In addition, those instructions don't help with the #1 issue of UID mapping when you have multiple Samba machines.
When you use these instructions, Winbind grabs a list of Windows accounts and maps them to UID/GID values as would appear in/etc/passwd. The mappings are permanent at that point. If you later add a new user or group to AD, then the user or group gets the next available UID/GID.
The problem is when you join linuxone to the domain, get everything working, then add some AD users and join linuxtwo to the domain. Now, the two machines almost certainly have different UID mappings for the new AD users. This means that you have decent interoperability from Unix to Windows, but any users authenticated from AD have crappy Unix to Unix interop.
In addition, there are PAM modules that allow you to control access based on group membership. These work 100% (either group name or GID) with Unix groups, but cannot use AD group names. So, you have to use the GID that gets mapped, and the mapping can be different on each Unix machine. So, if you use a Unix workstation for users, you can't roll out a standard image...it must be run-time configured.
Last, if for some reason you have to unjoin the Unix machine from the domain and then rejoin it, the mappings will change. So, all those files created in the home directory of joeuser with UID 50021 will be unreadable when he logs back in and joeuser has a UID of 50043.
Removing the DRM from Vista, will not remove it from the media. Your DRM-encumbered media will not be accessible *at all* without a DRM-capable player.
"WinDVD" is a "DRM-capable" player, and does not require any help from the OS to do it. All it needs is a "DRM-capable" DVD or BluRay drive, and since all DVD and BluRay drives are (by definition) "DRM-capable", that's not hard to provide.
But, again, DVDs and BluRay don't have true DRM, since they can't make disks that (intentionally) play while using a player with a specific serial number. All optical media is merely encrypted, and any licensed drive can decrypt the content if handed the correct key, and the correct key is given out to multitudes of player software.
The goal of DRM in Vista is not to prevent play it is to prevent recording.
And, once again, "DRM" accomplishes it's goal of not stopping copying but always pissing off paying customers.
Since the drive (not the software) does the decryption, there will never be any way to prevent copying (i.e., ripping). You don't need to defeat anything after the "player" to copy the content.
As for having the keys and the lock, even with "trusted computing" (which will never be important, since it would have to have 100% penetration to work) as long the decryption for viewing doesn't take place inside the trusted computing system (and it does not and probably will never, since the **AA is too paranoid/stupid to allow pure "software" decryption), at least one person can decrypt it for copying, which allows distribution to all the other people who can't do it.
No, I have to complain to the company that wrote the OS code that implements restrictions that don't stop copying, but do stop lawful use.
Remember that there is no DRM on DVD or BluRay discs...there is only encryption. There is also no need for any code written by the OS writer to be aware of the existence of the encryption, or even to provide drivers for the any optical drive features beyond basic reading. All of the encryption-aware software can be supplied by a third party.
The third party could even put lame restrictions like not being able to view HD unless the monitor is connected using HDCP. There is no need for the OS to implement any of this.
First, DRM by definition cannot work, as you can't have both the keys and the lock and not be able to get in the door.
Second, DVDs and BluRay technically don't have DRM, as you cannot authorize a single user/device to play back a movie...you can only authorize groups of devices. Because of this, every licensed drive can play back the content, thus there is no need for anything extra in the OS, because without the drive, you can't do anything at all.
Last, the supposed DRM on DVD an BluRay can't ever stop copying (precisely because the drive is licensed), but with the help of Vista, it can stop legitimate owners of disc from playing back their content.
These are the reasons why DRM doesn't belong (and isn't required) in any OS.
And what does the DRM in Windows stop you from doing that you would like to do?
I'd like to be able to watch HD content at full resolution on my 24" monitor that has DVI but not HDMI with HDCP.
Although I can do what I want if I'm not watching DRM-protected HD content, I'd like to be able to do that with all HD content that I have legally acquired.
I'd also like to be able to watch any HD content on systems that only have VGA outputs, too.
You don't need DRM in the OS to watch BluRay, DVDs, or any other DRM-protected content.
XP can't play back DVDs at all without a non-Microsoft piece of software added, yet once you add that software, DVD playback works fine. Same with Apple FairPlay (iTunes Music Store), Audible.com.aa files, etc.
