Not a myth I've heard uttered by people with real unix(-a-like) experience. If a service is not functioning correctly you might restart that service, and maybe its dependencies, but not the whole machine.
The only time a server should be rebooted is after a kernel update or after configurations changes that you "know" are right but need to verify stay right after a reboot. I do sometimes reboot machines at other times just to make sure all is well so I can be reasonably assured that everything will come back up after, say, a power outage. None of these times happen when there is a known problem to be investigated - the reboot happens at a planned time (well, within a planned window) outside of working/demand hours. Rebooting a machine to fix a problem is no better then "close all your windows and see if it happens again" guesswork.
Some suggest rebooting to force an fsck occasionally, to ensure the filesystems are in consistent order, but this can usually be done without a full reboot (unless you suspect the root filesystem may need checking) - just stop all the relevant services and umount the filesystem.
The bombing civilians thing is a little different to the blank/white that people tend to think or the all-is-fair-in-love-and-war greyness that the more pensive know to be the case. I'm told it was essentially an accident followed by round after round of tit-for-tat attacks. A small German bomber group were off target and essentially lost & running out of time, and needed to drop their bombs somewhere in order to have enough fuel to attempt to return to base. They picked what they thought looked like an industrial target but it turned out to be a largely domestic area. Of course we didn't know the "accidental" nature of the targeting, and wouldn't have believed it if told at the time, so set out to make plans to bomb a few civi targets on the other side (to attack their civilian moral in the same way we assumed their military was trying to do to ours). So the first civilian bombing was by them, but the first deliberate civilian bombing was by us. To summarise: war is hell, especially all-out war, and no one taking part can claim much by way of moral ground.
No, but it is nice to occasionally leave the office with some daylight, and so feel like there is some of the day left for yourself after work has taken its pound of flesh.
The usual response to that question is (and I have not legal training so I don't know how valid said response is) to point out that the license gives them the right to use the code, so if they state "we don't accept the terms of that license as it isn't enforceable in our territory" they give up the right to use the code under that license and need to negotiate something else.
Many a commercial entity will scream "no fair, no fair, waa, waa, waaaaa" at this point and claim that OSS is an airborn cancer that will take all our firstborn, but I don't see how it is the fault of people releasing code under the GPL that the commercial entity failed in its due diligence when agreeing to the license by virtue of using the code (which is legally dubious in some interpretations of relevant legislation, but they'll never call a F/OSS project on that as they use the same sort of condition to state we agree to all their terms by breathing in the general direction of their EULAs and shrink-wrap licenses and similar).
I don't approve as such. I just wouldn't take my usual stance of not turning a blind eye. Though I appreciate that this is a very fine imaginary line I've just made up to defend my thought process...
Also she may have been using a client that when the network (or just the site) is inaccessable stores posts and sends them when possible. If she typed the message in a bad signal area or when facebook was having one of its little blips said clietn software could have actually posted the message quite some minutes after. When using server-side timings to judge what order things happened externally there can be a lot of complicating factors to consider.
GPL3 is cited as an example, not as the only specific case or as one of a set of specific cases - the more generic wording found around that example would exclude quite a few licenses for the same reason(s) it is not compatible with GPL3.
This is possibly why he is speaking out. There have been antitrust investigations (IIRC as part of the big set of investigations against MS some years ago) regarding Intel providing information to Microsoft that they did not provide to anyone else. Here Intel is publicly distancing itself from MS, but on an issue that does not affect them (how many x86 chips are going to be running in W7 phones?) without actually taking a shot directly (all he is saying is that he though Android might be a better match for Nokia right now, not that there is anything specifically wrong with Microsoft's offering).
There's only one way to find out! FIGHT!!
http://www.youtube.com/watch?v=Np6gyUb0E7o
(almost, but not quite, entirely off-topic I know - feel free to mod accordingly)
Are soul catchers in the sky really that much harder to believe than Coyote coming back to life again and again, or the Great Father making humanity out of corn?
Or Atum getting bored one day and creating the universe as we know it by cranking one off... (http://en.wikipedia.org/wiki/Ancient_Egyptian_creation_myths#Heliopolis)
I'm reminded of the quote:
"I contend we are both atheists, I just believe in one less god than you do. When you understand why you dismiss all other Gods, you'll understand why I dismiss yours."
-- Stephen Roberts. (I have no idea who Mr Roberts is, but he way of thinking strikes a chord with me)
The problem with IE9 is many people can't upgrade. You'd be surprised how many people still use XP on older machines or netbooks at home, and how many corporate environments will be locked to XP (and in some cases IE6 with it) until near when SP3 drops out of extended support in 2014.
