You can't argue that you shouldn't have to follow a countries laws while you are in that country. The origional issue was that a Russian citizen in Russia, working for a Russian company, shouldn't have to worry about US law.
Unless you make the mistake of stepping onto US soil. Then you get your ass tossed into jail for several months until you agree to come back and testify against yourself.
How many items in the US bill of rights did that cover? Good thing he wasn't a citizen.;-)
The big cost in laying fiber is not in the optical fiber itself, but in digging the ditch to put it in and in lighting up the fiber at its end. $570 million was spent laying the fiber, $265 million was spent lighting up just 5% of that.
The authors seem to have missed this point, and it really needs to be emphasized. Once you get that hole dug ($570M), the differential cost of adding additional fiber strands is negligible.
Something like:
first strand of fiber: $570M each additional strand: $0.0001M
So running hundreds of strands at a time makes sense even if 99+% of them are unused.
The big question should be whether that first strand was really needed, not complaints that they overbuilt.
(4) EXPLOIT: ============ The exploit uses a nonpatched "cross site/zone scripting" vulnerability published by Liu Die Yu 2002-10-01 to Bugtraq: http://online.securityfocus.com/archive/1/293692 It could also be possible to use one of the many "cross site/zone scripting" vulnerabilities Greymagic found: http://sec.greymagic.com/adv/gm012-ie/ Re cently I reported a new "cross site/zone scripting" vulnerability to Microsoft that could also be used. But since no patch is yet produced, information about it will not be published.
I agree that the fundamental problem isn't that a "local" computer can do things like execute any arbitray command with arguments. (Well, to a point-- why a web browser needs to do this is another question.) However, these cross-zone exploits are so old and offer such a massive potential for misuse there's no excuse for waiting this long for a fix.
In short, yes, the right solution is exactly what Microsoft said. So do it!
I don't quite follow what scanrand does that a normal SYN-based scanner does not except that it is broken into two parts so that potentially a different system could be used to receive the packets sent by the first system. Why would this be useful?
I guess he refers to embedding a code in each packet sent out to validate that only "real" packets are accepted by the receiver as "Inverse SYN Cookie". I don't understand why this is important, tho.
The "paratrace" program is quite interesting-- from the README:
paratrace
Paratrace traces the path between a client and a server, much like "traceroute", but with a major twist: Rather than iterate the TTLs of UDP, ICMP, or even TCP SYN packets, paratrace attaches itself to an existing, stateful-firewall-approved TCP flow, statelessly releasing as many TCP Keepalive messages as the software estimates the remote host is hop-distant. The resultant ICMP Time Exceeded replies are analyzed, with their original hop count "tattooed" in the IPID field copied into the returned packets by so many helpful routers. Through this process, paratrace can trace a route without modulating a single byte of TCP/Layer 4, and thus delivers fully valid (if occasionally redundant) segments at Layer 4 -- segments generated by another processe ntirely.
Nutshell summary: this uses an existing open TCP connection to run a traceroute through a firewall that would otherwise tell you to take off. I could certainly see this being useful.
Some good background reading on O'Reilly's Safari online books site if your TCP/IP internals are a bit rusty:
Although many of your songs are great for ending stereo wars, I can't help but wonder why? I mean, it's one thing to sing off-key while all alone but another to inflict it on other people. What would possess you to think that anyone would want to hear this, or was it done for sheer badness' sake?
I do have to say that Nimoy's cover of "Proud Mary" was far worse than any of your covers-- though "Lucy in the Sky" is awfully close.
That, and I believe on their site they have the option to transfer a lifetime sub onto another box (does this work for transferring a sub from a series 1 standalone to a series 2 standalone?)
There is not any facility to transfer a subscription from one box to another.
A product lifetime subscription to the TiVo service covers the life of the TiVo Digital Recorder (DVR) you buy--not the life of the subscriber. The product lifetime subscription accompanies the product in case of ownership transfer. The subscription remains in effect if your DVR needs to be repaired or replaced due to a malfunction (see manufacturer warranty details).
Because a product lifetime subscription is linked to a particular DVR, it cannot be transferred to any other DVR (unless the DVR is replaced due to a malfunction covered by the manufacturer's warranty). Each recorder purchased requires its own service subscription and activation.