There is no reason that Vista (or Windows 7, 8, 9, or 42) could not be designed the same way.
Besides, digital cameras, USB flash drives, portable HDDs and such don't need an operating system, but they do need to be able to talk with Windows.
Any device that can in some way read or write the data on the FAT file system without being plugged in to a computer would need a patent license for the file system (assuming any of this is valid).
So, only stupid devices like flash drives and hard drives would be safe...cameras, MP3 players, GPS, PDAs, cellphones, etc., would all need a patent license.
To my knowledge the iPhone/iPod no longer uses FAT32.
I can't say anything about iPhones, but iPods can be plugged in to any Windows XP/Vista computer and be accessed as a plain old USB drive. In order for that to happen, they need to use FAT (of some variety), HPFS, or NTFS. If they are larger than 2GB, they must use FAT32, and to support long filenames, they have to use the VFAT variant.
Which means, they have to have a file system that is patented by Microsoft.
You can format an iPod using HFS+ on a Mac, but then it won't work with Windows until you re-format it.
Excuse me? If I call up an pretend to be an HR droid, the former company will give me your Social Security Number?
Yes, they might, if there were two people with that name who worked for the company during the same time period.
They shouldn't give it out...they should only ask for it to make sure they give you details on the correct one, but people often volunteer information if they think you already know it.
E-books sell for less than half to a quarter of audio book CD prices and fewer copies are sold.
I don't believe this.
I can get almost every audio book for $9.99 each (though things like audible.com subscriptions), and I can't believe that equivalent eBooks are $2.50. A quick check shows that this is true, as eBooks are between $5-15, depending on the title. Compared to MSRP for CD-ROM audiobooks, the eBook might be 25%, but not to real-world prices for the content.
And, although audible.com does have DRM, the PC software they provide will burn a book to CD-ROM to turn it into a normal, non-MP3 audiobook that works in 100% of CD players.
Answering this "No" would get them in trouble, too.
Basically, there is no law that prevents any former employer from saying anything they want about you, as long as it does not violate the EEOC laws. So, if they get asked about you and say that you were the laziest person they had ever seen but couldn't be fired until your manager stopped sleeping with you, there's no law against it.
But, anything other than facts (and "would you re-hire this person" is not a fact-based inquiry) will get them into trouble. And, by "facts" I mean "true statements they would be willing to pay lawyers to support in court". You may really have been sleeping with your manager, but no one who likes their own job will say that on the record.
This limits them to your name, employment dates and maybe your title. Even your SSN (which might be required for a large company where there was more than one "Jon Smith" working at the same time) or similar information might be a no-no to give out, but they could reasonably ask for it to make sure that they are talking about the right person.
The major diffference is that any company that does not have some sort of escrow for important passwords (root, etc.) really deserves what they get if somebody just doesn't bother to tell the the password to their critical system.
By having some sort of policy in effect for how changes to these important passwords are handled, you can't actually stop a rogue admin from changing them, but you will have very strong legal reasons for firing, and possibly for a compensation lawsuit.
Last, in pretty much every password-protected system I know, if you have physical access, you will be able to change the main admin password in some way. This probably should be a requirement for all systems that any business/government purchases.
Integrated audio chips, SATA controllers, IDE controllers, memory controllers, PCI bridge, BIOS and ACPI interaction, and various other integrated components. You're talking around 20-30 "components" that all need separate drivers in a typical PC, at minimum.
There are already standard drivers for all motherboard hardware, and unless there is a radical change in the way these devices are designed, those drivers will just keep working. Updating them for a new OS that uses a different driver model isn't really a lot of work.
And, if you go with the "virtualize to maintain backward compatibility" metaphor, then the new OS doesn't need new drivers at all...it just needs a virtualization layer that lets software work with those older drivers. The trick is designing a generic virtualization system that won't require major changes until there are major new features in processors, and that's probably something that Microsoft can't do in a manner that would be acceptable to their cash flow requirements.
Then there's the fourth group: those who think MS should create an all-new Windows without the legacy crap with an emulator inside for backwards compatibility.
There's no need for an emulator...you can use an actual VM. Having just installed VMware Workstation 6.5, I think that its "Unity mode" (also available in VMware Fusion) that is the way to do it.
