Mac OS X Server 10.6 has pretty decent security on it's mail services, however with some tweaking I'm sure you can turn some of this off. From memory, you can easily allow unauthenticated SMTP from the local subnet, but not from the internet at large.
The different formats is the whole point of the test. Digital radio broadcasts using DAB+ use AAC+ and the whole reason they use this codec is that it's claimed to deliver vastly superior sound to other codecs at low bitrates. I listen to some radio on DAB+ and the broadcasters have a fixed amount of bandwidth to share between a number of stations. As a result, the premium stations use 64kbs as a "high" bitrate and I have to say that on a half-decent piece of equipment, it actually sounds quite good.
The test was not to determine if 64kbs and 160kbs sounds different (it does) the test was to determine which of the two people preferred to listen to.
This will kill them in the battle against the PS3. Sony make it so easy, for a start every PS3 comes with a hard drive, so games developers can assume that there is bulk persistent storage there and take advantage of it. You can also use USB mass storage devices. You can also upgrade the internal hard drive with undoing just a couple of screws, and it's all supported.
Sony have an easy way for you to back up your PS3 to an external USB hard drive, you then insert any laptop hard drive (I went with a 7.2k one and some things are noticeably faster) and you then restore your system onto the new hard drive. All without paying Sony an extra cent.
The aggregate network device won't work for WAN connections. It's channel-bonding, or NIC teaming using LACP and needs to be explicitly supported by the switch at the other end of the Ethernet leads. It operates between an Etherhet switch and a host and requires that both endpoints of the connection are on the one switch (or on the one group of stacked switches, if appropriately configured)
Check out Reversible Computing for some info on where this isn't the case - the idea is to have it so that the results of a computation doesn't result in the waste of energy as heat.
MS install an Operating System, that includes their default browser. You can't really get rid of IE from within Windows as even if you're not using it to browse the net, a lot of developers use embedded IE controls in their apps.
So, IE is already installed on Windows when you first boot, so why not use IE for the task of selecting if you want an alternate browser.
This is just like if you install another desktop OS like, say, Ubuntu, and you end up with Firefox pre-installed. Should Ubuntu devs include another separate app that launches when you first boot asking what browser you want? Should Apple do the same as well with Safari?
Who really cares if IE is launched once when you first boot your Windows machine and it asks you what browser you want to use and provides a list to chose from? The current situation is that when you install Windows, one of the first things you do is go to mozilla.com and grab Firefox - this will just make it easier.
Some devs will develop apps in Flash and compile them for the iPhone, and other developers who care about efficiency, speed and elegance will code native apps. There are a lot of crap apps on the App Store and this possibly lowers the bar to getting a quick app up there. Now that the goldrush seems to be over, an explosion in crap apps will probably not be noticed amongst the noise that's already there.
I'm sure we'll see some good apps made with this technology that possibly wouldn't have made it to market otherwise but any serious app developer that cares about performance and efficiency will still be coding their app in Xcode.
It's a situation analogous to coding for personal computers in the early 90's - you can code in something low-level like assembly and get some serious performance and do things that otherwise couldn't be done (have a look at some of the demos from that time, and keep in mind that they were running on something considerably less powerful than your mobile phone) or you could code with a high-level toolkit that does a lot of the heavy lifting for you but you take a performance hit.
And this is not it. MS position it as a Media Centre Extender, and for this it's not too bad. You have your big, loud, full-of-fans-and-hard-drives Media Centre server in a cupboard somewhere and your 360 as the playback unit. Only it's not very quiet, or power efficient.
Modding it will be a world of hurt, and it will still be a big, loud, power-hungry pig of a unit that's susceptible to the Red Ring of Death at the drop of a hat.
Give it to a friend/family member and earn mucho brownie points. Sell it on eBay and buy a media centre unit. You can either get a general purpose PC that can have the relevant software installed, and there are now plenty of media centre appliances on the market - some are even in the form of a hard drive docking station, so the convenience factor for upgrading/changing the media storage is very easy.
Whilst the above points should be taught at an early age, at present I can only see regular users paying attention to maybe points 1 and 2 above, the others are just more hassle than they're worth (in their opinion)
I like to consider myself pretty knowledgeable about computers and even I break at least one of those rules (I open emailed attachments)
What I'm advocating is doing both. Moving ssh to not port 22 on it's own is not security.
