Re:Ghost is worth the money
on
Ghost for Unix
·
· Score: 2
Also, ghost understands filesystems and not raw blocks. I don't understand why reading the raw data is an advantage -- you get images the size of your hard disk or partition instead of the size of the data. Ghost 7.5 can understand fat/ntfs/ext2 and ext3. It can also do raw reads of the hard disk.
If your machine has been broken into, you want to save the entire hard drive image, including "blank" space verbatum for forensic purposes before you wipe the disk and reinstall everything.
Also, what if you're runnig *BSD, Solais x86, or you're using xfs, reiserfs, cramfs (on a flash drive or microdrive)? Spritefs and lfs give you better write performance. I hate to break it to you, but 4 filesystems may not cover everyone's needs. Alse, there's the issue of encrypted partitions. (Not the file-level encryption that ships with windows now, but real partition-lelvel encryption.)
If you put raw disk images back on the disk you have the advantage of overwriting the old file data instead of just marking the blocks as unused.
I'm sure that for most windows shops, Ghosts does everything they want and is fact more useful than opaque data transfer. However, don't be so quick to dismiss the advantages of raw partition transfer and storage.
Re:Attack an algorithm that matters!
on
ECCp-109 Solved
·
· Score: 2
Birthday attacks are relatively fast, but very memory and bandwidth intensive. In order to find a collision with a work factor of 2**64, you end up computing, sorting, and storing 2**64 md5 sums... which will take 2**68 bytes of storage plus indexing overhead. And in order to facilitate rapid insertions and searches for solutions, you want many times this storage space available.
Plus, a few FPGAs on a PCI card may be able to saturate the PCI bus with results more efficiently than an ethernet card in the same PCI slot.
With RC5-64, nodes only needed to send back ("they key wasn't in the huse block of keys you told me to try"). Cracking md5 with a work factor of 2**64 means sending back each and every result to the server... that's a lot of bandwidth.
Uhh.. second-hand smoke in bars and greasy food? I don't think alcohol is a known carcinogen. Are you referring to the strong corelation between tea-totaling and good diet?
I think it's often a grey issue. It's "Gee.. I found a hole in your site.. I can do the whole full disclosure thing, or you can hire me as a security consultant. Your call."
You're right in that it's stupid to pay script kiddies to un-deface sites, and Idon't think anyone does that.
I think it's most often extortion in the form of "security consulting fees" for unsolicited "security audits". Occasionally it's "We have your entire credit card databasebase and all of your loyal customers will never trust you again if we post them to usenet, so pay up." I heard ofsomeone trying to do this to a Minnesota comapny maybe 3 years ago, but the company basically said "screw you" and went to the FBI. Nobody knows how oftn companies pay up... It's like estimating the percentage of unreported rapes. It's just data that you don't ahve and isreally hard to estimate.
Sure... once you've been rooted, it's game over. You have to hope it hasn't infected your bios and wipe the disk clean. (pretty much, just to be safe)
The point of keeping everything very current is that maybe a fix will come out against a "day 0" or "day 2" exploit before the worm gets you, and you want to grab that update before the worm hits. Once the worm has an opportunity to modify the program (has root privledges), you're screwed. Unless you're running a Mandatory Acess Control (not THAT Mac) system (Such as SELinux or TrustedBSD), asking what happens after a root exploit is a moot point. The OS has to be written off as a complete loss.
Static IPs are not necessary. Think Gnutella or FastTrack. You need at least a few percent of the infected machines to have static IPs, but by no means all. There are tons of vulnerable machines out there. Joe average doesn't remember CodeRed.
Good avice. I admin a RedHat webserver. I set it up to run up2date followed by autoupdate every 6 hours. I had a breakin maybe 4 years ago due to a patch oversight... maybe 6 hours is a bit too often, but it allows me to be lazy about actually doing anything with the box. If I hear of somethign spreading fast, I'm taking it down pronto, but for the most part it's set-it-and-forget-it.
For simplicity, KFC set up the world's largest builboard in its empoyees-onlyparking lot, facing company headquarts. The billboard contained the Colonel's secret recipie. A local photographer is being sued for taking an oblique picture of the sign from a nearby freeway.
Seriuously. There are established procedures for keeping people out. If you're not at a very minimum using HTTP Basic authentication, it's the equivalent of setting up a billboard, or leaving a stack of papers face down on a public sidewalk in hopes nobody flips the stack over. Reasonable and innocent curiousity is not a crime, nor is reasonable reporting of the reslults of such.
