I talked to some computer people working in Swiss banks last year. It turned out they have a private network in parallel with the internet.
Every worker has two computers. One for the bank stuff and the other for internet/ordinary stuff.
The internal network has very limited connections to the internet (necessary web-banking connections, but not more). Don't count on Sendmail bugs to get you in here...
I like the idea of integrating gadgets into the computer environment.
Now that someone has opened the door, I'd like to see more of this. Technically, Mac OSX already supports talking commands to the computer ("Speech" application)
So using a bluetooth headset, you should be able to produce the same result. Turn down volume when leaving the room and controlling the computer by executing applescripts.
Could we still boot off a network connection if we didn't have a HD?
You obviously have no idea how network booting works. Why would you need a HD if everything you need is available on the network. Ever heard of diskless clients ?
This is how it works on a Sun or SGI, they have been doing this for years, but PCs still can't do this (or difficult - Linux can with certain limitations)
In the extreme case, a computer knows nothing but it's mac address. It will take all information from the network - including which OS it will use. It's the "bios" - firmware in the case of Sun that takes care of everything. All other types of network booting is a subset of the following.
1) Find ip address (bootp/dhcp request) "I am MAC XXX, what's my IP?" 2) Download kernel and parameters over network (tftp protocol) 3) Boot downloaded kernel. 4) Mount network filesystems or local filesystems (if you reinstall the system, reformat disks here) 5) Start system (or installation)
This is especially practical for a machine parc. We reinstall hundreds of machines with a single command on the server and all clients automatically reinstall themselves.
Another major advantage of having a nice "bios" is when something goes wrong - The error messages will be sent on the parallel port. Broken CPU, memory not working, broken graphics card... No need to TEST what's wrong, the system will TELL you.
Is the latest kernel included ? The one included with 10.2.4 is the following:
uname -a Darwin computername.local. 6.4 Darwin Kernel Version 6.4: Wed Jan 29 18:50:42 PST 2003; root:xnu/xnu-344.26.obj~1/RELEASE_PPC Power Macintosh powerpc
However, the darwin kernel you download from Apple is only version 6.0. Does anyone know where to fetch the latest kernel ?
In Stockholm (Sweden), there is actually a project which is exactly what you are looking for. They have access points in different places and a common software for authentication. You get an ip-number automatically and must then authenticate on a webpage before connecting to the internet. It supports kerberos authentication too.
Basically, it's a system designed to offer a wide coverage by little means and cooperation.
Just get the red book. It's everything you need to get started on OpenGL programming.
The blue book is a printed copy of the API documentation available online. Even though some people find it easier having a paper copy, I prefer searching on the computer. Plus, keeping the online documentation on my laptop saves me a lot of weight to carry around.
When I downloaded the OpenGL API documentation, it was available on sgi.com somewhere, but you can find it in other places as well.
Just to state a counter-example, I'm using a D-Link 614+ (22Mbs) which works perfectly with my iBook (airport - 11Mbs)
The access point has got two external antennas and gives me a great coverage in the whole house. I was thinking about getting external antennas before, but I'm not going to need it =)
Now everything I'm waiting for is for the 22Mbs cards to get supported under Linux. The drivers are out, but I prefer knowing they work well before buying the hardware...
Technically, doesn't 802.11b and 802.11g use the same frequences (2.4 GHz?). The 54Mbs transfer rate can only be achieved on a short distance and quickly falls to 11Mbs or lower. This indicates that 802.11g is just a turbo-version of 802.11b and not a completely new technology.
If so, then the antennas of an "airport ready" mac (ibook, powermac, imac...) could also be used for airport extreme using the appropriate card.
Let's hope that Apple makes these cards too. Even if it is technically possible, it wouldn't surprise me if they don't, the same way that iBook dual-screen is deactivated, iDVD only accepts internal (Apple) DVD-burners, etc...
I have seen quite a few posts mentioning OpenBSD and just wanted to add that there is another interesting alternative for people that don't want to spend too much time on their firewall, but still want something pretty secure.
I know a few OpenBSD developers and was seriously considering using OpenBSD for my new firewall. Then suddenly the Mandrake Multi Network Firewall came out (slashdot article here) and I decided to try it out.
It's a linux firewall distribution that's very easy to install. Having finished the installation, everything can be managed from a easy-to-use web interface: System configuration, internet access, firewall configuration, VPN (server/client) connections, IPsec, backup and restore of the configuration, DHCP server, web cache server, dns caching server, system logs, url content filtering and more.
