Just in case you read this later, my mistake. The 29 byte UDP packet problem is still correct with a min transfer unit of 64 bytes, the smallest you can send is 64 bytes. Too much time looking at ATM : )
Thanks for setting me straight. -- Mike Mangino Consultant, Analysts International
Umm, wrong. First of all, you can't send a 29 byte UDP packet. Second of all, it is carried on an ethernet frame to the cable modem which is 1500 bytes. You would need to have an incredibly thick pipe to actually do much damage. Remeber, the bandwidth is used at the ethernet layer. A 29 byte udp packet still uses 1500 bytes of bandwidth. -- Mike Mangino Consultant, Analysts International
How big is the ethernet frame that carries the 29 byte packet? 1500 bytes. This is a 1:1 attack. You could probably do twice as much damage if you just ping flooded from the unix box on the large pipe you rooted.
True, you get a bit of a multiplier in the response, but this still isn't an attack with a multiplier. Its not like the mac sends the same packet back out to the broadcast address which then starts all the other macs doing this. It would be more effective just to ping flood them from the rooted box on the big pipe. Think about it, if you have rooted a unix box on a fat pipe to coordinate the attack, why not just attack from there? -- Mike Mangino Consultant, Analysts International
Maybe I'm completely missing something, but can't you just send it an ICMP ping request with a forged source address and have it send the response? This doesn't sound like anything special. Maybe if we could get some more information about the type of ICMP packet that is sent this could be helpful.
So normally, you send an ICMP response request packet (a ping packet) to a machine and it responds to you. This is a pretty simple concept. The problem is that you flood the connection with your ping requests. I believe ping floods are normally caused when you get the machine to respond on a broadcast or multicast address. If the mac just responds with a ping response, this isn't a very important discovery.
However, there are other kinds of ICMP (Internet Control Message Protocol) packets. Maybe this isn't a straight ping request or ping response flood. Unfortunately, there isn't more information provided about it. Can someone post more information? -- Mike Mangino Consultant, Analysts International
Because POSIX is a source level interface spefication, it has nothing to do with binary compatibility. -- Mike Mangino Consultant, Analysts International
Linux supports 64 gig of ram. Dell donated a machine to a kernel developar (Molnar Ingo, I believe) to add support. Hardware vendors will donate hardware to linux developers if they think it will sell machines. It also appears that many hardware vendors are hiring kernel developers to insure that there stuff is supported.
I wasn't aware that ia32 supported more than 8 processors. Has this changed? -- Mike Mangino Consultant, Analysts International
Can you explain the kernel bloat? There is no difference between a closed source binary driver and an open source driver after t has been compiled. The main problem is that you can't effectively debug a closed source driver, and you certainly can't fix it. Mike -- Mike Mangino Consultant, Analysts International
Here in the US, telling somebody that you are going to kill your wife is a crime. It is, if nothing else, assault. Assault is talking about hurting someone or threatening them, battery is actually carrying it out. IANAL.
Mike -- Mike Mangino Consultant, Analysts International
No, the previous poster was correct. a[i] is the value of a plus the value of i. Because addition is commutative, i[a] is correct as well. (It is poor C, but legal) -- Mike Mangino Consultant, Analysts International
Of course you got your final statements wrong as well, the compiler is a native program. An IDE is not a compiler. The pretty widgets you click in VB are not part of the compiler.
Ummm, no. The compiler is written in Java. Have you ever looked at it? The JVM is native, but the compiler and debugger are not. Take a look at the wrapper script for javac from the Blackdown port. -- Mike Mangino Consultant, Analysts International
There are differences between what Sun is doing and what Microsoft has done. (And this analogy is getting really tired of being trotted out for any company Redhat's size or larger.) First, Microsoft does not license their Windows technology to anyone. (Wince doesn't count.) This is just not true. Microsoft will license their OS to you if you have enough money. In fact, it is even possible to get the source. I believe several universities have source code to NT for use in graduate programs. I'm sure they don't allow you to give away your product based on NT, but they will license it.
Note: I have no first hand experience with this, but I have good information from several reliable sources saying this.