A friend once got sued for using a "guest" dialup account with a null password from a local telco back in the early 1990s, when net access was damn expensive and for the most part not available to kids. He didn't set up a BBS or crack any passwrd files. He just used the guest account to telnet into some MUDs and read some newsgroups. Luckily, the jury decided it was reasonable for him to assume that as a customer, the "guest" account with no attepts made to restrict acess applied to him.
If you put a table in your front yard with a "free" banner hanging over it, it's kinda hard to charge someone for trespassing if they walk up and eat a few brownies off the table when you weren't arround. Maybe it is your yard and maybe they were your brownies, but you implied consent in a major way by putting them out there in that context. If you really only meant for the paper cups next to the brownies to be free, it's your problem. In fact, it's false advertising if you try and collect damages.
I neglected to mention a side benefifit of a nice clean nanokernel : good cache utilization. I had to run some memory benchmarks on several different architectures as part of a systems engineering class. Just for kicks, I ran the tests on both Linux and QNX on my home machine. Linux transitioned much more smothly to higher latency L2 cache and main memory usage. QNX had very rapid and clear transitions at higher thresholds. In short, QNX thrashed the cache less than Linux. It certainly helped that half the kernel fit into my L1 instruction cache. If you hand-linked and rearranged the Linux kernel, you could probably get close to the same effect by increasing locality of reference, but your time is better spent doing other things.
Good post, you just missed one small point: Mach is a microkernel. It's a big dirty-old man of a microkernel at that. Mach is a big reason GNU/HURD isn't performing as well as hoped. OS X gets reasonable performance out of Mach by using a monolithic server (as opposed to HURD's more modular multiserver approach) and running the server in the same address space as Mach itself (thus it's not a Machsever in the strictst sense).
I've run some fast microkernel/nanokernel OSsses on my x86 machine (BeOS, QNX, L4Linux) that all use much lighter-weight kernels and servers that run in user space. L4 and the QNX kernel each weigh in at about 1/10th the size of my maximally pruned Linux 2.4.18 kernel (everything compiled as modules, except IDE and ext2 support). Mach itself without the BSD personality probably is slightly bigger than my Linux kernel. I nuked my GNU/HURD partition last weekend, so I can't tell you for sure. L4-Hazelnut and the QNX kernel each have about 32k of compiled assembly and 32k of C++ code. Hopefully OS X will eventually migrate to a nanokernel and/or runing multiservers in userspace.
BTW - I wouldn't recomend L4Linux, at least a year agoit was less stable than Mac System 7. I think it was due to a poor job of making linux into a monoserver, as the debugging counters would keep rolling in the corner of my screen and there were no L4 panics/ Maybe in a couple of years L4-HURD or L4-Linux will be up to par. There are some reeally nice things going on in that area of research.
The GPL requires all parties, including the author, to agree not to distribute derivative works under a different license. That's waiving a fundamental right of authorship-- the right to distribute one's works. The BSD license requires no such waiver.
If the author is the original and sole author this is not true. This is only true if the work contains GPLed code written by others. Most of the software produced by the Kompany is dual-liscenced.
Today has been a huge stress test. It's 3 a.m. for poor Matt and he's still coding, making code tweaks from everythign he's learned today. Freenet has some problems if a huge percentage of the nodes pop on and off the network, because freenet nodes actually learn over time which neighbors to ask for which infrmation. A given node routes things very inneficiently when it first comes on line. Within the past few minutes they released freenet 0.5.0.1 with improved laod balancing code, please update when you read this... it will help everyone. (Yes,they know the README still sys 0.5 instead of 0.5.0.1. Give Matt a break.. It's been a long long long day for him.)
I'd guess there will be some much improved builds comming out within the next couple of weeks as they learn more about today's stress test.
In other news, supposedly the great firewall of China started filtering out http packets with "freenet" in them today. (Source is questionable.)
Hmm.. you intentionallylet them play with a computer with a dodgey power supply? if I were truly evil... which I am from time to time... I'd be tempted to put a timed water dipensation device in the bottom of the case, with the restart button on the case rewired to the timer...
Install droid shows up... hit rest button before answering the door. 15 minutes into the install, water starts leaking rapidly out the bottom of your computer. "Oh, don't worry, it does that from time to time." 2 minutes later a firecracker goes off inside the case. "Yeah.. that happens about once a week. My brother thinks I need to reinstall windows."