Since you can even run Linux as a guest on Windows and use Unity to show the Linux desktop windows seamlessly as part of your Windows desktop, I think that pretty much anything would be possible if you built this sort of functionality into the base OS.
qmail and djbdns achieved widespread deployment *despite* their unhelpful licenses and lack of official maintenance.
There are many pieces of software that are not the best tool for the job (or even in the top three in their category) of which similar things can be said.
For example, Internet Explorer has been behind the curve in browser quality for years, yet is the most used. Photoshop probably isn't the best tool for the job for 90% of people, yet it is the "must have" graphics editing tool.
Whether qmail is internally secure or not isn't important if it's default configuration leads to blowback spam. One of the touted features of djbdns is that it randomizes outgoing ports, but this is not needed if your firewall already does this, and is wasted if your firewall uses some predictable pattern.
Basically, Bernstein is loud and his volume seems to mask the ability of people to look at his software rationally.
There is no reason that the daemons in the cluster cannot communicate/interact at extremely (read local) speeds.
On VMware ESX, if one VM sends via its network card to another VM running on the same host server, it ends up as a memcpy by the hypervisor. Although a context switch is involved, this is still much faster than any physical network interface, but gives you the security of separate machines.
There are some large software packages that can't use bash without problems.
This is a problem with the software package, not with bash.
If the software has a script it runs that requires 100% sh compatibility, then the script should start with "#!/bin/sh", or should be invoked with "sh scriptname".
References are people you know who have agreed to do just that, not random people at places you used to work.
Because of the fear of lawsuits, the standard policy at almost every company (and 99.9% of large companies) is that the only question they will answer is "when did ____ work at ____?"
In addition, if this sort of overpayment did bring legal action against the ex-employee, any mention of such a matter to a new prospective employer would really open up the old employer to nasty lawsuits.
If the paperwork and payment match, then MS probably will have to eat the loss, but as you say, if the paperwork and payment are different, then it's in the ex-employee's best interest to pay back the overage with no fuss.
Re:Want a job? Get on LinkedIn
on
Linked In Or Out?
·
· Score: 5, Insightful
For example, I am first-level connected to several people who have written a moderately well-known RFC. I have more direct access to them than the average person, and I can pick their brain for free.
If I was hunting for a job in that particular field, then my connections might help, especially if the people doing the hiring know those names (even if they don't know the people personally).
On the other hand, I can't see a reason why somebody would not hire me just because I know somebody. For example, I have first-level connections to people that I have done business with (provided them consulting, etc.), but I'm not drinking buddies with (i.e., I don't know everything about them). Now, it's possible that those people are real slime except when dealing with me, but even if they are, it doesn't mean anything...I didn't say I recommended them, just that I know them.
Ask a thousand people who have enabled Google Latitude updates for a particular person how they would disable it for that person and see how many correct answers you would get.
In case you didn't know, for someone to find you using Google Latitude, first you have to download the latest version of Google Maps to your cellphone, then enable Latitude in your Google profile, then give individual people permission to see where you are.
If you forgot you did all this to allow your abusive spouse to track you, you can see where Darwin Awards come in.
Its not surprising java installs itself to firefox, java started as a language to run applets in the browser and still needs to be there.
This is about the 10th post that just doesn't understand the issue.
Running of Java applets within Firefox is controlled by a plugin. What is being installed by Java is an additional addon that is in the "extension" category, and is not required for running Java applets.
All this new extension does is preload Java when you start your browser, so that Java applets will appear to start faster. They won't really start any faster, since the pre-loaded code can be swapped out just like any other code. Likewise, if you have enough RAM, after the first Java applet runs, the Java runtime would be cached and future applets will start more quickly.
Even if applets do start faster, you are just changing when the time is taken (at browser load or at applet load).
Slashdot Mirror
Actually no, I'm a busy admin and I don't have time to follow these instructions for getting Samba hooked up to Active Directory: http://wiki.samba.org/index.php/Samba_&_Active_Directory
In addition, those instructions don't help with the #1 issue of UID mapping when you have multiple Samba machines.
