Ever heard of mlock? You don't need to make the whole application non-swappable, just the page that contains the password. And the call is trivial to use.
No, it isn't that trivial. For portability, you have to round down the memory address to the nearest page boundary (which implies that you have to determine the page size). Also, mlock/munlock does not stack, thus if you lock multiple addresses, you need to keep track of their location to avoid unlocking B if you only wanted to unlock A. I.e. if you have multiple small buffers which may or may not reside in the same page, you would need to implement reference counting for the page, or waste a full page for each buffer. And on many OS you need root privileges to use mlock(). And some OS (older HP-UX, I think) will not return an error, but segfault if a non-root user uses mlock()...
it is exactly the same as if a bunch of physicists got together for an invitation only conference. Its for academics.
Except that academic conferences usually are not invitation only. The general public is kept out by the admission fee (which for academic participants is usually covered by some grant).
The main problem is that helioseismology gives very precise results about some properties of the sun, like e.g. the depth of the convection zone. If the oxygen abundance is lower than previously assumed, the current models for the structure of the sun fail to reproduce the results from helioseismology.
There is a potential solution floating for some time: increase the abundance of neon. The neon abundance cannot be reliably inferred from spectra, and thus could well be higher than usually assumed. Lowering the oxygen abundance and simultaneously increasing the neon abundance gets the models in line again with the results from helioseismology.
Good luck. Actually tried once (for an x86-64 assembly task), and had problems to find someone. Finally found a coder who did decent work, but there seems to be a significant shortage of assembly coders to hire.
That's not a solution. It will get tested, but nobody will notify you (i.e. upstream developer) if something is broken. Most likely, the maintainer will fix it with some patch that as a side effect will create other bugs.
I know this sounds like a rant, but my software is in several distros, and I know what I'm talking about. No distro I am aware of has a policy of notifying upstream developers.
For most open source software you're completely correct - it'll never run on anything more exotic than a Core Duo.
Most open source software development is done on Linux and *BSD, which support the POSIX standard. There's no good reason
why open source software couldn't run on almost every POSIX system under the sun, except that you need a testing
ground to find and eliminate a few quirks resulting from unspecified behaviour.
C is the only really portable language with decent performance. Java et al. is fine on M$ and Linux, but what if your application should be able to run just as well on some dozen of other operating systems which may not even have an implementation of your favourite managed language (and if, one that is slightly incompatible with all other implementations of that language)? Things may be improving, but at the time the snort project was started, there certainly was no alternative with respect to portability and performance.
Coffee is harmless. as long as it's roasted properly (i.e. gently). However, all major brand coffee, whatever their ads say, is roasted the cheap way (fast and hot), resulting in poor taste and bitter remainders that may cause health problems in the long run. I switched to coffee from a very small local roastery some time ago - it's four times more expensive than major brands, but tastes much better, and the occasional stomach ache has disappeared.
Of course this is in Germany; according to my own experience, you'll have a hard time finding good coffee in the US.
Like it or not, in the 'real' world copyright law generates an artificial shortage of an otherwise unlimited virtual resource. A large fraction of todays 'real' economy is based on selling 'virtual' rather than 'physical' goods. In that respect, copyright isn't such a bad thing - it allows potentially unlimited grow for the (real) economy, because the economy no longer relies completely on physical goods which have natural limits.
Although many (if not most) open-souce apps are written in C/C++, there are no really useful open source tools to check C/C++ code for security:
valgrind is very nice, but only reports memory corruption if it really occurs (i.e. you have to trigger the bug first). Not very useful to detect bugs.
splint doesn't understand the flow of control, thus it needs tons of annotations to work properly. A royal PITA if you work on existing code. Also, it just shifts the problem: how do you now prove that your annotations are correct? Besides, it produces tons of spurious warnings.
flawfinder, rats, et. al. just grep the code for suspicious functions like strcpy(). They don't understand C/C++, and thus produce warnings even in cases where it's perfectly clear that these functions are used safely.
some academic projects (like e.g. uno, ccured,...) look interesting, but usually don't work on nontrivial code
(at least not unless you are part of the development team and know the required wizardry to make them work). Also,
most acedemic project go into limbo as soon as the thesis is written.
