> people like you, you have no idea about what you are comparing, just figured that setting up something out of the box will give a good insight into the speed.
I guess you didn't read the first page, or the second?
As stated (multiple times), the purpose of this report is to compare various aspects with "out of the box" performance, with all the caveats that it implies. And FYI I will be comparing MySQL InnoDB next time around.
> Ohh and the 100 fold increase in speed is very much likely to happen
> With horizontal representation you can do sequential scan only on the part of the data that you need..
A scan is still a scan is still a scan. And even with horizontal representation you shouldn't be too far off indexed data access speed, so the "100 times" figure is still unrealistic.
You'll be lucky if it is 2 to 3 times faster (and even then, I'll believe it when I see it).
On the subject I've just published a new benchmark. And the largest margin of all the tests that we ran is around 4 times in multi-threaded tests in favour of MySQL.
This is just marketing, nothing concrete to see - move along.
Just because it is easy to distinguish between 2 users does not mean that this has much practical use: In most applications (without the user's consent) this is going to be used remotely (server-side), which means that it is going to be totally useless at tracking users if there are more than say fifty users (someone do the math - assuming that the users follow enough links on that same site).
You can safely stow away the tin-foil hat^W^W browsing pattern disguise Firefox extension combined with the anonymous proxy / anonymous browsing.
by hiring an ex-blackhat, at least you get: * someone who can hack it - no CISSP is going to replace hands on skills * someone who is willing to admit he has made mistakes in the past - which is more important than ever in the world of security: covering up mitakes doesn't help.
now, if he's good - it shouldn't even matter if he has been blackhat: the systems should be secure, especially from the inside job threat. And part of his job should be to make it provable that it is so.
Now, if all you want is some type of ISO certification stamp of approval - rubber stamp / get finance / show off, go hire some certified engineer with a long series of random acronyms on his CV, which may include MSCE in the lot - that should be a hint, but unfortunately depending on who does the recruitment it may not be a deciding factor...
Last time I posted, I somehow offended a few americans who mistakenly took my attack on climate-change nay-sayers as an attack on America and americans as whole: it resulted in DoS on my sites and a joe-job campaign against my public mail servers.
Polute the world, polute our mailboxes, and be damned anyone who dares question whether this is moral or not!
Funny thing is: my spam filters are now much improved! Thanks!
In 10+ years of slashdot reading, I don't think I have ever read so many pathetic posts for one story! Here are some of the best quotes:
1) Dozens of posts about how unfair it is to let China and India polute so much. Funny that one, since we are talking about a cumulative effect, anyone care to calculate the total polution per capita since the industrial revolution? Hint: China has only just started and has more inhabitants than Europe and the USA put together. Their (mostly poor) citizens are the most likely to suffer from our (western-made) polution. But any excuse to blame it on others when you do/don't want to make a difficult decision works for some leaders.
2) "...absurd Kyoto Protocol..." "..America would have to shrink it's economy.." "..you cannot maintain economic growth and at the same time reduce your carbon.." "..Countries in Europe are also failing to meet their targets.." "..the Kyoto Accords are a socialist mandate.." We have some Fox-news specialists at hand here, great! FYI: this story was not about America or capitalism. Oh, and some other economies have done quite well at reducing emissions whilst maintaining growth. Never mind. We haven't found a perfect solution to an imperfect world, so let's do nothing and keep burning it. That makes sense. Keep putting your head in the sand until you can't get out - no-one will hear you when the water rushes in!
3) "3C isn't that bad". Right, this is the most clueless one. As if we can just ride this or hope that we develop the technology to correct it in time. 3C average on the scale of the earth is gigantic. This is just a question of scale: how big is the Earth compared to your living room? How much energy does it take to warm (or cool) 1 cubic meter of water (1 ton)? How many tons are we talking about? Google around.
4) "The models are wrong" or "There are forces at work here that are a lot bigger and lot more powerful than we are" (...): implying that either the problem is not real or that the Earth ecosystem has been adapting for billions of years and will continue to do so. Maybe so, but the fact is that the last time on record there was a dramatic climate shift was when the dinosaurs went extinct. Dinosaurs are so 'last extinction event', we are so much more clever. I won't try to pretend that we know for sure that the situation is just as serious, but all the signs are there.