Securing ssh appropriately, by doing things like only allowing passwordless logins and disabling access by root AND moving it to not port 22 is a good thing to do. This will ensure you have a secure sshd and it will stop your logs getting filled up with noise from the drive-by password guessers.
The problem will not go away over time, just like spam hasn't gone away over time.
Portscanning a host to find sshd running on another port is very obvious, so is easily blocked before any logins even start to happen and it takes a LOT longer than just hitting port 22 and trying to connect to whatever is listening there.
Setting your ssh port to a high number is not a bad idea at all. All these brute-forcing ssh scanners don't portscan a host looking for ssh on any port, they connect to port 22 and see what is there. Moving it to any other port will reduce the incidence of these botnet scans by an order of magnitude, if not eliminate it entirely.
A non-root user can not run software that binds to low numbered ports, so having someone else on the system impersonate sshd is a non issue.
Secondly, as many mention, turning off password authentication altogether is another very good way to prevent these attacks, doing both (passwordless authentication on a port that is not 22) will virtually eliminate altogether these random scans.
If you don't have password authentication on, then even if someone impersonates sshd, they won't get any useful information from you.
I've found that plugging and unplugging three cables, all at the side of the machine, not the rear, on a daily basis was actually a lot easier than dealing with a docking station. The docking station can change the hardware profile of a machine, makes it hard to put the machine to sleep when it's in the standard laptop configuration and then wake it on the dock, has a large and fiddly connector on the bottom of the laptop that always gets crap inside it and can be prone to breakage when users aren't docking and undocking them properly.
On the other hand, having three or four cables (power, display, USB, Ethernet) is pretty quick to connect/disconnect, doesn't change the hardware profile of the machine and can be hot pugged/unplugged without having to tell the OS that anything is happening.
The 13" MacBook Pro fits within your budget ($1199), has hardware virtualisation so can run any Intel-based operating system under VMware Fusion, Parallels Desktop or Virtual Box You don't get a hot-swap Ultrabay, but you probably don't really need the added complexity. It has a built-in 7-hour battery, has a built-in SD Card reader, has a built-in SuperDrive (Dual-layer DVD±RW, CD-RW) It doesn't have an option for a Floppy Drive from Apple, but any USB floppy will work with it (seriously, does anyone use them anymore? Even Windows doesn't need floppies to load drivers from during the initial install). It doesn't have an option for a docking station from Apple, but it has all the ports on one side of the machine, rather than at the rear, so it's very easy to plug and unplug - I do this daily and don't miss not having a docking station. If you NEED a docking station, there's a 3rd party one from BookEndz
It has outstanding hardware build quality, comes with a fantastic development environment for free, and can run any of the open-source ones as well, can run Windows XP SP2+ natively on the bare metal, but who wants to reboot these days, so it'll run everything back to DOS in virtualisation. It will also open you up to a new user experience and a new operating environment that you may just end up liking. If you don't you format the drive and install Linux or Windows instead...
So, instead of picking a machine that works, you pick a machine that doesn't have the features you need, and then run another machine, thereby using power, needing a fast network connection and has it's own set of issues. No thanks, I'd rather get a machine that has virtualisation support in the hardware. It'll be faster, cheaper and a better quality solution.
How very true. I'm not too keen on the MacBook Air either, far too cut back for my liking!
They're a strange machine, they sold like hotcakes when they first came out, and then sales (from my point of view anyway) really tapered off as just about everyone who wanted such a machine had one, and people who didn't have them didn't want one anyway...
Slashdot Mirror
Mac OS X Server 10.6 has pretty decent security on it's mail services, however with some tweaking I'm sure you can turn some of this off. From memory, you can easily allow unauthenticated SMTP from the local subnet, but not from the internet at large.
http://www.apple.com/server/macosx/features/mail-services.html
You will then notice that there is a Configure-to-order option of a Promise FireWire 800 RAID unit with 4x 1TB hard drives.
The different formats is the whole point of the test. Digital radio broadcasts using DAB+ use AAC+ and the whole reason they use this codec is that it's claimed to deliver vastly superior sound to other codecs at low bitrates.
