The purpose of NSS isn't just name resolution configuration, its to extend name resolution infinitely with new resolvers.
How many times in the past 10 years have you desperately needed to have/bin/ls look up passwords in some bizzare new way?
If my/bin stuff is statically linked, and I install a new resolver, then what? No amount of configuration file reading is going to solve this one smart guy. I one: either have to recompile everything in/bin,[...]
I build world maybe 4 or 5 times a year. That's infinitely more often than I decide I need a new way to lookup passwords (since I never have).
NSS works by dynamically loading the correct resolving routines from shared objects at run time. In contrast, a statically linked binary has "hard wired" name service lookup policies, which have been set by whatever library routines were statically linked into the executable.
This is, of course, not a sane justification. For example the resolver library quite happily obeys host.conf to control the same kind of decision about host name lookup dispite being statically linked into things. The highly sophisticeted answer is (shock) to have the library read the configiuration file.
Just Say No to ls(1) not working because your library path is in a mess. Not to mention making life for rootkits one step easier.
The macros and variable expansion simplify the configuration process considerably
On this one I think the way IPFW is used on FBSD is defintley the Right Thing. You just add rules in a shell script and so you have the variable substitution, conditionals, tests and definable functions in a syntax everyone should be familair with.
Isn't the tsandard linux ipWHATEVERITISTHISWEEK filter similar? I set up some rules once some time ago and seem to remember it was a shellscript, though I didn't do anything big enough to need anything fancy,
However, if you want a serious firewall, you should already be going with OpenBSD anyway:)
Actually, Theo's `licencing restrictions are for the lower orders not me' squabble with Darren Reed happened just when I was getting ready to put ina firewall. OBSD was the planned system, but theere is no way I was going to run a brand new piece of software in such a role, and I'm not sure I think PF is long enough in the tooth to be comfortable yet. So my firewall and the two I am setting up for work are FBSD/ipfw.
I don't know how viable of a business strategy this is
Ask Apple. This is the strategy they adopted to move from being the company who could have kicked Bill Gates' arse to being a company partially owned by Gates living on the crumbs from his table.
It's a strategy which appeals to PHBs who are under presure from shareholders for having screwed up royally. Eg Amazon adopted it when they had made a mess of their business strategy, Apple when they had pissed their lead away and relised M$ had produced a version of Windoze which wasn't totally unusable.
The idea is to use the promise of MAKE MONEY FAST to distract the shareholders longe enough to fix things or get a better job. The problem is that lawyers are like Heroin, you might think you are just going to use them this once because you need a quick rush, but once they have their hooks in...
How does `general purpose' engergy differ from plain old vanilla engergy? Does each electron come stamped with a special legal release authorising it's use for any purpose?
I'm woried now in case I have been using restriucted purpose energy to run my computers and can expect a visit by th heavies of the electricity company!
The BBC saying that the coalition is taking "heavy losses for small gains" is not objective reporting.
the US has lost 24 soldiers and has gained a large portion of Iraqi territory,
Perhap the BBC reporters remember enough history for `Stalingrad' to mean something to them.
The war hasn't really started yet. Both sides have been getting into position and there has been some skirmishing over areas the Iraqis have mostly abandoned and between formations of trops moving to where they need to be. (eg today's reports of an engagement between British and Iraqi armour).
The interesting point will be when the main US formations start to press Bhagdad.
For example, an insurance company might go to a geologist [...] and if the geologist in question is a complete quack [...]
This is not an argument for a licencing scheme, but for recognised qualifications and insurance employees knowing their job well enough to ask someone if they are qualified.
The important difference being that qualifications are handed out by (in this instance) geologists, licences are handed out by lawyers and beurocrats.
The potential for fraud and exploitation here are rather high.
Doesn't this just mean that if there was no licencing scheme, lots of B Ark candidates who would otherwise end up as scientologists or politicians or lawyers or sports fans etc might end up shredded, crushed and/or toasted.
I am struggling to see a downside here.
If that's not enough to make you not want to move to California, last week I saw gas prices at 2.40 a gallon in San Francisco.