Of course, hardware products don't last forever and their lifespan will vary among individual products. TiVo makes no representations or warranties as to the expected lifetime of the product aside from the manufacturer's warranty.
This project is about correcting OCR errors, not spelling / grammar.
I heartily agree with this. Any speling erros I find will be left in place.;-)
After running through a few pages, it seems that most of the problems are quotes and spacing, which are understandably difficult for OCR to sort out. In all honesty, the OCR they're using seems to be pretty good. It's ignoring the noise nicely and converting to quite readable text.
The issues seem to be things like:
"Bob, come here,"she said softly,"I want you over here."" Can't, honey,"he said,"I'm glued to the handrail."
Clearly that needs some spaces added to clear it up. Although there seems to be some disagreement about whether to space after a comma or not, I've elected to add the space in my proofs:
"Bob, come here," she said softly, "I want you over here." "Can't, honey," he said, "I'm glued to the handrail."
Now I was taught that a new speaker should start a new paragraph, which would avoid lots of these issues, but the author didn't do that in the book I was proofing.
I'm just glad they're working on it. This has been one of those items that hangs around in the middle of the polls, but never seemed to come to the top.
However, this is good enough for me to start sending 'em my money...
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.
And on the subject of patents, Bruce says:
6. Don't patent the cipher. You can't make money selling a cipher. There are just too many good free ones. Everyone who submitted a cipher to the AES is willing to just give it away; many of the submissions are already in the public domain. If you patent your design, everyone will just use something else. And no one will analyze it for you (unless you pay them); why should they work for you for free?
There's lots of other good advice in those links. Check 'em out!
This sounds like an excellent suggestion-- build a bootable CD-ROM which auto-scans all the local drives. In addition to not requiring any installed software, booting off known virus-free media guarantees that you'll find all those nasty stealth viruses that like to hide in memory.
What does an attempt to infect a webserver look like in the access logs? This will allow those who have already fixed the problem remind those who have not...
There is another reason why this might work that people seem to be overlooking. Although the lava is very hot, pumice has an etremely low heat conductivity, which means it can't transfer heat very quickly. Even though the bird is in contact with it, the rock can't dump heat into it fast enough to cook it quickly.
After that inner crust of lava has hardened by giving up all its energy to vaporize the water in the Ti leaves, this would make a nicely formed earthenware roaster around the bird. The heat from the hotter exterior would then radiate/conduct slowly through that insulated interior crust.
It seems analagous to the "put a bunch of bricks in your oven on the clean cycle" method of roasting that Alton describes in his book.
Too bad the original poster didn't provide that link. I think it would have cleared things up nicely.
From Alton's response, I think that he thought the poster was completely immersing the chicken in the Lava. Pouring hot lava over a leaf-coated chicken should work since:
a) The lava cools off fairly quickly, meaning that the bird isn't exposed to 2000degF for 45 minutes b) All those leaves release a lot of steam which both moderates the temperature and steams the chicken. Boiling water to make steam, as any high-school chemist knows, takes a lot of extra heat energy.
The above link also explains that the lava cools to 450degF within a reasonable amount of time, which is a great temperature for cooking chicken.;-) The original poster explained that it cooled to 850degF, still too hot for chicken.
So, in short, the poster presented an impossible situation, and Alton, like any good literalist, told them so. What he could have done was ask some counter-questions to get a better idea of what was going on before answering.
Re:I liked this article the first time i saw it...
on
Secrets Of BIOS Tweaking
·
· Score: 4, Interesting
Speaking of Tom's... After following the BIOS article (which is a very good read), the first forum I stumbled across was:
In this forum the poster makes a pretty convincing case that the photo of the P4 3.3GHz chip in the "Hot Contraband: P4 With 3.6 GHz" article was forged. A subtraction analysis (described in detail in the forum) shows a nice little black box indicating they just copied a "3" to make the 3.3GHz photo.
In my mind, this throws a lot of doubt on anything posted on Tom's hardware. Which is really too bad-- I liked that site a lot.
He's obviously a hacker (using the ESR definition of "hacker".) Overgeneralizing portions of the English language into "new" words like this is a longstanding hacker tradition.
