conclusion would be you as management firing that employee because he wouldn't just "make it work" in a way that it wouldn't. Telling him that you're sure there's lots of money to be made if he'd just stop whining. And besides, there are a lot of other programmers looking for jobs right now...
You're setting up a system that could potentially be more sensitive than a bank. The attitude of "nevermind those pesky security issues, it will be taken care of later" doesn't strike me as productive. Putting your head in the sand doesn't make the risks disappear.
Mitigating your risks doesn't make them disappear either, but saying that banks pay attention to security... and then planning to undo some of their mitigation doesn't strike me as the way to accomplish that.
Anyway, on the topic of making money, you'll need users for that. To get users, you'll need to convince them to provide something to you to begin with.
If it's a birth certificate, I think you'll have trouble getting many of those. The only times I remember having to produce my birth certificate in the past 10 years is getting a job and crossing the US/Canada border. I don't just m
I've used Debian in the past and have been using Mandrake for about 3 years. While urpmi is in the same application category, I wouldn't say "no better or worse". In my experience, apt wins hands down. I wish Mandrake would use apt-rpm instead of urpmi.
When I used apt and something bad happened, like a lost internet connection, apt-get would pick up on the byte it left off (as would dselect before it). I never had any connection difficulties with it.
urpmi, on the other hand, sometimes requires using the --wget option, because it will hang trying to download with its default curl (why is urpmi using external programs for download, anyway?) And, when something goes wrong, it tends to want to re-download everything, not pick up exactly where it left off.
I use Mandrake because it's kept up-to-date, menus are synced across window managers, and I can order cheap CD's to upgrade (I have a modem connection at home). urpmi is a weakness for me compared to apt-get, not a strength.
That out of the way... What appears to be the lynchpin of your model is false:
Three simple and likely ways for Bad Guys to get the data immediately come to mind:
For this data to be safe, it has to be safe from the moment the user enters it on the keyboard until it is stored onto the disk of the database server.
A true statement might read:
Your information is encrypted in the database using your password, so only you can read it -- unless a keylogger has found its way onto your computer (eg., by a worm or that creepy guy who showed up at your party last week), or our system is backdoored to harvest your password, or your information is pulled out of our server's system memory or swap.
This plan looks like an attractive nuisance - giving people a false sense of security so they give information over the net. And it would be gathered all in one place to create the juiciest of juicy targets.
Beyond the issue of the basic security of the users' data, your system will never be able to prove the user is really that user as long as worms are around installing keyloggers.
Since we know it will never be airtight, why gather such a large amount of personal data to begin with? You seemed to think giving a credit card number for a free sample was adequate to discourage duplicate requests. Why not do something like paypal, and get a bank account or credit transaction? That way you could offer a database of checking account/credit-card authenticated users.
I see in your whitepaper that you're worried about credit card fraud. Sure, that's a possible problem. But, afaik, the most you would be out is whatever the fees you charged to that credit card. And, a chargeback would work as a measure to weed out bad records. As it stands now, you're asking the users to shoulder all the risk by sending their identities to you.
If they send their credit card number and it's compromised, they might have a few charges to dispute and a week or two to wait while their bank issues a new card. If they send you their identities, and something goes wrong, they're in for what I've seen calculated at over $1000 in direct monetary expense and over a year to clean up.
With further regard to storing data, all you're doing by holding more data is creating more risk. When you do the bank transaction, the bank information should be completely separated the your authentication system that users touch. It shouldn't even be an option to retrieve it over the web.
The more valuable your data, the more resources the Bad Guys will spend to crack it, and the less your effective security will be. And the more personl information you request, the more trust your users will have to place in you. At the current level that would likely lead to near-zero adoption.
I'm aware it's a prototype, but no claims should be made in the present tense about offering any sort of security. I think everyone knows how closely "Terms and Conditions" are read by end users. 25 million adware-infected PC's can't be wrong. ;)
The real point is that the combination of making claims of security, then rescinding them in the Terms of Service, and not using SSL reeks of plausible deniability. "Your honor, he can't PROVE it was me who stole his identity! I wasn't using SSL on my site, and my Terms and Conditions link (which he even checked to indicate he read them!) clearly stated there was no SSL! His data could have been intercepted by ANYONE!"