5) Random: (warming) "...more favorable to the growing of fruits and vegetables. Good for everyone" "..would open up vast un(der)farmed plains in the northern Mid-West and Canada" Silly me! Let's launch a 'freedom to polute' site.
"..African nations where slaughter of their own population is commonplace..." (as an excuse for not doing it here either)
"...it is simply just a natural phenomenon like the Northern Lights." (someone who needs to do a bit more reading)
"This data is being supressed by hysterical, global-warming cultists, like those found frequenting Slashdot" The good old conspriacy theories. There aren't any good slashdot stories without one of them.
"So essentially the 'models' 'predicting' global warming actually only predict climate CHANGE" We are screwing with the climate but it could go either way. Well, here is the news: either way is bad. Any drastic change is bad, and that is what the data suggests.
Summary: lots of posts not making any sense and most of them using some off-topic reason for not doing anything.
for sure, I don't mean to be defending IE, but according to the original bug report (copied from Full Disclosure ML): ******* I can't find any info on this delicious IE bug, but it seems to be publicly known:
It will badly access a (virtual?) pointer table, making EIP to jump at a random address. This has various effects on the system I've tested with, including crashing. It works on these versions of mshtml.dll: XP SP2: 6.0.2900.2802 - latest WS2003: 6.0.3790.0 *******
So EIP goes to a random address, big deal. This is not exploitable unless you can allocate a huge chunk of memory and place lots of NOPs followed by the payload, then you've got to hope the random jump lands in that region. Not likely to work.
This is bad (crash) but not remotely exploitable (no worm on the horizon)
"The distro is based around compiling from source, which many suggest gives a huge speedup." It probably does, especially when building for specific architectures (like C3 or C3-2, etc..) "... but I'd be suprised if it was significant." Well, since you compile the compiler as well as everything else. It does accumulate... But point taken, in most cases it is not a reason in itself.
USE flags: "I suspect they only work for code that support" "If the upstream/original code doesn't have a feature marked as optional I don't imagine the Gentoo people would rework it to strip it out." Actually, that's not true: The Gentoo devs do apply some very useful patches, including some that make it possible to *remove* unused features like you described. Better yet, these patches do make it upstream eventually, albeit at a smaller pace (so the whole community benefits)
Re: configuration files: "Debian, already does its utmost to preserve all configuration file changes automagically. I find it hard to understand what Gentoo does differently which makes it better" It is not that different, except maybe that Debian does not change as quickly as Gentoo.
"you're the only person in the planet with a particular setup - that means bug reports are hard to manage." You would be surprised.... Check out the Gentoo ML, they are full of people ready to help, even you try to use that tweaked package XYZ and get into difficulty.
"thousand machines running identical binaries when it comes to tracking down bugs" Well, if that's what you are looking for, you still can with Gentoo: (as the parent posted noted) build binary packages on the build machine and deploy to all the others in binary form.
If you want to try it out, why not use UML to boot into it: http://uml.nagafix.co.uk/ (images and kernels ready to use)
I've toyed with these boards on more than one occasion for fun and profit, and the thing that really prevents you from using them in the embedded space is the amount of time it takes to boot the bloody thing. Around 30s at the best of times to get to a shell with init=/bin/bash and only a little less if you use the linux bios. Disappointing to say the least, no decent set-top box can take more than 5, maybe 10 seconds to start. Even using suspend to boot directly into a running system is not going to help since most of this time is going to be spent in the bios.
Not to mention that some boards come with a compact flash, but you can't boot from it! What's the f... point?
Re:.NET?!? useless - mod this down
on
Java Is So 90s
·
· Score: 1
This article is dated 2000! The vast majority of the points raised have been addressed in subsequent releases of both languages. This is not worth a read (or a link).
Sure, it isn't as mainstream as XP, but technically it is also part of the Windows line and was released in 2003 which makes it only (!) 4 years not 6. Gasp!
