I completely agree that the activities I mention are no big deal and have caused me no problems or harm since 9/11. I think this is the lives about 90% of Americans led, so the laws don't affect most people.
I was a pretty uncritical and ignorant of western policies until a few years ago. Since the post-911 laws have been passed, I often find myself canceling (or posting pseudo-anonymously) emails, USENET posts and so on wondering whether such posts will get me branded un-British. And it doesn't matter whether I'm just being paranoid, or whether it would actually happen, the end effect is the same - a chilling effect on free speech.
At least we can still bear arms to overthrow a repressive government...or can we?
Unless you get at least one of the military departments (my preference would be for air force, but each to their own) on your side, I wouldn't like to take my chances against my government with only grandfather's shotgun.
Surfing pr0n is not a big deal, and neither are any of the other activities you mentioned.
How confident do you feel about visiting all the mosques in your city to speak with lots of muslim people about their faith? (an activity that's harmless, but may cause you to be added to various agencies' watchlist)
How about being critical of your government in a highish-profile way?
All sorts of groups are being classed as "potential threats" these days. You'd be surprised at some of them.
Also, many of the post-911 laws have been passed with no sunset clause. Legislation generally requires significant effort to be removed from the books when it is no longer needed. Whilst we have (arguably, relatively) benign governments, people are unconcerned ("their power will only be used for good!"), but if an extremist government came to power, all the legislational infrastructure is there to establish a repressive state in no time at all.
I do feel that, for a number of reasons, regulation will probably be the only way to make proprietary software vendors improve the quality of their products.
But on the other hand, if other industries are examined, such regulation will only turn into a further barrier to entry for new entrants to the market and non-commercial (i.e. Free and Open Source ) software.
I already see this when trying to sell FOSS solutions to the public sector, who invariably have successful "Common Criteria" evaluation as a "nice to have" (at least - in some cases it's mandatory).
Getting these evaluations done is expensive, so only the big boys get to play... Ironically, the people I talk with know that FOSS solutions are usually at least as secure as the products on their approved list, but their hands are tied by regulations and auditors.
RWs are currently limited to about 12x, but I'm sure that this could be improved, and the cost of blanks reduced to near CDR levels with newspaper levels of economy of scale (In the UK, you can already get cheapo CDRs for 10p or so, and decent blanks for 30-40p each). CDRWs aren't terribly fragile.
Memory sticks would be interesting, but I guess the readers would have to buy their memory sticks, then "charge them up" each day with new news. I can't see them becoming cheap enough anytime soon to sell for 1GBP or less, including the actual information. Eventually, of course, that's entirely possible.
Check the DMA modes in use (hdparm's -X option). You may find that you need to wind the discs down a bit.
Secondly, use smartctl to query the drives and check their present condition. If you're running smartd, you should get a pre-failure warnings, but it would be good to check what their current state is.
Do you have a third IDE controller installed as well? The presence of hdi and hdk implies this.
How long are your IDE cables? They should be no longer than 18" (maximum length as per the ATA spec) and some controllers have this limit shared between both channels (e.g. the CMD640 - its spec limits total cable length to 18"). Also, the devices jumpered as master should be at the far end of the cable, with slaves slightly further back. This is a pretty good guide to cabling ATA drives correctly (though plenty of vendors and users don't and feel they get away without any problems).
Finally, have you tried the errata kernels released by RH?
I wonder if it would be economic to "print" the weekly (possibly even daily) newspaper onto cheap re-usable media such as CD-RW? The readers could keep or return previous editions for re-use (for a small refund) at their option.
This idea inspired by the "Universe Today" personalised newspaper in Babylon 5. Alternatively, the linked article suggests printing on a re-usable (as opposed to re-cyclable) paper substitute, such as Tyvek.
I say we run out of cheap energy first and robotization doesn't get to the stage that Brain predicts. Virtually the entire Western lifestyle is predicated on globalisation facilitated by the availability of cheap energy. Without it, everything changes.
I'm not just talking about your yearly flight to a foreign vacation and having to use public transport to commute (if at all), but your means of entertainment (computers, home entertainment, cinema, amplified music), foods that are available at modest prices (anything that isn't locally grown and distributed will become "exotic" and command a higher price - expect to eat less meat and more seasonal fruit n' veg) and lots more - including your free time (you probably won't be able to afford to run a fridge/freezer, so you'll need to shop more often for fresh food or grow your own, labour-saving devices such as washing machines and vacuum cleaners become too expensive to run).