If I'd need a car enough to care about the fuel price, I'm not gonna want to go there in the first place.
Personally, I'd rather see more money spent on human spaceflight, such as the necessary refitting/redesigning of the shuttles.
Great, pour money into keeping some old wrecks on the road for a while longer so they can kill more people...
The necessary redesign of the shuttle involves a car crusher.
I can understand people who are attached to Concorde and so why it is made to keep stagerring on. It's a beautiful aircraft and was a wonder when it was new. The shuttle was designed by politicians and bean counters, is ugly as sin and an all around embarassment to the planet. It should never have been, still less should it have been kept alive zombie-like for so long.
Probes are great, but Pluto just isn't that exciting to me. It's a small, cold rock.
A lot more interesting than anything the manned space programme has done since Apollo.
The whole project budget is of the same order as one(!) shuttle flight.
With this kind of tweaking process, it seems possible that they might "tweak" out an optical effect that they should've kept, on the grounds that it wasn't something they were expecting.
Depends on the distortion really. For instance if your calibration star is jittering around the image, you can be pretty sure it is due to atmospheric distortion, not to the star leaping light years in milliseconds.
Accelerometers and strain transducers for wind forces, ground vibration and thermal effects on structures at the very least (and multitudes of them, all calibrated with respect to their location, etc). What I'm really having trouble with is how they are managing the thermal and atmospheric compensations.
AIUI, based on reading about other telescope plans, but I think it applies here, they don't try and measure and pre-compensate for distorting influences, rather they use the image to determine what the current distortion is, and compensate for it.
Of course, to do this you need to have something in the image which you know how it should look (bad grammar there). Eg you arange your picture to contain a point source like a distant bright star and the nebula you are interested in. Then you twiddle the optics until the star is as close to a stationary point as you can get, which should have the effect of making the nebula clear.
If you have used an auto-focus camera and found that some things are hard for it to focus on, you may have used the same trick, pick somethig near what you want in focus, focus on that and then take your picture. Imagine doing that gazillions of times per second.
I remember reading a proposal to put optical targets in orbit to help with this process. That way they wouldn't be limited by the need to find a bright point source near what they are interested in.
If my distant memory of the book is even approximately correct, RWR as written would make a horrible movie.
I dissagree, I think it would make a wonderful movie. However, it wouldn't make a very commercial movie. Has a couple of action sections I suppose, biut most of it is slow revelation. Think Koyaanisqatsi with digital effects and some small amount of narrative action to tie it together.
And there is no simple minded ending. The reason I don't lik ethe other books so much is that they are all collectively an attempt to graft an ending onto RWR, which doesn't need one.
Of course, the same can be said of 2001, the problems started when Sk and ACC were trying to tie down a Holywood-palitable ending.
On the whole I think it' best if they do a Blade Runner on it. Pinch some ideas and make somethign which is a movie in it's own terms.
It's similar to the motherboards with 'upgradable CPU' you see occasionally.
More like throwing aay your printer when you run out of ink, with the added feature that getting the new printer delivered will cost you millions of dollarpounds.
I work for an ISP where we enforce a single-machine license clause,and we do it for a very good reason:
Thinks: oh, this might be interesting, a/. poster isn't going to spout the usual bollocks, so maybe we will learn something...
[the usual bollocks]
And the fact that I choose to have a windows machine an a work machine rather than dual booting would cost you money because...
The fact that I want a firewall between these machines and the world costs you money because...
The fact that I would like to sit in front of the fire using a laptop sometimes costs you money because...
The fact that I do this with NAT rather than juggling wireing or using a proxy costs you money because...
Consider the article which sparked this off. Finding out if somone has more than one machine back there is hard, worth writing a paper about, If it's hard to tell something is happeneing, then it can't be a real problem to you. Bandwidth hogs are easy to detect and so may be a real problem.
What you are doing is putting an artificial limit on people, so you can charge extra to remove it. Fine, if that is your business model, but lieing about it is just nasty.
I imagine we'll see lots of clever ways to emerge on how to use legacy hardware we've put in space, as launch costs remain so expensive.
