When the layers don't meet your needs, you have two options.
You can either violate the layering or you can get the layers refactored.
In Linux, we do not accept the first. Why? Because it generates bad software...period.
Writing drivers for MacOSX is a pain...because of the mingling between Mach, BSD, and everything else they did to make it work.
Drivers for Windows has always been a source of instability because there isn't good layering there either. Try to write database code on Windows, the lack of coherent design presents dozens of incompatible interfaces with different features.
You can do what these people do. You can make a "product" that "works" without regard to design. Eventually, you end up doing a complete rewrite. The fact of the matter is that Linus puts design before function, and maintainability before progress. As such, we move slow, we refactor, and we're generally slow. However, progress is steady and it does, generally, get better. Of course there are always people that want it to be everything.
Actually, in higher mathematics it has already been determined that, under the right circumstances, a sum with an infinite number of values can converge to a finite number. In the case of a simple percentage like this, I believe as long as it is less than 100%, the sum will converge.
Why not just pay him $168,292.68. 18% tax on that yields $30,292.68 leaving $138,000.00. How is this not possible?
Even if there are other taxes, as long as they don't go over 100%, a finite sum must exist. Furthermore, there are numerical algorithms that can be used to optimize the most stubborn of these sorts of problems by doing trials with differing values attempting to calculate this.
Infinite sums aside, banks, real estate agents, and title companies make the same calculations every day. It's really not rocket science.
Actually, TCP/IP predates OSI by a fair margin. It only has five layers if I recall correctly.
Could this just be low level packet prioritization? Maybe utilizing some tweaked out optimizations for checksum offloading or perhaps some clever optimization of TCP windows?
Still, sounds like snake oil to me (just like some video card specs).
Everytime I hear this it amazes me how unrealistic this line of reasoning really is. The essential statement is that, since there was a way to prevent the problem, the onus is on the user to "know what to do" because they are obviously "ignorant". It's like returning a broken hammer to the hardware store only to be told you "shouldn't have hit something so hard". Have you considered that the real problem lies in allowing vendors to completely avoid liability for their mistakes? Perhaps the lack of an economic incentive to make a good product has created the environment where this is possible?
From a practical perspective, telling college students not to download music, to avoid MySpace, and to not download seemingly harmless things like Screensavers and Wallpaper is about as effective as the rhythm method. Sure, they're "sinners" with their pr0n and their music. How dare they? They get what they deserve by using a computer on the internet to download the information they want. That's a sin to be sure. It's strange how that apparently makes them culpable for systematic, intentional, and malicious exploiting of their computers. Of course, the long-term social effects of corporate self interest manipulating law and public opinion to create stigma in their economic interest is beyond the scope of a Slashdot comment.
Back to the technical issues. Understand that a lot of malware immediately turns off ActiveX security. They leave the door wide open behind them. In your perfect world, not only does every user have to be perfectly responsible and knowledgable, but they also can't make even a single mistake--since this basically leaves them wide open (i.e. it doesn't ask, just downloads and installs any application that asks) in many cases.
Similarly, there is no safe site. A vast majority of the web is ad sponsored. A single malicious banner ad can catch millions (the recent MySpace incident for example). Expecting every user and every advertising company (with possibly tens of thousands of ads) to not ever make a single mistake is unrealistic as it is lazy. The web can be secure if people would put the effort into getting secure systems developed and into place instead of blaming security problems on the sinners.
Ironically, one of your "solutions", Antivirus Software (a.k.a. stopgap measure or snake oil depending on your inclination), is probably the reason things are as bad as they are. Rather than closing holes, AV just stomps the critters that run in through them. If users had insisted on fixes and security rather than installing Norton Antivirus (and considering it "fixed", things probably wouldn't be nearly so bad as they are. It would also be nice if the economic disincentive for insecurity would lie with the vendors where it belongs, not with each and every user.
People don't realize it, but this is really an old misconception. Make something illegal, and its sources become disreputable. This then reinforces the belief that it's inherently bad. My issues of concern are software licensing, patents, and copyright reform. I'm sure the same argument could (validly) be made for marijuana, prohibition, and prostitution.
Of course we've got a double-whammy with software security. Not only are the sinners browsing seedy sites, there is also no one responsible for protecting them (since the vendors have all licensed their cares away).
She's at a university. She can probably find more help there than most places. Heck, myself and at least five other companies support Linux in a town of less than 500,000 (Springfield, Missouri), so I don't think this nearly as true as it used to be.
Besides, think of the geeks. A girl, at university, that will seek you out because you can fix her laptop--that's running Linux--and who might find out that you DON'T have a tentacle pr0n fetish like her current boyfriend. The romantic possibilities are endless! Don't be selfish...
Well, I run one along with two other guys. The place will eventually make money but its not exactly a cash cow here (although it may get better after some of our competition goes under).
A lot of people chimed in mentioning that computers and net access are cheap. Well, that's true. I would also mention that, at a hypothetical $5.00 / hour (we're cheaper due to being in small town USA), it takes quite a while to catch up with a computer, games, maintenance, and internet access.
For people who either just browse the net or people who play games maybe five or six hours per week, it's much less trouble and cost effective to go to a place like this. I dare say that most people fall into that more casual group--especially when you consider they also divide their time with home consoles. We also have a nightly and weekly open-pass rate that keeps the place hopping when we would otherwise be slow.
There are other mitigating factors too. Maybe they don't trust their roommates. Maybe they're traveling. Maybe they really just want to avoid their parents. Maybe they skateboard in the area and just want to buy a drink someplace cool. All of these people fill in the gaps that are left by hardcore gamers just buying their own computer.
Some advice, don't go it alone. We have three people that own / work the place (only open after 5pm) and we couldn't really do it with less (and bona fide employees are expensive). Also, plan to replace your computers. If you don't you'll run out of money just when the business is taking off. Also, don't forget the three most important things to a business: location, location, and location. Finally, keep in mind that some games aren't licensed for cafe usage without special arrangements. Most notable is Valve Software (for which we have a cafe license). Also, don't pirate Windows. It's just stupid (and *will* get you shut down when the competition kindly turns you in).
Closed-source Linux drivers can work well enough for a single kernel version in a controlled environment. You still don't get support from most distros that would want to build their own. Sure, if you cooperate you get in Novell and Red Hat's offerings, but not much further. You also get the onus of sinking the money into it to keep it working. Not to mention you pretty much guarantee being a problem to your users--think things like software suspend that never work right with closed drivers because certain problems can't be debugged or fixed (in which case improved quality *IS* a foregone conclusion).
You either get SLES / RHEL, or you get SLES / RHEL / Debian / Ubuntu / everything else... Not to mention improved operation. Of course, gravitating toward what works is why people are using open source in the first place. Sometimes "what works" is defined in terms of avoiding vendor lock-in and extortionate licensing.
Take, for example, booting onto a root on a SAN--specifically a Coraid Ethernet SAN.