And to anyone who says that we can start using alternate forms of energy (e.g. nuclear, renewables), yes, that's possible, but only if we build the necessary infrastructure whilst we still have sufficient hydro-carbon fuels, otherwise we'll only find it increasingly harder to do (try building/expanding a alternative powerplant without using powered machinery!)
the point is why Windows->Linux should be any less daunting than Windows->FreeBSD.
Suggestions:
Hype - BSD lost a lot of momentum during the USL lawsuit in the mid-90s. If it didn't, BSD would probably be where Linux is now. Incidentally, this is my biggest worry about the SCO thing.
Hardware support. Linux supports pretty much any device, no matter how cruddy it is. BSD is, generally speaking, pickier about what gets supported.
Proprietary ISVs - Is Oracle supported on BSD? Is FireWall-1 supported on BSD? (ignore Nokia's IPSO, smartasses out there;-)
Installation - Linux is more readily supplied as a pre-install option, and even if it isn't, modern installers appear more user-friendly than BSD's
Patch management - the availability of signed, binary patches, obviating the need for make world.
Well, I'm using Red Hat 8, so I started off with the default kernel for that distro - 2.4.18-14, but I'm now using a home-brewed backport of a Red Hat 9 kernel (they've all worked flawlessly). Remember that as I'm using the md implementation, the 20276 is being treated as a standard IDE controller, using the standard driver.
With regards to hdparm, you should investigate the DMA settings in particular. You might also like to investigate using S.M.A.R.T. tools such as SMARTmontools to see if any of your drives are in the process of failing.
What discs are you using? Bear in mind that if you're using ATA133, you need 80-way cables, not the old-fashioned 40-way IDE cables.
I'm using a Promise 20276 on a GigaByte GA-8PE667 with zero hassles. 2 Western Digital Special Edition (WDxxxJB model number) drives. I'm using the Linux md software RAID implementation, not the ataraid or Promise RAID stuff.
Your error indicates to me that either your cable for hde is bad, or the on-drive controller board is failing and/or being driven at a speed it doesn't like. Look into using hdparm.
The Promise RAID controllers, or the entry level ones at least (i.e. the PDC20276 found on many motherboards), are effectively just ATA controllers. The smarts for RAID0/RAID1 are done in the driver, with a bit of BIOS support (to allow booting from striped drives).
As such, there are three ways of getting them working with Linux:
Use the Promise RAID driver
Use the Linux ATARAID driver
Use the Linux md RAID implementation
The first of those is handy if you're dual-booting with a RAIDed Windows installation and want everything to work. The disadvantage is that you'll be limited to certain kernel versions as other posters have already noted.
The second option also allows interoperability with other OSs RAIDed on the same drives, but because the drivers aren't written by Promise, there may be some gotchas. The advantage is that ATARAID comes as standard with all Linux kernels, so you'll never be forced to lag behind through lack of driver availability.
The third option is probably the most stable and convenient, as long as you don't require another OS to use the Promise RAID setup (md has not been ported to Windows, as far as I know!)
I chose the md option as although I do dual-boot with Windows, I don't have any important information stored there. Note also, that because all the smarts are done in software, there's no inherent performance overhead in using md over Promise's driver.
As other posters have pointed out, analogy hell, but...
I'm not a member of the law enforcement community and I don't feel compelled to act as a vigilante, either in the physical world, or with regards to "cyber criminals" (blech!)
If I was employed by said law enforcement agencies, of course I would care about it. And intuitively, I understand that without any enforcements of "hacking crimes", the situation might be quite unbalanced.
But the difficulties of tracking and successfully prosecuting crackers means that for pragmatic purposes, organisations are, IMHO, better spending their time and energy on other things - like keeping them out in the first place.
I am sorry, but this is analogous to saying that frequent window-smashing by neighborhood thugs protects your local bank from bank-robbers.