I have wondered in the past if it would be possible to launch kind of backpack units to help out old satelites. I was thinking of small boxes with attitude jets or whatever runs out which could bolt themselves to otherwise useless satelites. I hadn't thought of the battery problem though.
So, this article inspired me to wonder why they don't build satelites with replaceable bits containing the consumables. A standardised box with batteries, manoevering abaility and whatever else tends to run out. These would persumably be cheaper to launch than a complete new satelite, and cheaper to build because they are standard.
Take a clever design to give enough flexibility, but hell, that is what we have engineers for!
As stated lower in this thread, if you have to manually check your spam folder for "false positives", the filter is utterly useless since you are still checking for spam.
No, because it prioritises your mail. Mail from certain adresses is always real, mail from certain adresses is always spam. So, I don't check mail which looks like spam as often as I check mail which looks like spam. When I reply to someone who was treated as spammed, I tell them why the reply was delayed which should help the sensible ones avoid other people's fiulters. (don't mail HTML is a good rule for instance).
Automated trusted corespondents ensures that a real human, accountable for his or her actions, sent the email.
This would just make me give up emailing the person. Not useful if I was trying to buy something from them.
If I compromise your key, can't I then re-sign my doctored document with last week's date... It's late, so maybe there is a way to block that which doesn't occur to me.
Lots of this stuff is non-obvious, especially in the presence of cocoa with brandy in it (slurp!).
[sorry for the more than usual level of typoes in this and the previous message, Opera has decided today that all my type in boxes will use a bizzare font, and I am very bad at proof reading after I write]
Yes, but if the attacker has access to encrypted (not just signed) documents, then as soon as your private key is compromised, so are the documents.
Indeed, the situation for encryption is different. The basic answer here is to realise that an encryption of a document has a lifespan. If it is really essential that no one sees the plain text, then shred the document and burn the bits (or the electronic equivalent). Once you send an encrypted document out into the world, assume it will become public property sooner or later and plan what to do when it does.
The way I read the `secrecy != security' slogan is that one should always work on the assumption that every secret will be revealed, sooner or later. Security must therefore be built on something more substantial than secrecy.
As a colourful example, in an intelligence organisation, one would have to assume that any captured agent will spill the beans, and that any agent in the field can be captured at any moment. Hence security comes from limiting the usefulness to the enemy of what any one agent knows, and having backup systems which can let everyone know when someone is captured, so plans can be changed.
For those of us in less glamourous/dangerous occupations, it comes down to such things as defence in depth. make sure that you can do most things you regularly need to without becoming root, then make becoming root complex, then prevent root logging in remotely, then make sure your non-root logins are secure, then use secure connections, then....
Slashdot Mirror
How many times in the past 10 years have you desperately needed to have /bin/ls look up passwords in some bizzare new way?
If my /bin stuff is statically linked, and I install a new resolver, then what? No amount of configuration file reading is going to solve this one smart guy. I one: either have to recompile everything in /bin,[...]
I build world maybe 4 or 5 times a year. That's infinitely more often than I decide I need a new way to lookup passwords (since I never have).
This is, of course, not a sane justification. For example the resolver library quite happily obeys host.conf to control the same kind of decision about host name lookup dispite being statically linked into things. The highly sophisticeted answer is (shock) to have the library read the configiuration file.
Just Say No to ls(1) not working because your library path is in a mess. Not to mention making life for rootkits one step easier.
The eggs were in a compartment underneath the floor of the crashed shuttle with spooky dry-ice fog lit by horizontally scanning laser beams.
A NASA spokesperson said
On this one I think the way IPFW is used on FBSD is defintley the Right Thing. You just add rules in a shell script and so you have the variable substitution, conditionals, tests and definable functions in a syntax everyone should be familair with.