When you use these instructions, Winbind grabs a list of Windows accounts and maps them to UID/GID values as would appear in /etc/passwd. The mappings are permanent at that point. If you later add a new user or group to AD, then the user or group gets the next available UID/GID.
The problem is when you join linuxone to the domain, get everything working, then add some AD users and join linuxtwo to the domain. Now, the two machines almost certainly have different UID mappings for the new AD users. This means that you have decent interoperability from Unix to Windows, but any users authenticated from AD have crappy Unix to Unix interop.
In addition, there are PAM modules that allow you to control access based on group membership. These work 100% (either group name or GID) with Unix groups, but cannot use AD group names. So, you have to use the GID that gets mapped, and the mapping can be different on each Unix machine. So, if you use a Unix workstation for users, you can't roll out a standard image...it must be run-time configured.
Last, if for some reason you have to unjoin the Unix machine from the domain and then rejoin it, the mappings will change. So, all those files created in the home directory of joeuser with UID 50021 will be unreadable when he logs back in and joeuser has a UID of 50043.
Removing the DRM from Vista, will not remove it from the media. Your DRM-encumbered media will not be accessible *at all* without a DRM-capable player.
"WinDVD" is a "DRM-capable" player, and does not require any help from the OS to do it. All it needs is a "DRM-capable" DVD or BluRay drive, and since all DVD and BluRay drives are (by definition) "DRM-capable", that's not hard to provide.
But, again, DVDs and BluRay don't have true DRM, since they can't make disks that (intentionally) play while using a player with a specific serial number. All optical media is merely encrypted, and any licensed drive can decrypt the content if handed the correct key, and the correct key is given out to multitudes of player software.
The goal of DRM in Vista is not to prevent play it is to prevent recording.
And, once again, "DRM" accomplishes it's goal of not stopping copying but always pissing off paying customers.
Since the drive (not the software) does the decryption, there will never be any way to prevent copying (i.e., ripping). You don't need to defeat anything after the "player" to copy the content.
As for having the keys and the lock, even with "trusted computing" (which will never be important, since it would have to have 100% penetration to work) as long the decryption for viewing doesn't take place inside the trusted computing system (and it does not and probably will never, since the **AA is too paranoid/stupid to allow pure "software" decryption), at least one person can decrypt it for copying, which allows distribution to all the other people who can't do it.
No, I have to complain to the company that wrote the OS code that implements restrictions that don't stop copying, but do stop lawful use.
Remember that there is no DRM on DVD or BluRay discs...there is only encryption. There is also no need for any code written by the OS writer to be aware of the existence of the encryption, or even to provide drivers for the any optical drive features beyond basic reading. All of the encryption-aware software can be supplied by a third party.
The third party could even put lame restrictions like not being able to view HD unless the monitor is connected using HDCP. There is no need for the OS to implement any of this.
First, DRM by definition cannot work, as you can't have both the keys and the lock and not be able to get in the door.
Second, DVDs and BluRay technically don't have DRM, as you cannot authorize a single user/device to play back a movie...you can only authorize groups of devices. Because of this, every licensed drive can play back the content, thus there is no need for anything extra in the OS, because without the drive, you can't do anything at all.
Last, the supposed DRM on DVD an BluRay can't ever stop copying (precisely because the drive is licensed), but with the help of Vista, it can stop legitimate owners of disc from playing back their content.
These are the reasons why DRM doesn't belong (and isn't required) in any OS.
And what does the DRM in Windows stop you from doing that you would like to do?
I'd like to be able to watch HD content at full resolution on my 24" monitor that has DVI but not HDMI with HDCP.
Although I can do what I want if I'm not watching DRM-protected HD content, I'd like to be able to do that with all HD content that I have legally acquired.
I'd also like to be able to watch any HD content on systems that only have VGA outputs, too.
You don't need DRM in the OS to watch BluRay, DVDs, or any other DRM-protected content.
XP can't play back DVDs at all without a non-Microsoft piece of software added, yet once you add that software, DVD playback works fine. Same with Apple FairPlay (iTunes Music Store), Audible.com .aa files, etc.
There is no reason that Vista (or Windows 7, 8, 9, or 42) could not be designed the same way.
