If the author is "surprised", it is only because he is ignorant. Forkbombs are the oldest trick in the book. They were old news ten years ago and they were probably old news ten years before that and ten years before that. As far as being one of "Linux's faults", I think you'll find that just about any multiprocessing OS can be forkbombed. Fork bombs are also about the most trivial form of attack imaginable, and also the most trivial to protect against. They have to be launched locally, they don't permit privilege elevation, it's obvious who's doing it, and the worst possible effect is that you have to power-cycle the box. If there weren't any way to prevent them, I'd be more concerned, but as it is, this article rates a big yawn.
As far as limits in place by default - a computer is a general-purpose tool and I as the admin am the user of that tool. If there are going to be any limits on what I do, they should be there because I put them there. You can hand-wave away the possibility of running into the limits, but I have seen real situations in which a host needed to run thousands of processes under the same UID, and then ran into a limit which no one expected to be there. In contrast to the "lower total risk/cost option", I'd rather use the "principle of least surprise."
You start out so right and end up so wrong, IMO. You're right in that we won't run out of oil. Humanity has used grass (to feed horses and oxen), wood, peat moss, and whale oil. But in all those cases, we stopped and switched to a different source before all the grass was gone, before all the trees were cut down, before every last whale was killed. The same thing will happen with oil: as it gets scarcer, the price will rise. This will have the effects of discouraging usage and encouraging switching to alternate sources and encouraging more intensive searches for oil. At some point, another energy source will become cheaper and more convenient than oil, and then people will basically stop using oil, long before the last of the oil is gone. And it will be long before we've "cooked ourselves to death", too; probably not more than 100 years away, I'm guessing. (Consider this: only about 100 years ago, uranium was a useless geological curiosity.) Whatever replaces oil will ultimately be cheaper and probably cleaner than oil, too. If you think I'm being a pollyanna, consider that what I'm describing already has happened, several times over.
Re:Golly, I WONDER where they got that idea!
on
Pentium M Goes SFF
·
· Score: 1
Sure Macs had the first Small form factor Computer in the G4 Cube...
"First" small form factor was the G4 Cube?! You kids these days! Ever heard of the Sun IPC? /me shuffles off to take his Geritol...
I am going to chime in with my damnation of 3ware's cards too. We have about 20 8500s and 8506s, with either Maxtor or Seagate drives. The things are horribly unreliable. Almost every day at least one array needs to be rebuilt. On a few occasions, we've even seen the controllers spontaneously lose an entire array - just poof, not accessible anymore and not visible through the administrative tools. Reboot and there's the array again.
Most of our support has been through a VAR (who sucks too, but that's a separate rant), but when we talked to 3ware and told them how we were using the arrays (for database storage), they immediately went, "Ooh...uhh...that's...not really a good idea..." Even they admitted that the SATA arrays are really for very light-duty use only. (I blame our old VP of technology, who always wanted to go the cheap route on everything.)
Oh, and if you want to upgrade the controller's firmware? 3ware tells you to boot off a DOS-formatted floppy. This is not enterprise-level stuff.
Damn it, has everyone forgotten the old jokes? cat "food in cans" Unfortunately, it does not give the funny answer ("...cannot open...") on a lot of platforms these days.
I think Microsoft's "sabotage" occurs at a different semantic level, mostly. It's not so much that they wilfully break standards as that they creatively "extend" or reinterpret them. For example, MS encourages site designers to use ActiveX controls, and they know perfectly well that that's not going to work under anything but IE. Take their own Outlook Web Access: it works reasonably well under IE, but is pretty cruddy under anything else, even where a better, cross-platform design for some of the features is obvious.
It is a common misconception that people are required to take any form of currency simply because it's legal tender. Actually, private businesses can make whatever rules they like about what they'll accept, which is why you see businesses with signs saying things like "No bills larger than $20", "No pennies", or even "No cash". See the US Treasury's FAQs.
VHS tapes ran longer than Beta tapes, which kind of puts a hole in the whole "Beta was obviously superior" meme. While no one is arguing that VHS beat Beta in every possible way, the idea that VHS was inferior in every possible way and yet was chosen - which seems to be a lot of people's argument - is ridiculous.