Too bad thos installation guys are just underappreciated drones, or I'd have a lot of fun.
1) I cannot control what is in my datastore. Free speech or not, I'm not going to cache your kiddieporn for you. So if I know that there's a file I don't want, give me a way to blacklist it. If it's encrypted then it's another story.
Yes, it is another story, particularly for split files. It's designed this way on purpose so that, for instance, the U.S. government can't require you to delete all of the communist litterature off of your machine, or else be dragged in to the Star Chamb^h^h^h^h^h^h^hHouse Unamerican Activities Comittee hearings.
2) My files aren't shared permanently. If nobody requests the files I injected, they are thrown out after a while, even if my node is online 24/7. That's just plain stupid.
Re-insert your webites daily. I think Fishtools can be set up to do this automagcally.
Sit down and think things through. For the most part, they did things the only way that makes sense for maximizing anonymity. If th files you inserted were by default always available from your machine, it wouldn't take a rocket scientist to figure out who was publishing what.
Personally, I would have made everything FEC split CHKs except for SSKs, which could only provide metadata, but I guess hindisght is always 20/20.
Hosting kiddie porn is not a freedom of speech issue, it is a legal one. (and etchical one, and moral one). Criminal activity is not protected speech under the 1st Amendment.
Umm... you would be referring to the extent to which the U.S. Constitution guarantees free speech. Don't confuse that with free speech itself. How would you classify a communist pamphlet?
Your viewpoint is also very U.S.-centric. Mathew Toesland is in Britain, btw.
If your definition of free speach is legal speech, what will you do if your government outlawed criticism of its policies, or makes it illegal to greet anyone with anthing besides "Heil Hitler"? Do you think the U.S. will never go through another period of McCarthyism?
Don't get me wrong... I can see where you're comming from. Personally, I think think there's no lower form of human being than one who takes pleasure at the expense of a child. I would not be at all opposed to life sentances for producers of child pornography. However, when you step back and look at all of the things they would like to make it illegal to say, (talk to Emanuel Goldstein, Eeeeeed Felton, Dmitry Sklyarov, et. al.) you begin to wonder what fundamentally makes us different from the Taliban.
Look at all the crap Phil Zimmerman went through to bring you PGP. That was legal speech, yet the U.S. Government harassed the hell out of him. Let's not forget what happened to Communist and even suspectedCommunists durrin the Red Scare. Don't forget that Communist propeganda was outlawed then too.
Friend, FreeBSD isn't UNIX. UNIX is a trademark, and FreeBSD can't be called UNIX
Besides Mac OS X contains a complete FreeBSD 4.4 distribution-- it is, in fact, a superset of FreeBSD-- so OS X is just as much a UNIX operating system as FreeBSD is.
You are correct that neither FreeBSD nor OS X are UNIX 95 or UNIX 98 certified by the Open Group.
However, OSX is certainly not a superset of FreeBSD . OS X runs on top of Mach. Try compiling FreeBSD kernel modules for Darwin... Sure Darwin i a pretty good 4.4 BSD kernel simulator, but please don't confuse the simulation with the real thing. Way down at the bottom, you're using the Mach threadin model instead of the BSD 4.4 model.
Don't get me wrong... I love the idea of microkernels. For about a week I tried running my machine with a userland port of Linux 2.2.20 for the L4 Hazelnut microkernel. Props to NeXT and Apple for making a microkernel OS. Windows NT was originally intended to be a microkernel, but then all kinds of crap got migrated into the kernel for performance reasons. Microkernels are hard to pull off... MS could't do it, the GNU folks are still trying to do it (G_d bless 'em). Unfortu ntely, Mach is the CISC of microkernels and can rightly be called "micro" only in its delegation of tasks, not in its footprint. There's a push to move the HURD to L4, and you'd see a significant speed improvement if someone ports Darwin to L4 (and also ports a recent L4 implementation to PPC).