The default system feels secure (a normal user doesn't get to access anything) and the system also keeps track of what you're changing. I authorized ssh root access, which was quickly turned off. There's also a built-in intrusion detection.
The firewall itself is very easy to manage. You define different zones (wan, lan, dmz,...) and set up the rules between the them. No need to know that some services (such as ftp) needs special configuration. I used a hand-written script on my linux box before, but this is a lot easier and more complete.
Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.
(Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too...)
Here we go, I found these unix commands in OSX 10.1.5:
man quota man quotaon man quotacheck
I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:
1) You've got some REALLY secret information which you'd like to protect: use an encrypted file. 2) You would like to protect the information in case someone steals your computer.
In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time...
Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
I'm sure there must be a better solution to introduce quotas on user directories.
At least Apple must have thought of this when creating os x server. And if it's in the server version, it should be easy to put in the standard edition.
This page has a lot of links to different fusion sites around the world. These websites probably contain a lot more useful information than the slashdotted article.
By the way, my university happends to have a research center on plasma physics. It's not as easy as "some basic engineering skills, this site and the inspiration necessary to make your very own 'fusor' produce more energy than it consumes" =)
Here's what I did and it worked great. You'll get running in no time and learning step by step ever after.
Buy a linux distribution of your choice. Not for the CDs, but for the BOOK. Read the ENTIRE book before starting. This gives you a good idea of how Linux works (installation procedure, useful tools, networking, [add other useful things here]...)
It's the perfect book for a beginner: it explains the specifics of your distribution, is perfectly up to date and not very expensive when bought in a bundle package. Plus it's nice having the CDs for reinstalling if things screw up.
Sure, it may be a little heavy to read an entire book, but it does pay off. It's easier knowing in advance what may happen, than looking for how to repair mistakes afterwards.
Once you've got the system running nicely using the distributions tools, you can concentrate on other things or start digging deeper into your installation. From this point, online documentation is all you need.
The manual of my distribution is the only Linux book I have ever bought and I've been using full-time for 5-6 years now.
This would be slick if it could be configured as a RAID system. 250 MB in one box with its own backup.
From the translated article...
Out of standard, considering each one of these storage units integrates two hard disks and a bridge FW/RAID, it is possible to configure them in RAID 1 (Mirroring) or RAID 0 (Stripping).
Most people don't backup 240 gigs worth of data, let alone a gig.
This is one of the reasons why I am so fond of Linux soft raid. Instead of operating on entire disks, it lets you set up arrays of *PARTITIONS*. In my experience, hardware raid only lets you work on entire disks.
This means that you can mirror small important parts, (boot, system, personal_docs...) while leaving movies and mp3s on a striped config or no raid at all.
Works fantastically for me =)
Sure, software raid is slower that hardware raid, but that only matters if the disks are the slowest factor. You cannot watch a movie faster anyway...
New cool raid: automatic raid
on
IDE RAID Examined
·
· Score: 3, Interesting
HP has developped a pretty cool type of RAID. An automatic RAID-level that automatically organizes your disks for best performance while maintaining security.
When a friend explained it to me, it sounded like a mixture of raid 5 and 0+1. For example, if you replace a disk with a larger one, the extra capacity will be used to duplicate some other part of the array.
Slashdot Mirror
The discussion thread can be found at
1 50756
http://forums.macnn.com/showthread.php?&threadid=
Very good point.
And that's why the swap space of OpenBSD is encrypted. Fortunately some programmers already thought of this =)
I talked to some computer people working in Swiss banks last year. It turned out they have a private network in parallel with the internet.
...
Every worker has two computers. One for the bank stuff and the other for internet/ordinary stuff.
The internal network has very limited connections to the internet (necessary web-banking connections, but not more). Don't count on Sendmail bugs to get you in here
Get a host file that associates ad servers names to 127.0.0.1 to get a connection failure. Works with most websites.
...)
Here is an example.
Doesn't cost you anything and works on most platforms (windows, Unix
If you run a webserver that binds to 127.0.0.1, just choose another non-occupied IP number.
I like the idea of integrating gadgets into the computer environment.
Now that someone has opened the door, I'd like to see more of this. Technically, Mac OSX already supports talking commands to the computer ("Speech" application)
So using a bluetooth headset, you should be able to produce the same result. Turn down volume when leaving the room and controlling the computer by executing applescripts.