What makes you think they need an excuse? Jurisdiction is such an old-fashioned concept, man, get with the times! More seriously, this issue has come up with respect to child-sex-abuse cases. Mr. X goes to a nation where the laws against sex with minors are weak, nonexistent, or simply not enforced, and has his fun. Upon his return to his home country, he's arrested. Defending such people is not popular, because it looks like defending child molesters.
I call foul. This quote from the article was what got to me:
Traditional systems bog down because they first store data on hard drives or in main memory and then query it, Stonebraker says.
So they manage to do their analysis without even touching main memory? Nifty! What do they do, make it all fit in the L1 data cache? OK, maybe the guy was misquoted - I trust reporters about as far as I can throw them - but the whole thing just smells funny to me. I'm betting that the massive speedup they report is only for carefully selected, pre-groomed data sets. I agree that analyzing data as it comes in rather than storing it up to recrunch later is the smart thing to do, but that insight isn't a breakthrough of the kind the article is spinning this as.
"No such luck"? Try "no such configuring needed." My Thinkpads, of which I am quite fond, have three physical "mouse" buttons. And even on machines which have only two, it's trivial to turn on emulation of a third button by clicking both at once. I agree that the user of a theoretical machine with a clitmouse and only one button would be out of luck, but I've never seen such a thing. I have to wonder, though, just how much the ability to emulate multiple buttons figures into Apple's thinking, given that their OS is designed to be completely usable with only one.
I agree with you for the most part, but I think some of the other posters have good points in that it's hard to plan for and test for everything. I heard of a colo that once had a great setup - huge battery backups, diesel generators, days' worth of fuel, etc. And they tested it, too! Once a month or so, they'd switch over to diesel for a few minutes to be sure they could do it in an emergency. Then one day, they suffered a power failure, and switched over to diesel...and the generator ran for about five minutes, then coughed and died. Turned out their fuel had gotten contaminated or their fuel filter had clogged or some such. This is not to say that these are things you couldn't check for, just that it's very hard to be sure you've really thought of everything. (BTW, if anybody remembers where that story comes from, let me know...can't remember where I heard it.)
You're kidding...I have one of those! I knew about the labelling, of course, but not why they'd labeled it that way. It's an old Osterizer, and it says, beneath a vaguely Bohr-atom-like logo, "SOLID STATE". When I first noticed that (and was old enough to know what it meant), I thought, "What, unlike all those blenders with vacuum tubes in them?" It's an Osterizer "Galaxie Ten", which I inherited from my parents, and it still works fine, too, although it's a trifle overdesigned - it has ten different speeds, each individually named: puree, whip, grate, etc. The ultimate speed is indicated by a black button marked "frappé", which impressed me when I was little, as this was clearly the forbidden button, of awesome puissance, not to be trifled with for your mere daily chopping, blending, or grinding tasks.
*sigh* I really hate to get dragged into these stupid arguments, but here I'm doing it anyway. So you're from Sweden. A land where your foreign minister was stabbed to death in public, during the day, and you're suggesting nobody would ever need a gun in your country?
It's like the old joke about being eaten by a lion on Main Street, you know? (The chances aren't one in a million, but once is all it takes.) It's not about how likely it is, it's about how bad the outcome might be. I've lived my entire life in big cities in the US, and only once in my life have I felt I needed a gun (and that time was out in the countryside). Every place in the world has violence, and you have the right to defend yourself whether violence is common or rare; using your last gasp of oxygen to think "I'm glad this is really a very rare occurrence here!" as your killer murders you is not likely to be either comforting or useful.
OK, that's it. I'm out. I wish Slashdot had a "prevent me from posting to this stupid thread again" checkbox.
Is there STARTTLS for POP? *google* I'll be, so there is. I've set up TLS for SMTP, but that's it.
Anyway, while I agree with your comment in general, I think we have to address exactly what kind of security we're talking about. TLS is fine for what it is - it's just that what it is is fairly limited. Perhaps one of the weaknesses of a protocol stack model is that you have to implement security for each level at each level. For example, TLS will prevent eavesdropping on your SMTP conversation, but it doesn't authenticate senders within the conversation. Personally, I don't regard the lack of security awareness in these protocols as "bugs". "Shortcomings", maybe, but if you look at the life of standards, you'll see that it's much easier for a standard to be adopted if it's simple, practical, decentralized, and has little competition. Most of the standards we've mentioned fit those criteria at the time of their introduction, and adding security features would probably have impaired their simplicity and hurt their adoption.