Not necessarily. Look at it this way, because there is a problem with burglary in most western countries, most houses come with vaguely secure locks and front doors. If it weren't for that, you might expect to find your neighbour poking around your stuff because they're paranoid that you're [having an affair with their spouse|behind the vandalism attacks on their car|controlling their mind with orbital laser satellites].
I think the real gain is in the rates of white-hat and black-hat consultants alike:-) --yeah, I am jealous...
Don't be, they aren't that great, and haven't been for some time unless you're in a Big-5 bodyshop.
There is such a thriving underground economy, and it is ridiculously easy.
However bad the situation is now (and it is pretty bad), I feel it would only be worse if we didn't have blackhats and viruses to raise the bar at least a little.
For a start, imagine government agency staff (and not just the three-letter agency types) casually intruding on personal information databases because they couldn't be bothered to go to all the trouble of "due process"...
...the situation would be worse not better. And I say this as a white-hatted security consultant.
I've reluctantly come to appreciate the role that noisy blackhats and virus authors play in getting organisations to improve their information security infrastructure. If it weren't for them, I feel there would be a thriving underground economy of industrial espionage and personal information theft because it would be so easy. At least with the constant pressure applied by viruses and blackhats, the most gaping security vulnerabilities tend to get fixed, sooner or later (even if a few organisations end up being made examples to the rest).
Personally, I don't really care about catching virus authors and blackhats. I just care about keeping them out of the machines and networks I've been paid to care about.
Well, that depends. Personally, I reserve the right to speed if it gets me out of what I feel is a potentially dangerous situation better than slowing down (e.g. overtaking, in good conditions, an erratic driver on a motorway who's driving at or above the speed limit himself).
Under the present system, I may or may not get stopped and/or fined. If so, I can offer that as a mitigating circumstance to the police officer or a judge. With a "black box", I'll get fined regardless of the precise circumstances.
Do note, however, that I would be hard-pressed to think of a reason not to use a device like this within residential areas. Motorways and residential streets require a different approach to driving, IMHO.
An MOT is a yearly roadworthiness test that's mandatory for all road-vehicles over 3 (?) years old.
What happens when you sell a vehicle? What incentive would the lot or private citizen have to ensure that the registration information on the chip is changed?
The chip wouldn't need to be changed - I expect it would just be a slightly-more-difficult-to-tamper-with version of the license plate and/or VIN number (the number stamped on the chassis in several places during manufacture). In the UK, it's the seller's responsibility to inform the DVLA (think DMV in US-speak) upon sale or transfer of a vehicle. At any time, the current registered keeper is responsible for the vehicle, and so, directly or indirectly for any fines imposed upon the driver. (Though there have been some challenges to this point using European Human Rights legislation). This generally ensures that sellers let the DVLA know when they've transferred a vehicle to a new keeper.
Can someone here maybe explain to my why they issue patches the way they do? They don't update the version number of the package when they apply a fix,
Yes, Mark Cox of Red Hat answers your question here.
so there is no way to tell if you are running a patched version or not.
Check the CVE references given in the errata announcements against the vulnerability report you're working to mitigate.
Just because a distro provides sophisticated package management, doesn't mean you need to use it. There's nothing to stop you doing 'make; make test; make install' under RH or any other distro, but it's unreasonable for you to expect that the package management database is fully aware of what you've done.
Personally, I find managing all my packages with RPM useful (things like rpm -e, rpm --verify, rpm --checksig, rpm -qif `which foo` - I have 1321 packages on my workstation which I would hate to have to manage without RPM or dpkg), and so I take a few minutes to build my own RPMs of packages, rather than just doing 'make install'. Even using something like checkinstall is better than nothing (it supports Slackware tgzs and Debian dpkgs as well as RPM, BTW).
Oops. Sorry. My bad. The OP is entirely correct. In fact, I'd go further and say that RPM is the primary tool of a vast conspiracy plotted jointly by the Freemasons, the Zeta Reticulans and the Bilderberg group.
You base your dependencies upon the contents of other packages, and not the names of the other packages. You make the package dependent upon the presence of libfoo.so.1 and not libfoo-1.3ar78.rpm.
The problem is that if you're distributing packages using such dependencies, there'll be a crowd of people asking you which package libfoo.so.1 comes from. Explicit package dependencies (e.g libfoo >1.3ar78) should allow most people to resolve the dependencies, and also improves the efficiency of automatic tools.