I'm sure there are quite a few implementations out there that exist simply because the architects thought it would be neat to use the latest SAN technology even though a directly-attached storage scenario probably would have been cheaper and easier. However, most of them are done this way to save on management/maintenance costs (just as you suspected.)
The main use for such huge storage implementations are data warehouses. In short, companies dump truckloads of data into one spot, then figure out clever ways to extract the data. These are hugely expensive, and the only reason a company would want to spend $20M on it would be either:
a) They think they'll easily make that $20M back and more based on the information they glean. Or b) They're having a good time pissing away all that venture capital
I suspect that the majority (though by no means all) of the companies doing b) have been elimiated through the viciously Darwinian process that is the world economy. Which leaves a) as the most common reason these days.
Why create a data warehouse?
Probably the best online example of data warehousing in common use is Amazon. Did you ever wonder how they come up with recommendations that seem so eerily accurate? How can they show so many correlations between items? (i.e. not only also bought, but amazingly "also browsed for.") What kind of data do they collect and store to do that?
I bet it's immense. (I.e. store all clickstream data from everyone who has visisted and has a cookie set. How long were they on each page? Which links did they follow? What were the properties of that link (color, screen position, etc.) ) The possibilities are endless.
Now that all this data has been collected, they need to index all this data for easier retrieval, store summaries for quick searches, details for thorough searches, and add in a couple of development/test environments with their own storage.
Now do the same thing, only it's dozens or hundreds of different reports to sell back to their suppliers and advertisers about what was sold quickly and why. Anyone selling a product will pay very handsomely for information about how they can sell more of them.
You get the idea. It takes a huge amount of data, but it can generate huge amounts of revenue.
Since the actual reports run on a data warehouse are so unpredictable (finding what's valuable is largely trial and error), it's easier in the long run to just stick with widely used tools and infrastructure. (I.e. Oracle on UNIX.) Rather than having to support an entire development staff to build the infrastructure, a company can spend a bit more and have it done for them. (This is pretty counter to the whole hacker mentality, but this is how most companies work.;-) The other advantage is implementation time-- not only is the company spending money to implement something that might have lower up-front costs, but they're losing potential revenue while they wait for it to be ready.
So while it may seem expensive, sometimes it's worth it.
My "big-ass storage" experience is not so limited, and speedy1161 has hit the nail right on the head.
For enterprise-class storage (i.e. this is NOT just a pile of Maxtor IDE drives duct-taped together) paying 20M for 50TB is on the high side, but not by much. (I would have given a range of 10M-20M for the whole thing depending on the exact trade-offs made.)
3 HBAs per host is overkill for most applications (but certainly not all). I've found that two is generally sufficient. Never rely on just one, even for a non-critical system. I'm often amazed at just how critical non-critical servers become when down for several hours in the middle of a busy day.
Don't discount the significant setup and debugging costs at the beginning. This will cost not only in hardware/software/consulting but in time lost for your own admins to spend working with the vendor, going to classes, learning new methods of adding storage, accidently messing up the systems, cleaning up those messes, etc.
Get the best monitoring/management software you can. EMC is famous for gouging people on software costs so you'll need to use your best judgement. (HINT: PowerPath == Veritas DMP at up to 20x the cost. SRDF == Veritas Volume Replicator at up to 20x the price. TimeFinder == Mirroring at up to an infinite multiple of the price. You get the idea-- just use your best judgement and be cautious.) Under extreme single-host disk loads the otherwise minor performance hit for host volume management can become a problem, making that 20x price worth it. Maybe.
If possible, press them for management software that makes adding/removing/changing filesystems a one-step operation, complete with error checking. It really sucks to put that new database on the same disks as another host's old database and software can be really good at checking for stupid human mistakes.
I'll second this. The http://www.fixyourownprinter.com site has lots of useful tips for common problems on older laser printers. If only they had a section for troublesome inkjet printers...
It's times like these that I'm glad I save a lossless compressed raw PCM file from my ripping sessions. Sure, it burns a lot of tape, but it will save me the time and trouble of digging out all those CDs. (I get to spend the time and trouble locating my backup tapes instead.)