Sun licenses their technology to anyone that wants to pay the fees. In fact, Sun would be happy if they never had to do their own JVM implementations. They would be content to provide a reference implementation and compatability testing.
In some ways I agree with this, but not completely. If Sun wanted to never implement another VM, they would make it a lot easier to get the code. If they open source it, they will never have to implement it again. I'm not an open source bigot. I like open source software, but I recognize that currently some things need to be closed. A language like Java does not seem to be one of them. They want to control where the language goes. I feel this is the real reason Sun keeps a short leash on java. It also explains their 100% pure java program and such things.
I think Sun is a good company in many ways. I like aspects of their hardware. I even like parts of their OS. Watch out for them. They already do some scary things. Do you think you can stick a normal IDE drive in one of their IDE ultras? Good luck, It has to be sun branded. -- Mike Mangino Consultant, Analysts International
From a programmers POV the KDE gui is 100% Object Oriented since it is written in C++.
Just because something is written in C++ doesn't mean it is object oriented. I'm currently maintaining some C++ code that is not object oriented, and I find it terribly difficult to maintain. On the other hand, just because something is written in C doesn't mean it is not object oriented. I'm a C programmer and I write almost all of my code in an object oriented fashion.
I haven't seen the KDE code, and I am not saying that their code isn't object oriented. I'm just saying the C++ != OO.
Mike -- Mike Mangino Consultant, Analysts International
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me! Mike
-- Mike Mangino Consultant, Analysts International
I just wanted to say thanks (since you seem to be actively reading and responding here) I've enjoyed using MAPS, BIND and crond for quite some time. I'm appreciate the time you've taken to make the internet what it is today, both from working on BIND to chairing the ISC. You've provided a great service to the internet community. Mike -- Mike Mangino Consultant, Analysts International
There are some other really bad things about this monoxy hydride or di-hydrogen monoxide. It can't be washed off with water. Trying to wash it off with water only makes the contamination worse!
Worse yet, all of the food grown in the US (and other areas) is grown with di-hydrogen monoxide. All crops are sparyed with this. it also finds its way into streams and lakes, further polluting our waterways.
In large enough quantites, di-hydrogen monoxide can even kill people. I really think we should spend some federal money trying to research the potentially disastrous problems with di-hydrogen monoxide.
p.s. for those who are chemicaly impaired, di-hydrogen monoxide or H2O is water. A girl won a science fair with an expose on the dangers of this. It was published in a chemistry journal and gave everyone a good laugh. -- Mike Mangino Consultant, Analysts International
How do you keep the state of both kernels the same? If you can't keep them in exactly the same state, you end up with a worse problem than if the machine just crashed. If you keep both in the same state, then they should both crash at the same time. In the UNIX worlds, machine oops and panic for a reason, because the machine is in an unstable state and continuing to execute would possibly allow data corrpution. This is a Good Thing (tm) If you need redundancy on this level, look at clustering technologies with process migration and n+1 sparing. -- Mike Mangino Consultant, Analysts International
I don't normally have problems with crashes either. Currently, however, I am working on kernel modules for solaris. Until I learned how to use adb on the kernel crash dump, debugging was impossible. Now it is relatively easy, just use adb -k unix.0 vmcore.0 and $c will show you the call stack. This works great for debugging kernel level drivers and modules. I can't wait to try this under linux! -- Mike Mangino Consultant, Analysts International
The reason that I don't know the RE syntax for C is that I don't use it very often. I tend to do extremely low level programming, like Solaris STREAMS modules and kernel programming, you can't do this in perl.