Hey, has anyone tried porting the old MkLinux stuff from GnuMach 68k to Apple's Mach PPC flavor? Then you could, at least in theory, run both Darwin and the Linux personality simultanously, one of the unutilized benefits of a microkernel. "Puh-leeze, you have dual AMD Hammers? I have a dual personaity microkernel on dual PPCs!" Speaking of advantagesof microkernels, was anyone yet implemented a "userland-only reboot" where you kill off all userland programs, including the BSD personality and then re-load the BSD personality and everything on up? That's one thin I liked about BeOS: the networking stack was a bit flakey, but you could kill it off and restart it because it wasn't part of the kernel. Hopefully Apple will stat to modularize Darwin in that way. You'd get absolutely insane stability if you had a watchdog component that would restart the other Darwin components if they startd to flake out. The other parts of the system would only think that disk latency or network latency had momentarily jumped to 10 seconds or so, with a few dropped packets and failed reads. A minor library change would even hide thefailed readsand dropped packets from the apps by checking with the watchdog component and retrying automatically when things were functional again. This is much prefferabe to, say a BSOD from a while(1{{printf("\t\b\b\\t");};
I'd like to see safe inter-language calls across a protection boundary. CORBA is about as good as it gets, but it's slow, because it marshalls the data into a stream and pumps it through a socket to the other side. There are faster approaches (look at Multics protection rings) but they need some hardware support, which we don't have today.
As long as you have two rings, you can emulate an infinate number of rings. x86 CPUs have 4 rings...
Of course, MS is never going to put in the kernel code to have the MULTICS 32 rings on x86...
On the other hand, you can use L4 IPC and something that's CORBA-like. But then you'd be limited to native L4 binaries and Linux binaries. (And last I cecked, the latest kernel ported as an L4 server was a 2.2 kernel.)
Repeat after me: "All networks are hostile by nature."
One misconfigured laptop with a wireless card attached to your wired network and suddenly you've got a wireless network! People steal data and blackamil companis with it all the time. The HIPAA may make this thing more lucrative for the thieves. The blackamil is usually of the form "pay me a consultant fee and I'll tell you how I did it. I won't fix anything, just tell you what I found wrong."
I believe in privacy, but there's no simple way to make everything ultra-secure with encryption and such -- and that should be a move taken by the businesses themselves, not forced upon them by a distant bureaucracy.
Then this will never happen, pure and simple, unless cracktivism is legalized (cracking inscured systems to publically disgrace the company into bolting thiings down).
Damit, I've got 5 good moderator points but I just posted here. Someone mod parent up to 5.
By the way, just for the kiddies out there: breathing pure oxygen slowly harms the lungs (especially at elevated pressures, which is why they use heliox instead of pure oxygen for really deep sea dives), so don't do it unless you need it. Oxygen bars are such a joke. I saw one in the local mall. $15 for 10 minutes of breathing pure oxygen.... Oooooh, and kids, don't do whippits too much.. excessive nitrous use can lead to muscular weakness.
Then you have standards like Fast Ethernet, which are also asynchronous. AFAIK, the clock used to decode the Ethernet packet is contained somewhere in the preamble, and a PLL is tuned to the packet's clock rate.
You're right. Metcafe's prototype and all variants tereafter (that I'm aware of) use a phase-modulated baseband signal. (Cable modems use somethign very similar to ethernat, except they use otherwise unused cable channels instead of using baseband.) You have a bunch of leading zeroes to get the PLL locked, then a 1 to signal the beginning of the header. Some of the leading zeros get discarded with every hub/switch thepacket goes through as the PLL is locking on to the clock. The original ethernet paper is a good read, one of those things wher you sit back afterwards and say to your self "that's the right way to do it".
Anyone have any documetation for the service at the TCP/IP level?
A guy at my fraernity once decided to test his new UPS by unplugging it from the wall... so his Win2K box started smb message-spamming the entire house every 2 minutes until I hunted him down and had him turn off the power failure warning over smb braodcast feature in the software that came with the UPS. (I was the Residnt Computer Consultant at the time, so people came to me when they got anoyed.)
A group of n MIT students acts if they have an average IQ of 30 + 120/(1+e^(0.3(n-20))),... and there were about 30 of us...
"Hey, who left broken glass in the garbage disposal?"
"Who's been repeatedly running the garbage disposal with glass in it?"
"Who plugged the fridge (aka surge generator) into my surge protector? See my monitor blink? Hear my speakers pop?"
"What's this shiny ring on this tarnished wire? Did you just try and strip this bare ground wire?"
Slashdot Mirror
If your machine has been broken into, you want to save the entire hard drive image, including "blank" space verbatum for forensic purposes before you wipe the disk and reinstall everything.