The irony is that shared libraries make it *very* difficult to do a real small stripped down Red Hat installation.
It didn't take me too long (and hour or so, maybe) to get a minimal server-ready RH8 installation down to 300MB. If I removed the documentation under/usr/share/doc and a few other bits, I could probably get that down to about 222MB (this figure includes Perl and a bunch of commonly-used CPAN modules, BTW, so it's actually a trade-off between "minimal" and "actually-useful";-)
Then you go berserk. You mirror rpmfind, rpm -Uvh *.rpm, end up with multiple versions of crap in different places, and corrupt the UNIVERSE.
I know you're exaggerating for dramatic effect, but therein lies your problem. If you're installing random packages from rpmfind.net, you deserve everything you get. Either stick to packages in your distro's native format and created for the version of the distro you're running (errata, install discs, freshrpms.net in that order) or build your own, newer packages, using your distro vendors src.rpms as a template.
If you do this, I promise you'll encounter zero problems.
Too many people think that RPMs are magically some kind of universal package. They aren't and were never intended to be.
...that these days, it's the suits, politicians and the lawyers who get to change the world, not the craftsmen, inventors, hackers, engineers, chemists, artists and musicians.
Given his talents, I expect he feels he can better achieve his goals by working at the political layer, rather than hacking code at the coalface.
Either that, or Red Hat have said something like "y'know, we'd like to make you VP of... but it won't look good if we do that and you don't have any demonstrable business qualifications".;-)
Good luck to him - we need more technically clued folks in the former group!
Slashdot Mirror
I was a pretty uncritical and ignorant of western policies until a few years ago. Since the post-911 laws have been passed, I often find myself canceling (or posting pseudo-anonymously) emails, USENET posts and so on wondering whether such posts will get me branded un-British. And it doesn't matter whether I'm just being paranoid, or whether it would actually happen, the end effect is the same - a chilling effect on free speech.
At least we can still bear arms to overthrow a repressive government...or can we?
Unless you get at least one of the military departments (my preference would be for air force, but each to their own) on your side, I wouldn't like to take my chances against my government with only grandfather's shotgun.
--
How confident do you feel about visiting all the mosques in your city to speak with lots of muslim people about their faith? (an activity that's harmless, but may cause you to be added to various agencies' watchlist)
How about participating in non-violent activist groups? (anti-war protestors have been placed on a "no fly list")
How about being critical of your government in a highish-profile way?
All sorts of groups are being classed as "potential threats" these days. You'd be surprised at some of them.
Also, many of the post-911 laws have been passed with no sunset clause. Legislation generally requires significant effort to be removed from the books when it is no longer needed. Whilst we have (arguably, relatively) benign governments, people are unconcerned ("their power will only be used for good!"), but if an extremist government came to power, all the legislational infrastructure is there to establish a repressive state in no time at all.
--
But on the other hand, if other industries are examined, such regulation will only turn into a further barrier to entry for new entrants to the market and non-commercial (i.e. Free and Open Source ) software.
I already see this when trying to sell FOSS solutions to the public sector, who invariably have successful "Common Criteria" evaluation as a "nice to have" (at least - in some cases it's mandatory).
Getting these evaluations done is expensive, so only the big boys get to play... Ironically, the people I talk with know that FOSS solutions are usually at least as secure as the products on their approved list, but their hands are tied by regulations and auditors.
--
Memory sticks would be interesting, but I guess the readers would have to buy their memory sticks, then "charge them up" each day with new news. I can't see them becoming cheap enough anytime soon to sell for 1GBP or less, including the actual information. Eventually, of course, that's entirely possible.
--
Secondly, use smartctl to query the drives and check their present condition. If you're running smartd, you should get a pre-failure warnings, but it would be good to check what their current state is.
Do you have a third IDE controller installed as well? The presence of hdi and hdk implies this.
How long are your IDE cables? They should be no longer than 18" (maximum length as per the ATA spec) and some controllers have this limit shared between both channels (e.g. the CMD640 - its spec limits total cable length to 18"). Also, the devices jumpered as master should be at the far end of the cable, with slaves slightly further back. This is a pretty good guide to cabling ATA drives correctly (though plenty of vendors and users don't and feel they get away without any problems).