I don't want it to look like I'm getting down on PERL, it certainly has its uses. I used it a fair bit at my previous job. I have some complaints about PERL but that doesn't belong here. I was simply saying that there are some misconceptions about C/C++. The reason that you know the PERL RE syntax is because you use it every day. I know the Solaris DDI interface well. That doesn't make it the best tool for CGI (obvious again, I know)
In too many Slashdot threads, people say X is faster than Y, without really looking about the design. Where I work, we are currently saturating some machines due to a poor program design. The tools they used were incredibly fast, but the design stunk and we are paying the price now. While the comment The speed is based on the quality of implementation is an impossible generalization and remarkably obvious, you would be amazed how many people forget this when writing real world code. -- Mike Mangino Consultant, Analysts International
The performance bottleneck is bandwidth, not performance. Usually, it's the speed of someone's modem, or the crowded internet backbones that slow down a web-page's performance. Using a faster language isn't going to help that, so typically web-folk go for the easiest solution. The easiest solution is to use an interpreted language. The reason is listed in my first bullet point. I want to preface this comment by saying I a not picking on you in particular, your comment is well thought out and a good argument. I feel that the bandwidth argument is only a half truth though. While the user may not see much difference in the performance of a C module extension and a perl module extension, your server will. CGI's put a very heavy load on the servers that run them. If you write your CGI to be efficient, you will be able to run more concurrent accesses on a single system. More and more I'm seeing people that don't think about the resources that they use in programs and how they affect the overall system performance. This is the reason that even though the hardware speed has increased tremendously in the past few years, many new versions of applications don't go any faster. This type of thinking is bad for the industry in general. The good news is that not all software suffers from this. gcc for one is much faster now than it used to be, even on the same hardware. In short, think about not just how fast your single application will run, but also the effect it will have on the overall system conditions. -- Mike Mangino Consultant, Analysts International
Trying to incorporate that sort of thing into C or C++ might result in a speed increase of execution, but if you're still loading entire binaries off disk each time, it's not likely to be that significant and you've got to crank out the whole API for your backend RDBMS (ie CT-lib for Sybase Open Client, ODBC for ODBC access, OCI for Oracle, whatever) which is a large development investment overhead for stuff-all performance increase.
This is just plain wrong. You don't have to load the binary off disk any more often than you have to load the script off of disk. The OS (assuming something somewhat intelligent) will map often used binary files into a shared data segment, the same way you don't have to load large dynamic libraries every time you use them. This means that if you use the binary a lot, it will be in memory.
There is a large difference in speed between well written PERL and well written C for most things, the problem is that it is difficult to find good C programmers to do this type of work quickly. C was not designed to be a RAD like language.
Other people have mentioned that Regular Expressions aren't native in C/C++, which is correct, but there are regular expression packages. You may have to say re_compile(re); re_execute(re,str); or whatever the syntax is, but it can be done relatively easily. The fact that it is not built in does not make it slower. The speed is based on the quality of implementation.
In shops where CGI's are written in C, they probably already have extensive backend libraries, which speeds up development.
I personally use PERL for quick RAD type stuff, but if I'm going to have to maintain it or I want it to scale, I'll use C. (Note, I am not a web or CGI programmer, but a UNIX consultant. I use C because it is strongly typed and easier for me to work with, YMMV)
In closing, when you start talking about speed, check your facts and know what you are talking about. If you compare the execution speed of well written PERL and well written C, C should win every time. When you include development and testing time, the results may differ. -- Mike Mangino Consultant, Analysts International
The base model I believe is a 333mhz without a cache and a 5400 RPM IDE disk with 64 megs of RAM. These machines include a PCI bus with 3 slots and Two IDE controllers. I don't believe you can add IDE devices to these machines. The next step up machine comes with a 9gig 7200 RPM disk, a 2megabyte l2 cache and 128 megs of ram.
To clarify, these machines will only run Windows using a Sun PC card or using software emulation like RealPC. To run RealPC, you have to put the framebuffer in 8 bit mode (24 bit mode is not supported)
I own one of these machines and I like it a lot. It has been running constantly for 8 months. It has only been off once in that time, when I moved. I don't know specifcs about the power supply, but I don't believe they are too expensive.
This is NOT a server machine, and you probably don't want to use it as one. It is a desktop and is not very expandable unless you use external SCSI devices. You can get a symbios 5c375 SCSI adapter (not the Tekram one) to work with it using the glm driver. The scsi costs abou $60. The framebuffer is an ATI framebuffer that is not teribly fast, but more than sufficient for coding.