This should be one of those golden rules of audio/video processing-- save the originals!
(This gets especially annoying when your primary source, e.g. digital camera, does not have an "uncompressed image" option.)
Yes, not only was it a recent advertising campaign, it was probably one of the most successful campaigns of all time. Most people really do think that diamond engagement rings are a centuries-old tradition.
With that said, you're probably screwed unless you get your fiancee's buy-in.
Your current book seems to have a very clear theme aptly described in the sub-title "Food+Heat=Cooking". On the inside it's very well organized along the various lines of applying heat to food, but this leaves out a lot of potential food topics.
I would argue that the likelihood of someone guessing "8juep001@sneakemail.com" as a valid address is much lower than some sleazy company not holding your E-mail address with sufficient security to prevent harvesting.
In either case, the address heads to the garbage can and/or blacklist and a nasty-gram goes to the company in question.
Slashdot Mirror
You can't argue that you shouldn't have to follow a countries laws while you are in that country. The origional issue was that a Russian citizen in Russia, working for a Russian company, shouldn't have to worry about US law.
;-)
Unless you make the mistake of stepping onto US soil. Then you get your ass tossed into jail for several months until you agree to come back and testify against yourself.
How many items in the US bill of rights did that cover? Good thing he wasn't a citizen.
The big cost in laying fiber is not in the optical fiber itself, but in digging the ditch to put it in and in lighting up the fiber at its end. $570 million was spent laying the fiber, $265 million was spent lighting up just 5% of that.
The authors seem to have missed this point, and it really needs to be emphasized. Once you get that hole dug ($570M), the differential cost of adding additional fiber strands is negligible.
Something like:
first strand of fiber: $570M
each additional strand: $0.0001M
So running hundreds of strands at a time makes sense even if 99+% of them are unused.
The big question should be whether that first strand was really needed, not complaints that they overbuilt.
I agree that the fundamental problem isn't that a "local" computer can do things like execute any arbitray command with arguments. (Well, to a point-- why a web browser needs to do this is another question.) However, these cross-zone exploits are so old and offer such a massive potential for misuse there's no excuse for waiting this long for a fix.
In short, yes, the right solution is exactly what Microsoft said. So do it!
I guess he refers to embedding a code in each packet sent out to validate that only "real" packets are accepted by the receiver as "Inverse SYN Cookie". I don't understand why this is important, tho.
The "paratrace" program is quite interesting-- from the README:
Nutshell summary: this uses an existing open TCP connection to run a traceroute through a firewall that would otherwise tell you to take off. I could certainly see this being useful.
Some good background reading on O'Reilly's Safari online books site if your TCP/IP internals are a bit rusty:
Internet Core Protocols: The Definitive Guide
TCP/IP Illustrated, Volume 1: The Protocols
Although many of your songs are great for ending stereo wars, I can't help but wonder why? I mean, it's one thing to sing off-key while all alone but another to inflict it on other people. What would possess you to think that anyone would want to hear this, or was it done for sheer badness' sake?
I do have to say that Nimoy's cover of "Proud Mary" was far worse than any of your covers-- though "Lucy in the Sky" is awfully close.
Golden Throats: the Great Celebrity Sing-Off
More pain and suffering from Google
There is not any facility to transfer a subscription from one box to another.
The TiVo Product Lifetime Description states (emphasis mine):
...but first read the Proofing FAQ on the site and save yourself some confusion:
http://texts01.archive.org/dp/faq/ProoferFAQ.htmlEspecially read section 5 for some of their typesetting-to-ASCII conventions which would be non-obvious otherwise.
I heartily agree with this. Any speling erros I find will be left in place.
After running through a few pages, it seems that most of the problems are quotes and spacing, which are understandably difficult for OCR to sort out. In all honesty, the OCR they're using seems to be pretty good. It's ignoring the noise nicely and converting to quite readable text.
The issues seem to be things like:
"Bob, come here,"she said softly,"I want you over here."" Can't, honey,"he said,"I'm glued to the handrail."
Clearly that needs some spaces added to clear it up. Although there seems to be some disagreement about whether to space after a comma or not, I've elected to add the space in my proofs:
"Bob, come here," she said softly, "I want you over here." "Can't, honey," he said, "I'm glued to the handrail."