During boot, you must bring up the ethernet interface, load the AoE module, probe for the SAN, wait for it to quiesce, then enable clustering, join the cluster, join the fence domain, allow the cluster to quiesce, load the DLM, enable CLVM, probe and activate everything, then mount your root GFS (or OCFS2 if you can get that working).
This would not be possible without a good initrd.
Also, not so obviously, distros aren't the only people who deploy a single kernel on lots of hardware. When you have 300 old Dells, 150 old gateways, 75 custom built boxen, and a handful of laptops, maintaining a single kernel and initrd beats maintaining ten of them. Not your use case, but definitely important.
Interesting. Of course, an ad hominem argument doesn't make me wrong any more than it makes you right, does it? I mean, if we're talking logic and all.
Assuming that we are actually talking about logical argument. Your initial request was "OK, so explain how GPLv3 is going to make it possible to circumvent the DRM." The implied argument was the the GPLv3 does not make it possible. The response was simply that it would create an environment conducive to it, thereby enabling it (albiet not technically, but politically). This in a very real sense is circumvention. In context, the GPLv3 circumvents DRM like the GPL originally circumvented restrictive software licensing. It compelled no one directly, and yet acted as a powerful force to enable FOSS. Rather than clarify that you meant this in a technical sense and that it was stated clearly, you resort to "begging the question", an equally common logical fallacy to ad hominem.
After viewing your volume of posts on this thread, I deduced that something other than rational thought drove you to exigence in this forum. I propose that you are trolling.
Trolling is simply the act of going somewhere and saying something the people there won't like to garner attention. I perceive (perhaps incorrectly) that this is your motivation.
You are correct in that I am not attacking your argument--I am attacking you. I feel that what you do is about as useful discussing software licensing as PETA members dressing up as slaughtered pigs and picketing a McDonalds is in discussing animal cruelty. You have crossed the line between raising awareness of an issue to grandstanding for personal gratification.
Regardless, use of ad hominem against a troll hardly justifies your argument.
Besides, if I was commited to ad hominem, I would have noted that my slashdot ID is lower than yours so you must be ignorant and uninformed.
Freedom from others is a more true form of freedom than freedom to control others. Licenses are the latter. This is unpopular among those who want to control others, but its reflexive. You either have the freedom of one to coerce the world, or the freedom of the world from coercion by the one.
Of course, you probably use the word "steal" to refer to copying software in violation of copyright legislation. Yes, this is an ad hominem attack.
Disclaimer: In addition to being opinionated, I've used Xen and VMware in an attempt to deploy an ISP hosting environment.
Actually, the guest OS can very much benefit from being cooperatively virtualized.
A lot of realtime code is run along side the kernel under a rudimentary hypervisor (Google for nanokernels, Adeos and RTLinux do this sort of thing). In this very important case, it is usually quite a pain to require the OS to have to implement the infrastructure to support emulated devices when it could be using a hypercall infrastructure like Xen. The real potential isn't the gigabyte-sized general-purpose OS guests, it's the 40 kilobyte realtime handlers.
If you're running VMware to run some Windows terminals under a beefy Linux box, that's great. It's an important use case.
However, in addition to this, Xen caters to situations with tiny realtime handlers running along side the a larger interface OS. Little dedicated systems controlling things like Avionics, X-ray equipment, or tracking systems. Xen is an architecture for revolutionary new systems. VMware is a crutch to prop up existing systems, and VMI is designed to efficiently implement that crutch. I don't want to take away people's crutches, I just don't want to impede the revolution.
In my case, specifically, the combination of Xen, a SAN, and CLVM has been consistently less trouble, less management, and higher performance than anything we achieved with VMware. Considering my development partner is a VMware dealer, you can bet that we exhausted their possibilities before diving into Xen. The Xen architecture has simply been better for my purposes.
If you desire to have any real understanding of the issues, take a look at the VMI spec and then the Xen Hypercall docs. Note the proliferation of x86 instructions and constructs in the former and the clean implementation of abstract interfaces in the latter.
VMware is designed to do literal translation of instructions that are pretty much architecture specific. This is because that is how they virtualize--by instruction trapping and translation. The VMI is effectively defined in terms of fencing off x86 specific instructions, memory management, and certain IO. The idea is that everything "dangerous" is trapped and emulated.
The Xen hypercall interface, on the other hand, is much clearer and targeted at actually developing towards it somewhere above a machine code level. Rather than just providing mitigation for basic instructions and processor architecture, Xen provides an hypercall layer and abstractions of pagetable maps / IO that are not nearly as architecture specific. In Xen, a single priviledged domain is allowed to do the dangerous stuff (think kernel-space / user-space split) and an efficient, set of interfaces is used to selectively provide those services to the subdomains.
Of course XenSource and VMware can't agree. VMware doesn't want to have to use abstractions when their selling point is sandboxing binaries. XenSource doesn't want to compromise a good architecture for hardware partitioning just so that a commerical vendor (with sharing issues) can implement a simple meat grinder to churn native code into sandboxed code backed by their clever emulated hardware devices.
Silly Historical Note: If you have enough history under your belt, the VMI might remind you of the architecture behind the Windows NT compatability layer to run NT code on the DEC Alpha processor. The Xen Hypercall system will likely remind you of the architecture of the kernel-space / user-space split among Unixes. If you recognize these, I'm sure you remember which one was a solid, successful product and which one was a buggy source of enterprise-level headaches.
This is standard MS practice of mixing in the poison with the medicine. You weren't "required" to install SP2 either, but was pretty much impossible to avoid.
Now I appreciate security improvements more than most, even in MS software. However, no one ever remembers the things that SP2 broke. Trust me--in order to use any software six months from now, IE7 will be required, so this whole "it's an option" thing is specious in the extreme.
That said, if it can usher in a new world of working CSS and consistent Javascript, I'm all for it. Maybe Firefox 2.0 and IE 7.5 will both pass Acid2 and work alike with scripting. I have no love for MS but I won't deny the world the benefit of a working web. Now we just need consistent alpha handling in PNGs and SVG...
Full Array (14-drive RAID5, one hot spare) = $10,300 for 9.75 Terabytes
That's $1.06 per gigabyte RAID5 with hotspare. It doesn't get any better than this. Even with labor to assemble and set it up, and shipping, it's hard to get above $1.50 a gigabyte.
I suggest CLVM and Xen on the servers. Xen makes it really easy to turn up a new box. The space is available everywhere. CLVM is flexible enough to allow you to migrate stuff across arrays (or span arrays) very easily. I actually boot off of a flash chip and pivot_root my Linux systems onto a filesystem running off of these.
These numbers are roughly my cost. E-mail me if you'd like to buy one and we can talk about it.:)
Ever hear of WHQL? What about signed drivers? Microsoft has, for a long time, required you to open your drivers to them in order to make sure they don't crash Windows. Remember the famous instability of 95 and 98? Much of that was due to having no way of ensuring quality drivers. In XP, you get warnings if you install third-party, unsigned drivers. When Trust Computing is complete, you likely won't even be able to run a driver unless its signed. Ironically, in this Microsoft will have achieved what Verisign could not.