Could we still boot off a network connection if we didn't have a HD?
... No need to TEST what's wrong, the system will TELL you.
You obviously have no idea how network booting works. Why would you need a HD if everything you need is available on the network. Ever heard of diskless clients ?
This is how it works on a Sun or SGI, they have been doing this for years, but PCs still can't do this (or difficult - Linux can with certain limitations)
In the extreme case, a computer knows nothing but it's mac address. It will take all information from the network - including which OS it will use. It's the "bios" - firmware in the case of Sun that takes care of everything. All other types of network booting is a subset of the following.
1) Find ip address (bootp/dhcp request) "I am MAC XXX, what's my IP?"
2) Download kernel and parameters over network (tftp protocol)
3) Boot downloaded kernel.
4) Mount network filesystems or local filesystems (if you reinstall the system, reformat disks here)
5) Start system (or installation)
This is especially practical for a machine parc. We reinstall hundreds of machines with a single command on the server and all clients automatically reinstall themselves.
Another major advantage of having a nice "bios" is when something goes wrong - The error messages will be sent on the parallel port. Broken CPU, memory not working, broken graphics card
Is the latest kernel included ? The one included with 10.2.4 is the following:
uname -a
Darwin computername.local. 6.4 Darwin Kernel Version 6.4: Wed Jan 29 18:50:42 PST 2003; root:xnu/xnu-344.26.obj~1/RELEASE_PPC Power Macintosh powerpc
However, the darwin kernel you download from Apple is only version 6.0. Does anyone know where to fetch the latest kernel ?
Now everything that's missing is that the game can be used with a "snowboard controller" such as the playstation one or the the xbox one
Sure, they're not usb yet, but that is a smaller problem...
Great to see a snowboard game for Linux. I am very excited.
In Stockholm (Sweden), there is actually a project which is exactly what you are looking for. They have access points in different places and a common software for authentication. You get an ip-number automatically and must then authenticate on a webpage before connecting to the internet. It supports kerberos authentication too.
Basically, it's a system designed to offer a wide coverage by little means and cooperation.
Everything is at www.stockholmopen.net You can download the software here too.
Yes, I know, fire, flood etc. are the common reasons for not keeping the backups at the same location. But have you considered this one ?
You never know what can enter your server room =)
Just get the red book. It's everything you need to get started on OpenGL programming.
The blue book is a printed copy of the API documentation available online. Even though some people find it easier having a paper copy, I prefer searching on the computer. Plus, keeping the online documentation on my laptop saves me a lot of weight to carry around.
When I downloaded the OpenGL API documentation, it was available on sgi.com somewhere, but you can find it in other places as well.
Just to state a counter-example, I'm using a D-Link 614+ (22Mbs) which works perfectly with my iBook (airport - 11Mbs)
...
The access point has got two external antennas and gives me a great coverage in the whole house. I was thinking about getting external antennas before, but I'm not going to need it =)
Now everything I'm waiting for is for the 22Mbs cards to get supported under Linux. The drivers are out, but I prefer knowing they work well before buying the hardware
Technically, doesn't 802.11b and 802.11g use the same frequences (2.4 GHz?). The 54Mbs transfer rate can only be achieved on a short distance and quickly falls to 11Mbs or lower. This indicates that 802.11g is just a turbo-version of 802.11b and not a completely new technology.
...) could also be used for airport extreme using the appropriate card.
...
If so, then the antennas of an "airport ready" mac (ibook, powermac, imac
Let's hope that Apple makes these cards too. Even if it is technically possible, it wouldn't surprise me if they don't, the same way that iBook dual-screen is deactivated, iDVD only accepts internal (Apple) DVD-burners, etc
I have seen quite a few posts mentioning OpenBSD and just wanted to add that there is another interesting alternative for people that don't want to spend too much time on their firewall, but still want something pretty secure.
...) and set up the rules between the them. No need to know that some services (such as ftp) needs special configuration. I used a hand-written script on my linux box before, but this is a lot easier and more complete.
I know a few OpenBSD developers and was seriously considering using OpenBSD for my new firewall. Then suddenly the Mandrake Multi Network Firewall came out (slashdot article here) and I decided to try it out.
It's a linux firewall distribution that's very easy to install. Having finished the installation, everything can be managed from a easy-to-use web interface: System configuration, internet access, firewall configuration, VPN (server/client) connections, IPsec, backup and restore of the configuration, DHCP server, web cache server, dns caching server, system logs, url content filtering and more.