These machines have been available to certain educational institutions at this price for a while now. I use mine as my main desktop machine and it has been running great. It even runs Oracle 8 and does the printserving and NFS serving for my house.
All I need to be able to do is to sniff a network and look at traffic. This is especially easy if I am on the same network as the mirror you use. It would be much harder to find out a specific users mirror than to snoop a mirror and find out who uses it.
All I would need to do is mirror the mirror and replace a package with my trojan version. Then I spoof the DNS replies and redirect your connection attempts to me.
I can fake your autoselect into upgrading packages from me. It is not impossible to do. auto RPM is a huge security hole in any environment with public access. It is useful for internal use, but dangerous in general.
I read through all of the comments on the page and I keep coming up with a single question: Why XML? I don't see the added value in using XML for a configuration file format. XML is a great format for representing heirarchical (sp?) data. How is this helpful for config giles? Config files are normally sectioned key value pairs. In my experience, the easiest config file format is the old Windows INI file format, which looks like [section] key=value key2=value2 Not only is this format easy to parse, easy to read and flexible, it also has been used widely and many parsers for the format have been written. It appears to me that most people who want to use XML for configuration files don't really understand XML, or don't really want XML. All they want is a localized configuration file with a common syntax. If you can provide a good reason for using XML in configuration files, please email me and explain. Mike, who thinks GLADE is a really cool use for XML.
I would also say that your average book is far too concrete for the computer science classes I have taken. Where I go to school (Ohio State) there are no classes in topics like systems administration and web administration, because you can learn it from a book. They also try not to teach classes in specific things. There are one hour classes in C and Java, but the majority of classes are in theory (language design, parallel computing theory, OS design...) I have yet to find a book from ORA that covers such abstract concepts.
If you are looking to sell textbooks that tech classes like web programming in Java and systems administration, your books would be excellent, but I don't believe most universities teach these types of classes.
Note, These beliefs are mine alone. I do not represent OSU. Go Bucks!
Slashdot Mirror
Just in case you read this later, my mistake. The 29 byte UDP packet problem is still correct with a min transfer unit of 64 bytes, the smallest you can send is 64 bytes. Too much time looking at ATM : )
Thanks for setting me straight.
--
Mike Mangino Consultant, Analysts International
Umm, wrong. First of all, you can't send a 29 byte UDP packet. Second of all, it is carried on an ethernet frame to the cable modem which is 1500 bytes. You would need to have an incredibly thick pipe to actually do much damage. Remeber, the bandwidth is used at the ethernet layer. A 29 byte udp packet still uses 1500 bytes of bandwidth.
--
Mike Mangino Consultant, Analysts International
How big is the ethernet frame that carries the 29 byte packet? 1500 bytes. This is a 1:1 attack. You could probably do twice as much damage if you just ping flooded from the unix box on the large pipe you rooted.
True, you get a bit of a multiplier in the response, but this still isn't an attack with a multiplier. Its not like the mac sends the same packet back out to the broadcast address which then starts all the other macs doing this. It would be more effective just to ping flood them from the rooted box on the big pipe. Think about it, if you have rooted a unix box on a fat pipe to coordinate the attack, why not just attack from there?
--
Mike Mangino Consultant, Analysts International
Maybe I'm completely missing something, but can't you just send it an ICMP ping request with a forged source address and have it send the response? This doesn't sound like anything special. Maybe if we could get some more information about the type of ICMP packet that is sent this could be helpful.
So normally, you send an ICMP response request packet (a ping packet) to a machine and it responds to you. This is a pretty simple concept. The problem is that you flood the connection with your ping requests. I believe ping floods are normally caused when you get the machine to respond on a broadcast or multicast address. If the mac just responds with a ping response, this isn't a very important discovery.
However, there are other kinds of ICMP (Internet Control Message Protocol) packets. Maybe this isn't a straight ping request or ping response flood. Unfortunately, there isn't more information provided about it. Can someone post more information?
--
Mike Mangino Consultant, Analysts International
Because POSIX is a source level interface spefication, it has nothing to do with binary compatibility.