I always love to hear this argument. The fact of the matter is, binary only drivers make OSes suck (and crash). Okay, so if you have a microkernel (like the Hurd) they don't crash the system, but they still suck. In general, closed drivers are undebuggable and limit the ability to change kernel internals. In the case of almost every proprietary driver, they are doing this to earn somebody else money. Since when was hobbling the ability to maintain and develop your software a good idea--especially when you are doing it for someone else's profit?
Why are drivers binary-only? Sometimes people were too lazy (or hurried or cheap) to write their own code and bought it from someone else. Other times its patented by someone else. Other times it's to hide deficiencies in your product (i.e. software implementation of "onboard" RAID). Bottom-line, these are all people maneuvering for their own profit. They have nothing to do with making the software WORK. They only help do it from the naive point of view that anything less than full cooperation makes sound software.
For those harping about the GPL being designed to foster open software--not require it--I think you need to read the literature closer. The FSF actually asks you to assign them copyright on your GPLd work so that they can make sure its enforced. In other words, if you decide not to press charges to enforce the GPL, they'd like to be able to do it for you. The GPL is, thus, a tool to force software open. It was designed with the belief that you have the right to tinker with things you pay for. It was designed to create an environment where it was impossible to get productive work done without open sourcing your product unless you were willing to carry the entire burden of developing everything you run, from end-to-end. It is based on being as sound as a proprietary license while having the economic advantage of lowering the costs of all development participants.
Don't construe the above to mean that I don't support it. The fact of the matter is that cooperating fully makes good software and is good business when enough people do it. Larger businesses especially have problems with this because they don't like economics. Specifically, when a market no longer requires them in it (because of commoditization and such), they want to be able to maneuver to stay in it and control it. Of course, that just causes the losses to be subsumed by those companies until you start to see "consolidation" in that market. The GPL just makes it happen up front. In drives the commoditization that creates the savings that make the free market work.
I just love to hear the people whine that their NVidia card doesn't run well, when they decided to buy it. The sad fact is that Linux (and BSDs) has quality drivers for pretty much everyone who cooperates--just like Windows. In a system that has literally hundreds of quality drivers which drive tens of thousands of products, it speaks for itself when a device doesn't work--blame the people you paid money to for not supporting you. They are not willing to do what it takes to give you what you want--a good Linux driver. Don't blame the Linux developers because they insist on having a well-developed, agile product.
Actually, this almost can't be anything but a good thing.
First of all, most OSes these days use a memory page size of 4k. Having your IO system page match your CPU page makes it much more efficient to DMA data and the like. Testing has shown that this is generally a helpful.
Second, RAID will benefit here. Larger blocks mean larger disk reads and writes. In terms of RAID performance, this is probably a good thing. Of course, the real performance comes from the size of the drive cache, but don't underestimate the benefit of larger blocks. Larger blocks mean the RAID system can spend more time crunching the data and less time handling block overhead. The fact that more data must be crunched for a sector write is of concern, but I'd bet it won't matter too much (it only really matters for massive small writes, not generally a RAID use case).
Third, (and EVERYONE seems to be missing this) some file systems DON'T waste slack space in a sector. Reiserfs (v3 and v4) actually takes the underused blocks at the end of the files (called the "tail" of the file) and creates blocks with a bunch of them crammed together (often mixed in with metadata). This has been shown to actually increase performance, because the tail of files are usually where they are most active and tail blocks collect those tails into often accessed blocks (which have a better chance of being in the disk cache).
Netware 4 did something called Block Suballocation. While not as tightly packed as Reiser tail blocks, it did take their larger 32kb or 64kb blocks (which were chosen to keep block addresses small and large file streaming faster) into disk sectors and storing tails in them.
NTFS has block suballocation akin to Netware, but Windows users are, to my knowledge, out of luck until MS finally addresses their filesystem (they've been putting this off forever). Windows really would benefit from tail packing (although the infrastructure to support it would make backwards compatability near impossible).
Fourth, larger sectors means smaller sector numbers. Any filesystem that needs to address sectors usually has to choose a size for the sector addresses. Remember FAT8, FAT12, FAT16, and FAT32? Each of those numbers were the size of sector references (and thus, how big of a filesystem they could address). This will prevent us from needing to crank up the size of filesystem references eventually.
Finally, someone mentioned sector size issues with defragmenters and disk optimizers. These programs don't really care as long as all of the sectors on the system are the same size. Additionally, they could be modified to deal with different sector sizes. Ironically, modern filesystems don't really require defragmentation, as they are designed to keep fragments small on their own (usually using "extents"). Ext2, Ext3, Reiserfs and the like do this. NTFS does it too, although it can have problems if the disk ever gets full (basically, magic reserved space called the MFT gets data stored in it and the management information for the disk gets fragmented permenantly). If it weren't for a design choice (I wouldn't call it a flaw as much as a compromise) NTFS wouldn't really need defragmentation. ReiserFS can suffer from a limited form of fragmentation. However, v4 is getting a repacker that will actively defragment and optimize (by spreading out the free space evenly to increase performance) the filesystem in the background.
I really don't see how this can be bad unless somebody makes a mistake on backwards compatability. For those Linux junkies, I'm not sure about the IDE code, but I bet the SATA code will be overhauled to support it in a matter of weeks (if not a single weekend).
While I don't disagree with the principle that seizure can be reasonable in the face of a real crime, the nature of seizure and of leaked confidential information makes this not so cut and dry.
Since businesses do a better job obtaining and preserving their protections than the public seems to do, just look to them for the precedent. They refuse to release things all the time claiming "irrepairable harm". Admittedly those are usually civil cases involving trade secrets and the like. However, the point stands. The Bill of Rights protects against unreasonable search and seizure for exactly that reason. Leaking information that can be used for retribution against citizen or, almost more importantly, against the press causes irrepairable harm. The belief of the paper is that the seizure, in this case, was far beyond what a constitution warrant would allow.
Admittedly computers and networks of them are very tightly integrated. It's hard to seize just the right parts of them. However, having witnessed the aftermath of a few police seizures of computer equipment I can assure you that it probably was overkill. People don't usually work well with things they don't understand. You can be that your average police department usually goes overboard in situations like this.
The claim could be made that the police made the most limited seizure practical, but I don't believe that's provides a defense against a clear Fourth Amendment claim (IANAL). The Fourth Amendment sends a clear message. Unfettered search and seizure is at odds with a citizen's ability to participate in a democracy because of the potential it creates for abuse. Any pretense of a crime can be used as a gateway to retribution. Especially considering that computers actually have made it easier to search and seize.