I listen to some radio on DAB+ and the broadcasters have a fixed amount of bandwidth to share between a number of stations. As a result, the premium stations use 64kbs as a "high" bitrate and I have to say that on a half-decent piece of equipment, it actually sounds quite good.
The test was not to determine if 64kbs and 160kbs sounds different (it does) the test was to determine which of the two people preferred to listen to.
This will kill them in the battle against the PS3. Sony make it so easy, for a start every PS3 comes with a hard drive, so games developers can assume that there is bulk persistent storage there and take advantage of it. You can also use USB mass storage devices. You can also upgrade the internal hard drive with undoing just a couple of screws, and it's all supported.
Sony have an easy way for you to back up your PS3 to an external USB hard drive, you then insert any laptop hard drive (I went with a 7.2k one and some things are noticeably faster) and you then restore your system onto the new hard drive. All without paying Sony an extra cent.
G'day Apple Guru,
The aggregate network device won't work for WAN connections. It's channel-bonding, or NIC teaming using LACP and needs to be explicitly supported by the switch at the other end of the Ethernet leads. It operates between an Etherhet switch and a host and requires that both endpoints of the connection are on the one switch (or on the one group of stacked switches, if appropriately configured)
A non-english premium? What, you mean they don't speak English in Great Britain, Canada and Australia?
I don't see how a filesystem woukd do anything when, from all reports, they fucked up a SAN upgrade and didn't have backups.
Oh, my hard drive just died, and I can't access any data on it any more. Maybe I should have used ZFS? I don't think so...
Check out Reversible Computing for some info on where this isn't the case - the idea is to have it so that the results of a computation doesn't result in the waste of energy as heat.
MS install an Operating System, that includes their default browser. You can't really get rid of IE from within Windows as even if you're not using it to browse the net, a lot of developers use embedded IE controls in their apps.
So, IE is already installed on Windows when you first boot, so why not use IE for the task of selecting if you want an alternate browser.
This is just like if you install another desktop OS like, say, Ubuntu, and you end up with Firefox pre-installed. Should Ubuntu devs include another separate app that launches when you first boot asking what browser you want? Should Apple do the same as well with Safari?
Who really cares if IE is launched once when you first boot your Windows machine and it asks you what browser you want to use and provides a list to chose from? The current situation is that when you install Windows, one of the first things you do is go to mozilla.com and grab Firefox - this will just make it easier.
Some devs will develop apps in Flash and compile them for the iPhone, and other developers who care about efficiency, speed and elegance will code native apps. There are a lot of crap apps on the App Store and this possibly lowers the bar to getting a quick app up there. Now that the goldrush seems to be over, an explosion in crap apps will probably not be noticed amongst the noise that's already there.
I'm sure we'll see some good apps made with this technology that possibly wouldn't have made it to market otherwise but any serious app developer that cares about performance and efficiency will still be coding their app in Xcode.
It's a situation analogous to coding for personal computers in the early 90's - you can code in something low-level like assembly and get some serious performance and do things that otherwise couldn't be done (have a look at some of the demos from that time, and keep in mind that they were running on something considerably less powerful than your mobile phone) or you could code with a high-level toolkit that does a lot of the heavy lifting for you but you take a performance hit.
There are already apps available for purchase or download from the App Store that hae been made with this technology:
The applications are: Digg Pics, South Park Avatar Creator, Chroma Circuit, Just Letters, Trading Stuff, Red Hood, Fickleblox, and That Roach Game.
Yes, what a great idea, because segments and offsets were such an absolute joy to work with as a programmer.
And this is not it. MS position it as a Media Centre Extender, and for this it's not too bad. You have your big, loud, full-of-fans-and-hard-drives Media Centre server in a cupboard somewhere and your 360 as the playback unit. Only it's not very quiet, or power efficient.
Modding it will be a world of hurt, and it will still be a big, loud, power-hungry pig of a unit that's susceptible to the Red Ring of Death at the drop of a hat.
Give it to a friend/family member and earn mucho brownie points. Sell it on eBay and buy a media centre unit. You can either get a general purpose PC that can have the relevant software installed, and there are now plenty of media centre appliances on the market - some are even in the form of a hard drive docking station, so the convenience factor for upgrading/changing the media storage is very easy.