This isn't the type of behavior I like to see from people setting themselves up in a position of trust. If you want to build trust, any appearance at all of playing fast and loose with personal information is to be avoided.
So, people don't want to give out their credit card numbers for free trial... But they will want to give you their DOB/Address/Passport/etc? Sure, the individual site wouldn't be the one causing the immediate nuisance, but you still have the problem of getting people on the system to begin with. If they were loathe to provide you with a credit card number, what would make them more willing completely hand over their identities?
Also, you're being incredibly disingenuous with statements like this (in the Quick Tour section):
But, the registration is non-SSL and requests name/DOB/address. I see that buried in the "Terms and Conditions" and "Implementation" section, but, saying "nobody but you can ever see it" anywhere on the site when you're not even using SSL in transit shouts loud and clear that you aren't the one to trust with any sensitive data.
You should have a big highly-visible warning on the registration page about being a prototype and that there is no SSL, and that having no SSL means all information is sent insecurely to you. Not statements that "no one but you can ever see this information" in big print, and "Oh, I was lying about that" in small print.
Stating "no one but you should ever see it" regarding the database being encrypted is also a big false sense of security. Since the password is being given to your server, it can be intercepted on the server. If someone has access to steal the database, they've most likely got access to harvest some passwords first, too. Of course, since you're doing everything in cleartext in-transit right now, it could be intercepted over the network, too.
The core product of Veritas (Foundation Suite) is a bundle of Veritas Filesystem (VxFS) and Veritas Volume Manager (VXVM) FWIW, it's ported to Linux, so it's not Linux or Veritas Foundation Suite, but, Veritas Foundation suite or the free software equivalents.
VXVM + VxFS is basically a very flexible software RAID system. For instance, VXVM allows you to do things like convert between different RAID levels, resize the filesystem (and underlying volume) working together with VxFS to complete the filesystem part of the resize. VxFS can do other thing, too, like defrag the filesystem. etc... And all this happens while the system is running. No umounting, shutdown, etc.
There are also lots of tuning options such as defining extent sizes at the filesystem level (allowing a big of a chunk a file to be retrieved at a time without wasting disk space as you would by using a large block size with ext2)
I'm not sure where LVM (+ insert other fs of choice) on Linux stands comparatively. The strength of the Veritas offering is both that you don't have to shutdown the system to completely change your filesystem and disk setup, and they have amazing support.
Regarding support, I was present for a support call after a tech had pulled the wrong disk from a running system when he was supposed be replacing the failed disk in a RAID1. Once the mistake was realized, it was put it back in, and the sysadmin issued a command to encapsulate the disk (which is supposed to be done to bring it under VXVM control without destroying the contents -- not the right thing to instruct the system to do). Once it was clear that things had gotten quite hosed up, Veritas support was called.
The tech stayed on the line for about 2-3 hours, walking the intermediate level SA with essentially no Foundation Suite experience through a series of intricate procedures to evaluate the state of the volume, correct any the problems that were caused, and get everything back on-line.
I've worked with them on other issues (Foundation Suite and VCS) and have always gotten the problem immediately addressed, and not go unresolved.
This is in stark contrast to almost every other vendor support I've worked with. With other vendors (not specifically for this product type, but IT-wide), the standard procedure I've encountered is being sent on a goose chase while they find a loophole for why they won't support you (or the tech can't fathom the problem, and just repeatedly has you try the procedure that didn't work to begin with).
The other important product is VCS - Veritas Cluster Server (also available on Linux). It's a failover-oriented clustering system which has been popular for important databases on Solaris.
For instance with VCS you might have two servers set up as a cluster, one as primary for a database, the other as secondary (you can add tertiary, etc too, or have 2 databases, with the primary server for one being the secondary for the other). When a failure is detected with the database, or a resource the database uses (it does dependencies), VCS will stop anything associated with that databse on the primary server, and bring it back on the secondary.
It works nicely with shared disks in conjunction with Foundation Suite, as it can take disk volumes offline on one server, then bring them on-line on the other server. Additionally, they have a very good training class where they explain to you how to write your own custom agents for resource types there is no existing agent and how to modify existing agents if you have specific needs. (It's not only for databases, that's just a popular deployment scenario).