In the past, thousands of papers would have to meticulously found, catalogued, and archived. Now, digital copies can be made trivially, evidence integrity can be certified by third party signature, and search can be heavily automated. The sad fact is that the police are willfully ignoring the fact that they don't have to seize the entire computer so that they don't have to work as hard (not that they're lazy, but their resources ARE limited). Make no mistake, a single man can now seize libraries worth of data in minutes and search it just as quickly.
What nobody realizes about the Bill of Rights is that it was made to safeguard the ability of the people to revolt again if necessary. The government and courts has slowly disarmed the people, nibbled away at their speech protections, removed their autonomy, and generally preserve democracy by ensuring the government is subject to the will of the people--by force if necessary. This is always done in the spirit of "making people accountable", "keeping the peace", or "protecting people from criminals". The humbling reality is that every one of the founders of our government would have been dead if they were accountable to the government in their time. The peace would have been kept, it's true, but in a world where the people are made criminals for enjoying their freedom, what does it matter?
One of the base assumptions of DNS is that a single domain is the same, everywhere. That is, microsoft.com does not get mapped to microsoft.com.us (or have different records entirely) in China.
Since there are now two authoritative sets of records for the same address and no agreement over which is "more authoritative", systems on the other DNS are effectively inoperable.
Lots of people think "big deal", but it will break almost everything.
Absolute URLs will not work everywhere. Most websites have one or two, so this will be a big deal with no good way to fix.
XML uses URLs to identify namespaces. Even though the DNS information doesn't get used, the names were chosen as a way to arbitrate namespace. So the person with www.nsa.gov could manage their own names without fear of someone else stepping on them. Really any system that uses URLs for uniqueness is vulnerable.
E-mail has similar problems. DNSSEC is completely toast. Opportunistic IPSEC is broken too (although the Chinese Govt wouldn't mind).
They may have done this for censorship purposes, as the ICANN probably would ignore Chinese Govt requests of the form "Remove this or suffer the consequences." which are really the only kind they send.
It is also not obvious to everyone that China's number one method of censorship is the Chinese language, and this makes alternate language sites difficult to access. It also makes it easier to firewall DNS requests with the same purpose. I'm sure they'll love appropriating the URLs used by Voice of America and other propaganda machines.
Personally, I suspect it is also a tool to undermine foreign competition in the Chinese IT market. I know that this is a big concern. Any country that employs thousands of hackers to infiltrate America's (well, maybe its more Capitalism's fault) insecure software must be equally concerned with shoring up their data stores. Nobody has forgotten the lesson of the Enigma machine--and now the stakes are higher.
The insidious thing about these acts is that they aren't about censorship. That's just another tool. They are about the government definition of what is right and what is wrong. Legislated morality. Ironically, this is something a lot of our home grown fascists don't appreciate anything. It's the spirit behind America's Bill of Rights--that public debate, transparency, and full disclosure are the only way to get public opinion to get close to the truth.
Ironically, that's part of the reason that I question any and all exceptions to the First Amendment (including Libel, Slander, and Obscenity) as they create legal weapons that only serve to be misappropriated by the greedy. Of course I feel the same way about disarming the populace, but I'm already offtopic enough...
This is either unabashed ignorance, trolling, or just inexperience.
Windows cannot be installed, and up to date, WITH APPLICATIONS in anywhere near this time. You cannot slipstream a completely configured IIS install. You cannot slipstream a nontrivial user environment. You cannot slipstream anything but updates. Even with SMS remote rollout it takes more time. You cannot slipstream a configured Active Directory. This just isn't something that is tolerable on more than 100 machines.
You can get close with imaging, but it creates other problems and images must be updated. Bottom line is, there are things, as a Unix guru, that I can automate at unit install time that would require a team of programmers and cooperation from Microsoft to accomplish with Windows. Even more importantly, they are things that you WANT to be able to do.
Next, legal is big.
Finally, licensing is TECHNICAL. When Windows doesn't feel good about being licensed, IT REFUSES TO RUN! This was bad for people whose images tripped issues when going from SP1 to SP2 and it was bad for a similar group of people when Windows Genuine Licensing stuff hit the scene. Regardless of "philosophical" issues, the it helps your software to run and upgrade reliably when it doesn't have a paranoid mode designed into it whereby it refuses to correctly run. When thousands of desktops (or worse, embedded seats) require attention due to a completely unnecessary "feature", it is hardly philosophical. It turns into dollars and cents.
Ironically, for small and medium business, it's worse. An major IT shop may have millions in budget for a year. An additional $300,000 in upgrade labor and longer install times hardly shows up in the pretty charts for the CEO. For a small business, an extra $2,500 out of a $12,000 budget is huge.
If the licensing were only on paper it would be philosophical. The licensing is in the code. Soon enough it will be in the hardware. These are computer systems designed to NOT WORK in arbitrary cases. While you could argue that all computer security is designing software not to work, I think its easy to differentiate between security and rights restriction (aka technological licensing enforcement, aka not having control over your own equipment).
How anyone can recommend software with mandatory licensing for mission critical systems is beyond me. I've watched at least two people lose their jobs because a botched update caused a blue screen which corrupted the registry and put an important server in "activate me" mode.
For what its worth, with identical hardware I've got some homegrown deployment stuff that deploys images of Windows, FreeBSD, and Linux. I can do about 100 machines in 30 minutes. That said, the Windows machines require about ten minutes each to adjust the SID and replace the license key (to protect us from future problems with licensing). I have used Ghost in the past but it gets argumentative about some hardware and, when properly licensed, costs more money than I care to spend. It works better than most stuff I've tried. Face it, this is not a problem that Microsoft has solved yet.
I have to laugh at most of this thread. When you run your own business, and IT budget saved is your extra salary, suddenly it become painfully obvious how corporate culture prevents people from truly appreciating the cost of Windows. If the costs are always hidden in someone else's wasted time or just another line-item in the budget, its easy to accept the mess of costs, licensing, and strong-armed industry tactics that come with Microsoft. I, for one, do just fine without them.
With respect to the initial post, if you have to deploy hundreds or thousands of these, Linux has the potential to save you tons of time. The Motion Project at http://motion.sf.net/ might be useful for you. It doesn't necessarily have all of the PVR features, but it comes close. It also will feed back to a V4L loopback device, so it could still have MythTV strapped on the front for DVR support, although you may want to hack up the MythTV interface so that it behaves more appropriately. Good luck.
Slashdot Mirror
I don't know how prevalent it is, but there's already 132 columns. Various terminals support it and various printers as well.
If that doesn't work, I recall running accelerated text mode on a certain brand of video cards at 160x60 or somesuch.
The word "refactoring" applies here.
When the layers don't meet your needs, you have two options.
You can either violate the layering or you can get the layers refactored.
In Linux, we do not accept the first. Why? Because it generates bad software...period.
Writing drivers for MacOSX is a pain...because of the mingling between Mach, BSD, and everything else they did to make it work.
Drivers for Windows has always been a source of instability because there isn't good layering there either. Try to write database code on Windows, the lack of coherent design presents dozens of incompatible interfaces with different features.