On top of that, they keep removing new features and re-scheduling them for later! Whilst new stable versions of linux (the kernel that is) are coming out at a rate of 1 every 1 to 2 months! Smaller incremental steps pay off for things like kernels. If only X windows could evolve as quickly... Thins is windows is not just a kernel, it is a gui, a browser (let's not go there), a kitchecn sink^W^W, etc...
monopolist sues regulatory body
on
Microsoft Sues EU
·
· Score: 0, Troll
It is tempting sometimes to subscribe known scam email accounts to some other scam response address, giving them a taste of their own medicine (sic!).
Note: I've never done this. And if you did you would have to make pretty damn sure that it's not just a fake address (any mta should really stop fake domains nowadays) or someone's hijacked pc. Like when they tell you to send your bank account details/cc to an address or when it's really obvious. If you get it wrong you end up punishing the innocent.
Great news indeed. Well done, even the site looks like slackware.com
I've always liked slackware because it is small and simple. I've been using slack since 1995, then I tried all the other distros but I always go back to slack when I want something simple to build from: the CD is quick to get you to shell where you can chroot, the installation is quick and takes the minimum amount of space (why would you need >500MB for bash + ls?!! Fedora anyone?), etc It will definitely have a place on my x86064 systems - if not as the main system, as a backup at least. Good work!
Only regret: where's the torrent? the mirrors aren't up to date yet..
increasing ties with Hollywood can't be good news
on
AMD Quad Cores, Oh My
·
· Score: 1
"AMD opened its meeting by touting its ties to Hollywood, a strategy that AMD executives said they will increasingly adopt going forward."
Ouch. In light of this, Intel's announcement (just a few days ago) that they would not include any unannounced DRM in the new pentium line sounds like a breath of fresh air!
They are chip manufacturers after all, can't they just focus on making fast chips and let Holywood worry about their business?
sha-256 and later have not been found to be weak yet. It does not mean that they are unbreakable (or I should say: possible to derive collisions) but it is definitely better.
Another solution that should work quite well is to combine hashes: (md5+sha1) is definitely much stronger as you would need to find a collision that works for both algorithms at the same time. Possible, but not likely.
As you rightly pointed out, collisions are a natural phenomenon linked to the limited space of the hash. What is important -and the reason for moving away from md5 and sha1- is the fact that flaws in these algorithms can be used to derive collisions more easily than it should be possible to. Problem is that it is extremely hard to prove that an algorithm is strong, it is much easier to disprove: just find an example. Science at its best!
That's just about right. It also explains why the new constitution got such bad press, it attempted to fix things and give more power to the elected parliament... what a disgrace. Bring back the good old tyrans instead.
The worst thing was that the people campaigning against the new constitution claimed that european institutions were broken, so let's not fix them!
If it ain't broke, don't fix it. But if it is? Don't fix it and keep complaining... that will help.
Slashdot Mirror
> people like you, you have no idea about what you are comparing, just figured that setting up something out of the box will give a good insight into the speed.
I guess you didn't read the first page, or the second?
As stated (multiple times), the purpose of this report is to compare various aspects with "out of the box" performance, with all the caveats that it implies.
And FYI I will be comparing MySQL InnoDB next time around.
> Ohh and the 100 fold increase in speed is very much likely to happen
> With horizontal representation you can do sequential scan only on the part of the data that you need..
A scan is still a scan is still a scan.
And even with horizontal representation you shouldn't be too far off indexed data access speed, so the "100 times" figure is still unrealistic.
But, heh, you don't know me, so keep talking...
On the subject I've just published a new benchmark.
And the largest margin of all the tests that we ran is around 4 times in multi-threaded tests in favour of MySQL.
This is just marketing, nothing concrete to see - move along.
thinking of an analogy: the birthday paradox:
Just because it is easy to distinguish between 2 users does not mean that this has much practical use:
In most applications (without the user's consent) this is going to be used remotely (server-side), which means that it is going to be totally useless at tracking users if there are more than say fifty users (someone do the math - assuming that the users follow enough links on that same site).
You can safely stow away the tin-foil hat^W^W browsing pattern disguise Firefox extension combined with the anonymous proxy / anonymous browsing.
by hiring an ex-blackhat, at least you get:
* someone who can hack it - no CISSP is going to replace hands on skills
* someone who is willing to admit he has made mistakes in the past - which is more important than ever in the world of security: covering up mitakes doesn't help.
now, if he's good - it shouldn't even matter if he has been blackhat: the systems should be secure, especially from the inside job threat. And part of his job should be to make it provable that it is so.
