I was behind a firewall going to what I thought was a safe site.
The point being, the OP who claimed to be running an unpatched XP for years is either a lying bastard or so lucky that they should be heading straight for Las Vegas.
Company A pollutes, then pays company C to not pollute (assume that C would have otherwise polluted).
The highlighted section of your quote is where carbon offsets break down.
Any company that is below their "allowed" output can sell carbon offsets, and thus you end up with nothing more than Company C getting some cash so that Company A can break the rules. It makes Company A feel better, and Company C more wealthy, but does nothing to reduce carbon emissions.
This doesn't even get into the scams where organizations that don't have anything that emits CO2 (other than their own breath) will sell carbon offsets just for the money. They might claim to plant trees or do some other "green" thing, but often that part doesn't really happen (even if it mattered).
And his grand security architecture posture is simply "don't use much of the internet."
I learned the lesson when I built a machine to use as a DVR and hadn't patched XP beyond the built-in SP2 and had not yet installed anti-virus. I browsed to a website to check TV listings (to see if what the DVR was getting from its feed was correct) and either I typo'd the domain or else the real one was hacked to host malware, and got hit with a drive-by trojan that I couldn't get rid of, even by booting off a different OS disk.
If somebody can keep an unpatched Windows box running with no issues, then either they don't ever browse the web or they should funnel all their luck into lottery tickets.
It sounds like you need to adjust your traffic shaper. If your router will handle the load, but not on a single connection, then the traffic shaper is probably purposefully limiting it.
I think you misunderstood...if you enable the m0n0wall or pfSense traffic shaper, the fastest single stream is about 25% of what you set as the "link speed" in the traffic shaper wizard, and there is no way to change this behavior. This happens even if there are no traffic shaping rules set.
The only way around this is to lie and configure the link speed as 4x of what you really have. Of course, this then causes the software to believe that you have a faster connection, which makes it not manage the traffic correctly.
Without the traffic shaping feature, m0n0wall and pfSense aren't really worth the time and money to install (since you need a complete computer) when a $150 box that draws 30W will do as well on the reduced feature set.
But, if you happen to have an old machine sitting around doing nothing and have the space for it, software solutions are far better than any hardware less than about $300.
I'd love to see this turkey spend some time trying to get rid of a seriously nasty infection where he can NOT wipe the thing because they have data shotgunned all over the damned drive, or get to see a nasty pron bug that spews crap like bukkake all over the damned screen be the first thing HE had to look at first thing in the morning.
I maintain a lot of Windows machines, and if you are having trouble with "data shotgunned all over the drive" or seeing any effects of a virus, you're not doing your job right:
1. remove drive from problem PC
2. insert drive into "clean it" IT workstation as data drive and recover all data
3. wipe and re-image drive
4. restore data
5. return drive to problem PC and warn user about behavior that caused this problem
I am not sure what you have going on but people are regularly get upward of 700Mbps over gigabit ethernet using m0n0wall and pfsense with good network cards. Memory latency or cache thrashing seems to cause Intel's Core2 CPUs to do significantly worse than AMD's Opterons (especially with multiprocessing) but even the current crop of embedded x86 boxes can handle better than 100Mbps.
The test box was running on an Opteron 2350 with just one core enabled (to simulate one of the low-end embedded single-core processors.
If the traffic shaper is causing a problem there may be some low level parameters to adjust. The m0n0wall mailing list would be a good place to ask.
I've asked at pfSense forums...their response is basically the same as with every other detailed question: read the forums because it's already been answered. Of course, it hasn't but that doesn't change their standard reply.
Basically, run throughput tests (and for me the important thing was simultaneous upload and download) with the stock config, then enable the traffic shaper and tell it that you only have a 100Mbps link (or any value). You'll find that it's impossible for a single stream to do better than about 30% of whatever speed you pick, although multiple streams can combine to do better. Since I sometimes do want to use 100% of my bandwidth (or damn near) on a single transfer, both m0n0wall and pfSense weren't something I could use.
I've hit over 60mbps on a P3 600Mhz / 64MB* using Intel NICs. At that point, things like what NICs you're using is going to start making a big difference.