Now I was taught that a new speaker should start a new paragraph, which would avoid lots of these issues, but the author didn't do that in the book I was proofing.
And even better, apparently that serial port connection into the digial cable box is now functional.
http://attbroadband.tivo.com/0.5.asp (announcement)
http://attbroadband.tivo.com/0.5.1.asp (setting up the Tivo serial connection)
Wonder if it works on the series one recorders?
I'm just glad they're working on it. This has been one of those items that hangs around in the middle of the polls, but never seemed to come to the top.
However, this is good enough for me to start sending 'em my money...
Some choice quotes from Bruce Schneier (for the lazy): (http://www.counterpane.com/crypto-gram-9810.html
And on the subject of patents, Bruce says:
There's lots of other good advice in those links. Check 'em out!
This sounds like an excellent suggestion-- build a bootable CD-ROM which auto-scans all the local drives. In addition to not requiring any installed software, booting off known virus-free media guarantees that you'll find all those nasty stealth viruses that like to hide in memory.
What does an attempt to infect a webserver look like in the access logs? This will allow those who have already fixed the problem remind those who have not...
After that inner crust of lava has hardened by giving up all its energy to vaporize the water in the Ti leaves, this would make a nicely formed earthenware roaster around the bird. The heat from the hotter exterior would then radiate/conduct slowly through that insulated interior crust.
It seems analagous to the "put a bunch of bricks in your oven on the clean cycle" method of roasting that Alton describes in his book.
Too bad the original poster didn't provide that link. I think it would have cleared things up nicely.
From Alton's response, I think that he thought the poster was completely immersing the chicken in the Lava. Pouring hot lava over a leaf-coated chicken should work since:
;-) The original poster explained that it cooled to 850degF, still too hot for chicken.
a) The lava cools off fairly quickly, meaning that the bird isn't exposed to 2000degF for 45 minutes
b) All those leaves release a lot of steam which both moderates the temperature and steams the chicken. Boiling water to make steam, as any high-school chemist knows, takes a lot of extra heat energy.
The above link also explains that the lava cools to 450degF within a reasonable amount of time, which is a great temperature for cooking chicken.
So, in short, the poster presented an impossible situation, and Alton, like any good literalist, told them so. What he could have done was ask some counter-questions to get a better idea of what was going on before answering.
Speaking of Tom's... After following the BIOS article (which is a very good read), the first forum I stumbled across was:
p c&s=50009562&f=77909774&m=8400979235
http://arstechnica.infopop.net/OpenTopic/page?a=t
In this forum the poster makes a pretty convincing case that the photo of the P4 3.3GHz chip in the "Hot Contraband: P4 With 3.6 GHz" article was forged. A subtraction analysis (described in detail in the forum) shows a nice little black box indicating they just copied a "3" to make the 3.3GHz photo.
In my mind, this throws a lot of doubt on anything posted on Tom's hardware. Which is really too bad-- I liked that site a lot.
He's obviously a hacker (using the ESR definition of "hacker".) Overgeneralizing portions of the English language into "new" words like this is a longstanding hacker tradition.
See the "Overgeneralization" node in the Jargon File: http://tuxedo.org/~esr/jargon/jargon.html#Overgene ralization (The link works, but I don't know why Slashdot is inserting that extra space in the text.)
I'm sure there are quite a few implementations out there that exist simply because the architects thought it would be neat to use the latest SAN technology even though a directly-attached storage scenario probably would have been cheaper and easier. However, most of them are done this way to save on management/maintenance costs (just as you suspected.)
;-) The other advantage is implementation time-- not only is the company spending money to implement something that might have lower up-front costs, but they're losing potential revenue while they wait for it to be ready.
The main use for such huge storage implementations are data warehouses. In short, companies dump truckloads of data into one spot, then figure out clever ways to extract the data. These are hugely expensive, and the only reason a company would want to spend $20M on it would be either:
a) They think they'll easily make that $20M back and more based on the information they glean. Or
b) They're having a good time pissing away all that venture capital
I suspect that the majority (though by no means all) of the companies doing b) have been elimiated through the viciously Darwinian process that is the world economy. Which leaves a) as the most common reason these days.