Now, if all you want is some type of ISO certification stamp of approval - rubber stamp / get finance / show off, go hire some certified engineer with a long series of random acronyms on his CV, which may include MSCE in the lot - that should be a hint, but unfortunately depending on who does the recruitment it may not be a deciding factor...
Last time I posted, I somehow offended a few americans who mistakenly took my attack on climate-change nay-sayers as an attack on America and americans as whole: it resulted in DoS on my sites and a joe-job campaign against my public mail servers.
Polute the world, polute our mailboxes, and be damned anyone who dares question whether this is moral or not!
Funny thing is: my spam filters are now much improved! Thanks!
In 10+ years of slashdot reading, I don't think I have ever read so many pathetic posts for one story!
Here are some of the best quotes:
1) Dozens of posts about how unfair it is to let China and India polute so much. Funny that one, since we are talking about a cumulative effect, anyone care to calculate the total polution per capita since the industrial revolution? Hint: China has only just started and has more inhabitants than Europe and the USA put together. Their (mostly poor) citizens are the most likely to suffer from our (western-made) polution.
But any excuse to blame it on others when you do/don't want to make a difficult decision works for some leaders.
2) "...absurd Kyoto Protocol..."
"..America would have to shrink it's economy.."
"..you cannot maintain economic growth and at the same time reduce your carbon.."
"..Countries in Europe are also failing to meet their targets.."
"..the Kyoto Accords are a socialist mandate.."
We have some Fox-news specialists at hand here, great!
FYI: this story was not about America or capitalism. Oh, and some other economies have done quite well at reducing emissions whilst maintaining growth. Never mind.
We haven't found a perfect solution to an imperfect world, so let's do nothing and keep burning it. That makes sense.
Keep putting your head in the sand until you can't get out - no-one will hear you when the water rushes in!
3) "3C isn't that bad". Right, this is the most clueless one. As if we can just ride this or hope that we develop the technology to correct it in time. 3C average on the scale of the earth is gigantic. This is just a question of scale: how big is the Earth compared to your living room? How much energy does it take to warm (or cool) 1 cubic meter of water (1 ton)? How many tons are we talking about? Google around.
4) "The models are wrong" or "There are forces at work here that are a lot bigger and lot more powerful than we are" (...): implying that either the problem is not real or that the Earth ecosystem has been adapting for billions of years and will continue to do so. Maybe so, but the fact is that the last time on record there was a dramatic climate shift was when the dinosaurs went extinct. Dinosaurs are so 'last extinction event', we are so much more clever.
I won't try to pretend that we know for sure that the situation is just as serious, but all the signs are there.
5) Random:
(warming) "...more favorable to the growing of fruits and vegetables. Good for everyone"
"..would open up vast un(der)farmed plains in the northern Mid-West and Canada"
Silly me! Let's launch a 'freedom to polute' site.
"..African nations where slaughter of their own population is commonplace..." (as an excuse for not doing it here either)
"...it is simply just a natural phenomenon like the Northern Lights."
(someone who needs to do a bit more reading)
"This data is being supressed by hysterical, global-warming cultists, like those found frequenting Slashdot"
The good old conspriacy theories. There aren't any good slashdot stories without one of them.
"So essentially the 'models' 'predicting' global warming actually only predict climate CHANGE"
We are screwing with the climate but it could go either way. Well, here is the news: either way is bad. Any drastic change is bad, and that is what the data suggests.
Summary: lots of posts not making any sense and most of them using some off-topic reason for not doing anything.
for sure, I don't mean to be defending IE, but according to the original bug report (copied from Full Disclosure ML):
*******
I can't find any info on this delicious IE bug, but it seems to be publicly known:
r=document.getElementById("c");
a=r.createTextRange();
It will badly access a (virtual?) pointer table, making EIP to jump at a random address. This has various effects on the system I've tested with, including crashing. It works on these versions of mshtml.dll:
XP SP2: 6.0.2900.2802 - latest
WS2003: 6.0.3790.0
*******
So EIP goes to a random address, big deal. This is not exploitable unless you can allocate a huge chunk of memory and place lots of NOPs followed by the payload, then you've got to hope the random jump lands in that region. Not likely to work.