With no special rules, I could sustain 132Mbps total through m0n0wall (which is about 66Mbps each way) using Intel 8254x and nForce cards on the 2GHz/512MB.
As soon as I added the traffic shaper wizard (configured for 1000Mbps connections), it dropped down to 115Mbps. If I told the wizard I only had a 100Mbps connection (on the same gigabit NICs), the combined throughput dropped to 56Mbps.
Using just routing with no NAT, I don't have the figure handy, but ISTR that it was around 300Mbps combined thoughput, with about 400-450Mbps with no routing device at all. The NICs weren't particularly tuned, since these base throughput numbers are way beyond what the WAN link would provide.
... and use pfsense. My Intel CPU mini-itx board, with processor and ram was $100 and it works better than any consumer grade, BestBuy special router.
pfSense is better than m0n0wall, but still can't handle more than 35Mbps symmetric over a 100Mbps link (at least not with only a 2GHz processor and 512MB of RAM) when the "traffic shaper" is turned on.
With it off, it can handle over 70Mbps, but then you lose all those great features (like prioritizing VoIP, etc.).
I'd set up openwrt or distro-of-your-choice (m0n0wall was nice last time I looked at these things) on a small and silent PC with two network cards, mini-itx or such. That would give you the prestanda and flexibility you want.
I tested m0n0wall on a 2GHz CPU with 512MB of RAM and it couldn't run faster than 30Mbps symmetric (using gigabit NICs). See my other post for more information.
I'm sure with a faster CPU and more RAM you could do better, but I'd guess that 50Mbps would be about the limit without spending more than $200. At that point, you might as well get dedicated hardware, as the extra featues (built-in switch, etc.) are something you'd likely need to pay for anyway.
I expect you either have an inferior manufacturing run, an inferior model, or an inferior brand.
There are basically no cheap home routers than can handle a 50/20Mbps link at full speed when NAT is involved.
I've tested both dedicated appliance hardware and software (either running on an actual PC or some micro system, like the Soekris) by hooking up the test router between two gigabit NICs and using netcat to send the output from/dev/urandom to/dev/null on the other machine (to avoid timing any hard drive speeds).
The Netgear FVS338 is what I settled on after verifying that it could handle 50Mbps symmetric, although I'm sure that other devices will work. I couldn't find anything in the under-$100 price range that could handle more than 20Mbps symmetric.
Playing a little "devil's advocate", I suppose the case could be made that browser windows created by remotely originating Javascript should not be able to create windows that look like locally created warnings. Perhaps the windows Javascript can create should be marked in some way to make it obvious that it's the result of a Web site.
This is a good idea, but unfortunately dynamic HTML allows the creation of "windows" within the browser, and there really is no way to limit this without seriously destroying page layout.
Sure, these moveable HTML elements are confined to the browser window, but I think that somebody who would believe that a web site has "scanned" a D:\ drive that doesn't exist and found malware wouldn't notice that a window wasn't "outside" the browser.
What he is doing will likely result in a big change in government in the next major election cycle and he may not even be the next Democratic presidential candidate if the Democrats hope to remain significant. I doubt people will be so quick to forget the reasons they moved away from the Republicans the last go around and so I think third parties will really make an emergence in the NEXT election cycle.
In general, I would agree with you, but if there is some big talking-point issue in 2012, then every failure of the administration from 2009-2011 will be forgotten.
This last election ended up being a referendum on the economic crash of 2008, while many other major issues from the previous 4 years were ignored. The only real long-term issue that was covered was military deployment. Sure, there were a lot of other small talking points, but the Democrats blaming the economic turmoil on the Republicans along with a "change" candidate for the Democrats ended up being more than enough.
This brings to mind one other big advantage of VMs that help with uptime issues: fast reboots.
Some of those old systems might have to be administered following "Microsoft best practices" (reboot once a week just to be safe), and older hardware might have issues with that, plus it's just slower. Add in the fact that VMs don't have to do many of the things that physical hardware has to do (memory check, intialize the RAID, etc.), and you can reboot back to "everything running" in less than 30 seconds.