I run XP at home, as I refuse to pay for Windows 7 until there is compelling reason to do spend the cash and spend the time reinstalling the machine. Lack of security updates in 2014 might make me shift in 2013 if nothing has done before then, so I'm not moving last minute, but until then the only thing I'd particularly notice is DX10+ and that isn't worth the cost to me (I have a relatively beefy gfx card and occasionally play hight end games, but if any game dares *require* DX10 then to me it jumps from being a £30 game to being a £130+ages-reinstalling-my-desktop-environment so just won't get bought (I have far more valuable things to do with my spare time). Many people will be in the same position, but unlike me a fair number will be resolutely using IE8 (or below) rather than one of the more capable options which means as developers we have the choice: support the retarded IE8 and its senile descendants or lose a chunk of the market (though to be frank, I'm getting towards a mindset where that chunk of the market can go screw itself).
Some of our banking clients are moving to IE8 soon as some software providers are starting to refuse to support IE6 (Google dropping support for IE6 last year started that ball properly rolling: thanks G!), but they are not moving off XP any time soon so there will be no IE9 for them yet. IE8 is here to stay in those environments for at least then next two years, maybe three, and IE6 to a certain extent too.
I've taken the Eurostar from London (st. Panc) to Brussels. 1 hour and 55 minutes. It takes as long as that to get from York to London in the first place. IIRC they currently do 180mph for a chunk of the HS1 leg in the UK and for a large chunk of the route through France and Belgium. A most impressive service when there are no technical problems or people striking on the French side...
Fair point, the password store is a weak point - but not for remote attackers. They need to get the DB, the key file and the password from my head, most of which requires physical access to me. If someone is that determined to get access to my accounts or impersonate me then they could just kidnap me and be done with it.
Or be a spurned lover OH WAIT THIS IS SLASHDOT.
My pycho ex took the direct route of going for me with a large knife and the sharp end of a broken wine bottle. I can tell you that at moments like that you don't care about who might have access to your credentials database!
The answer here is to train users to have different passwords for each important account (I do, keeping record of them in a local keepass DB, itself protected by a strong password and keyfile on a USB stick, though that is too much hassle for many people).
All that work and in the end you effectively have a single password for everything.
Passwords are like testicles in a devil's threeway - you must never let them touch.
Fair point, the password store is a weak point - but not for remote attackers. They need to get the DB, the key file and the password from my head, most of which requires physical access to me. If someone is that determined to get access to my accounts or impersonate me then they could just kidnap me and be done with it.
Nope. The result of an MD5 run is a 128 bit value. 16 bytes. 32 characters if represented in hexadecimal. http://en.wikipedia.org/wiki/Md5
Am MD5 rainbow table for all passwords between 1 and 7 characters long with between 0 and 7 lower case characters, between 0 and 7 upper case, between 0 and 7 numeric characters and 0 to 7 spaces weights in at only 26Gb apparently, within the available RAM of a chunky machine these days and well within modern drive sizes - so you definitely need some salt in that hash.
How long it would take to generate a rainbow table for a given password pattern (should someone want to generate a new one because they have access to your password store and know the fixed hash that you use) I'm not sure, but I bet it is quite practical if you are a hacker with access to a large botnet to run the computation over - so using a salt that varies per password as well as or instead of a fixed salt is probably a good idea.
Basically, not even root should be able to figure out any users password.
What's to stop root from forcing a password reset and then snarfing the new password before it gets hashed?
Nothing. But the user could at least be aware that something is amiss as the password reset probably wouldn't be affected and this would only work for as long as the attacker maintains access (rather than syphoning off the user/pass data for later analysis elsewhere).
The answer here is to train users to have different passwords for each important account (I do, keeping record of them in a local keepass DB, itself protected by a strong password and keyfile on a USB stick, though that is too much hassle for many people).
I only *had* to *officially... There was a flaw in the DRM system that was quickly exploited so there were a number of utilities to sign tracks so that they would be recognised. But that was the last time I every regularly used an operator provided phone (aside from my "spare" phone sometimes being one I've obtained that way).
But I shouldn't have to work to use advertised features of the device.
but the other three major U.S. carriers don't give a discount for bringing your own phone.
I don't know what the market is like over there (I'm in the UK), but I've bought my own phones separate from my carrier for some time (after finding out I *had* to buy new DRMed MP3s instead of being able to use my own for tones or just for playing as music because Vodafone had locked the ability to play unprotected MP3s).