A little too fast with no arguments - sounds better with -25 (but feel free to use -10 to indicate you have a lot of computrons). Only works under X 'cause I'm running X right now and lazy. For terminal use, you'd do something with 'setterm -bfreq'.
I'm inclined to agree with this. I've spent the past seven years as a system administrator at a number of American companies large and small, prestigious and unknown (and profitable and not, ha-ha), and I've seen a number of approaches taken, but the number of people here recommending local white-box places or the like really surprises me. The correct answer probably depends on what you're doing: Are we talking about the enterprise market, or the hobbyist market? If you're setting up a small, non-mission-critical webserver, then yeah, who really cares? If, on the other hand, you're buying hardware for a network of 100 mission-critical servers at remote locations, going the budget route is not going to cut it.
In general, I'd recommend the 90% solution: don't go for the gold-plated option, because the marginal cost is almost certainly going to be greater than the marginal benefit. (Which are good terms to keep in mind.) But don't try to cheap out, either, since it will bite you. If Sun is too expensive for you, fine, but go with Tatung or Fujitsu, not "Toothless Joe's House o' Sparc Clones". (Yes, I have seen this done...) At my current workplace, we have a number of old servers from a small company: they serve decently for light duty, but the cheapo drives they used tend to fail under heavy load, and they won't send you a replacement until they've gotten the original back, which is a far cry from the same-day support from Sun I was spoiled by at an old job. We're in the process of ripping them out and replacing them with Sun Opteron servers attached to Apple XRaids, which is a huge step up, although I still have my doubts. (The XRaid has had some firmware problems...we shall see if Apple can really hack the enterprise market.) In my experience, a lot of the budget companies and components look fine when everything is smooth sailing - it's when things get hairy that you discover the real differences in quality.
IIRC, the USB spec prohibits shieldless connectors and dictates how large a device may be in the immediate area of the connector, so this thing is probably in technical violation of the spec on two counts. I'm guessing that the product wouldn't pass compliance testing and hence the packaging doesn't bear the official USB logo.
LOL...and no mod points? The moderators are PHILISTINES! Seriously, though, there isn't any deep freeze on the station, or any refrigerator at all. Probably too expensive in mass and energy terms to be worth it.
Here's a fairly low-level one I haven't seen mentioned: there is no real primary key that defines a user. UID is supposed to be unique...but username is supposed to be unique too! If either of those fails to be true, you get rather unpredictable results depending on what exactly you're trying to do. Unfortunately, I don't see a very good way of fixing that within the context of existing Unix, given how deeply ingrained the current way is.
As far as things I'd like to see improved - at a job a while ago, I had to use an IBM mainframe (OS/390, I think), and while overall I found it pukeable, one thing I did really like was the fact that you could log on later and review the exit status of any of your jobs. (Which makes perfect sense for a batch-oriented system.) In Unix, if you don't immediately check $?, you've lost the exit status of your jobs. Shell history only captures what you entered, and only from the shell itself. As a system administrator, I'm often running things in the background, via screen, on multiple systems, from cron, etc., and it would be nice to be able to be able to check on everything that's run. There is auditing, but that's usually a real pain to set up.
Unix files have no structure above byte level. File deletion is irrevocable. The Unix security model is arguably too primitive. Job control is botched. There are too many different kinds of names for things. Having a file system at all may have been the wrong choice.
Well, they can run the latest version of OpenBSD at the very least, which should be fine for anything you are likely to do with an IPX. As for Solaris, I would forget about anything past 2.6. It might run, but... I've got one serving as my firewall, running OpenBSD. It's a fine box for what it does; they're built like little tanks. But powerful they are not. Just ssh'ing in raises the load to 0.5.