Although you never want to reboot if you can avoid it, this one factor gives you some serious advantages. If you have to apply a patch that requires a reboot, you can do so just by making sure the server isn't being used right now, and it's likely that people won't even notice. Of course, you don't do this until after you have done the same thing on the test server, and know that the patch won't cause issues.
then work on 'upgrades' from there.
And the test environment is a big thing that VMs can provide to help those upgrades. Just p2v the system, then clone it to create the test version. Use snapshots and torture the test system as much as you want.
If you trust only a server under your own control, for example, this could be really useful within an organization to allow users to install company-authorized packages without having to run around and install everything for everyone, while still preventing average users from doing anything to the machine.
Unless you have a lot of custom packages and really small hard drives, you'd never bother with this...you'd just install every package on every machine, and then use the built-in auto-updater on the system to keep every package (custom or distro-supplied) up to date..
Only licensing issues might prevent this, but if that were the case, you wouldn't want users installing the packages on their own, either.
There's no need for something like awesomebar to be core, is there?
Maybe the full set of functionality isn't required to be in the "core", but I think that you'd have to have some sort of location bar in the core.
Then, you end up with an add-on either extending or duplicating the existing functionality, either of which can become a problem.
I think it would be far easier to have the full "awesome bar" as part of the core, but have a real UI that allows users to enable/disable every feature.
Quite simply, anyone who pirates has ZERO respect for the people who actually make that content. You can justify it all you want, as screwing the RIAA or Microsoft, or Sony, or whoever. But really? You're screwing me and other people who make the stuff you watch and play.
Yes, I know that when I record unencrypted broadcast television on my computer and watch it later, I'm taking food out of the mouths of hardworking actors, writers, and electricians. Or, when I use the cable-company DVR to record a "premium" channel and then watch later on my TV that's connected via analog component video connections. Or, when I buy a song online and listen to it on both my computer and my portable MP3 player.
Wait, let me try that again:
<sarcasm>Yes, I know that when I record unencrypted broadcast television on my computer and watch it later, I'm taking food out of the mouths of hardworking actors, writers, and electricians. Or, when I use the cable-company DVR to record a "premium" channel and then watch later on my TV that's connected via analog component video connections. Or, when I buy a song online and listen to it on both my computer and my portable MP3 player.</sarcasm>
The point being, of course, that mostly what the **AA is doing in their quest to stop "pirates" is trampling on fair use rights in an attempt to construct a "pay per use per device per person" business model.
Although the parameter to HELO can be an outright lie, unless it's not following the RFC, you just accept it and ignore it. Anyone who uses a syntactically correct HELO to block e-mail is just asking for trouble.
What's important is the connecting IP address, envelope sender, and envelope recipient, only one of which can be faked in any meaningful way and still result in a chance to deliver e-mail. With just those three pieces of information, you can block almost all true spam without needing to close off vast swaths of the Internet at your firewall.
Using greylisting, strict SMTP RFC compliance checks, and SpamAssassin with scoring for blacklists, and with nearly 500 active e-mail accounts that end up in my inbox, and I generally see less than one piece of spam every day, although on really bad days I see two or three.
You're assuming that everyone doing greylisting is doing it "properly" and even then it's an inconvenience.
Properly-done greylisting isn't an inconvenience to anybody, because nobody notices it.
A slight delay in receiving the first e-mail from a system is nothing, since you might not have been expecting that e-mail. In addition, even with a 4-minute initial delay (my choice in greylisting), mail to my domain is delayed less by greylisting than by whatever random outages afflict the Internet.
As an aside, when did e-mail become "instant messaging", and when did "instant" become a requirement for all forms of communications, regardless of the importance?
It's not a about viruses it's the shear volume of spam hitting mail servers that makes blacklisting necessary.
If you remove it your essentially allowing yourself to be DOS'd.
Funny, but I have no problem using RBLs as only scoring for spam.