It is true that you can often get the same deal with phone as you can get without when it comes to contract renegotiation time (effectively meaning you get no cost benefit from having bought the phone elsewhere, though you do still have the not-locked-down-artificially-by-your-carrier benefit). What I do then is get the highest value phone that I can get for free on the plan I would be signing up to anyway. I then either flog that phone on eBay (or for less to a friend or family member if one is looking for a cheap upgrade) or designate it my spare phone and flog the one that is currently designated "spare".
The only slight problem I have with this is that I know with a fair degree of certainty that last time I sold a contract upgrade phone as "brand new, box unopened, probably locked to network" is was immediately sold on by the buyer as "brand new, box unopened" (no mention of operator locks, or operators at all) for an extra £20 so someone somewhere got a little ripped off if they weren't on the right network (though I shouldn't really be bothered - it isn't like I knew beforehand or was otherwise at all responsible and that sort of dishonest selling goes on day in day out whether I sell honestly or don't sell at all).
He did, but by my understanding you'd need to adjust the method for each card type so it wouldn't be money earned in your idle time. And that $600 is probably a sensible maximum - you'd probably make considerably less most days. Even if the $600 is an expected average rather than a maximum, it doesn't seem to take into account limits you'll find in the small print of many cards to the effect that you can only make a small number of prize claims in a given time (assuming such limits are enforceable under your state's lottery laws/regulations).
The serial console would probably allow you to boot it to do repairs, assuming that your linux setup supports serial consoles. If it won't boot at all, you could try the same thing bit booting from an OS setup on a USB drive.
Or you could have a boot disk setup on a USB stick that would start with the network adaptor(s) configured via DHCP and SSHd running so you can remote in to sort the problem out - just shutdown, pull out the USB stick and restart when done.
That would be because these things don't tent to have video out at all. It is not their purpose to display anything. The RS232/USB/what-ever port will allow a route to a serial console or other such control method for your initial setup. After that just SSH in over the network or what-ever your preferred remote control method is.
Slashdot Mirror
Certainly works for me. My family (i.e. the cat) would appreciate me being around more to provide entertainment!
Not a myth I've heard uttered by people with real unix(-a-like) experience. If a service is not functioning correctly you might restart that service, and maybe its dependencies, but not the whole machine.
The only time a server should be rebooted is after a kernel update or after configurations changes that you "know" are right but need to verify stay right after a reboot. I do sometimes reboot machines at other times just to make sure all is well so I can be reasonably assured that everything will come back up after, say, a power outage. None of these times happen when there is a known problem to be investigated - the reboot happens at a planned time (well, within a planned window) outside of working/demand hours. Rebooting a machine to fix a problem is no better then "close all your windows and see if it happens again" guesswork.
Some suggest rebooting to force an fsck occasionally, to ensure the filesystems are in consistent order, but this can usually be done without a full reboot (unless you suspect the root filesystem may need checking) - just stop all the relevant services and umount the filesystem.
The bombing civilians thing is a little different to the blank/white that people tend to think or the all-is-fair-in-love-and-war greyness that the more pensive know to be the case. I'm told it was essentially an accident followed by round after round of tit-for-tat attacks. A small German bomber group were off target and essentially lost & running out of time, and needed to drop their bombs somewhere in order to have enough fuel to attempt to return to base. They picked what they thought looked like an industrial target but it turned out to be a largely domestic area. Of course we didn't know the "accidental" nature of the targeting, and wouldn't have believed it if told at the time, so set out to make plans to bomb a few civi targets on the other side (to attack their civilian moral in the same way we assumed their military was trying to do to ours). So the first civilian bombing was by them, but the first deliberate civilian bombing was by us. To summarise: war is hell, especially all-out war, and no one taking part can claim much by way of moral ground.
No, but it is nice to occasionally leave the office with some daylight, and so feel like there is some of the day left for yourself after work has taken its pound of flesh.
Is the GPL legally binding in Australia?
The usual response to that question is (and I have not legal training so I don't know how valid said response is) to point out that the license gives them the right to use the code, so if they state "we don't accept the terms of that license as it isn't enforceable in our territory" they give up the right to use the code under that license and need to negotiate something else.
Many a commercial entity will scream "no fair, no fair, waa, waa, waaaaa" at this point and claim that OSS is an airborn cancer that will take all our firstborn, but I don't see how it is the fault of people releasing code under the GPL that the commercial entity failed in its due diligence when agreeing to the license by virtue of using the code (which is legally dubious in some interpretations of relevant legislation, but they'll never call a F/OSS project on that as they use the same sort of condition to state we agree to all their terms by breathing in the general direction of their EULAs and shrink-wrap licenses and similar).