You can do what these people do. You can make a "product" that "works" without regard to design. Eventually, you end up doing a complete rewrite. The fact of the matter is that Linus puts design before function, and maintainability before progress. As such, we move slow, we refactor, and we're generally slow. However, progress is steady and it does, generally, get better. Of course there are always people that want it to be everything.
Actually, in higher mathematics it has already been determined that, under the right circumstances, a sum with an infinite number of values can converge to a finite number. In the case of a simple percentage like this, I believe as long as it is less than 100%, the sum will converge.
Why not just pay him $168,292.68. 18% tax on that yields $30,292.68 leaving $138,000.00. How is this not possible?
Even if there are other taxes, as long as they don't go over 100%, a finite sum must exist. Furthermore, there are numerical algorithms that can be used to optimize the most stubborn of these sorts of problems by doing trials with differing values attempting to calculate this.
Infinite sums aside, banks, real estate agents, and title companies make the same calculations every day. It's really not rocket science.
Actually, TCP/IP predates OSI by a fair margin. It only has five layers if I recall correctly.
Could this just be low level packet prioritization? Maybe utilizing some tweaked out optimizations for checksum offloading or perhaps some clever optimization of TCP windows?
Still, sounds like snake oil to me (just like some video card specs).
Everytime I hear this it amazes me how unrealistic this line of reasoning really is. The essential statement is that, since there was a way to prevent the problem, the onus is on the user to "know what to do" because they are obviously "ignorant". It's like returning a broken hammer to the hardware store only to be told you "shouldn't have hit something so hard". Have you considered that the real problem lies in allowing vendors to completely avoid liability for their mistakes? Perhaps the lack of an economic incentive to make a good product has created the environment where this is possible?
From a practical perspective, telling college students not to download music, to avoid MySpace, and to not download seemingly harmless things like Screensavers and Wallpaper is about as effective as the rhythm method. Sure, they're "sinners" with their pr0n and their music. How dare they? They get what they deserve by using a computer on the internet to download the information they want. That's a sin to be sure. It's strange how that apparently makes them culpable for systematic, intentional, and malicious exploiting of their computers. Of course, the long-term social effects of corporate self interest manipulating law and public opinion to create stigma in their economic interest is beyond the scope of a Slashdot comment.
Back to the technical issues. Understand that a lot of malware immediately turns off ActiveX security. They leave the door wide open behind them. In your perfect world, not only does every user have to be perfectly responsible and knowledgable, but they also can't make even a single mistake--since this basically leaves them wide open (i.e. it doesn't ask, just downloads and installs any application that asks) in many cases.
Similarly, there is no safe site. A vast majority of the web is ad sponsored. A single malicious banner ad can catch millions (the recent MySpace incident for example). Expecting every user and every advertising company (with possibly tens of thousands of ads) to not ever make a single mistake is unrealistic as it is lazy. The web can be secure if people would put the effort into getting secure systems developed and into place instead of blaming security problems on the sinners.
Ironically, one of your "solutions", Antivirus Software (a.k.a. stopgap measure or snake oil depending on your inclination), is probably the reason things are as bad as they are. Rather than closing holes, AV just stomps the critters that run in through them. If users had insisted on fixes and security rather than installing Norton Antivirus (and considering it "fixed", things probably wouldn't be nearly so bad as they are. It would also be nice if the economic disincentive for insecurity would lie with the vendors where it belongs, not with each and every user.
People don't realize it, but this is really an old misconception. Make something illegal, and its sources become disreputable. This then reinforces the belief that it's inherently bad. My issues of concern are software licensing, patents, and copyright reform. I'm sure the same argument could (validly) be made for marijuana, prohibition, and prostitution.
Of course we've got a double-whammy with software security. Not only are the sinners browsing seedy sites, there is also no one responsible for protecting them (since the vendors have all licensed their cares away).
She's at a university. She can probably find more help there than most places. Heck, myself and at least five other companies support Linux in a town of less than 500,000 (Springfield, Missouri), so I don't think this nearly as true as it used to be.
Besides, think of the geeks. A girl, at university, that will seek you out because you can fix her laptop--that's running Linux--and who might find out that you DON'T have a tentacle pr0n fetish like her current boyfriend. The romantic possibilities are endless! Don't be selfish...
Well, I run one along with two other guys. The place will eventually make money but its not exactly a cash cow here (although it may get better after some of our competition goes under).
A lot of people chimed in mentioning that computers and net access are cheap. Well, that's true. I would also mention that, at a hypothetical $5.00 / hour (we're cheaper due to being in small town USA), it takes quite a while to catch up with a computer, games, maintenance, and internet access.
For people who either just browse the net or people who play games maybe five or six hours per week, it's much less trouble and cost effective to go to a place like this. I dare say that most people fall into that more casual group--especially when you consider they also divide their time with home consoles. We also have a nightly and weekly open-pass rate that keeps the place hopping when we would otherwise be slow.
There are other mitigating factors too. Maybe they don't trust their roommates. Maybe they're traveling. Maybe they really just want to avoid their parents. Maybe they skateboard in the area and just want to buy a drink someplace cool. All of these people fill in the gaps that are left by hardcore gamers just buying their own computer.
Some advice, don't go it alone. We have three people that own / work the place (only open after 5pm) and we couldn't really do it with less (and bona fide employees are expensive). Also, plan to replace your computers. If you don't you'll run out of money just when the business is taking off. Also, don't forget the three most important things to a business: location, location, and location. Finally, keep in mind that some games aren't licensed for cafe usage without special arrangements. Most notable is Valve Software (for which we have a cafe license). Also, don't pirate Windows. It's just stupid (and *will* get you shut down when the competition kindly turns you in).
Not with initramfs, actually. Cramfs is also quite tiny.
Hardly.
Closed-source Linux drivers can work well enough for a single kernel version in a controlled environment. You still don't get support from most distros that would want to build their own. Sure, if you cooperate you get in Novell and Red Hat's offerings, but not much further. You also get the onus of sinking the money into it to keep it working. Not to mention you pretty much guarantee being a problem to your users--think things like software suspend that never work right with closed drivers because certain problems can't be debugged or fixed (in which case improved quality *IS* a foregone conclusion).
You either get SLES / RHEL, or you get SLES / RHEL / Debian / Ubuntu / everything else... Not to mention improved operation. Of course, gravitating toward what works is why people are using open source in the first place. Sometimes "what works" is defined in terms of avoiding vendor lock-in and extortionate licensing.
There are definitely times where it is required.
Take, for example, booting onto a root on a SAN--specifically a Coraid Ethernet SAN.
During boot, you must bring up the ethernet interface, load the AoE module, probe for the SAN, wait for it to quiesce, then enable clustering, join the cluster, join the fence domain, allow the cluster to quiesce, load the DLM, enable CLVM, probe and activate everything, then mount your root GFS (or OCFS2 if you can get that working).
This would not be possible without a good initrd.