Also, what if you're runnig *BSD, Solais x86, or you're using xfs, reiserfs, cramfs (on a flash drive or microdrive)? Spritefs and lfs give you better write performance. I hate to break it to you, but 4 filesystems may not cover everyone's needs. Alse, there's the issue of encrypted partitions. (Not the file-level encryption that ships with windows now, but real partition-lelvel encryption.)
If you put raw disk images back on the disk you have the advantage of overwriting the old file data instead of just marking the blocks as unused.
I'm sure that for most windows shops, Ghosts does everything they want and is fact more useful than opaque data transfer. However, don't be so quick to dismiss the advantages of raw partition transfer and storage.
Plus, a few FPGAs on a PCI card may be able to saturate the PCI bus with results more efficiently than an ethernet card in the same PCI slot.
With RC5-64, nodes only needed to send back ("they key wasn't in the huse block of keys you told me to try"). Cracking md5 with a work factor of 2**64 means sending back each and every result to the server... that's a lot of bandwidth.
Uhh.. second-hand smoke in bars and greasy food? I don't think alcohol is a known carcinogen. Are you referring to the strong corelation between tea-totaling and good diet?
You're right in that it's stupid to pay script kiddies to un-deface sites, and Idon't think anyone does that.
I think it's most often extortion in the form of "security consulting fees" for unsolicited "security audits". Occasionally it's "We have your entire credit card databasebase and all of your loyal customers will never trust you again if we post them to usenet, so pay up." I heard ofsomeone trying to do this to a Minnesota comapny maybe 3 years ago, but the company basically said "screw you" and went to the FBI. Nobody knows how oftn companies pay up... It's like estimating the percentage of unreported rapes. It's just data that you don't ahve and isreally hard to estimate.
The point of keeping everything very current is that maybe a fix will come out against a "day 0" or "day 2" exploit before the worm gets you, and you want to grab that update before the worm hits. Once the worm has an opportunity to modify the program (has root privledges), you're screwed. Unless you're running a Mandatory Acess Control (not THAT Mac) system (Such as SELinux or TrustedBSD), asking what happens after a root exploit is a moot point. The OS has to be written off as a complete loss.
Static IPs are not necessary. Think Gnutella or FastTrack. You need at least a few percent of the infected machines to have static IPs, but by no means all. There are tons of vulnerable machines out there. Joe average doesn't remember CodeRed.
Good avice. I admin a RedHat webserver. I set it up to run up2date followed by autoupdate every 6 hours. I had a breakin maybe 4 years ago due to a patch oversight... maybe 6 hours is a bit too often, but it allows me to be lazy about actually doing anything with the box. If I hear of somethign spreading fast, I'm taking it down pronto, but for the most part it's set-it-and-forget-it.
Seriuously. There are established procedures for keeping people out. If you're not at a very minimum using HTTP Basic authentication, it's the equivalent of setting up a billboard, or leaving a stack of papers face down on a public sidewalk in hopes nobody flips the stack over. Reasonable and innocent curiousity is not a crime, nor is reasonable reporting of the reslults of such.
A friend once got sued for using a "guest" dialup account with a null password from a local telco back in the early 1990s, when net access was damn expensive and for the most part not available to kids. He didn't set up a BBS or crack any passwrd files. He just used the guest account to telnet into some MUDs and read some newsgroups. Luckily, the jury decided it was reasonable for him to assume that as a customer, the "guest" account with no attepts made to restrict acess applied to him.
If you put a table in your front yard with a "free" banner hanging over it, it's kinda hard to charge someone for trespassing if they walk up and eat a few brownies off the table when you weren't arround. Maybe it is your yard and maybe they were your brownies, but you implied consent in a major way by putting them out there in that context. If you really only meant for the paper cups next to the brownies to be free, it's your problem. In fact, it's false advertising if you try and collect damages.
I neglected to mention a side benefifit of a nice clean nanokernel : good cache utilization. I had to run some memory benchmarks on several different architectures as part of a systems engineering class. Just for kicks, I ran the tests on both Linux and QNX on my home machine. Linux transitioned much more smothly to higher latency L2 cache and main memory usage. QNX had very rapid and clear transitions at higher thresholds. In short, QNX thrashed the cache less than Linux. It certainly helped that half the kernel fit into my L1 instruction cache. If you hand-linked and rearranged the Linux kernel, you could probably get close to the same effect by increasing locality of reference, but your time is better spent doing other things.