It's not uncommon for sexual predators to get much less time than this for truly heinous crimes.
Just a few "hail mary"s and a sideways career move in many cases...
I don't approve as such. I just wouldn't take my usual stance of not turning a blind eye. Though I appreciate that this is a very fine imaginary line I've just made up to defend my thought process...
I can't say I approve of vigilante justice, but in this case I could most certainly consider making an exception.
Also she may have been using a client that when the network (or just the site) is inaccessable stores posts and sends them when possible. If she typed the message in a bad signal area or when facebook was having one of its little blips said clietn software could have actually posted the message quite some minutes after. When using server-side timings to judge what order things happened externally there can be a lot of complicating factors to consider.
GPL3 is cited as an example, not as the only specific case or as one of a set of specific cases - the more generic wording found around that example would exclude quite a few licenses for the same reason(s) it is not compatible with GPL3.
This is possibly why he is speaking out. There have been antitrust investigations (IIRC as part of the big set of investigations against MS some years ago) regarding Intel providing information to Microsoft that they did not provide to anyone else. Here Intel is publicly distancing itself from MS, but on an issue that does not affect them (how many x86 chips are going to be running in W7 phones?) without actually taking a shot directly (all he is saying is that he though Android might be a better match for Nokia right now, not that there is anything specifically wrong with Microsoft's offering).
Having used Office 2008 for the Mac for years
Many many years, or just two or three?!
There's only one way to find out! FIGHT!!
http://www.youtube.com/watch?v=Np6gyUb0E7o
(almost, but not quite, entirely off-topic I know - feel free to mod accordingly)
Are soul catchers in the sky really that much harder to believe than Coyote coming back to life again and again, or the Great Father making humanity out of corn?
Or Atum getting bored one day and creating the universe as we know it by cranking one off... (http://en.wikipedia.org/wiki/Ancient_Egyptian_creation_myths#Heliopolis)
I'm reminded of the quote:
"I contend we are both atheists, I just believe in one less god than you do. When you understand why you dismiss all other Gods, you'll understand why I dismiss yours."
-- Stephen Roberts.
(I have no idea who Mr Roberts is, but he way of thinking strikes a chord with me)
The problem with IE9 is many people can't upgrade. You'd be surprised how many people still use XP on older machines or netbooks at home, and how many corporate environments will be locked to XP (and in some cases IE6 with it) until near when SP3 drops out of extended support in 2014.
I run XP at home, as I refuse to pay for Windows 7 until there is compelling reason to do spend the cash and spend the time reinstalling the machine. Lack of security updates in 2014 might make me shift in 2013 if nothing has done before then, so I'm not moving last minute, but until then the only thing I'd particularly notice is DX10+ and that isn't worth the cost to me (I have a relatively beefy gfx card and occasionally play hight end games, but if any game dares *require* DX10 then to me it jumps from being a £30 game to being a £130+ages-reinstalling-my-desktop-environment so just won't get bought (I have far more valuable things to do with my spare time). Many people will be in the same position, but unlike me a fair number will be resolutely using IE8 (or below) rather than one of the more capable options which means as developers we have the choice: support the retarded IE8 and its senile descendants or lose a chunk of the market (though to be frank, I'm getting towards a mindset where that chunk of the market can go screw itself).
Some of our banking clients are moving to IE8 soon as some software providers are starting to refuse to support IE6 (Google dropping support for IE6 last year started that ball properly rolling: thanks G!), but they are not moving off XP any time soon so there will be no IE9 for them yet. IE8 is here to stay in those environments for at least then next two years, maybe three, and IE6 to a certain extent too.
I've taken the Eurostar from London (st. Panc) to Brussels. 1 hour and 55 minutes. It takes as long as that to get from York to London in the first place. IIRC they currently do 180mph for a chunk of the HS1 leg in the UK and for a large chunk of the route through France and Belgium. A most impressive service when there are no technical problems or people striking on the French side...
Fair point, the password store is a weak point - but not for remote attackers. They need to get the DB, the key file and the password from my head, most of which requires physical access to me. If someone is that determined to get access to my accounts or impersonate me then they could just kidnap me and be done with it.
Or be a spurned lover OH WAIT THIS IS SLASHDOT.
My pycho ex took the direct route of going for me with a large knife and the sharp end of a broken wine bottle. I can tell you that at moments like that you don't care about who might have access to your credentials database!