Also, not so obviously, distros aren't the only people who deploy a single kernel on lots of hardware. When you have 300 old Dells, 150 old gateways, 75 custom built boxen, and a handful of laptops, maintaining a single kernel and initrd beats maintaining ten of them. Not your use case, but definitely important.
Well, initramfs is very awesome. However, you can only have one initramfs per kernel, so initrd allows for a bit more modularity.
I think it depends on your application (and bootloader), really.
Kevin Spacey. He certainly can play a character devoid of an emotional connection to his peers. The Villian in Seven? Lex Luthor? K-pax?
Okay, maybe not K-pax.
Interesting. Of course, an ad hominem argument doesn't make me wrong any more than it makes you right, does it? I mean, if we're talking logic and all.
Assuming that we are actually talking about logical argument. Your initial request was "OK, so explain how GPLv3 is going to make it possible to circumvent the DRM." The implied argument was the the GPLv3 does not make it possible. The response was simply that it would create an environment conducive to it, thereby enabling it (albiet not technically, but politically). This in a very real sense is circumvention. In context, the GPLv3 circumvents DRM like the GPL originally circumvented restrictive software licensing. It compelled no one directly, and yet acted as a powerful force to enable FOSS. Rather than clarify that you meant this in a technical sense and that it was stated clearly, you resort to "begging the question", an equally common logical fallacy to ad hominem.
After viewing your volume of posts on this thread, I deduced that something other than rational thought drove you to exigence in this forum. I propose that you are trolling.
Trolling is simply the act of going somewhere and saying something the people there won't like to garner attention. I perceive (perhaps incorrectly) that this is your motivation.
You are correct in that I am not attacking your argument--I am attacking you. I feel that what you do is about as useful discussing software licensing as PETA members dressing up as slaughtered pigs and picketing a McDonalds is in discussing animal cruelty. You have crossed the line between raising awareness of an issue to grandstanding for personal gratification.
Regardless, use of ad hominem against a troll hardly justifies your argument.
Besides, if I was commited to ad hominem, I would have noted that my slashdot ID is lower than yours so you must be ignorant and uninformed.
Freedom from others is a more true form of freedom than freedom to control others. Licenses are the latter. This is unpopular among those who want to control others, but its reflexive. You either have the freedom of one to coerce the world, or the freedom of the world from coercion by the one.
Of course, you probably use the word "steal" to refer to copying software in violation of copyright legislation. Yes, this is an ad hominem attack.
Disclaimer: In addition to being opinionated, I've used Xen and VMware in an attempt to deploy an ISP hosting environment.
Actually, the guest OS can very much benefit from being cooperatively virtualized.
A lot of realtime code is run along side the kernel under a rudimentary hypervisor (Google for nanokernels, Adeos and RTLinux do this sort of thing). In this very important case, it is usually quite a pain to require the OS to have to implement the infrastructure to support emulated devices when it could be using a hypercall infrastructure like Xen. The real potential isn't the gigabyte-sized general-purpose OS guests, it's the 40 kilobyte realtime handlers.
If you're running VMware to run some Windows terminals under a beefy Linux box, that's great. It's an important use case.
However, in addition to this, Xen caters to situations with tiny realtime handlers running along side the a larger interface OS. Little dedicated systems controlling things like Avionics, X-ray equipment, or tracking systems. Xen is an architecture for revolutionary new systems. VMware is a crutch to prop up existing systems, and VMI is designed to efficiently implement that crutch. I don't want to take away people's crutches, I just don't want to impede the revolution.
In my case, specifically, the combination of Xen, a SAN, and CLVM has been consistently less trouble, less management, and higher performance than anything we achieved with VMware. Considering my development partner is a VMware dealer, you can bet that we exhausted their possibilities before diving into Xen. The Xen architecture has simply been better for my purposes.
If you desire to have any real understanding of the issues, take a look at the VMI spec and then the Xen Hypercall docs. Note the proliferation of x86 instructions and constructs in the former and the clean implementation of abstract interfaces in the latter.
VMware is designed to do literal translation of instructions that are pretty much architecture specific. This is because that is how they virtualize--by instruction trapping and translation. The VMI is effectively defined in terms of fencing off x86 specific instructions, memory management, and certain IO. The idea is that everything "dangerous" is trapped and emulated.
The Xen hypercall interface, on the other hand, is much clearer and targeted at actually developing towards it somewhere above a machine code level. Rather than just providing mitigation for basic instructions and processor architecture, Xen provides an hypercall layer and abstractions of pagetable maps / IO that are not nearly as architecture specific. In Xen, a single priviledged domain is allowed to do the dangerous stuff (think kernel-space / user-space split) and an efficient, set of interfaces is used to selectively provide those services to the subdomains.
Of course XenSource and VMware can't agree. VMware doesn't want to have to use abstractions when their selling point is sandboxing binaries. XenSource doesn't want to compromise a good architecture for hardware partitioning just so that a commerical vendor (with sharing issues) can implement a simple meat grinder to churn native code into sandboxed code backed by their clever emulated hardware devices.
Silly Historical Note: If you have enough history under your belt, the VMI might remind you of the architecture behind the Windows NT compatability layer to run NT code on the DEC Alpha processor. The Xen Hypercall system will likely remind you of the architecture of the kernel-space / user-space split among Unixes. If you recognize these, I'm sure you remember which one was a solid, successful product and which one was a buggy source of enterprise-level headaches.
Actually, what you're doing is called trolling.
This is standard MS practice of mixing in the poison with the medicine. You weren't "required" to install SP2 either, but was pretty much impossible to avoid.
Now I appreciate security improvements more than most, even in MS software. However, no one ever remembers the things that SP2 broke. Trust me--in order to use any software six months from now, IE7 will be required, so this whole "it's an option" thing is specious in the extreme.
That said, if it can usher in a new world of working CSS and consistent Javascript, I'm all for it. Maybe Firefox 2.0 and IE 7.5 will both pass Acid2 and work alike with scripting. I have no love for MS but I won't deny the world the benefit of a working web. Now we just need consistent alpha handling in PNGs and SVG...
I operate a Cybercafe (along with two partners) in Springfield, Missouri USA.
We have 100 megabits of upstream bandwidth. I've sustained downloads of more than 50 Mbps.
The scary thing is, we get that kind of bandwidth at T1 prices here from our local utility company (ignore the prices on their site, they're way out of date).
I thought you burned strawmen, not beat them.
You know, because straw is more flammable which is why strawmen are so easy to set aflame (and yet entirely devoid of nutricious goodness).
The best option here is Coraid.
:)
15-drive array = $4000
750GB Seagate Drive = $420
Full Array (14-drive RAID5, one hot spare) = $10,300 for 9.75 Terabytes
That's $1.06 per gigabyte RAID5 with hotspare. It doesn't get any better than this. Even with labor to assemble and set it up, and shipping, it's hard to get above $1.50 a gigabyte.