The default system feels secure (a normal user doesn't get to access anything) and the system also keeps track of what you're changing. I authorized ssh root access, which was quickly turned off. There's also a built-in intrusion detection.
The firewall itself is very easy to manage. You define different zones (wan, lan, dmz,
Why would porn be 'important' enough to encrypt ? If you're trying to hide the fact that you're watching porn on your computer, you'll have to hide all history files, logs, etc too since these probably reside in a non-crypted area.
...)
(Of course, this is only general thoughts and not a personal attack on the poster. I encrypt my financial information too
Here you go, this HOWTO is even more complete than the article referenced for Mac OS X.
...
http://weigand.home.texas.net/efs.html
Of course, there are Linux distributions that does it out of the box. I use Suse that does this just fine
Here we go, I found these unix commands in OSX 10.1.5:
...
man quota
man quotaon
man quotacheck
I have been using different encrypted file systems on Linux, mostly using the twofish algorithm. Basically, I think there are two major purposes of crypted file systems for the average geek:
1) You've got some REALLY secret information which you'd like to protect: use an encrypted file.
2) You would like to protect the information in case someone steals your computer.
In my opinion, crypting the whole system doesn't really make sence unless you're afraid of someone coming to take your computer away from you: To use the computer, you have to unlock these filesystems anyway and an intruder will be able to read your files at that time
Also, encrypted filesystems heavily slows down the system, since every read/write to disk needs some CPU. I remember getting pretty poor transfer rates, which is the reason I don't use it anymore.
I'm sure there must be a better solution to introduce quotas on user directories.
At least Apple must have thought of this when creating os x server. And if it's in the server version, it should be easy to put in the standard edition.
Get some real information on fusion:
European Community, Fusion Programme
U.S. Fusion Energy Sciences Program
International Thermonuclear Experimental Reactor or (ITER) site
a special Canadian ITER site
This page has a lot of links to different fusion sites around the world. These websites probably contain a lot more useful information than the slashdotted article.
By the way, my university happends to have a research center on plasma physics. It's not as easy as "some basic engineering skills, this site and the inspiration necessary to make your very own 'fusor' produce more energy than it consumes" =)
Very nice story. I especially like this line which associates to modern copyright issues etc.
"I don't know if information wants to be free or not," they heard santa call out from the sleigh, "but I know Christmas presents gifts certainly do."
Here's what I did and it worked great. You'll get running in no time and learning step by step ever after.
...)
Buy a linux distribution of your choice. Not for the CDs, but for the BOOK. Read the ENTIRE book before starting. This gives you a good idea of how Linux works (installation procedure, useful tools, networking, [add other useful things here]
It's the perfect book for a beginner: it explains the specifics of your distribution, is perfectly up to date and not very expensive when bought in a bundle package. Plus it's nice having the CDs for reinstalling if things screw up.
Sure, it may be a little heavy to read an entire book, but it does pay off. It's easier knowing in advance what may happen, than looking for how to repair mistakes afterwards.
Once you've got the system running nicely using the distributions tools, you can concentrate on other things or start digging deeper into your installation. From this point, online documentation is all you need.
The manual of my distribution is the only Linux book I have ever bought and I've been using full-time for 5-6 years now.
This would be slick if it could be configured as a RAID system. 250 MB in one box with its own backup.
...
From the translated article
Out of standard, considering each one of these storage units integrates two hard disks and a bridge FW/RAID, it is possible to configure them in RAID 1 (Mirroring) or RAID 0 (Stripping).
And Sweden has 25% sales tax !
Who can do better ?
Most people don't backup 240 gigs worth of data, let alone a gig.
...) while leaving movies and mp3s on a striped config or no raid at all.
...
This is one of the reasons why I am so fond of Linux soft raid. Instead of operating on entire disks, it lets you set up arrays of *PARTITIONS*. In my experience, hardware raid only lets you work on entire disks.
This means that you can mirror small important parts, (boot, system, personal_docs
Works fantastically for me =)
Sure, software raid is slower that hardware raid, but that only matters if the disks are the slowest factor. You cannot watch a movie faster anyway
HP has developped a pretty cool type of RAID. An automatic RAID-level that automatically organizes your disks for best performance while maintaining security.
When a friend explained it to me, it sounded like a mixture of raid 5 and 0+1. For example, if you replace a disk with a larger one, the extra capacity will be used to duplicate some other part of the array.
White papers here