PS3 80 GB - Cost $485, Price $400, Loss $85. PS3 160 GB - Cost $520, Price $500, Loss $20.
These really are just imaginary numbers, seeing as how 160GB drives that work with the PS3 don't cost any more than 80GB drives at retail.
Besides, digital cameras, USB flash drives, portable HDDs and such don't need an operating system, but they do need to be able to talk with Windows.
Any device that can in some way read or write the data on the FAT file system without being plugged in to a computer would need a patent license for the file system (assuming any of this is valid).
So, only stupid devices like flash drives and hard drives would be safe...cameras, MP3 players, GPS, PDAs, cellphones, etc., would all need a patent license.
To my knowledge the iPhone/iPod no longer uses FAT32.
I can't say anything about iPhones, but iPods can be plugged in to any Windows XP/Vista computer and be accessed as a plain old USB drive. In order for that to happen, they need to use FAT (of some variety), HPFS, or NTFS. If they are larger than 2GB, they must use FAT32, and to support long filenames, they have to use the VFAT variant.
Which means, they have to have a file system that is patented by Microsoft.
You can format an iPod using HFS+ on a Mac, but then it won't work with Windows until you re-format it.
Excuse me? If I call up an pretend to be an HR droid, the former company will give me your Social Security Number?
Yes, they might, if there were two people with that name who worked for the company during the same time period.
They shouldn't give it out...they should only ask for it to make sure they give you details on the correct one, but people often volunteer information if they think you already know it.
E-books sell for less than half to a quarter of audio book CD prices and fewer copies are sold.
I don't believe this.
I can get almost every audio book for $9.99 each (though things like audible.com subscriptions), and I can't believe that equivalent eBooks are $2.50. A quick check shows that this is true, as eBooks are between $5-15, depending on the title. Compared to MSRP for CD-ROM audiobooks, the eBook might be 25%, but not to real-world prices for the content.
And, although audible.com does have DRM, the PC software they provide will burn a book to CD-ROM to turn it into a normal, non-MP3 audiobook that works in 100% of CD players.
Would you re-hire this person? Yes/No
Answering this "No" would get them in trouble, too.
Basically, there is no law that prevents any former employer from saying anything they want about you, as long as it does not violate the EEOC laws. So, if they get asked about you and say that you were the laziest person they had ever seen but couldn't be fired until your manager stopped sleeping with you, there's no law against it.
But, anything other than facts (and "would you re-hire this person" is not a fact-based inquiry) will get them into trouble. And, by "facts" I mean "true statements they would be willing to pay lawyers to support in court". You may really have been sleeping with your manager, but no one who likes their own job will say that on the record.
This limits them to your name, employment dates and maybe your title. Even your SSN (which might be required for a large company where there was more than one "Jon Smith" working at the same time) or similar information might be a no-no to give out, but they could reasonably ask for it to make sure that they are talking about the right person.
The major diffference is that any company that does not have some sort of escrow for important passwords (root, etc.) really deserves what they get if somebody just doesn't bother to tell the the password to their critical system.
By having some sort of policy in effect for how changes to these important passwords are handled, you can't actually stop a rogue admin from changing them, but you will have very strong legal reasons for firing, and possibly for a compensation lawsuit.
Last, in pretty much every password-protected system I know, if you have physical access, you will be able to change the main admin password in some way. This probably should be a requirement for all systems that any business/government purchases.
Integrated audio chips, SATA controllers, IDE controllers, memory controllers, PCI bridge, BIOS and ACPI interaction, and various other integrated components. You're talking around 20-30 "components" that all need separate drivers in a typical PC, at minimum.
There are already standard drivers for all motherboard hardware, and unless there is a radical change in the way these devices are designed, those drivers will just keep working. Updating them for a new OS that uses a different driver model isn't really a lot of work.
And, if you go with the "virtualize to maintain backward compatibility" metaphor, then the new OS doesn't need new drivers at all...it just needs a virtualization layer that lets software work with those older drivers. The trick is designing a generic virtualization system that won't require major changes until there are major new features in processors, and that's probably something that Microsoft can't do in a manner that would be acceptable to their cash flow requirements.