Why create a data warehouse?
Probably the best online example of data warehousing in common use is Amazon. Did you ever wonder how they come up with recommendations that seem so eerily accurate? How can they show so many correlations between items? (i.e. not only also bought, but amazingly "also browsed for.") What kind of data do they collect and store to do that?
I bet it's immense. (I.e. store all clickstream data from everyone who has visisted and has a cookie set. How long were they on each page? Which links did they follow? What were the properties of that link (color, screen position, etc.) ) The possibilities are endless.
Now that all this data has been collected, they need to index all this data for easier retrieval, store summaries for quick searches, details for thorough searches, and add in a couple of development/test environments with their own storage.
Now do the same thing, only it's dozens or hundreds of different reports to sell back to their suppliers and advertisers about what was sold quickly and why. Anyone selling a product will pay very handsomely for information about how they can sell more of them.
You get the idea. It takes a huge amount of data, but it can generate huge amounts of revenue.
Since the actual reports run on a data warehouse are so unpredictable (finding what's valuable is largely trial and error), it's easier in the long run to just stick with widely used tools and infrastructure. (I.e. Oracle on UNIX.) Rather than having to support an entire development staff to build the infrastructure, a company can spend a bit more and have it done for them. (This is pretty counter to the whole hacker mentality, but this is how most companies work.
So while it may seem expensive, sometimes it's worth it.
My "big-ass storage" experience is not so limited, and speedy1161 has hit the nail right on the head.
For enterprise-class storage (i.e. this is NOT just a pile of Maxtor IDE drives duct-taped together) paying 20M for 50TB is on the high side, but not by much. (I would have given a range of 10M-20M for the whole thing depending on the exact trade-offs made.)
3 HBAs per host is overkill for most applications (but certainly not all). I've found that two is generally sufficient. Never rely on just one, even for a non-critical system. I'm often amazed at just how critical non-critical servers become when down for several hours in the middle of a busy day.
Don't discount the significant setup and debugging costs at the beginning. This will cost not only in hardware/software/consulting but in time lost for your own admins to spend working with the vendor, going to classes, learning new methods of adding storage, accidently messing up the systems, cleaning up those messes, etc.
Get the best monitoring/management software you can. EMC is famous for gouging people on software costs so you'll need to use your best judgement. (HINT: PowerPath == Veritas DMP at up to 20x the cost. SRDF == Veritas Volume Replicator at up to 20x the price. TimeFinder == Mirroring at up to an infinite multiple of the price. You get the idea-- just use your best judgement and be cautious.) Under extreme single-host disk loads the otherwise minor performance hit for host volume management can become a problem, making that 20x price worth it. Maybe.
If possible, press them for management software that makes adding/removing/changing filesystems a one-step operation, complete with error checking. It really sucks to put that new database on the same disks as another host's old database and software can be really good at checking for stupid human mistakes.
I'll second this. The http://www.fixyourownprinter.com site has lots of useful tips for common problems on older laser printers. If only they had a section for troublesome inkjet printers...
Lots of Everquest. ;-)
It's times like these that I'm glad I save a lossless compressed raw PCM file from my ripping sessions. Sure, it burns a lot of tape, but it will save me the time and trouble of digging out all those CDs. (I get to spend the time and trouble locating my backup tapes instead.)
This should be one of those golden rules of audio/video processing-- save the originals!
(This gets especially annoying when your primary source, e.g. digital camera, does not have an "uncompressed image" option.)
Yes, not only was it a recent advertising campaign, it was probably one of the most successful campaigns of all time. Most people really do think that diamond engagement rings are a centuries-old tradition.
With that said, you're probably screwed unless you get your fiancee's buy-in.
Your current book seems to have a very clear theme aptly described in the sub-title "Food+Heat=Cooking". On the inside it's very well organized along the various lines of applying heat to food, but this leaves out a lot of potential food topics.
What are your plans for other book themes?
I would argue that the likelihood of someone guessing "8juep001@sneakemail.com" as a valid address is much lower than some sleazy company not holding your E-mail address with sufficient security to prevent harvesting.
In either case, the address heads to the garbage can and/or blacklist and a nasty-gram goes to the company in question.