I've run some fast microkernel/nanokernel OSsses on my x86 machine (BeOS, QNX, L4Linux) that all use much lighter-weight kernels and servers that run in user space. L4 and the QNX kernel each weigh in at about 1/10th the size of my maximally pruned Linux 2.4.18 kernel (everything compiled as modules, except IDE and ext2 support). Mach itself without the BSD personality probably is slightly bigger than my Linux kernel. I nuked my GNU/HURD partition last weekend, so I can't tell you for sure. L4-Hazelnut and the QNX kernel each have about 32k of compiled assembly and 32k of C++ code. Hopefully OS X will eventually migrate to a nanokernel and/or runing multiservers in userspace.
BTW - I wouldn't recomend L4Linux, at least a year agoit was less stable than Mac System 7. I think it was due to a poor job of making linux into a monoserver, as the debugging counters would keep rolling in the corner of my screen and there were no L4 panics/ Maybe in a couple of years L4-HURD or L4-Linux will be up to par. There are some reeally nice things going on in that area of research.
If the author is the original and sole author this is not true. This is only true if the work contains GPLed code written by others. Most of the software produced by the Kompany is dual-liscenced.
I'd guess there will be some much improved builds comming out within the next couple of weeks as they learn more about today's stress test.
In other news, supposedly the great firewall of China started filtering out http packets with "freenet" in them today. (Source is questionable.)
Install droid shows up... hit rest button before answering the door. 15 minutes into the install, water starts leaking rapidly out the bottom of your computer. "Oh, don't worry, it does that from time to time." 2 minutes later a firecracker goes off inside the case. "Yeah.. that happens about once a week. My brother thinks I need to reinstall windows."
Too bad thos installation guys are just underappreciated drones, or I'd have a lot of fun.
Yes, it is another story, particularly for split files. It's designed this way on purpose so that, for instance, the U.S. government can't require you to delete all of the communist litterature off of your machine, or else be dragged in to the Star Chamb^h^h^h^h^h^h^hHouse Unamerican Activities Comittee hearings.
2) My files aren't shared permanently. If nobody requests the files I injected, they are thrown out after a while, even if my node is online 24/7. That's just plain stupid.
Re-insert your webites daily. I think Fishtools can be set up to do this automagcally.
Sit down and think things through. For the most part, they did things the only way that makes sense for maximizing anonymity. If th files you inserted were by default always available from your machine, it wouldn't take a rocket scientist to figure out who was publishing what.
Personally, I would have made everything FEC split CHKs except for SSKs, which could only provide metadata, but I guess hindisght is always 20/20.
Umm... you would be referring to the extent to which the U.S. Constitution guarantees free speech. Don't confuse that with free speech itself. How would you classify a communist pamphlet?
Your viewpoint is also very U.S.-centric. Mathew Toesland is in Britain, btw.
If your definition of free speach is legal speech, what will you do if your government outlawed criticism of its policies, or makes it illegal to greet anyone with anthing besides "Heil Hitler"? Do you think the U.S. will never go through another period of McCarthyism?
Don't get me wrong... I can see where you're comming from. Personally, I think think there's no lower form of human being than one who takes pleasure at the expense of a child. I would not be at all opposed to life sentances for producers of child pornography. However, when you step back and look at all of the things they would like to make it illegal to say, (talk to Emanuel Goldstein, Eeeeeed Felton, Dmitry Sklyarov, et. al.) you begin to wonder what fundamentally makes us different from the Taliban.
Look at all the crap Phil Zimmerman went through to bring you PGP. That was legal speech, yet the U.S. Government harassed the hell out of him. Let's not forget what happened to Communist and even suspectedCommunists durrin the Red Scare. Don't forget that Communist propeganda was outlawed then too.
Besides Mac OS X contains a complete FreeBSD 4.4 distribution-- it is, in fact, a superset of FreeBSD-- so OS X is just as much a UNIX operating system as FreeBSD is.
You are correct that neither FreeBSD nor OS X are UNIX 95 or UNIX 98 certified by the Open Group.
However, OSX is certainly not a superset of FreeBSD . OS X runs on top of Mach. Try compiling FreeBSD kernel modules for Darwin... Sure Darwin i a pretty good 4.4 BSD kernel simulator, but please don't confuse the simulation with the real thing. Way down at the bottom, you're using the Mach threadin model instead of the BSD 4.4 model.