Enhanced coredumps are not new in 2.6. sigma:~$ uname -a Linux sigma 2.4.22 #2 Sat Oct 23 22:35:00 EDT 2004 i686 unknown sigma:~$ cat/proc/sys/kernel/core_pattern core.%e.%p sigma:~ $ sleep 60 & [1] 450 sigma:~$ kill -BUS 450 sigma:~$ ls -l core* -rw------- 1 rfc users 69632 Dec 18 10:44 core.sleep.450
The problem is that there are still so many sites that are borken in other browsers. (Well, one of the problems, anyway.) Not necessarily because the other browsers are bad, but because developers assume that everyone is going to have IE, think they should force everyone to use IE, or just don't bother to test at all. Off the top of my head I can think of two sites which are intentionally broken:
http://www.scps.nyu.edu and
http://www.expensable.com. (expensable.com, by the way, is an excellent showcase for bad design, but most of it you'd have to log in to see. For example, the main interface is in a popup, and if you have popups blocked, you just can't log in, and it gives you no indication why.) Try going to either of those sites with your User-Agent string set to something unusual. Sure, you and I know how to change that...but for my mom, who can't even figure out how to change her Windows desktop image on her own, that's going to be a deal-breaker.
Slashdot Mirror
If the author is "surprised", it is only because he is ignorant. Forkbombs are the oldest trick in the book. They were old news ten years ago and they were probably old news ten years before that and ten years before that. As far as being one of "Linux's faults", I think you'll find that just about any multiprocessing OS can be forkbombed. Fork bombs are also about the most trivial form of attack imaginable, and also the most trivial to protect against. They have to be launched locally, they don't permit privilege elevation, it's obvious who's doing it, and the worst possible effect is that you have to power-cycle the box. If there weren't any way to prevent them, I'd be more concerned, but as it is, this article rates a big yawn.
As far as limits in place by default - a computer is a general-purpose tool and I as the admin am the user of that tool. If there are going to be any limits on what I do, they should be there because I put them there. You can hand-wave away the possibility of running into the limits, but I have seen real situations in which a host needed to run thousands of processes under the same UID, and then ran into a limit which no one expected to be there. In contrast to the "lower total risk/cost option", I'd rather use the "principle of least surprise."
You start out so right and end up so wrong, IMO. You're right in that we won't run out of oil. Humanity has used grass (to feed horses and oxen), wood, peat moss, and whale oil. But in all those cases, we stopped and switched to a different source before all the grass was gone, before all the trees were cut down, before every last whale was killed. The same thing will happen with oil: as it gets scarcer, the price will rise. This will have the effects of discouraging usage and encouraging switching to alternate sources and encouraging more intensive searches for oil. At some point, another energy source will become cheaper and more convenient than oil, and then people will basically stop using oil, long before the last of the oil is gone. And it will be long before we've "cooked ourselves to death", too; probably not more than 100 years away, I'm guessing. (Consider this: only about 100 years ago, uranium was a useless geological curiosity.) Whatever replaces oil will ultimately be cheaper and probably cleaner than oil, too. If you think I'm being a pollyanna, consider that what I'm describing already has happened, several times over.
"First" small form factor was the G4 Cube?! You kids these days! Ever heard of the Sun IPC?
I am going to chime in with my damnation of 3ware's cards too. We have about 20 8500s and 8506s, with either Maxtor or Seagate drives. The things are horribly unreliable. Almost every day at least one array needs to be rebuilt. On a few occasions, we've even seen the controllers spontaneously lose an entire array - just poof, not accessible anymore and not visible through the administrative tools. Reboot and there's the array again.
Most of our support has been through a VAR (who sucks too, but that's a separate rant), but when we talked to 3ware and told them how we were using the arrays (for database storage), they immediately went, "Ooh...uhh...that's...not really a good idea..." Even they admitted that the SATA arrays are really for very light-duty use only. (I blame our old VP of technology, who always wanted to go the cheap route on everything.)
Oh, and if you want to upgrade the controller's firmware? 3ware tells you to boot off a DOS-formatted floppy. This is not enterprise-level stuff.
Damn it, has everyone forgotten the old jokes?
cat "food in cans"
Unfortunately, it does not give the funny answer ("...cannot open...") on a lot of platforms these days.
I think Microsoft's "sabotage" occurs at a different semantic level, mostly. It's not so much that they wilfully break standards as that they creatively "extend" or reinterpret them. For example, MS encourages site designers to use ActiveX controls, and they know perfectly well that that's not going to work under anything but IE. Take their own Outlook Web Access: it works reasonably well under IE, but is pretty cruddy under anything else, even where a better, cross-platform design for some of the features is obvious.