--
Mike Mangino Consultant, Analysts International
Linux supports 64 gig of ram. Dell donated a machine to a kernel developar (Molnar Ingo, I believe) to add support. Hardware vendors will donate hardware to linux developers if they think it will sell machines. It also appears that many hardware vendors are hiring kernel developers to insure that there stuff is supported.
I wasn't aware that ia32 supported more than 8 processors. Has this changed?
--
Mike Mangino Consultant, Analysts International
Can you explain the kernel bloat? There is no difference between a closed source binary driver and an open source driver after t has been compiled. The main problem is that you can't effectively debug a closed source driver, and you certainly can't fix it.
Mike
--
Mike Mangino Consultant, Analysts International
Here in the US, telling somebody that you are going to kill your wife is a crime. It is, if nothing else, assault. Assault is talking about hurting someone or threatening them, battery is actually carrying it out. IANAL.
Mike
--
Mike Mangino Consultant, Analysts International
No, the previous poster was correct. a[i] is the value of a plus the value of i. Because addition is commutative, i[a] is correct as well. (It is poor C, but legal)
--
Mike Mangino Consultant, Analysts International
Of course you got your final statements wrong as well, the compiler is a native program. An IDE is not a compiler. The pretty widgets you click in VB are not part of the compiler.
Ummm, no. The compiler is written in Java. Have you ever looked at it? The JVM is native, but the compiler and debugger are not. Take a look at the wrapper script for javac from the Blackdown port.
--
Mike Mangino Consultant, Analysts International
There are differences between what Sun is doing and what Microsoft has done. (And this analogy is getting really tired of being trotted out for any company Redhat's size or larger.) First, Microsoft does not license their Windows technology to anyone. (Wince doesn't count.) This is just not true. Microsoft will license their OS to you if you have enough money. In fact, it is even possible to get the source. I believe several universities have source code to NT for use in graduate programs. I'm sure they don't allow you to give away your product based on NT, but they will license it.
Note: I have no first hand experience with this, but I have good information from several reliable sources saying this.
Sun licenses their technology to anyone that wants to pay the fees. In fact, Sun would be happy if they never had to do their own JVM implementations. They would be content to provide a reference implementation and compatability testing.
In some ways I agree with this, but not completely. If Sun wanted to never implement another VM, they would make it a lot easier to get the code. If they open source it, they will never have to implement it again. I'm not an open source bigot. I like open source software, but I recognize that currently some things need to be closed. A language like Java does not seem to be one of them. They want to control where the language goes. I feel this is the real reason Sun keeps a short leash on java. It also explains their 100% pure java program and such things.
I think Sun is a good company in many ways. I like aspects of their hardware. I even like parts of their OS. Watch out for them. They already do some scary things. Do you think you can stick a normal IDE drive in one of their IDE ultras? Good luck, It has to be sun branded.
--
Mike Mangino Consultant, Analysts International
From a programmers POV the KDE gui is 100% Object Oriented since it is written in C++.
Just because something is written in C++ doesn't mean it is object oriented. I'm currently maintaining some C++ code that is not object oriented, and I find it terribly difficult to maintain. On the other hand, just because something is written in C doesn't mean it is not object oriented. I'm a C programmer and I write almost all of my code in an object oriented fashion.
I haven't seen the KDE code, and I am not saying that their code isn't object oriented. I'm just saying the C++ != OO.
Mike
--
Mike Mangino Consultant, Analysts International
I worry about this win98 auto update feature. This looks to me like an extremely exploitable feature! Has anyone tried to DNS poison a domain and get the auto update program to install a virus that way? This scares me!
Mike
--
Mike Mangino Consultant, Analysts International
I just wanted to say thanks (since you seem to be actively reading and responding here) I've enjoyed using MAPS, BIND and crond for quite some time. I'm appreciate the time you've taken to make the internet what it is today, both from working on BIND to chairing the ISC. You've provided a great service to the internet community. Mike
--
Mike Mangino Consultant, Analysts International
There are some other really bad things about this monoxy hydride or di-hydrogen monoxide. It can't be washed off with water. Trying to wash it off with water only makes the contamination worse!
