The HOWTO discusses allowing authentication to Fedora Directory Server using Kerberos credentials from a Kerberos database. So this works like this: you want to use the LDAP service (Fedora Directory Server) to e.g. search for some users. You connect to it, and supply your Kerberos ticket, that's obtained from a Kerberos KDC (Key Distribution Server), based on authentication based on your Kerberos Server's database (probably some ordinary files). You get authenticated based on Kerberos's authentication databse (which is outside of FDS's LDAP!), then you get access to the LDAP database.
It looks completely bottoms-up! You throw away the whole scalable n-way replicated LDAP authentication database that is available in the FDS, and use some simple academic Kerberos implementation to store all your users' keys and password data! You need to keep those 2 databases in sync, and your Kerberos server probably won't scale to such large numbers of users as the Fedora Directory Server, since open source Kerberos implementations (MIT, Heimdal) use their own file-based databases. Forget 4-way multi master replication, forget scalability to hundreds of thousands of users.
Why use Fedora Directory Server at all then, if you delegate its most useful functionality to some separate agent, separating the authentication database from user database and turning the whole "centralized identity management by LDAP" concept upside down?
What's needed is getting a Kerberos server (KDC etc.) use Fedora Directory Server as its database backend, for efficient and stable storage of users, tickets, keys etc.
The Heimdal Kerberos implementation can do supposedly this, but only through UNIX domain sockets AFAIK (no LDAP over IP network:( ).
See: http://www.padl.com/Research/Heimdal.html and http://www.pdc.kth.se/heimdal/ .
Since Fedora Directory Server doesn't seem to support LDAP over UNIX domain sockets, putting Heimdal Kerberos authentication layer on top of FDS looks impossible currently:(
my $url = 'http://www.microsoft.com/getthefacts'; # Internet Explorer 5.5 on Windows 2000: my $agent = LWP::UserAgent->new('agent' => 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)');
my $request = HTTP::Request->new(GET => $url);
while (1) {
my $reply = $agent->request($request);
if ($reply->is_success) {
print "Success getting $url\n";
}
else {
print "Problem getting $url\n";
print $reply->status_line, "\n";
} }
...in 32 parallel processes by running this:
for i in $(seq 32); do (./flood_MS.pl &); done;
Shhh, I weren't supposed to give people bad ideas;)
I have a directory tree where I keep all the important data.
In its root there is a Makefile and a set of scripts that are called by that Makefile.
When I go to that root directory and run "make", what happens next, is:
A list of data repositories available from the current machine is read (cat repos.$(hostname)). I have different sets of reachable repositories at work and at home...
Then, in a loop, data is "rsync -avu"-ed from all repositories. They may be remote ("-e ssh" gets appended), they may be local.
I receive only the new/modified files from those repositories.
Then, in a similar loop, data is "rsync -avu"-ed TO all repositories, so that new/updated data files collected from repositories, get distributes in the identical form to all the other repositories.
I refer to this algorithm as "gather-scatter".
This way, I have 4 mirrors of my important documents at work, and 3 mirrors at home. They are kept in sync.
(BTW, since I don't use the "--delete" option, It gets hard to delete an important file from this distributed storage. Either accidentally, or on purpose;))
Never lost important data since when I've implemented this.
Reminds me of an article in Schneier's Crypto-Gram:
I tried to argue the point, but eventually gave up. Then I said something like: "I can hardly wait for Bluetooth to become universal, because I really want a wireless keyboard and mouse with the "base station" built into my computer." He said: "Yes, but you really probably don't want to use Bluetooth for that, because then somebody could stuff keystrokes or mouse clicks into your system." I didn't know whether to laugh or cry. Talk about not getting it.
The problem is, Bluetooth involves no authentication. So look out for people who walk 8 feet next to your car and mess with your onboard audio system - like turning volume to the max, and playing some ear splitting, deafening noise.
Hope your car audio system doesn't have enough power to make you deaf.