It is a common misconception that people are required to take any form of currency simply because it's legal tender. Actually, private businesses can make whatever rules they like about what they'll accept, which is why you see businesses with signs saying things like "No bills larger than $20", "No pennies", or even "No cash". See the US Treasury's FAQs.
Yeah, I can't believe no one has made the obvious joke: "Spray-on body suits? Quick, send Natalie Portman into space!"
VHS tapes ran longer than Beta tapes, which kind of puts a hole in the whole "Beta was obviously superior" meme. While no one is arguing that VHS beat Beta in every possible way, the idea that VHS was inferior in every possible way and yet was chosen - which seems to be a lot of people's argument - is ridiculous.
What makes you think they need an excuse? Jurisdiction is such an old-fashioned concept, man, get with the times! More seriously, this issue has come up with respect to child-sex-abuse cases. Mr. X goes to a nation where the laws against sex with minors are weak, nonexistent, or simply not enforced, and has his fun. Upon his return to his home country, he's arrested. Defending such people is not popular, because it looks like defending child molesters.
So they manage to do their analysis without even touching main memory? Nifty! What do they do, make it all fit in the L1 data cache? OK, maybe the guy was misquoted - I trust reporters about as far as I can throw them - but the whole thing just smells funny to me. I'm betting that the massive speedup they report is only for carefully selected, pre-groomed data sets. I agree that analyzing data as it comes in rather than storing it up to recrunch later is the smart thing to do, but that insight isn't a breakthrough of the kind the article is spinning this as.
"No such luck"? Try "no such configuring needed." My Thinkpads, of which I am quite fond, have three physical "mouse" buttons. And even on machines which have only two, it's trivial to turn on emulation of a third button by clicking both at once. I agree that the user of a theoretical machine with a clitmouse and only one button would be out of luck, but I've never seen such a thing. I have to wonder, though, just how much the ability to emulate multiple buttons figures into Apple's thinking, given that their OS is designed to be completely usable with only one.
I agree with you for the most part, but I think some of the other posters have good points in that it's hard to plan for and test for everything. I heard of a colo that once had a great setup - huge battery backups, diesel generators, days' worth of fuel, etc. And they tested it, too! Once a month or so, they'd switch over to diesel for a few minutes to be sure they could do it in an emergency. Then one day, they suffered a power failure, and switched over to diesel...and the generator ran for about five minutes, then coughed and died. Turned out their fuel had gotten contaminated or their fuel filter had clogged or some such. This is not to say that these are things you couldn't check for, just that it's very hard to be sure you've really thought of everything. (BTW, if anybody remembers where that story comes from, let me know...can't remember where I heard it.)
You're kidding...I have one of those! I knew about the labelling, of course, but not why they'd labeled it that way. It's an old Osterizer, and it says, beneath a vaguely Bohr-atom-like logo, "SOLID STATE". When I first noticed that (and was old enough to know what it meant), I thought, "What, unlike all those blenders with vacuum tubes in them?" It's an Osterizer "Galaxie Ten", which I inherited from my parents, and it still works fine, too, although it's a trifle overdesigned - it has ten different speeds, each individually named: puree, whip, grate, etc. The ultimate speed is indicated by a black button marked "frappé", which impressed me when I was little, as this was clearly the forbidden button, of awesome puissance, not to be trifled with for your mere daily chopping, blending, or grinding tasks.
It's like the old joke about being eaten by a lion on Main Street, you know? (The chances aren't one in a million, but once is all it takes.) It's not about how likely it is, it's about how bad the outcome might be. I've lived my entire life in big cities in the US, and only once in my life have I felt I needed a gun (and that time was out in the countryside). Every place in the world has violence, and you have the right to defend yourself whether violence is common or rare; using your last gasp of oxygen to think "I'm glad this is really a very rare occurrence here!" as your killer murders you is not likely to be either comforting or useful.
OK, that's it. I'm out. I wish Slashdot had a "prevent me from posting to this stupid thread again" checkbox.