Whilst the above points should be taught at an early age, at present I can only see regular users paying attention to maybe points 1 and 2 above, the others are just more hassle than they're worth (in their opinion)
I like to consider myself pretty knowledgeable about computers and even I break at least one of those rules (I open emailed attachments)
I know what a Marlinspike is, but wft is a Moxie?
What I'm advocating is doing both. Moving ssh to not port 22 on it's own is not security.
Securing ssh appropriately, by doing things like only allowing passwordless logins and disabling access by root AND moving it to not port 22 is a good thing to do. This will ensure you have a secure sshd and it will stop your logs getting filled up with noise from the drive-by password guessers.
The problem will not go away over time, just like spam hasn't gone away over time.
Portscanning a host to find sshd running on another port is very obvious, so is easily blocked before any logins even start to happen and it takes a LOT longer than just hitting port 22 and trying to connect to whatever is listening there.
Setting your ssh port to a high number is not a bad idea at all. All these brute-forcing ssh scanners don't portscan a host looking for ssh on any port, they connect to port 22 and see what is there. Moving it to any other port will reduce the incidence of these botnet scans by an order of magnitude, if not eliminate it entirely.
A non-root user can not run software that binds to low numbered ports, so having someone else on the system impersonate sshd is a non issue.
Secondly, as many mention, turning off password authentication altogether is another very good way to prevent these attacks, doing both (passwordless authentication on a port that is not 22) will virtually eliminate altogether these random scans.
If you don't have password authentication on, then even if someone impersonates sshd, they won't get any useful information from you.
http://vmware.com/
http://parallels.com/
http://virtualbox.org/
Take your pick, any one of them will run Windows 98 on Mac OS X.
I've found that plugging and unplugging three cables, all at the side of the machine, not the rear, on a daily basis was actually a lot easier than dealing with a docking station. The docking station can change the hardware profile of a machine, makes it hard to put the machine to sleep when it's in the standard laptop configuration and then wake it on the dock, has a large and fiddly connector on the bottom of the laptop that always gets crap inside it and can be prone to breakage when users aren't docking and undocking them properly.
On the other hand, having three or four cables (power, display, USB, Ethernet) is pretty quick to connect/disconnect, doesn't change the hardware profile of the machine and can be hot pugged/unplugged without having to tell the OS that anything is happening.
The 13" MacBook Pro fits within your budget ($1199), has hardware virtualisation so can run any Intel-based operating system under VMware Fusion, Parallels Desktop or Virtual Box
You don't get a hot-swap Ultrabay, but you probably don't really need the added complexity. It has a built-in 7-hour battery, has a built-in SD Card reader, has a built-in SuperDrive (Dual-layer DVD±RW, CD-RW) It doesn't have an option for a Floppy Drive from Apple, but any USB floppy will work with it (seriously, does anyone use them anymore? Even Windows doesn't need floppies to load drivers from during the initial install).
It doesn't have an option for a docking station from Apple, but it has all the ports on one side of the machine, rather than at the rear, so it's very easy to plug and unplug - I do this daily and don't miss not having a docking station. If you NEED a docking station, there's a 3rd party one from BookEndz
It has outstanding hardware build quality, comes with a fantastic development environment for free, and can run any of the open-source ones as well, can run Windows XP SP2+ natively on the bare metal, but who wants to reboot these days, so it'll run everything back to DOS in virtualisation. It will also open you up to a new user experience and a new operating environment that you may just end up liking. If you don't you format the drive and install Linux or Windows instead...
So, instead of picking a machine that works, you pick a machine that doesn't have the features you need, and then run another machine, thereby using power, needing a fast network connection and has it's own set of issues. No thanks, I'd rather get a machine that has virtualisation support in the hardware. It'll be faster, cheaper and a better quality solution.
No, seriously, hahahaha!
Words fail me.
Bloatus Goats. No way.
There is a downside to the solution you have mentioned... You no longer have an excuse to visit your "friend" as much...
How very true. I'm not too keen on the MacBook Air either, far too cut back for my liking!
They're a strange machine, they sold like hotcakes when they first came out, and then sales (from my point of view anyway) really tapered off as just about everyone who wanted such a machine had one, and people who didn't have them didn't want one anyway...
Hell yeah. Such an under-appreciated feature, yet I'd personally NEVER purchse a Mac without FireWire (or a similar capability)