Isn't the tsandard linux ipWHATEVERITISTHISWEEK filter similar? I set up some rules once some time ago and seem to remember it was a shellscript, though I didn't do anything big enough to need anything fancy,
Actually, Theo's `licencing restrictions are for the lower orders not me' squabble with Darren Reed happened just when I was getting ready to put ina firewall. OBSD was the planned system, but theere is no way I was going to run a brand new piece of software in such a role, and I'm not sure I think PF is long enough in the tooth to be comfortable yet. So my firewall and the two I am setting up for work are FBSD/ipfw.
Ask Apple. This is the strategy they adopted to move from being the company who could have kicked Bill Gates' arse to being a company partially owned by Gates living on the crumbs from his table.
It's a strategy which appeals to PHBs who are under presure from shareholders for having screwed up royally. Eg Amazon adopted it when they had made a mess of their business strategy, Apple when they had pissed their lead away and relised M$ had produced a version of Windoze which wasn't totally unusable.
The idea is to use the promise of MAKE MONEY FAST to distract the shareholders longe enough to fix things or get a better job. The problem is that lawyers are like Heroin, you might think you are just going to use them this once because you need a quick rush, but once they have their hooks in...
How does `general purpose' engergy differ from plain old vanilla engergy? Does each electron come stamped with a special legal release authorising it's use for any purpose?
I'm woried now in case I have been using restriucted purpose energy to run my computers and can expect a visit by th heavies of the electricity company!
Not only that but it's big enough to be used as a club to concuss anyone who tries to steal it off you.
Perhap the BBC reporters remember enough history for `Stalingrad' to mean something to them.
The war hasn't really started yet. Both sides have been getting into position and there has been some skirmishing over areas the Iraqis have mostly abandoned and between formations of trops moving to where they need to be. (eg today's reports of an engagement between British and Iraqi armour).
The interesting point will be when the main US formations start to press Bhagdad.
There are reports in th epress about people being abducted be Elvis in his flying saucer.
This is not an argument for a licencing scheme, but for recognised qualifications and insurance employees knowing their job well enough to ask someone if they are qualified.
The important difference being that qualifications are handed out by (in this instance) geologists, licences are handed out by lawyers and beurocrats.
Doesn't this just mean that if there was no licencing scheme, lots of B Ark candidates who would otherwise end up as scientologists or politicians or lawyers or sports fans etc might end up shredded, crushed and/or toasted.
I am struggling to see a downside here.
If that's not enough to make you not want to move to California, last week I saw gas prices at 2.40 a gallon in San Francisco.
If I'd need a car enough to care about the fuel price, I'm not gonna want to go there in the first place.
Beause the lawyers have already won.
Great, pour money into keeping some old wrecks on the road for a while longer so they can kill more people...
The necessary redesign of the shuttle involves a car crusher.
I can understand people who are attached to Concorde and so why it is made to keep stagerring on. It's a beautiful aircraft and was a wonder when it was new. The shuttle was designed by politicians and bean counters, is ugly as sin and an all around embarassment to the planet. It should never have been, still less should it have been kept alive zombie-like for so long.
Probes are great, but Pluto just isn't that exciting to me. It's a small, cold rock.
A lot more interesting than anything the manned space programme has done since Apollo.
The whole project budget is of the same order as one(!) shuttle flight.
Depends on the distortion really. For instance if your calibration star is jittering around the image, you can be pretty sure it is due to atmospheric distortion, not to the star leaping light years in milliseconds.
AIUI, based on reading about other telescope plans, but I think it applies here, they don't try and measure and pre-compensate for distorting influences, rather they use the image to determine what the current distortion is, and compensate for it.
Of course, to do this you need to have something in the image which you know how it should look (bad grammar there). Eg you arange your picture to contain a point source like a distant bright star and the nebula you are interested in. Then you twiddle the optics until the star is as close to a stationary point as you can get, which should have the effect of making the nebula clear.
If you have used an auto-focus camera and found that some things are hard for it to focus on, you may have used the same trick, pick somethig near what you want in focus, focus on that and then take your picture. Imagine doing that gazillions of times per second.
I remember reading a proposal to put optical targets in orbit to help with this process. That way they wouldn't be limited by the need to find a bright point source near what they are interested in.