Worse yet, all of the food grown in the US (and other areas) is grown with di-hydrogen monoxide. All crops are sparyed with this. it also finds its way into streams and lakes, further polluting our waterways.
In large enough quantites, di-hydrogen monoxide can even kill people. I really think we should spend some federal money trying to research the potentially disastrous problems with di-hydrogen monoxide.
p.s. for those who are chemicaly impaired, di-hydrogen monoxide or H2O is water. A girl won a science fair with an expose on the dangers of this. It was published in a chemistry journal and gave everyone a good laugh.
--
Mike Mangino Consultant, Analysts International
How do you keep the state of both kernels the same? If you can't keep them in exactly the same state, you end up with a worse problem than if the machine just crashed. If you keep both in the same state, then they should both crash at the same time.
In the UNIX worlds, machine oops and panic for a reason, because the machine is in an unstable state and continuing to execute would possibly allow data corrpution. This is a Good Thing (tm)
If you need redundancy on this level, look at clustering technologies with process migration and n+1 sparing.
--
Mike Mangino Consultant, Analysts International
I don't normally have problems with crashes either. Currently, however, I am working on kernel modules for solaris. Until I learned how to use adb on the kernel crash dump, debugging was impossible. Now it is relatively easy, just use adb -k unix.0 vmcore.0 and $c will show you the call stack. This works great for debugging kernel level drivers and modules. I can't wait to try this under linux!
--
Mike Mangino Consultant, Analysts International
The reason that I don't know the RE syntax for C is that I don't use it very often. I tend to do extremely low level programming, like Solaris STREAMS modules and kernel programming, you can't do this in perl.
I don't want it to look like I'm getting down on PERL, it certainly has its uses. I used it a fair bit at my previous job. I have some complaints about PERL but that doesn't belong here. I was simply saying that there are some misconceptions about C/C++. The reason that you know the PERL RE syntax is because you use it every day. I know the Solaris DDI interface well. That doesn't make it the best tool for CGI (obvious again, I know)
In too many Slashdot threads, people say X is faster than Y, without really looking about the design. Where I work, we are currently saturating some machines due to a poor program design. The tools they used were incredibly fast, but the design stunk and we are paying the price now. While the comment The speed is based on the quality of implementation is an impossible generalization and remarkably obvious, you would be amazed how many people forget this when writing real world code.
--
Mike Mangino Consultant, Analysts International
The performance bottleneck is bandwidth, not performance. Usually, it's the speed of someone's modem, or the crowded internet backbones that slow down a web-page's performance. Using a faster language isn't going to help that, so typically web-folk go for the easiest solution. The easiest solution is to use an interpreted language. The reason is listed in my first bullet point.
I want to preface this comment by saying I a not picking on you in particular, your comment is well thought out and a good argument. I feel that the bandwidth argument is only a half truth though.
While the user may not see much difference in the performance of a C module extension and a perl module extension, your server will. CGI's put a very heavy load on the servers that run them. If you write your CGI to be efficient, you will be able to run more concurrent accesses on a single system.
More and more I'm seeing people that don't think about the resources that they use in programs and how they affect the overall system performance. This is the reason that even though the hardware speed has increased tremendously in the past few years, many new versions of applications don't go any faster.
This type of thinking is bad for the industry in general. The good news is that not all software suffers from this. gcc for one is much faster now than it used to be, even on the same hardware.
In short, think about not just how fast your single application will run, but also the effect it will have on the overall system conditions.
--
Mike Mangino Consultant, Analysts International
I've seen this a whole lot and I have to respond.
Trying to incorporate that sort of thing into C or C++ might result in a speed increase of execution, but if you're still loading entire binaries off disk each time, it's not likely to be that significant and you've got to crank out the whole API for your backend RDBMS (ie CT-lib for Sybase Open Client, ODBC for ODBC access, OCI for Oracle, whatever) which is a large development investment overhead for stuff-all performance increase.
This is just plain wrong. You don't have to load the binary off disk any more often than you have to load the script off of disk. The OS (assuming something somewhat intelligent) will map often used binary files into a shared data segment, the same way you don't have to load large dynamic libraries every time you use them. This means that if you use the binary a lot, it will be in memory.