Finally, have you tried the errata kernels released by RH?
--
This idea inspired by the "Universe Today" personalised newspaper in Babylon 5. Alternatively, the linked article suggests printing on a re-usable (as opposed to re-cyclable) paper substitute, such as Tyvek.
--
I'm not just talking about your yearly flight to a foreign vacation and having to use public transport to commute (if at all), but your means of entertainment (computers, home entertainment, cinema, amplified music), foods that are available at modest prices (anything that isn't locally grown and distributed will become "exotic" and command a higher price - expect to eat less meat and more seasonal fruit n' veg) and lots more - including your free time (you probably won't be able to afford to run a fridge/freezer, so you'll need to shop more often for fresh food or grow your own, labour-saving devices such as washing machines and vacuum cleaners become too expensive to run).
And to anyone who says that we can start using alternate forms of energy (e.g. nuclear, renewables), yes, that's possible, but only if we build the necessary infrastructure whilst we still have sufficient hydro-carbon fuels, otherwise we'll only find it increasingly harder to do (try building/expanding a alternative powerplant without using powered machinery!)
--
Suggestions:
Hype - BSD lost a lot of momentum during the USL lawsuit in the mid-90s. If it didn't, BSD would probably be where Linux is now. Incidentally, this is my biggest worry about the SCO thing.
Hardware support. Linux supports pretty much any device, no matter how cruddy it is. BSD is, generally speaking, pickier about what gets supported.
Proprietary ISVs - Is Oracle supported on BSD? Is FireWall-1 supported on BSD? (ignore Nokia's IPSO, smartasses out there ;-)
Installation - Linux is more readily supplied as a pre-install option, and even if it isn't, modern installers appear more user-friendly than BSD's
Patch management - the availability of signed, binary patches, obviating the need for make world.
--
With regards to hdparm, you should investigate the DMA settings in particular. You might also like to investigate using S.M.A.R.T. tools such as SMARTmontools to see if any of your drives are in the process of failing.
What discs are you using? Bear in mind that if you're using ATA133, you need 80-way cables, not the old-fashioned 40-way IDE cables.
--
Your error indicates to me that either your cable for hde is bad, or the on-drive controller board is failing and/or being driven at a speed it doesn't like. Look into using hdparm.
--
As such, there are three ways of getting them working with Linux:
Use the Promise RAID driver
Use the Linux ATARAID driver
Use the Linux md RAID implementation
The first of those is handy if you're dual-booting with a RAIDed Windows installation and want everything to work. The disadvantage is that you'll be limited to certain kernel versions as other posters have already noted.
The second option also allows interoperability with other OSs RAIDed on the same drives, but because the drivers aren't written by Promise, there may be some gotchas. The advantage is that ATARAID comes as standard with all Linux kernels, so you'll never be forced to lag behind through lack of driver availability.
The third option is probably the most stable and convenient, as long as you don't require another OS to use the Promise RAID setup (md has not been ported to Windows, as far as I know!)
I chose the md option as although I do dual-boot with Windows, I don't have any important information stored there. Note also, that because all the smarts are done in software, there's no inherent performance overhead in using md over Promise's driver.
--
--
I'm not a member of the law enforcement community and I don't feel compelled to act as a vigilante, either in the physical world, or with regards to "cyber criminals" (blech!)
If I was employed by said law enforcement agencies, of course I would care about it. And intuitively, I understand that without any enforcements of "hacking crimes", the situation might be quite unbalanced.
But the difficulties of tracking and successfully prosecuting crackers means that for pragmatic purposes, organisations are, IMHO, better spending their time and energy on other things - like keeping them out in the first place.
--
Not necessarily. Look at it this way, because there is a problem with burglary in most western countries, most houses come with vaguely secure locks and front doors. If it weren't for that, you might expect to find your neighbour poking around your stuff because they're paranoid that you're [having an affair with their spouse|behind the vandalism attacks on their car|controlling their mind with orbital laser satellites].
I think the real gain is in the rates of white-hat and black-hat consultants alike :-) --yeah, I am jealous...
Don't be, they aren't that great, and haven't been for some time unless you're in a Big-5 bodyshop.