I dissagree, I think it would make a wonderful movie. However, it wouldn't make a very commercial movie. Has a couple of action sections I suppose, biut most of it is slow revelation. Think Koyaanisqatsi with digital effects and some small amount of narrative action to tie it together.
And there is no simple minded ending. The reason I don't lik ethe other books so much is that they are all collectively an attempt to graft an ending onto RWR, which doesn't need one.
Of course, the same can be said of 2001, the problems started when Sk and ACC were trying to tie down a Holywood-palitable ending.
On the whole I think it' best if they do a Blade Runner on it. Pinch some ideas and make somethign which is a movie in it's own terms.
More like throwing aay your printer when you run out of ink, with the added feature that getting the new printer delivered will cost you millions of dollarpounds.
Thinks: oh, this might be interesting, a /. poster isn't going to spout the usual bollocks, so maybe we will learn something...
[the usual bollocks]
And the fact that I choose to have a windows machine an a work machine rather than dual booting would cost you money because...
The fact that I want a firewall between these machines and the world costs you money because...
The fact that I would like to sit in front of the fire using a laptop sometimes costs you money because...
The fact that I do this with NAT rather than juggling wireing or using a proxy costs you money because...
Consider the article which sparked this off. Finding out if somone has more than one machine back there is hard, worth writing a paper about, If it's hard to tell something is happeneing, then it can't be a real problem to you. Bandwidth hogs are easy to detect and so may be a real problem.
What you are doing is putting an artificial limit on people, so you can charge extra to remove it. Fine, if that is your business model, but lieing about it is just nasty.
I have wondered in the past if it would be possible to launch kind of backpack units to help out old satelites. I was thinking of small boxes with attitude jets or whatever runs out which could bolt themselves to otherwise useless satelites. I hadn't thought of the battery problem though.
So, this article inspired me to wonder why they don't build satelites with replaceable bits containing the consumables. A standardised box with batteries, manoevering abaility and whatever else tends to run out. These would persumably be cheaper to launch than a complete new satelite, and cheaper to build because they are standard.
Take a clever design to give enough flexibility, but hell, that is what we have engineers for!
No, because it prioritises your mail. Mail from certain adresses is always real, mail from certain adresses is always spam. So, I don't check mail which looks like spam as often as I check mail which looks like spam. When I reply to someone who was treated as spammed, I tell them why the reply was delayed which should help the sensible ones avoid other people's fiulters. (don't mail HTML is a good rule for instance).
Automated trusted corespondents ensures that a real human, accountable for his or her actions, sent the email.
This would just make me give up emailing the person. Not useful if I was trying to buy something from them.
Wet ones?
It already did (9/11).
Of course, responding to 9/11 by attacking one of bin Laden's two greatest enemies is, er, surreal.
If I compromise your key, can't I then re-sign my doctored document with last week's date... It's late, so maybe there is a way to block that which doesn't occur to me.
Lots of this stuff is non-obvious, especially in the presence of cocoa with brandy in it (slurp!).
Yes, but if the attacker has access to encrypted (not just signed) documents, then as soon as your private key is compromised, so are the documents.
Indeed, the situation for encryption is different. The basic answer here is to realise that an encryption of a document has a lifespan. If it is really essential that no one sees the plain text, then shred the document and burn the bits (or the electronic equivalent). Once you send an encrypted document out into the world, assume it will become public property sooner or later and plan what to do when it does.
The way I read the `secrecy != security' slogan is that one should always work on the assumption that every secret will be revealed, sooner or later. Security must therefore be built on something more substantial than secrecy.
As a colourful example, in an intelligence organisation, one would have to assume that any captured agent will spill the beans, and that any agent in the field can be captured at any moment. Hence security comes from limiting the usefulness to the enemy of what any one agent knows, and having backup systems which can let everyone know when someone is captured, so plans can be changed.
For those of us in less glamourous/dangerous occupations, it comes down to such things as defence in depth. make sure that you can do most things you regularly need to without becoming root, then make becoming root complex, then prevent root logging in remotely, then make sure your non-root logins are secure, then use secure connections, then....