Don't get me wrong... I love the idea of microkernels. For about a week I tried running my machine with a userland port of Linux 2.2.20 for the L4 Hazelnut microkernel. Props to NeXT and Apple for making a microkernel OS. Windows NT was originally intended to be a microkernel, but then all kinds of crap got migrated into the kernel for performance reasons. Microkernels are hard to pull off... MS could't do it, the GNU folks are still trying to do it (G_d bless 'em). Unfortu ntely, Mach is the CISC of microkernels and can rightly be called "micro" only in its delegation of tasks, not in its footprint. There's a push to move the HURD to L4, and you'd see a significant speed improvement if someone ports Darwin to L4 (and also ports a recent L4 implementation to PPC).
Hey, has anyone tried porting the old MkLinux stuff from GnuMach 68k to Apple's Mach PPC flavor? Then you could, at least in theory, run both Darwin and the Linux personality simultanously, one of the unutilized benefits of a microkernel. "Puh-leeze, you have dual AMD Hammers? I have a dual personaity microkernel on dual PPCs!" Speaking of advantagesof microkernels, was anyone yet implemented a "userland-only reboot" where you kill off all userland programs, including the BSD personality and then re-load the BSD personality and everything on up? That's one thin I liked about BeOS: the networking stack was a bit flakey, but you could kill it off and restart it because it wasn't part of the kernel. Hopefully Apple will stat to modularize Darwin in that way. You'd get absolutely insane stability if you had a watchdog component that would restart the other Darwin components if they startd to flake out. The other parts of the system would only think that disk latency or network latency had momentarily jumped to 10 seconds or so, with a few dropped packets and failed reads. A minor library change would even hide thefailed readsand dropped packets from the apps by checking with the watchdog component and retrying automatically when things were functional again. This is much prefferabe to, say a BSOD from a while(1{{printf("\t\b\b\\t");};
As long as you have two rings, you can emulate an infinate number of rings. x86 CPUs have 4 rings...
Of course, MS is never going to put in the kernel code to have the MULTICS 32 rings on x86...
On the other hand, you can use L4 IPC and something that's CORBA-like. But then you'd be limited to native L4 binaries and Linux binaries. (And last I cecked, the latest kernel ported as an L4 server was a 2.2 kernel.)
One misconfigured laptop with a wireless card attached to your wired network and suddenly you've got a wireless network! People steal data and blackamil companis with it all the time. The HIPAA may make this thing more lucrative for the thieves. The blackamil is usually of the form "pay me a consultant fee and I'll tell you how I did it. I won't fix anything, just tell you what I found wrong."
Anyone know of any email gatewways capable of looking for any non-PGP content in the body of an email and then rejecting non-compliant emails?
Then this will never happen, pure and simple, unless cracktivism is legalized (cracking inscured systems to publically disgrace the company into bolting thiings down).
Tangential question: anyone know if Postress supports Kerberos encryption yet, or is it still limited to only using Kerberos for authentication?
By the way, just for the kiddies out there: breathing pure oxygen slowly harms the lungs (especially at elevated pressures, which is why they use heliox instead of pure oxygen for really deep sea dives), so don't do it unless you need it. Oxygen bars are such a joke. I saw one in the local mall. $15 for 10 minutes of breathing pure oxygen.... Oooooh, and kids, don't do whippits too much.. excessive nitrous use can lead to muscular weakness.
I think the author realizes this, but also realizes that "the carrot is better than the stick" when trying to motivate people for long-term results.
You're right. Metcafe's prototype and all variants tereafter (that I'm aware of) use a phase-modulated baseband signal. (Cable modems use somethign very similar to ethernat, except they use otherwise unused cable channels instead of using baseband.) You have a bunch of leading zeroes to get the PLL locked, then a 1 to signal the beginning of the header. Some of the leading zeros get discarded with every hub/switch thepacket goes through as the PLL is locking on to the clock. The original ethernet paper is a good read, one of those things wher you sit back afterwards and say to your self "that's the right way to do it".
A guy at my fraernity once decided to test his new UPS by unplugging it from the wall... so his Win2K box started smb message-spamming the entire house every 2 minutes until I hunted him down and had him turn off the power failure warning over smb braodcast feature in the software that came with the UPS. (I was the Residnt Computer Consultant at the time, so people came to me when they got anoyed.)
A group of n MIT students acts if they have an average IQ of 30 + 120/(1+e^(0.3(n-20))), ... and there were about 30 of us...