--
However bad the situation is now (and it is pretty bad), I feel it would only be worse if we didn't have blackhats and viruses to raise the bar at least a little.
For a start, imagine government agency staff (and not just the three-letter agency types) casually intruding on personal information databases because they couldn't be bothered to go to all the trouble of "due process"...
--
I've reluctantly come to appreciate the role that noisy blackhats and virus authors play in getting organisations to improve their information security infrastructure. If it weren't for them, I feel there would be a thriving underground economy of industrial espionage and personal information theft because it would be so easy. At least with the constant pressure applied by viruses and blackhats, the most gaping security vulnerabilities tend to get fixed, sooner or later (even if a few organisations end up being made examples to the rest).
Personally, I don't really care about catching virus authors and blackhats. I just care about keeping them out of the machines and networks I've been paid to care about.
--
Under the present system, I may or may not get stopped and/or fined. If so, I can offer that as a mitigating circumstance to the police officer or a judge. With a "black box", I'll get fined regardless of the precise circumstances.
Do note, however, that I would be hard-pressed to think of a reason not to use a device like this within residential areas. Motorways and residential streets require a different approach to driving, IMHO.
--
An MOT is a yearly roadworthiness test that's mandatory for all road-vehicles over 3 (?) years old.
What happens when you sell a vehicle? What incentive would the lot or private citizen have to ensure that the registration information on the chip is changed?
The chip wouldn't need to be changed - I expect it would just be a slightly-more-difficult-to-tamper-with version of the license plate and/or VIN number (the number stamped on the chassis in several places during manufacture). In the UK, it's the seller's responsibility to inform the DVLA (think DMV in US-speak) upon sale or transfer of a vehicle. At any time, the current registered keeper is responsible for the vehicle, and so, directly or indirectly for any fines imposed upon the driver. (Though there have been some challenges to this point using European Human Rights legislation). This generally ensures that sellers let the DVLA know when they've transferred a vehicle to a new keeper.
--
Yes, Mark Cox of Red Hat answers your question here.
so there is no way to tell if you are running a patched version or not. Check the CVE references given in the errata announcements against the vulnerability report you're working to mitigate.
--
Personally, I find managing all my packages with RPM useful (things like rpm -e, rpm --verify, rpm --checksig, rpm -qif `which foo` - I have 1321 packages on my workstation which I would hate to have to manage without RPM or dpkg), and so I take a few minutes to build my own RPMs of packages, rather than just doing 'make install'. Even using something like checkinstall is better than nothing (it supports Slackware tgzs and Debian dpkgs as well as RPM, BTW).
--
'zat better? ;-)
--
The problem is that if you're distributing packages using such dependencies, there'll be a crowd of people asking you which package libfoo.so.1 comes from. Explicit package dependencies (e.g libfoo >1.3ar78) should allow most people to resolve the dependencies, and also improves the efficiency of automatic tools.
--
It didn't take me too long (and hour or so, maybe) to get a minimal server-ready RH8 installation down to 300MB. If I removed the documentation under /usr/share/doc and a few other bits, I could probably get that down to about 222MB (this figure includes Perl and a bunch of commonly-used CPAN modules, BTW, so it's actually a trade-off between "minimal" and "actually-useful" ;-)
You can find the kickstart file in this thread.
There are too many cascading dependencies. You would be better off compiling the stuff you want statically. You'd save space.
Yeah, and then when a security problem is found, you end up having to re-compile the lot. Eww.
--
I know you're exaggerating for dramatic effect, but therein lies your problem. If you're installing random packages from rpmfind.net, you deserve everything you get. Either stick to packages in your distro's native format and created for the version of the distro you're running (errata, install discs, freshrpms.net in that order) or build your own, newer packages, using your distro vendors src.rpms as a template.
If you do this, I promise you'll encounter zero problems.
Too many people think that RPMs are magically some kind of universal package. They aren't and were never intended to be.
--
Given his talents, I expect he feels he can better achieve his goals by working at the political layer, rather than hacking code at the coalface.
Either that, or Red Hat have said something like "y'know, we'd like to make you VP of ... but it won't look good if we do that and you don't have any demonstrable business qualifications". ;-)
Good luck to him - we need more technically clued folks in the former group!
--