They break boolean logic. You would think that if (X = Y) is false, then (X != Y) would be true. With SQL, if either X or Y or both are NULL, then any expression evaluating it is false.
I don't agree. See below to see why NULL is useful in this SQL logic.
What you've stated is untrue. If either X or Y or both are NULL, then any expression evaluating it is NULL, not false! This way, you get the indication that some unknown value doesn't let you make the decision (true or false).
add a "main" URPMI repository for "cooker" version (http://www.urpmi.org/ will generate necessary shell command for you, with your favourite cooker mirror)
Some other clients have an option to modify that behaviour. For example in Mozilla you can switch message display to simple HTML, which doesn't load remote images, or select "Do not load remote images in Mail and Newsgroups messages" in privacy options. However, that implementation has weak points too, like not using a sandbox, so there's an open bug on improving this:
Bugzilla Bug 28327 No server hits at HTML mailnews reading - privacy (disable remote content/web-bugs) http://bugzilla.mozilla.org/sho w_bug.cgi?id=28327
(you have to copy/paste the URL since Mozilla Bugzilla denies referrals from Slashdot).
http://slashdot.org/comments.pl?sid=87104&cid=7568 675
The Freedesktop specification is written in a way that you get the impression that the author can't even imagine using clipboard for something other than text data (there's no mention of non-text data, and little mention of the fact that only text data is discussed - the author takes this for granted):
Jasper doesn't support incremental image decoding, it requires that the whole image is loaded before it's decoded - that's the main reason Mozilla didn't use Jasper.
In a productive desktop environment, an interoperable clipboard implementation is required - the clipboard is the basic productivity tool for office users.
At least 2 things are needed:
A registry of data types (MIME content types are already here)
An interoperable component model that lets an application register and take responsibility for data of given format embedded in any e.g. document. Something like Bonobo or Kparts, but interoperable and ubiquitous. And easy to implement in client applications.
BTW, please, don't answer that I can sit down and code this myself. This is more a matter of education of developers and influence in the community. Even if I had the time and expertise to make Mozilla correctly exchange web pages data with Kwrite, OpenOffice with Konqeror; Gimp graphic data with OpenOffice; Ardour sound clip data with Audacity etc...
Even then, my patches would be probably refused by maintainers or misunderstood and broken in future releases.
That's because majority of developers in OpenSource community don'have the knowledge about X clipboard and various component object models used in variuos envoronments (KDE, Gnome).
This is not a job of single coder, but organizations such as Freedesktop.org, RedHat, Sun Microsystems, Novell etc.
I Agree 100% that X clipboard copy-paste support is terrible and freedesktop should focus on that, instead of eye candy and breaking speed records.
I talk about exchange of non-ASCII data through clipboard (I want to emphasize that as I can see that many OSS types think that clipboard is for text only). I mean copying and pasting images, fragments of images (rectangular an irregular shares), with alpha channel; sound clips; video files; HTML with images copied to local application (not some lazy trick where HTML copied from Mozilla to OpenOffice has all HTML untouched and IMGs are still loaded from the network when you save that file and try to open it at home).
The X contains all necessary infrastructure, as explained here and here.
When you actually try to use the X clipboard for something more that transferring plain text, the results are terrible. Read
this,
this and
this Slashdot comment. Shocking.
...in comparison with FrontPage, is that in Frontpage when you switch between HTML Source and WYSIWYG views, the state of selection is preserved and the scrolled viewport is positioned to show the selected fragment. Mozilla Composer loses selection and goes to the beginning of document whenever you switch views.
So in Frontpage you can select a link or an image, switch to HTML source and check their HTML representation instantly. Then in HTML source view you can select a fragment of HTML code and switch to WYSIWYG view - you'll have the object corresponding to selected source preselected.
Slashdot Mirror
Andrew Bartlett from the Samba team is a proponent of such integration, taking place in Samba 4. See his paper on this.
This is sort of backwards.