Most spam never even gets far enough to be scored. I have lots of stuff like the following in my logs:
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: <username.deletethis@example.com>... User unknown
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: lost input channel from abts-mp-dynamic-076.9.168.122.airtelbroadband.in [122.168.9.76] (may be forged) to MTA after rcpt
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: from=<reappointfr44@rotex2780.com>, size=0,class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=abts-mp-dynamic-076.9.168.122.airtelbroadband.in [122.168.9.76] (may be forged)
Nov 13 07:52:21 xxxxxxx mimedefang.pl[5245]: filter_relay: 61.79.93.53; [61.79.93.53]
Nov 13 07:52:31 xxxxxxx mimedefang.pl[5245]: filter_helo: 61.79.93.53; [61.79.93.53]; ZQLSMIV
Nov 13 07:52:31 xxxxxxx mimedefang.pl[5245]: filter_helo rejected helo ZQLSMIV
Nov 13 07:52:51 xxxxxxx sendmail[7202]: nADCqLHZ007202: Milter: helo=ZQLSMIV, reject=501 5.5.4 Bad HELO: 'ZQLSMIV' is not fully qualified domain name
Nov 13 08:19:17 xxxxx mimedefang.pl[5381]: filter_relay: 91.121.19.58; ks39028.kimsufi.com
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_helo: 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com
Nov 13 08:19:28 xxxxx mimedefang.pl[5382]: filter_sender: nADDJHD8007545; 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com; <ioamorim@eln.gov.br>
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_recipient: nADDJHD8007545; 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com; <ioamorim@eln.gov.br>; <user@example.com>; <user@example.com>; local; ? ; user
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: greylist_check: nADDJHD8007545; ks39028.kimsufi.com [91.121.19.58] is default-listed
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: gl_addtuple: nADDJHD8007545; 91.121.19.58; <ioamorim@eln.gov.br>; <user@example.com>; delay until Fri Nov 13 08:23:28 2009; expires Mon Nov 16 08:23:28 2009
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: gl_newipstate: nADDJHD8007545; 91.121.19.58; grey; expires Fri Nov 13 08:23:28 2009
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_recipient tempfailed recipient <user@example.com>
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: Milter: to=<user@example.com>, reject=450 4.7.1 Greylisting in action, please come back in 00:04:00
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: lost input channel from ks39028.kimsufi.com [91.121.19.58] to MTA after rcpt
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: from=<ioamorim@eln.gov.br>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=ks39028.kimsufi.com [91.121.19.58]
There are a lot of other tricks that don't show up in the logs (or not very well), like delaying error responses for 30 seconds or so, adding a 10-second delay before my mail server greeting, etc. With these tools, barely half the connections even get to the "DATA" stage, and almost all of that is opt-in mailing list e-mail.
Agreed. I'm also tech support for our house, and although we only have 2 people it's still a network of 25+ devices and at least 7 computers. My wife doesn't get admin rights on anything, and she actually likes it that way (less chance of her breaking something and having to ask me for help!).
At one extreme, you have content producers wanting to be paid every time anyone watches their film.
At one extreme, you have content producers wanting to be paid every time anyone watches any part of, uses screenshots from, discusses or otherwise references in any format their film.
Fixed that for you.
Note that I didn't mention that they want facial recognition hardware and software installed in displays so that they can charge per person, instead of just per showing.
preferences, privacy>suggest results from:>Nothing, that completely disables the awesome bar.
Right, but as far as I know, the previous behavior was to match results from typed URLs only, and to show only the URLs on a single line.
The first can be fixed by setting browser.urlbar.default.behavior=49, but showing page titles while still matching typed URLs cannot be accomplished with any config changes...it requires changes to userChrome.css.
Slashdot Mirror
AFAIK, every Dell laptop now comes with a backlit keyboard. That would certainly be more than 5% of laptops sold today.
I do know for sure that everything in their "Studio" laptop line certainly does have a backlit keyboard with multiple brightness levels.
'Co-operate (work together), 'cooper-ate' (a nonsense word), 're-cooper-ate' (get better).
co-operate = work together
cooper-ate = a nonsense word
re-cooper-ate = another nonsense word
Try recuperate if you mean "get better".
I was behind a firewall going to what I thought was a safe site.
The point being, the OP who claimed to be running an unpatched XP for years is either a lying bastard or so lucky that they should be heading straight for Las Vegas.