There is a large difference in speed between well written PERL and well written C for most things, the problem is that it is difficult to find good C programmers to do this type of work quickly. C was not designed to be a RAD like language.
Other people have mentioned that Regular Expressions aren't native in C/C++, which is correct, but there are regular expression packages. You may have to say re_compile(re); re_execute(re,str); or whatever the syntax is, but it can be done relatively easily. The fact that it is not built in does not make it slower. The speed is based on the quality of implementation.
In shops where CGI's are written in C, they probably already have extensive backend libraries, which speeds up development.
I personally use PERL for quick RAD type stuff, but if I'm going to have to maintain it or I want it to scale, I'll use C. (Note, I am not a web or CGI programmer, but a UNIX consultant. I use C because it is strongly typed and easier for me to work with, YMMV)
In closing, when you start talking about speed, check your facts and know what you are talking about. If you compare the execution speed of well written PERL and well written C, C should win every time. When you include development and testing time, the results may differ.
--
Mike Mangino Consultant, Analysts International
The base model I believe is a 333mhz without a cache and a 5400 RPM IDE disk with 64 megs of RAM. These machines include a PCI bus with 3 slots and Two IDE controllers. I don't believe you can add IDE devices to these machines. The next step up machine comes with a 9gig 7200 RPM disk, a 2megabyte l2 cache and 128 megs of ram.
To clarify, these machines will only run Windows using a Sun PC card or using software emulation like RealPC. To run RealPC, you have to put the framebuffer in 8 bit mode (24 bit mode is not supported)
I own one of these machines and I like it a lot. It has been running constantly for 8 months. It has only been off once in that time, when I moved. I don't know specifcs about the power supply, but I don't believe they are too expensive.
This is NOT a server machine, and you probably don't want to use it as one. It is a desktop and is not very expandable unless you use external SCSI devices. You can get a symbios 5c375 SCSI adapter (not the Tekram one) to work with it using the glm driver. The scsi costs abou $60. The framebuffer is an ATI framebuffer that is not teribly fast, but more than sufficient for coding.
These machines have been available to certain educational institutions at this price for a while now. I use mine as my main desktop machine and it has been running great. It even runs Oracle 8 and does the printserving and NFS serving for my house.
All I need to be able to do is to sniff a network and look at traffic. This is especially easy if I am on the same network as the mirror you use. It would be much harder to find out a specific users mirror than to snoop a mirror and find out who uses it.
All I would need to do is mirror the mirror and replace a package with my trojan version. Then I spoof the DNS replies and redirect your connection attempts to me.
Granted, this is not easy, but is doable.
I can fake your autoselect into upgrading packages from me. It is not impossible to do. auto RPM is a huge security hole in any environment with public access. It is useful for internal use, but dangerous in general.
I read through all of the comments on the page and I keep coming up with a single question:
Why XML?
I don't see the added value in using XML for a configuration file format. XML is a great format for representing heirarchical (sp?) data. How is this helpful for config giles? Config files are normally sectioned key value pairs. In my experience, the easiest config file format is the old Windows INI file format, which looks like [section] key=value key2=value2 Not only is this format easy to parse, easy to read and flexible, it also has been used widely and many parsers for the format have been written.
It appears to me that most people who want to use XML for configuration files don't really understand XML, or don't really want XML. All they want is a localized configuration file with a common syntax. If you can provide a good reason for using XML in configuration files, please email me and explain.
Mike, who thinks GLADE is a really cool use for XML.
I would also say that your average book is far too concrete for the computer science classes I have taken. Where I go to school (Ohio State) there are no classes in topics like systems administration and web administration, because you can learn it from a book. They also try not to teach classes in specific things. There are one hour classes in C and Java, but the majority of classes are in theory (language design, parallel computing theory, OS design...) I have yet to find a book from ORA that covers such abstract concepts.
If you are looking to sell textbooks that tech classes like web programming in Java and systems administration, your books would be excellent, but I don't believe most universities teach these types of classes.
Note, These beliefs are mine alone. I do not represent OSU. Go Bucks!