The HOWTO discusses allowing authentication to Fedora Directory Server using Kerberos credentials from a Kerberos database. So this works like this: you want to use the LDAP service (Fedora Directory Server) to e.g. search for some users. You connect to it, and supply your Kerberos ticket, that's obtained from a Kerberos KDC (Key Distribution Server), based on authentication based on your Kerberos Server's database (probably some ordinary files). You get authenticated based on Kerberos's authentication databse (which is outside of FDS's LDAP!), then you get access to the LDAP database. It looks completely bottoms-up! You throw away the whole scalable n-way replicated LDAP authentication database that is available in the FDS, and use some simple academic Kerberos implementation to store all your users' keys and password data! You need to keep those 2 databases in sync, and your Kerberos server probably won't scale to such large numbers of users as the Fedora Directory Server, since open source Kerberos implementations (MIT, Heimdal) use their own file-based databases.
Forget 4-way multi master replication, forget scalability to hundreds of thousands of users.
Why use Fedora Directory Server at all then, if you delegate its most useful functionality to some separate agent, separating the authentication database from user database and turning the whole "centralized identity management by LDAP" concept upside down?
What's needed is getting a Kerberos server (KDC etc.) use Fedora Directory Server as its database backend, for efficient and stable storage of users, tickets, keys etc. :( ).
The Heimdal Kerberos implementation can do supposedly this, but only through UNIX domain sockets AFAIK (no LDAP over IP network
See:
http://www.padl.com/Research/Heimdal.html and http://www.pdc.kth.se/heimdal/ .
Since Fedora Directory Server doesn't seem to support LDAP over UNIX domain sockets, putting Heimdal Kerberos authentication layer on top of FDS looks impossible currently :(
And the new logo will be...
http://img236.imageshack.us/img236/6058/msvistalog o6yj.png
Same for configuration screen for Evolution.
A janitor and his blonde girlfriend. A janitor's badge. Evolution gives a janitor all he really needs.
From the contact management screenshots ("new contact"), it looks like one would mainly use Evolution for keeping in touch with janitors.
Possibly "with other janitors" (the user is a janitor), or at most managing them.
Looks like someone is busy running:
...in 32 parallel processes by running this:
Shhh, I weren't supposed to give people bad ideas ;)
Will it work for clients that are behind a NAT (Network Address Translation) firewall?
It's impossible for 2 clients who are both behind different NAT firewalls to initiate connections to each other...
I'd prefer a more useful unit of measurement. How long is it in bits?
I'm using the following method:
;))
I have a directory tree where I keep all the important data.
In its root there is a Makefile and a set of scripts that are called by that Makefile.
When I go to that root directory and run "make", what happens next, is:
A list of data repositories available from the current machine is read (cat repos.$(hostname)). I have different sets of reachable repositories at work and at home...
Then, in a loop, data is "rsync -avu"-ed from all repositories. They may be remote ("-e ssh" gets appended), they may be local.
I receive only the new/modified files from those repositories.
Then, in a similar loop, data is "rsync -avu"-ed TO all repositories, so that new/updated data files collected from repositories, get distributes in the identical form to all the other repositories.
I refer to this algorithm as "gather-scatter".
This way, I have 4 mirrors of my important documents at work, and 3 mirrors at home. They are kept in sync.
(BTW, since I don't use the "--delete" option, It gets hard to delete an important file from this distributed storage. Either accidentally, or on purpose
Never lost important data since when I've implemented this.
Reminds me of an article in Schneier's Crypto-Gram:
The problem is, Bluetooth involves no authentication. So look out for people who walk 8 feet next to your car and mess with your onboard audio system - like turning volume to the max, and playing some ear splitting, deafening noise.
Hope your car audio system doesn't have enough power to make you deaf.
send-safe_DOS.pl flooder:
Then launch 32 simultaneous flooders:
On Mandrake 10:
...welcome our new Sun&Fujitsu overlords!