Company A pollutes, then pays company C to not pollute (assume that C would have otherwise polluted).
The highlighted section of your quote is where carbon offsets break down.
Any company that is below their "allowed" output can sell carbon offsets, and thus you end up with nothing more than Company C getting some cash so that Company A can break the rules. It makes Company A feel better, and Company C more wealthy, but does nothing to reduce carbon emissions.
This doesn't even get into the scams where organizations that don't have anything that emits CO2 (other than their own breath) will sell carbon offsets just for the money. They might claim to plant trees or do some other "green" thing, but often that part doesn't really happen (even if it mattered).
And his grand security architecture posture is simply "don't use much of the internet."
I learned the lesson when I built a machine to use as a DVR and hadn't patched XP beyond the built-in SP2 and had not yet installed anti-virus. I browsed to a website to check TV listings (to see if what the DVR was getting from its feed was correct) and either I typo'd the domain or else the real one was hacked to host malware, and got hit with a drive-by trojan that I couldn't get rid of, even by booting off a different OS disk.
If somebody can keep an unpatched Windows box running with no issues, then either they don't ever browse the web or they should funnel all their luck into lottery tickets.
It sounds like you need to adjust your traffic shaper. If your router will handle the load, but not on a single connection, then the traffic shaper is probably purposefully limiting it.
I think you misunderstood...if you enable the m0n0wall or pfSense traffic shaper, the fastest single stream is about 25% of what you set as the "link speed" in the traffic shaper wizard, and there is no way to change this behavior. This happens even if there are no traffic shaping rules set.
The only way around this is to lie and configure the link speed as 4x of what you really have. Of course, this then causes the software to believe that you have a faster connection, which makes it not manage the traffic correctly.
Without the traffic shaping feature, m0n0wall and pfSense aren't really worth the time and money to install (since you need a complete computer) when a $150 box that draws 30W will do as well on the reduced feature set.
But, if you happen to have an old machine sitting around doing nothing and have the space for it, software solutions are far better than any hardware less than about $300.
I'd love to see this turkey spend some time trying to get rid of a seriously nasty infection where he can NOT wipe the thing because they have data shotgunned all over the damned drive, or get to see a nasty pron bug that spews crap like bukkake all over the damned screen be the first thing HE had to look at first thing in the morning.
I maintain a lot of Windows machines, and if you are having trouble with "data shotgunned all over the drive" or seeing any effects of a virus, you're not doing your job right:
1. remove drive from problem PC
2. insert drive into "clean it" IT workstation as data drive and recover all data
3. wipe and re-image drive
4. restore data
5. return drive to problem PC and warn user about behavior that caused this problem
I am not sure what you have going on but people are regularly get upward of 700Mbps over gigabit ethernet using m0n0wall and pfsense with good network cards. Memory latency or cache thrashing seems to cause Intel's Core2 CPUs to do significantly worse than AMD's Opterons (especially with multiprocessing) but even the current crop of embedded x86 boxes can handle better than 100Mbps.
The test box was running on an Opteron 2350 with just one core enabled (to simulate one of the low-end embedded single-core processors.
If the traffic shaper is causing a problem there may be some low level parameters to adjust. The m0n0wall mailing list would be a good place to ask.
I've asked at pfSense forums...their response is basically the same as with every other detailed question: read the forums because it's already been answered. Of course, it hasn't but that doesn't change their standard reply.
Basically, run throughput tests (and for me the important thing was simultaneous upload and download) with the stock config, then enable the traffic shaper and tell it that you only have a 100Mbps link (or any value). You'll find that it's impossible for a single stream to do better than about 30% of whatever speed you pick, although multiple streams can combine to do better. Since I sometimes do want to use 100% of my bandwidth (or damn near) on a single transfer, both m0n0wall and pfSense weren't something I could use.
I've hit over 60mbps on a P3 600Mhz / 64MB* using Intel NICs. At that point, things like what NICs you're using is going to start making a big difference.
With no special rules, I could sustain 132Mbps total through m0n0wall (which is about 66Mbps each way) using Intel 8254x and nForce cards on the 2GHz/512MB.