This is bad (crash) but not remotely exploitable (no worm on the horizon)
I'll try to be gentle;)
"The distro is based around compiling from source, which many suggest gives a huge speedup."
It probably does, especially when building for specific architectures
(like C3 or C3-2, etc..)
"... but I'd be suprised if it was significant."
Well, since you compile the compiler as well as everything else.
It does accumulate...
But point taken, in most cases it is not a reason in itself.
USE flags: "I suspect they only work for code that support"
"If the upstream/original code doesn't have a feature marked as optional I don't imagine the Gentoo people would rework it to strip it out."
Actually, that's not true: The Gentoo devs do apply some very useful patches, including some that make it possible to *remove* unused features like you described. Better yet, these patches do make it upstream eventually, albeit at a smaller pace (so the whole community benefits)
Re: configuration files: "Debian, already does its utmost to preserve all configuration file changes automagically. I find it hard to understand what Gentoo does differently which makes it better"
It is not that different, except maybe that Debian does not change as quickly as Gentoo.
"you're the only person in the planet with a particular setup - that means bug reports are hard to manage."
You would be surprised.... Check out the Gentoo ML, they are full of people ready to help, even you try to use that tweaked package XYZ and get into difficulty.
"thousand machines running identical binaries when it comes to tracking down bugs"
Well, if that's what you are looking for, you still can with Gentoo:
(as the parent posted noted) build binary packages on the build machine and deploy to all the others in binary form.
If you want to try it out, why not use UML to boot into it:
http://uml.nagafix.co.uk/
(images and kernels ready to use)
I've toyed with these boards on more than one occasion for fun and profit, and the thing that really prevents you from using them in the embedded space is the amount of time it takes to boot the bloody thing.
Around 30s at the best of times to get to a shell with init=/bin/bash and only a little less if you use the linux bios. Disappointing to say the least, no decent set-top box can take more than 5, maybe 10 seconds to start.
Even using suspend to boot directly into a running system is not going to help since most of this time is going to be spent in the bios.
Not to mention that some boards come with a compact flash, but you can't boot from it! What's the f... point?
This article is dated 2000!
The vast majority of the points raised have been addressed in subsequent releases of both languages.
This is not worth a read (or a link).
> Much as I hate it, Windoze is the gold standard against which KDE and GNOME have been comparing themselves for years.
That explains a lot!
Should have compared themselves with MAX OS X!
As far as I am concerned, Windoze UI is not all that great, and I much prefer KDE.
SELinux policy for seti (homemade):
/var and /var/run
# setiathome
daemon_domain(setiathome)
general_domain_access(setiathome_t)
# type setiathome_t, domain, privowner;
# allow root to start it:
role system_r types setiathome_t;
role sysadm_r types setiathome_t;
# type setiathome_exec_t, file_type, sysadmfile, exec_type;
type setiathome_datafile_t, file_type;
domain_auto_trans(sysadm_t, setiathome_exec_t, setiathome_t)
domain_auto_trans(initrc_t, setiathome_exec_t, setiathome_t)
allow setiathome_t setiathome_datafile_t:file { getattr read write append };
allow setiathome_t self:process execmem;
allow setiathome_t user_home_t:dir search;
# file_type_auto_trans(creator_domain, parent_directory_type, file_type, object_class)
file_type_auto_trans(setiathome_t, user_home_t, setiathome_datafile_t, file)
# etc
allow setiathome_t etc_t:dir search;
allow setiathome_t etc_t:file { getattr read };
allow setiathome_t etc_t:lnk_file read;
allow setiathome_t root_t:dir search;
# network
allow setiathome_t dns_port_t:udp_socket { recv_msg send_msg };
allow setiathome_t http_port_t:tcp_socket { recv_msg send_msg };
allow setiathome_t netif_eth1_t:netif { tcp_recv tcp_send };
allow setiathome_t netif_lo_t:netif { udp_recv udp_send };
allow setiathome_t node_t:node { tcp_recv tcp_send udp_recv udp_send };
allow setiathome_t self:tcp_socket { connect create read write };
allow setiathome_t self:udp_socket { connect create getattr read write };
allow setiathome_t net_conf_t:file { getattr read };
# locale
allow setiathome_t locale_t:dir search;
allow setiathome_t locale_t:file { getattr read };
# libs:
allow setiathome_t ld_so_cache_t:file { execute getattr read };
allow setiathome_t lib_t:dir search;
allow setiathome_t lib_t:lnk_file read;
allow setiathome_t shlib_t:file { execmod execute getattr read };
allow setiathome_t usr_t:dir search;
# search
allow setiathome_t var_run_t:dir search;
allow setiathome_t var_t:dir search;
# dev/pts
allow setiathome_t device_t:dir search;
dontaudit setiathome_t sysadm_devpts_t:chr_file { read write };
dontaudit setiathome_t staff_devpts_t:chr_file { read write };
allow sysadm_t self:process execmem;
allow setiathome_t ld_so_t:file execmod;
allow setiathome_t self:capability dac_override;
does the job in most Sci-Fi films, got to get myself one.