Anyway, while I agree with your comment in general, I think we have to address exactly what kind of security we're talking about. TLS is fine for what it is - it's just that what it is is fairly limited. Perhaps one of the weaknesses of a protocol stack model is that you have to implement security for each level at each level. For example, TLS will prevent eavesdropping on your SMTP conversation, but it doesn't authenticate senders within the conversation. Personally, I don't regard the lack of security awareness in these protocols as "bugs". "Shortcomings", maybe, but if you look at the life of standards, you'll see that it's much easier for a standard to be adopted if it's simple, practical, decentralized, and has little competition. Most of the standards we've mentioned fit those criteria at the time of their introduction, and adding security features would probably have impaired their simplicity and hurt their adoption.
In general, I'd recommend the 90% solution: don't go for the gold-plated option, because the marginal cost is almost certainly going to be greater than the marginal benefit. (Which are good terms to keep in mind.) But don't try to cheap out, either, since it will bite you. If Sun is too expensive for you, fine, but go with Tatung or Fujitsu, not "Toothless Joe's House o' Sparc Clones". (Yes, I have seen this done...) At my current workplace, we have a number of old servers from a small company: they serve decently for light duty, but the cheapo drives they used tend to fail under heavy load, and they won't send you a replacement until they've gotten the original back, which is a far cry from the same-day support from Sun I was spoiled by at an old job. We're in the process of ripping them out and replacing them with Sun Opteron servers attached to Apple XRaids, which is a huge step up, although I still have my doubts. (The XRaid has had some firmware problems...we shall see if Apple can really hack the enterprise market.) In my experience, a lot of the budget companies and components look fine when everything is smooth sailing - it's when things get hairy that you discover the real differences in quality.
IIRC, the USB spec prohibits shieldless connectors and dictates how large a device may be in the immediate area of the connector, so this thing is probably in technical violation of the spec on two counts. I'm guessing that the product wouldn't pass compliance testing and hence the packaging doesn't bear the official USB logo.
LOL...and no mod points? The moderators are PHILISTINES! Seriously, though, there isn't any deep freeze on the station, or any refrigerator at all. Probably too expensive in mass and energy terms to be worth it.
I think you're thinking of gravlax. (Old-school gravlax, apparently, not the new stuff that's just made with dill and whatnot.)
As far as things I'd like to see improved - at a job a while ago, I had to use an IBM mainframe (OS/390, I think), and while overall I found it pukeable, one thing I did really like was the fact that you could log on later and review the exit status of any of your jobs. (Which makes perfect sense for a batch-oriented system.) In Unix, if you don't immediately check $?, you've lost the exit status of your jobs. Shell history only captures what you entered, and only from the shell itself. As a system administrator, I'm often running things in the background, via screen, on multiple systems, from cron, etc., and it would be nice to be able to be able to check on everything that's run. There is auditing, but that's usually a real pain to set up.
I'm a little surprised that no one has mentioned (as far as I've noticed) ESR's The Art of Unix Programming, which has a section titled "Problems in the Design of Unix". From that book:
Well, they can run the latest version of OpenBSD at the very least, which should be fine for anything you are likely to do with an IPX. As for Solaris, I would forget about anything past 2.6. It might run, but... I've got one serving as my firewall, running OpenBSD. It's a fine box for what it does; they're built like little tanks. But powerful they are not. Just ssh'ing in raises the load to 0.5.
Enhanced coredumps are not new in 2.6.
/proc/sys/kernel/core_pattern~ $ sleep 60 &
sigma:~$ uname -a
Linux sigma 2.4.22 #2 Sat Oct 23 22:35:00 EDT 2004 i686 unknown
sigma:~$ cat
core.%e.%p
sigma:
[1] 450
sigma:~$ kill -BUS 450
sigma:~$ ls -l core*
-rw------- 1 rfc users 69632 Dec 18 10:44 core.sleep.450
The problem is that there are still so many sites that are borken in other browsers. (Well, one of the problems, anyway.) Not necessarily because the other browsers are bad, but because developers assume that everyone is going to have IE, think they should force everyone to use IE, or just don't bother to test at all. Off the top of my head I can think of two sites which are intentionally broken:
http://www.scps.nyu.edu and
http://www.expensable.com. (expensable.com, by the way, is an excellent showcase for bad design, but most of it you'd have to log in to see. For example, the main interface is in a popup, and if you have popups blocked, you just can't log in, and it gives you no indication why.) Try going to either of those sites with your User-Agent string set to something unusual. Sure, you and I know how to change that...but for my mom, who can't even figure out how to change her Windows desktop image on her own, that's going to be a deal-breaker.