As soon as I added the traffic shaper wizard (configured for 1000Mbps connections), it dropped down to 115Mbps. If I told the wizard I only had a 100Mbps connection (on the same gigabit NICs), the combined throughput dropped to 56Mbps.
Using just routing with no NAT, I don't have the figure handy, but ISTR that it was around 300Mbps combined thoughput, with about 400-450Mbps with no routing device at all. The NICs weren't particularly tuned, since these base throughput numbers are way beyond what the WAN link would provide.
... and use pfsense. My Intel CPU mini-itx board, with processor and ram was $100 and it works better than any consumer grade, BestBuy special router.
pfSense is better than m0n0wall, but still can't handle more than 35Mbps symmetric over a 100Mbps link (at least not with only a 2GHz processor and 512MB of RAM) when the "traffic shaper" is turned on.
With it off, it can handle over 70Mbps, but then you lose all those great features (like prioritizing VoIP, etc.).
I'd set up openwrt or distro-of-your-choice (m0n0wall was nice last time I looked at these things) on a small and silent PC with two network cards, mini-itx or such. That would give you the prestanda and flexibility you want.
I tested m0n0wall on a 2GHz CPU with 512MB of RAM and it couldn't run faster than 30Mbps symmetric (using gigabit NICs). See my other post for more information.
I'm sure with a faster CPU and more RAM you could do better, but I'd guess that 50Mbps would be about the limit without spending more than $200. At that point, you might as well get dedicated hardware, as the extra featues (built-in switch, etc.) are something you'd likely need to pay for anyway.
I expect you either have an inferior manufacturing run, an inferior model, or an inferior brand.
There are basically no cheap home routers than can handle a 50/20Mbps link at full speed when NAT is involved.
I've tested both dedicated appliance hardware and software (either running on an actual PC or some micro system, like the Soekris) by hooking up the test router between two gigabit NICs and using netcat to send the output from /dev/urandom to /dev/null on the other machine (to avoid timing any hard drive speeds).
The Netgear FVS338 is what I settled on after verifying that it could handle 50Mbps symmetric, although I'm sure that other devices will work. I couldn't find anything in the under-$100 price range that could handle more than 20Mbps symmetric.
Playing a little "devil's advocate", I suppose the case could be made that browser windows created by remotely originating Javascript should not be able to create windows that look like locally created warnings. Perhaps the windows Javascript can create should be marked in some way to make it obvious that it's the result of a Web site.
This is a good idea, but unfortunately dynamic HTML allows the creation of "windows" within the browser, and there really is no way to limit this without seriously destroying page layout.
Sure, these moveable HTML elements are confined to the browser window, but I think that somebody who would believe that a web site has "scanned" a D:\ drive that doesn't exist and found malware wouldn't notice that a window wasn't "outside" the browser.
What he is doing will likely result in a big change in government in the next major election cycle and he may not even be the next Democratic presidential candidate if the Democrats hope to remain significant. I doubt people will be so quick to forget the reasons they moved away from the Republicans the last go around and so I think third parties will really make an emergence in the NEXT election cycle.
In general, I would agree with you, but if there is some big talking-point issue in 2012, then every failure of the administration from 2009-2011 will be forgotten.
This last election ended up being a referendum on the economic crash of 2008, while many other major issues from the previous 4 years were ignored. The only real long-term issue that was covered was military deployment. Sure, there were a lot of other small talking points, but the Democrats blaming the economic turmoil on the Republicans along with a "change" candidate for the Democrats ended up being more than enough.
Just p2v his entire data center first,
This brings to mind one other big advantage of VMs that help with uptime issues: fast reboots.
Some of those old systems might have to be administered following "Microsoft best practices" (reboot once a week just to be safe), and older hardware might have issues with that, plus it's just slower. Add in the fact that VMs don't have to do many of the things that physical hardware has to do (memory check, intialize the RAID, etc.), and you can reboot back to "everything running" in less than 30 seconds.