Some other clients have an option to modify that behaviour. For example in Mozilla you can switch message display to simple HTML, which doesn't load remote images, or select "Do not load remote images in Mail and Newsgroups messages" in privacy options.
o w_bug.cgi?id=28327
However, that implementation has weak points too, like not using a sandbox, so there's an open bug on improving this:
Bugzilla Bug 28327 No server hits at HTML mailnews reading - privacy (disable remote content/web-bugs)
http://bugzilla.mozilla.org/sh
(you have to copy/paste the URL since Mozilla Bugzilla denies referrals from Slashdot).
I've been saying this multiple times, but apparently it's hard to get the messae through...
So to reiterate:
http://slashdot.org/comments.pl?sid=86935&cid=7549 751
http://slashdot.org/comments.pl?sid=87104&cid=7568 675
The Freedesktop specification is written in a way that you get the impression that the author can't even imagine using clipboard for something other than text data (there's no mention of non-text data, and little mention of the fact that only text data is discussed - the author takes this for granted):
http://www.freedesktop.org/Standards/clipboards-sp ec
We need to talk to them, get the message known!
See Mozilla's Bugzilla bug 36351.
Jasper doesn't support incremental image decoding, it requires that the whole image is loaded before it's decoded - that's the main reason Mozilla didn't use Jasper.
In a productive desktop environment, an interoperable clipboard implementation is required - the clipboard is the basic productivity tool for office users.
At least 2 things are needed:
Currently in most X window applications, it works OK only for text data and nothing more! Almost all Gnome and KDE applications are flawed with respect to that...
BTW, please, don't answer that I can sit down and code this myself. This is more a matter of education of developers and influence in the community. Even if I had the time and expertise to make Mozilla correctly exchange web pages data with Kwrite, OpenOffice with Konqeror; Gimp graphic data with OpenOffice; Ardour sound clip data with Audacity etc...
Even then, my patches would be probably refused by maintainers or misunderstood and broken in future releases.
That's because majority of developers in OpenSource community don'have the knowledge about X clipboard and various component object models used in variuos envoronments (KDE, Gnome).
This is not a job of single coder, but organizations such as Freedesktop.org, RedHat, Sun Microsystems, Novell etc.
I Agree 100% that X clipboard copy-paste support is terrible and freedesktop should focus on that, instead of eye candy and breaking speed records.
I talk about exchange of non-ASCII data through clipboard (I want to emphasize that as I can see that many OSS types think that clipboard is for text only). I mean copying and pasting images, fragments of images (rectangular an irregular shares), with alpha channel; sound clips; video files; HTML with images copied to local application (not some lazy trick where HTML copied from Mozilla to OpenOffice has all HTML untouched and IMGs are still loaded from the network when you save that file and try to open it at home).
The X contains all necessary infrastructure, as explained here and here.
When you actually try to use the X clipboard for something more that transferring plain text, the results are terrible. Read this, this and this Slashdot comment. Shocking.
Yes, there's a long time unfixed bug (number 47040 from year 2000, with lots of duplicates!).
Anybody heard whether there has been any progress on getting LEPs from Cambridge Display Technologies into mass production?
...in comparison with FrontPage, is that in Frontpage when you switch between HTML Source and WYSIWYG views, the state of selection is preserved and the scrolled viewport is positioned to show the selected fragment. Mozilla Composer loses selection and goes to the beginning of document whenever you switch views.
So in Frontpage you can select a link or an image, switch to HTML source and check their HTML representation instantly. Then in HTML source view you can select a fragment of HTML code and switch to WYSIWYG view - you'll have the object corresponding to selected source preselected.
"RFID tags are your friends"
"Submit to the power of RIAA..."
"Microsoft software is stable as a rock and secure as a vault"
I find it strange that the page is encoded in Japanese Shift-JIS character set:
<meta http-equiv='Content-Type' content='text/html; charset=Shift_JIS,ISO-8859-1'>
Read this, kid. http://www.catb.org/~esr/jargon/html/H/hacker.html