The answer here is to train users to have different passwords for each important account (I do, keeping record of them in a local keepass DB, itself protected by a strong password and keyfile on a USB stick, though that is too much hassle for many people).
All that work and in the end you effectively have a single password for everything. Passwords are like testicles in a devil's threeway - you must never let them touch.
Fair point, the password store is a weak point - but not for remote attackers. They need to get the DB, the key file and the password from my head, most of which requires physical access to me. If someone is that determined to get access to my accounts or impersonate me then they could just kidnap me and be done with it.
Nope. The result of an MD5 run is a 128 bit value. 16 bytes. 32 characters if represented in hexadecimal. http://en.wikipedia.org/wiki/Md5
Am MD5 rainbow table for all passwords between 1 and 7 characters long with between 0 and 7 lower case characters, between 0 and 7 upper case, between 0 and 7 numeric characters and 0 to 7 spaces weights in at only 26Gb apparently, within the available RAM of a chunky machine these days and well within modern drive sizes - so you definitely need some salt in that hash.
How long it would take to generate a rainbow table for a given password pattern (should someone want to generate a new one because they have access to your password store and know the fixed hash that you use) I'm not sure, but I bet it is quite practical if you are a hacker with access to a large botnet to run the computation over - so using a salt that varies per password as well as or instead of a fixed salt is probably a good idea.
Basically, not even root should be able to figure out any users password.
What's to stop root from forcing a password reset and then snarfing the new password before it gets hashed?
Nothing. But the user could at least be aware that something is amiss as the password reset probably wouldn't be affected and this would only work for as long as the attacker maintains access (rather than syphoning off the user/pass data for later analysis elsewhere).
The answer here is to train users to have different passwords for each important account (I do, keeping record of them in a local keepass DB, itself protected by a strong password and keyfile on a USB stick, though that is too much hassle for many people).
I only *had* to *officially... There was a flaw in the DRM system that was quickly exploited so there were a number of utilities to sign tracks so that they would be recognised. But that was the last time I every regularly used an operator provided phone (aside from my "spare" phone sometimes being one I've obtained that way).
But I shouldn't have to work to use advertised features of the device.
but the other three major U.S. carriers don't give a discount for bringing your own phone.
I don't know what the market is like over there (I'm in the UK), but I've bought my own phones separate from my carrier for some time (after finding out I *had* to buy new DRMed MP3s instead of being able to use my own for tones or just for playing as music because Vodafone had locked the ability to play unprotected MP3s).
It is true that you can often get the same deal with phone as you can get without when it comes to contract renegotiation time (effectively meaning you get no cost benefit from having bought the phone elsewhere, though you do still have the not-locked-down-artificially-by-your-carrier benefit). What I do then is get the highest value phone that I can get for free on the plan I would be signing up to anyway. I then either flog that phone on eBay (or for less to a friend or family member if one is looking for a cheap upgrade) or designate it my spare phone and flog the one that is currently designated "spare".
The only slight problem I have with this is that I know with a fair degree of certainty that last time I sold a contract upgrade phone as "brand new, box unopened, probably locked to network" is was immediately sold on by the buyer as "brand new, box unopened" (no mention of operator locks, or operators at all) for an extra £20 so someone somewhere got a little ripped off if they weren't on the right network (though I shouldn't really be bothered - it isn't like I knew beforehand or was otherwise at all responsible and that sort of dishonest selling goes on day in day out whether I sell honestly or don't sell at all).
He did, but by my understanding you'd need to adjust the method for each card type so it wouldn't be money earned in your idle time. And that $600 is probably a sensible maximum - you'd probably make considerably less most days. Even if the $600 is an expected average rather than a maximum, it doesn't seem to take into account limits you'll find in the small print of many cards to the effect that you can only make a small number of prize claims in a given time (assuming such limits are enforceable under your state's lottery laws/regulations).
The serial console would probably allow you to boot it to do repairs, assuming that your linux setup supports serial consoles. If it won't boot at all, you could try the same thing bit booting from an OS setup on a USB drive.
Or you could have a boot disk setup on a USB stick that would start with the network adaptor(s) configured via DHCP and SSHd running so you can remote in to sort the problem out - just shutdown, pull out the USB stick and restart when done.
That would be because these things don't tent to have video out at all. It is not their purpose to display anything. The RS232/USB/what-ever port will allow a route to a serial console or other such control method for your initial setup. After that just SSH in over the network or what-ever your preferred remote control method is.