Although you never want to reboot if you can avoid it, this one factor gives you some serious advantages. If you have to apply a patch that requires a reboot, you can do so just by making sure the server isn't being used right now, and it's likely that people won't even notice. Of course, you don't do this until after you have done the same thing on the test server, and know that the patch won't cause issues.
then work on 'upgrades' from there.
And the test environment is a big thing that VMs can provide to help those upgrades. Just p2v the system, then clone it to create the test version. Use snapshots and torture the test system as much as you want.
If you trust only a server under your own control, for example, this could be really useful within an organization to allow users to install company-authorized packages without having to run around and install everything for everyone, while still preventing average users from doing anything to the machine.
Unless you have a lot of custom packages and really small hard drives, you'd never bother with this...you'd just install every package on every machine, and then use the built-in auto-updater on the system to keep every package (custom or distro-supplied) up to date..
Only licensing issues might prevent this, but if that were the case, you wouldn't want users installing the packages on their own, either.
There's no need for something like awesomebar to be core, is there?
Maybe the full set of functionality isn't required to be in the "core", but I think that you'd have to have some sort of location bar in the core.
Then, you end up with an add-on either extending or duplicating the existing functionality, either of which can become a problem.
I think it would be far easier to have the full "awesome bar" as part of the core, but have a real UI that allows users to enable/disable every feature.
Quite simply, anyone who pirates has ZERO respect for the people who actually make that content. You can justify it all you want, as screwing the RIAA or Microsoft, or Sony, or whoever. But really? You're screwing me and other people who make the stuff you watch and play.
Yes, I know that when I record unencrypted broadcast television on my computer and watch it later, I'm taking food out of the mouths of hardworking actors, writers, and electricians. Or, when I use the cable-company DVR to record a "premium" channel and then watch later on my TV that's connected via analog component video connections. Or, when I buy a song online and listen to it on both my computer and my portable MP3 player.
Wait, let me try that again:
<sarcasm>Yes, I know that when I record unencrypted broadcast television on my computer and watch it later, I'm taking food out of the mouths of hardworking actors, writers, and electricians. Or, when I use the cable-company DVR to record a "premium" channel and then watch later on my TV that's connected via analog component video connections. Or, when I buy a song online and listen to it on both my computer and my portable MP3 player.</sarcasm>
The point being, of course, that mostly what the **AA is doing in their quest to stop "pirates" is trampling on fair use rights in an attempt to construct a "pay per use per device per person" business model.
Rule #1: you can't trust anything a spammer sends you, this includes their HELO/EHLO command.
Perhaps you should learn more about SMTP.
Although the parameter to HELO can be an outright lie, unless it's not following the RFC, you just accept it and ignore it. Anyone who uses a syntactically correct HELO to block e-mail is just asking for trouble.
What's important is the connecting IP address, envelope sender, and envelope recipient, only one of which can be faked in any meaningful way and still result in a chance to deliver e-mail. With just those three pieces of information, you can block almost all true spam without needing to close off vast swaths of the Internet at your firewall.
Using greylisting, strict SMTP RFC compliance checks, and SpamAssassin with scoring for blacklists, and with nearly 500 active e-mail accounts that end up in my inbox, and I generally see less than one piece of spam every day, although on really bad days I see two or three.
You're assuming that everyone doing greylisting is doing it "properly" and even then it's an inconvenience.
Properly-done greylisting isn't an inconvenience to anybody, because nobody notices it.
A slight delay in receiving the first e-mail from a system is nothing, since you might not have been expecting that e-mail. In addition, even with a 4-minute initial delay (my choice in greylisting), mail to my domain is delayed less by greylisting than by whatever random outages afflict the Internet.
As an aside, when did e-mail become "instant messaging", and when did "instant" become a requirement for all forms of communications, regardless of the importance?
It's not a about viruses it's the shear volume of spam hitting mail servers that makes blacklisting necessary. If you remove it your essentially allowing yourself to be DOS'd.
Funny, but I have no problem using RBLs as only scoring for spam.