Testing it could prove expensive and unpopular.
Whenever someone decides to add another leap day (every 400 years or something) or take one out (every ~2000)
or when a disaster has a big enough impact to make the earth wobble (tsunami 2004 anyone?)
How do you upgrade your watch?
On top of that, they keep removing new features and re-scheduling them for later! Whilst new stable versions of linux (the kernel that is) are coming out at a rate of 1 every 1 to 2 months! Smaller incremental steps pay off for things like kernels.
If only X windows could evolve as quickly... Thins is windows is not just a kernel, it is a gui, a browser (let's not go there), a kitchecn sink^W^W, etc...
what next?
if referer=slashdot
return 500
Simple yet efficient way to prevent DoS.
"auroras on Mars appear to form when charged particles from the sun speed up over magnetized rocks in the planet's crust."
Not exactly like staring at the sky is it.
It is tempting sometimes to subscribe known scam email accounts to some other scam response address, giving them a taste of their own medicine (sic!).
/cc to an address or when it's really obvious. If you get it wrong you end up punishing the innocent.
Note: I've never done this. And if you did you would have to make pretty damn sure that it's not just a fake address (any mta should really stop fake domains nowadays) or someone's hijacked pc. Like when they tell you to send your bank account details
Great news indeed.
Well done, even the site looks like slackware.com
I've always liked slackware because it is small and simple.
I've been using slack since 1995, then I tried all the other distros but I always go back to slack when I want something simple to build from: the CD is quick to get you to shell where you can chroot, the installation is quick and takes the minimum amount of space (why would you need >500MB for bash + ls?!! Fedora anyone?), etc
It will definitely have a place on my x86064 systems - if not as the main system, as a backup at least. Good work!
Only regret: where's the torrent? the mirrors aren't up to date yet..
"AMD opened its meeting by touting its ties to Hollywood, a strategy that AMD executives said they will increasingly adopt going forward."
Ouch. In light of this, Intel's announcement (just a few days ago) that they would not include any unannounced DRM in the new pentium line sounds like a breath of fresh air!
They are chip manufacturers after all, can't they just focus on making fast chips and let Holywood worry about their business?
sha-256 and later have not been found to be weak yet. It does not mean that they are unbreakable (or I should say: possible to derive collisions) but it is definitely better.
Another solution that should work quite well is to combine hashes: (md5+sha1) is definitely much stronger as you would need to find a collision that works for both algorithms at the same time.
Possible, but not likely.
As you rightly pointed out, collisions are a natural phenomenon linked to the limited space of the hash.
What is important -and the reason for moving away from md5 and sha1- is the fact that flaws in these algorithms can be used to derive collisions more easily than it should be possible to.
Problem is that it is extremely hard to prove that an algorithm is strong, it is much easier to disprove: just find an example. Science at its best!
That's just about right.
It also explains why the new constitution got such bad press, it attempted to fix things and give more power to the elected parliament... what a disgrace. Bring back the good old tyrans instead.
The worst thing was that the people campaigning against the new constitution claimed that european institutions were broken, so let's not fix them!
If it ain't broke, don't fix it. But if it is? Don't fix it and keep complaining... that will help.
I use (and provide) spamassassin at the MTA level, works great! No wasted bandwidth.