I suggest CLVM and Xen on the servers. Xen makes it really easy to turn up a new box. The space is available everywhere. CLVM is flexible enough to allow you to migrate stuff across arrays (or span arrays) very easily. I actually boot off of a flash chip and pivot_root my Linux systems onto a filesystem running off of these.
These numbers are roughly my cost. E-mail me if you'd like to buy one and we can talk about it.
Ever hear of WHQL? What about signed drivers? Microsoft has, for a long time, required you to open your drivers to them in order to make sure they don't crash Windows. Remember the famous instability of 95 and 98? Much of that was due to having no way of ensuring quality drivers. In XP, you get warnings if you install third-party, unsigned drivers. When Trust Computing is complete, you likely won't even be able to run a driver unless its signed. Ironically, in this Microsoft will have achieved what Verisign could not.
I always love to hear this argument. The fact of the matter is, binary only drivers make OSes suck (and crash). Okay, so if you have a microkernel (like the Hurd) they don't crash the system, but they still suck. In general, closed drivers are undebuggable and limit the ability to change kernel internals. In the case of almost every proprietary driver, they are doing this to earn somebody else money. Since when was hobbling the ability to maintain and develop your software a good idea--especially when you are doing it for someone else's profit?
Why are drivers binary-only? Sometimes people were too lazy (or hurried or cheap) to write their own code and bought it from someone else. Other times its patented by someone else. Other times it's to hide deficiencies in your product (i.e. software implementation of "onboard" RAID). Bottom-line, these are all people maneuvering for their own profit. They have nothing to do with making the software WORK. They only help do it from the naive point of view that anything less than full cooperation makes sound software.
For those harping about the GPL being designed to foster open software--not require it--I think you need to read the literature closer. The FSF actually asks you to assign them copyright on your GPLd work so that they can make sure its enforced. In other words, if you decide not to press charges to enforce the GPL, they'd like to be able to do it for you. The GPL is, thus, a tool to force software open. It was designed with the belief that you have the right to tinker with things you pay for. It was designed to create an environment where it was impossible to get productive work done without open sourcing your product unless you were willing to carry the entire burden of developing everything you run, from end-to-end. It is based on being as sound as a proprietary license while having the economic advantage of lowering the costs of all development participants.
Don't construe the above to mean that I don't support it. The fact of the matter is that cooperating fully makes good software and is good business when enough people do it. Larger businesses especially have problems with this because they don't like economics. Specifically, when a market no longer requires them in it (because of commoditization and such), they want to be able to maneuver to stay in it and control it. Of course, that just causes the losses to be subsumed by those companies until you start to see "consolidation" in that market. The GPL just makes it happen up front. In drives the commoditization that creates the savings that make the free market work.
I just love to hear the people whine that their NVidia card doesn't run well, when they decided to buy it. The sad fact is that Linux (and BSDs) has quality drivers for pretty much everyone who cooperates--just like Windows. In a system that has literally hundreds of quality drivers which drive tens of thousands of products, it speaks for itself when a device doesn't work--blame the people you paid money to for not supporting you. They are not willing to do what it takes to give you what you want--a good Linux driver. Don't blame the Linux developers because they insist on having a well-developed, agile product.
Actually, this almost can't be anything but a good thing.
First of all, most OSes these days use a memory page size of 4k. Having your IO system page match your CPU page makes it much more efficient to DMA data and the like. Testing has shown that this is generally a helpful.
Second, RAID will benefit here. Larger blocks mean larger disk reads and writes. In terms of RAID performance, this is probably a good thing. Of course, the real performance comes from the size of the drive cache, but don't underestimate the benefit of larger blocks. Larger blocks mean the RAID system can spend more time crunching the data and less time handling block overhead. The fact that more data must be crunched for a sector write is of concern, but I'd bet it won't matter too much (it only really matters for massive small writes, not generally a RAID use case).
Third, (and EVERYONE seems to be missing this) some file systems DON'T waste slack space in a sector. Reiserfs (v3 and v4) actually takes the underused blocks at the end of the files (called the "tail" of the file) and creates blocks with a bunch of them crammed together (often mixed in with metadata). This has been shown to actually increase performance, because the tail of files are usually where they are most active and tail blocks collect those tails into often accessed blocks (which have a better chance of being in the disk cache).
Netware 4 did something called Block Suballocation. While not as tightly packed as Reiser tail blocks, it did take their larger 32kb or 64kb blocks (which were chosen to keep block addresses small and large file streaming faster) into disk sectors and storing tails in them.
NTFS has block suballocation akin to Netware, but Windows users are, to my knowledge, out of luck until MS finally addresses their filesystem (they've been putting this off forever). Windows really would benefit from tail packing (although the infrastructure to support it would make backwards compatability near impossible).
To my knowledge, ReiserFS is the only filesystem with tail packing. If you are really interested in this, see your replacement brain on the Internet.
Fourth, larger sectors means smaller sector numbers. Any filesystem that needs to address sectors usually has to choose a size for the sector addresses. Remember FAT8, FAT12, FAT16, and FAT32? Each of those numbers were the size of sector references (and thus, how big of a filesystem they could address). This will prevent us from needing to crank up the size of filesystem references eventually.
Finally, someone mentioned sector size issues with defragmenters and disk optimizers. These programs don't really care as long as all of the sectors on the system are the same size. Additionally, they could be modified to deal with different sector sizes. Ironically, modern filesystems don't really require defragmentation, as they are designed to keep fragments small on their own (usually using "extents"). Ext2, Ext3, Reiserfs and the like do this. NTFS does it too, although it can have problems if the disk ever gets full (basically, magic reserved space called the MFT gets data stored in it and the management information for the disk gets fragmented permenantly). If it weren't for a design choice (I wouldn't call it a flaw as much as a compromise) NTFS wouldn't really need defragmentation. ReiserFS can suffer from a limited form of fragmentation. However, v4 is getting a repacker that will actively defragment and optimize (by spreading out the free space evenly to increase performance) the filesystem in the background.
I really don't see how this can be bad unless somebody makes a mistake on backwards compatability. For those Linux junkies, I'm not sure about the IDE code, but I bet the SATA code will be overhauled to support it in a matter of weeks (if not a single weekend).
While I don't disagree with the principle that seizure can be reasonable in the face of a real crime, the nature of seizure and of leaked confidential information makes this not so cut and dry.
Since businesses do a better job obtaining and preserving their protections than the public seems to do, just look to them for the precedent. They refuse to release things all the time claiming "irrepairable harm". Admittedly those are usually civil cases involving trade secrets and the like. However, the point stands. The Bill of Rights protects against unreasonable search and seizure for exactly that reason. Leaking information that can be used for retribution against citizen or, almost more importantly, against the press causes irrepairable harm. The belief of the paper is that the seizure, in this case, was far beyond what a constitution warrant would allow.
Admittedly computers and networks of them are very tightly integrated. It's hard to seize just the right parts of them. However, having witnessed the aftermath of a few police seizures of computer equipment I can assure you that it probably was overkill. People don't usually work well with things they don't understand. You can be that your average police department usually goes overboard in situations like this.