The primary bad thing, aside from being proprietary and costing money, is that these products require managing licence keys on your servers. Although Veritas is fairly responsive about sending them to you, if you're working late to get a system built it sucks to have to wait any amount of time for a vendor to give you a license key.
Also, most people who w
Sure, the language Dickens writes in is closer to current English than Shakespeare's Early Modern English or Chaucer's Middle English in The Canterbury Tales. But "don't have to work out a translation while reading" does not equate with "easy to read". Much of what makes something easy to read isn't simply being able to understand the sentences, but engaging the reader and writing in a style that can be absorbed rather than decoded.
Also, "easy to read" implies easy to read relative to the rest of the books you're likely to encounter. For example, if a Dean Koontz novel were 1 on the scale of difficulty and Canterbury Tales a 10, Bleak House at 8 would still fall into the difficult range.
Of course, as you gain experience as a reader, things seem easier to read. I remember thinking Conrad's Heart of Darkness was impenetrable when I picked it up before high school. Later, after reading quite a few books in the intervening period, it seemed like a breeze.
In an educational setting, I think a better idea would be to find something that would be engaging to the students to pique their interest, but without being trash. Once their interest has been piqued, you can branch out into "important works that shaped our culture".
If you turn them off early with stuff they either can't relate to, find impenetrable, or sounds like the cliched things their parents have been saying and they're busy rebelling against, you won't get to that point.
Cultivation, not force-feeding, in other words.
I agree with regard to popular mass-targetted fiction vs. movies. In both cases, they're designed for mass appeal, to match with the mood of the moment. Sometimes it's ok for light entertainment, and a great way for the producers to make money. But, not anything particularly fulfilling, and the repetitiveness and predictability can get a bit boring after you've seen (or read) enough.
I mean, how many repetitions does it take of "Alpha Male meets beautiful girl, something bad happens, the alpha male overcomes it, and either saves the girl or wins her over in the end"? Sure, you've got the ones with the twist of "it really is what's on the inside that counts", but that's cliched, too.
I think, it's pointless to debate over the relative merits of consuming that type of material in book or movie form. I don't care whether one "stimulates my imagination" more than the other or has the extra tidbit about how the Alpha Male grew up an orphanage, so he's even more of "interesting" than you saw in the movie. I'd rather just see that type of thing as a movie.
However, what you're completely missing out on are all the books with stories from a different point view, different themes, and deep insights. Stuff that would cause weeks of national debate were it ever to make it into movie form because it's not "safe" enough, or might interfere with someone's political agenda. Or just because it just doesn't appeal to a studio exec's concept of what people want...
Sure, there are some books that cause this uproar, too, but they're baldly political and not in the same category as literature which might contain a similar theme, but not as unenlightened "hope the audience doesn't think any of this through" propaganda.
Of course, there are differing levels of how "serious" a work is and how accessible it is, too. I'm not writing from the standpoint of "I was hardcore enough to read this important book that wasn't engaging at all, and since I've gotten through it, I'm better than you!" There are books with a high degree of entertainment value which don't just repeat the same theme from the same point of view.
To give a concrete example, take a look at "Still Life with Woodpecker" by Tom Robbins. For those who have read it, it should be obvious why you won't see that on the big screen anytime soon.
On the other end of the spectrum (less "entertainment", yet more deep and insightful... But still easy to read (at least, with a good modern translation) is Leo Tolstoy's Anna Karenina. It walks a mile in the shoes of several different types of people.
In a sense, it's a love story, but not in the sense of a Harlequin romance. That is, it wasn't written to pander to teenage girls or unfulfilled housewives. The more thoghtful of the bunch might like it, too, of course, but it doesn't pander. It has nuances, different points of view and a soul. And the information content is so high, that watching it (rather than reading it) for merely "story" value would compeletely miss the essence of the book.
With regard to memetic potential, debating over the points in a hollywood film doesn't really seem to have much meme value. Sure, it might spark a little discussion and give you something to talk about... But they're mainstream themes which often trigger mainstream canned responses.
With literature, you might find yourself better able to connect to people in a slightly deeper way instead of "supporting your team" in the topic of day. Even if you're discussing the latest Hollywood film that your friends are in an uproar about, you might have some cutting insight that triggers an even better discussion (even without mentioning the book...)
Your poi