Then there's the fourth group: those who think MS should create an all-new Windows without the legacy crap with an emulator inside for backwards compatibility.
There's no need for an emulator...you can use an actual VM. Having just installed VMware Workstation 6.5, I think that its "Unity mode" (also available in VMware Fusion) that is the way to do it.
Since you can even run Linux as a guest on Windows and use Unity to show the Linux desktop windows seamlessly as part of your Windows desktop, I think that pretty much anything would be possible if you built this sort of functionality into the base OS.
qmail and djbdns achieved widespread deployment *despite* their unhelpful licenses and lack of official maintenance.
There are many pieces of software that are not the best tool for the job (or even in the top three in their category) of which similar things can be said.
For example, Internet Explorer has been behind the curve in browser quality for years, yet is the most used. Photoshop probably isn't the best tool for the job for 90% of people, yet it is the "must have" graphics editing tool.
Whether qmail is internally secure or not isn't important if it's default configuration leads to blowback spam. One of the touted features of djbdns is that it randomizes outgoing ports, but this is not needed if your firewall already does this, and is wasted if your firewall uses some predictable pattern.
Basically, Bernstein is loud and his volume seems to mask the ability of people to look at his software rationally.
There is no reason that the daemons in the cluster cannot communicate/interact at extremely (read local) speeds.
On VMware ESX, if one VM sends via its network card to another VM running on the same host server, it ends up as a memcpy by the hypervisor. Although a context switch is involved, this is still much faster than any physical network interface, but gives you the security of separate machines.
There are some large software packages that can't use bash without problems.
This is a problem with the software package, not with bash.
If the software has a script it runs that requires 100% sh compatibility, then the script should start with "#!/bin/sh", or should be invoked with "sh scriptname".
On my Fedora Core 6 box, 44 of the 75 scripts in my /etc/rc.d/init.d start with:
#!/bin/bash
For Fedora 10, 31 of 47 scripts start with that line.
There are some non-Fedora packages on the boxes, YMMV, etc.
References are people you know who have agreed to do just that, not random people at places you used to work.
Because of the fear of lawsuits, the standard policy at almost every company (and 99.9% of large companies) is that the only question they will answer is "when did ____ work at ____?"
In addition, if this sort of overpayment did bring legal action against the ex-employee, any mention of such a matter to a new prospective employer would really open up the old employer to nasty lawsuits.
If the paperwork and payment match, then MS probably will have to eat the loss, but as you say, if the paperwork and payment are different, then it's in the ex-employee's best interest to pay back the overage with no fuss.
For example, I am first-level connected to several people who have written a moderately well-known RFC. I have more direct access to them than the average person, and I can pick their brain for free.
If I was hunting for a job in that particular field, then my connections might help, especially if the people doing the hiring know those names (even if they don't know the people personally).
On the other hand, I can't see a reason why somebody would not hire me just because I know somebody. For example, I have first-level connections to people that I have done business with (provided them consulting, etc.), but I'm not drinking buddies with (i.e., I don't know everything about them). Now, it's possible that those people are real slime except when dealing with me, but even if they are, it doesn't mean anything...I didn't say I recommended them, just that I know them.
Ask a thousand people who have enabled Google Latitude updates for a particular person how they would disable it for that person and see how many correct answers you would get.
In case you didn't know, for someone to find you using Google Latitude, first you have to download the latest version of Google Maps to your cellphone, then enable Latitude in your Google profile, then give individual people permission to see where you are.
If you forgot you did all this to allow your abusive spouse to track you, you can see where Darwin Awards come in.
Its not surprising java installs itself to firefox, java started as a language to run applets in the browser and still needs to be there.
This is about the 10th post that just doesn't understand the issue.
Running of Java applets within Firefox is controlled by a plugin. What is being installed by Java is an additional addon that is in the "extension" category, and is not required for running Java applets.
All this new extension does is preload Java when you start your browser, so that Java applets will appear to start faster. They won't really start any faster, since the pre-loaded code can be swapped out just like any other code. Likewise, if you have enough RAM, after the first Java applet runs, the Java runtime would be cached and future applets will start more quickly.
Even if applets do start faster, you are just changing when the time is taken (at browser load or at applet load).