The claim could be made that the police made the most limited seizure practical, but I don't believe that's provides a defense against a clear Fourth Amendment claim (IANAL). The Fourth Amendment sends a clear message. Unfettered search and seizure is at odds with a citizen's ability to participate in a democracy because of the potential it creates for abuse. Any pretense of a crime can be used as a gateway to retribution. Especially considering that computers actually have made it easier to search and seize.
In the past, thousands of papers would have to meticulously found, catalogued, and archived. Now, digital copies can be made trivially, evidence integrity can be certified by third party signature, and search can be heavily automated. The sad fact is that the police are willfully ignoring the fact that they don't have to seize the entire computer so that they don't have to work as hard (not that they're lazy, but their resources ARE limited). Make no mistake, a single man can now seize libraries worth of data in minutes and search it just as quickly.
What nobody realizes about the Bill of Rights is that it was made to safeguard the ability of the people to revolt again if necessary. The government and courts has slowly disarmed the people, nibbled away at their speech protections, removed their autonomy, and generally preserve democracy by ensuring the government is subject to the will of the people--by force if necessary. This is always done in the spirit of "making people accountable", "keeping the peace", or "protecting people from criminals". The humbling reality is that every one of the founders of our government would have been dead if they were accountable to the government in their time. The peace would have been kept, it's true, but in a world where the people are made criminals for enjoying their freedom, what does it matter?
Actually, this is far worse than any of that.
One of the base assumptions of DNS is that a single domain is the same, everywhere. That is, microsoft.com does not get mapped to microsoft.com.us (or have different records entirely) in China.
Since there are now two authoritative sets of records for the same address and no agreement over which is "more authoritative", systems on the other DNS are effectively inoperable.
Lots of people think "big deal", but it will break almost everything.
Absolute URLs will not work everywhere. Most websites have one or two, so this will be a big deal with no good way to fix.
XML uses URLs to identify namespaces. Even though the DNS information doesn't get used, the names were chosen as a way to arbitrate namespace. So the person with www.nsa.gov could manage their own names without fear of someone else stepping on them. Really any system that uses URLs for uniqueness is vulnerable.
E-mail has similar problems. DNSSEC is completely toast. Opportunistic IPSEC is broken too (although the Chinese Govt wouldn't mind).
They may have done this for censorship purposes, as the ICANN probably would ignore Chinese Govt requests of the form "Remove this or suffer the consequences." which are really the only kind they send.
It is also not obvious to everyone that China's number one method of censorship is the Chinese language, and this makes alternate language sites difficult to access. It also makes it easier to firewall DNS requests with the same purpose. I'm sure they'll love appropriating the URLs used by Voice of America and other propaganda machines.
Personally, I suspect it is also a tool to undermine foreign competition in the Chinese IT market. I know that this is a big concern. Any country that employs thousands of hackers to infiltrate America's (well, maybe its more Capitalism's fault) insecure software must be equally concerned with shoring up their data stores. Nobody has forgotten the lesson of the Enigma machine--and now the stakes are higher.
The insidious thing about these acts is that they aren't about censorship. That's just another tool. They are about the government definition of what is right and what is wrong. Legislated morality. Ironically, this is something a lot of our home grown fascists don't appreciate anything. It's the spirit behind America's Bill of Rights--that public debate, transparency, and full disclosure are the only way to get public opinion to get close to the truth.
Ironically, that's part of the reason that I question any and all exceptions to the First Amendment (including Libel, Slander, and Obscenity) as they create legal weapons that only serve to be misappropriated by the greedy. Of course I feel the same way about disarming the populace, but I'm already offtopic enough...
This is either unabashed ignorance, trolling, or just inexperience.
Windows cannot be installed, and up to date, WITH APPLICATIONS in anywhere near this time. You cannot slipstream a completely configured IIS install. You cannot slipstream a nontrivial user environment. You cannot slipstream anything but updates. Even with SMS remote rollout it takes more time. You cannot slipstream a configured Active Directory. This just isn't something that is tolerable on more than 100 machines.
You can get close with imaging, but it creates other problems and images must be updated. Bottom line is, there are things, as a Unix guru, that I can automate at unit install time that would require a team of programmers and cooperation from Microsoft to accomplish with Windows. Even more importantly, they are things that you WANT to be able to do.
Next, legal is big.
Finally, licensing is TECHNICAL. When Windows doesn't feel good about being licensed, IT REFUSES TO RUN! This was bad for people whose images tripped issues when going from SP1 to SP2 and it was bad for a similar group of people when Windows Genuine Licensing stuff hit the scene. Regardless of "philosophical" issues, the it helps your software to run and upgrade reliably when it doesn't have a paranoid mode designed into it whereby it refuses to correctly run. When thousands of desktops (or worse, embedded seats) require attention due to a completely unnecessary "feature", it is hardly philosophical. It turns into dollars and cents.
Ironically, for small and medium business, it's worse. An major IT shop may have millions in budget for a year. An additional $300,000 in upgrade labor and longer install times hardly shows up in the pretty charts for the CEO. For a small business, an extra $2,500 out of a $12,000 budget is huge.
If the licensing were only on paper it would be philosophical. The licensing is in the code. Soon enough it will be in the hardware. These are computer systems designed to NOT WORK in arbitrary cases. While you could argue that all computer security is designing software not to work, I think its easy to differentiate between security and rights restriction (aka technological licensing enforcement, aka not having control over your own equipment).
How anyone can recommend software with mandatory licensing for mission critical systems is beyond me. I've watched at least two people lose their jobs because a botched update caused a blue screen which corrupted the registry and put an important server in "activate me" mode.
For what its worth, with identical hardware I've got some homegrown deployment stuff that deploys images of Windows, FreeBSD, and Linux. I can do about 100 machines in 30 minutes. That said, the Windows machines require about ten minutes each to adjust the SID and replace the license key (to protect us from future problems with licensing). I have used Ghost in the past but it gets argumentative about some hardware and, when properly licensed, costs more money than I care to spend. It works better than most stuff I've tried. Face it, this is not a problem that Microsoft has solved yet.
I have to laugh at most of this thread. When you run your own business, and IT budget saved is your extra salary, suddenly it become painfully obvious how corporate culture prevents people from truly appreciating the cost of Windows. If the costs are always hidden in someone else's wasted time or just another line-item in the budget, its easy to accept the mess of costs, licensing, and strong-armed industry tactics that come with Microsoft. I, for one, do just fine without them.
With respect to the initial post, if you have to deploy hundreds or thousands of these, Linux has the potential to save you tons of time. The Motion Project at http://motion.sf.net/ might be useful for you. It doesn't necessarily have all of the PVR features, but it comes close. It also will feed back to a V4L loopback device, so it could still have MythTV strapped on the front for DVR support, although you may want to hack up the MythTV interface so that it behaves more appropriately. Good luck.