Most spam never even gets far enough to be scored. I have lots of stuff like the following in my logs:
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: <username.deletethis@example.com>... User unknown
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: lost input channel from abts-mp-dynamic-076.9.168.122.airtelbroadband.in [122.168.9.76] (may be forged) to MTA after rcpt
Nov 13 07:52:05 xxxxxxx sendmail[7196]: nADCppch007196: from=<reappointfr44@rotex2780.com>, size=0,class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=abts-mp-dynamic-076.9.168.122.airtelbroadband.in [122.168.9.76] (may be forged)
Nov 13 07:52:21 xxxxxxx mimedefang.pl[5245]: filter_relay: 61.79.93.53; [61.79.93.53]
Nov 13 07:52:31 xxxxxxx mimedefang.pl[5245]: filter_helo: 61.79.93.53; [61.79.93.53]; ZQLSMIV
Nov 13 07:52:31 xxxxxxx mimedefang.pl[5245]: filter_helo rejected helo ZQLSMIV
Nov 13 07:52:51 xxxxxxx sendmail[7202]: nADCqLHZ007202: Milter: helo=ZQLSMIV, reject=501 5.5.4 Bad HELO: 'ZQLSMIV' is not fully qualified domain name
Nov 13 08:19:17 xxxxx mimedefang.pl[5381]: filter_relay: 91.121.19.58; ks39028.kimsufi.com
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_helo: 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com
Nov 13 08:19:28 xxxxx mimedefang.pl[5382]: filter_sender: nADDJHD8007545; 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com; <ioamorim@eln.gov.br>
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_recipient: nADDJHD8007545; 91.121.19.58; ks39028.kimsufi.com; ks39028.kimsufi.com; <ioamorim@eln.gov.br>; <user@example.com>; <user@example.com>; local; ? ; user
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: greylist_check: nADDJHD8007545; ks39028.kimsufi.com [91.121.19.58] is default-listed
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: gl_addtuple: nADDJHD8007545; 91.121.19.58; <ioamorim@eln.gov.br>; <user@example.com>; delay until Fri Nov 13 08:23:28 2009; expires Mon Nov 16 08:23:28 2009
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: gl_newipstate: nADDJHD8007545; 91.121.19.58; grey; expires Fri Nov 13 08:23:28 2009
Nov 13 08:19:28 xxxxx mimedefang.pl[5381]: filter_recipient tempfailed recipient <user@example.com>
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: Milter: to=<user@example.com>, reject=450 4.7.1 Greylisting in action, please come back in 00:04:00
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: lost input channel from ks39028.kimsufi.com [91.121.19.58] to MTA after rcpt
Nov 13 08:19:28 xxxxx sendmail[7545]: nADDJHD8007545: from=<ioamorim@eln.gov.br>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=ks39028.kimsufi.com [91.121.19.58]
There are a lot of other tricks that don't show up in the logs (or not very well), like delaying error responses for 30 seconds or so, adding a 10-second delay before my mail server greeting, etc. With these tools, barely half the connections even get to the "DATA" stage, and almost all of that is opt-in mailing list e-mail.
Agreed. I'm also tech support for our house, and although we only have 2 people it's still a network of 25+ devices and at least 7 computers. My wife doesn't get admin rights on anything, and she actually likes it that way (less chance of her breaking something and having to ask me for help!).
This sounds exactly like my house.
Are you from a parallel universe or something?
On Windows XP, Firefox cannot update itself when running in a non-admin account. (Bugzilla:407875)
This is only true if Firefox is installed in the default location under %ProgramFiles%.
A non-admin user can install Firefox anywhere they have write permission, and then updates work fine.
At one extreme, you have content producers wanting to be paid every time anyone watches their film.
At one extreme, you have content producers wanting to be paid every time anyone watches any part of, uses screenshots from, discusses or otherwise references in any format their film.
Fixed that for you.
Note that I didn't mention that they want facial recognition hardware and software installed in displays so that they can charge per person, instead of just per showing.
preferences, privacy>suggest results from:>Nothing, that completely disables the awesome bar.
Right, but as far as I know, the previous behavior was to match results from typed URLs only, and to show only the URLs on a single line.
The first can be fixed by setting browser.urlbar.default.behavior=49, but showing page titles while still matching typed URLs cannot be accomplished with any config changes...it requires changes to userChrome.css.