I think one of the major problems is that commercial vendors like e.g. Coverity offer free service at least to major open-source projects, thus stifling any initiative to produce open-source counterparts of such tools.
Now, does anyone have anything to say about the Enterprise Linux desktop?
Yes. We're using it. And gnome-screensaver sucks like hell. We have several hundred user accounts on NFS-mounted homedirectories, and gnome-screensaver takes ages to respond, which makes Dapper next to unuseable as-is in an enterprise setting.
I actually had a look at the source code for gnome-screensaver, and was taken aback by the level of WTFery there - no caching at all, and while it uses the gdm configuration, it does so in a home-brewed way that is a WFT for itself. Needed to eliminate all of the silly 'faces' stuff and recompile to make this crap work at all.
I'm not quite sure why, but a lot of people/webmasters/admins do not check for updates to the 3rd party php scripts
they have installed, they just install them once and leave them running... Then they wonder why their box was compromised
due to them running out of date software.
You wouldn't leave your windows machine unpatched and never check for updates, would you?
Do you check for updates of 3rd party apps installed on your windows box?
Updating the OS is trivial, regardless whether you use Windows Update or apt-get. Tracking 3rd party applications
is a PITA, and requires a significant effort. If you want to stay secure, you either have plenty of spare time, or
avoid 3rd party apps like hell.
I had an Ericsson T39m, and then switched to a Philips 650. Both have no camera or MP3 player, are relatively lightweight,
and the standby/talk time is very good. Sales apparently have been abysmal; for both phones, I actually had trouble to find a
dealer that could offer them. While people may complain about more and more features in newer phones, they are apparently
not willing to buy phones lacking such features.
And there is absolutely no question in my mind that for the huge portion of users, Windows is a superior platform to Linux. If for no other reason then it's actually USABLE by mortals.
I've yet to see any 'mere mortal' who really can USE Windows without guidance from some friend or relative that happens to know a bit more than this 'mere mortal'. I think it's quite telling that people choose Windows over Mac because they are afraid of problems, and feel more comfortable with an OS that is used by more people (and thus the chance of finding a helpful hand is higher).
I'm not trying to argue that Linux would be more usable, but I think the usability argument is a joke.
If there's a security issue, you need to upgrade. So I would put ease of upgrade first on the list. Dumped drupal after a failed upgrade. Of course, the fact that it was overkill for my needs helped a lot in that decision.
Many sites use them although they don't need them. In particular, forums and blogs wouldn't need them if they would simply discard any post containg an offsite hyperlink;
allow plaintext URLs, but ban hyperlinks, and the problem disappears. Forum/blog spams always represent an effort to boost the pagerank of some other page, and thus always contain hyperlinks.
Forum spammers want to submit very specific content: hyperlinks (to boost their Google page rank). Our forum gets hammered by spambots hundreds of times per day, yet nothing comes through - we simply filter away any message containing a hyperlink (plain, non-clickable URLs are allowed). Works like a charm - no user registration, no fancy and annoying CAPTCHAs.
There are things you are going to decide aren't worth your time, and your clothes show it. Subconsionsly, everybody else knows it too.
More precisely: there are things that I consider more worthy of my time - like, e.g., getting some work done, or spending some time with the rest of my family. If you spend your
time on ironing shirts, then neccessarily you will miss out something else. Actually, from
time to time, I evaluate the idea of dressing nicer, but there are always other things with higher priority.
Nonsense. Recompiling the same code provides a 0% performance improvement, because it produces an identical result. Most packages I have seen on Linux distros are compiled with -O2 or -O3.
First of all, -O2 or -O3 might not be the best choice - for each given piece of code, there is almost always some arcane combination of switches that produces faster (10 per cent or more) executables than -O2 or -O3. There is an open-source tool
(acovea) to find the best combination of switches
for a given program. See the benchmarks posted there.
Second, if you compile yourself, you can use icc (the Intel compiler), which usually (but not always) produces faster executables than gcc (see the benchmarks).
BTW, expensive niche software companies don't always like it when their quotes become public knowledge. Companies like that often try to guess what each customer is willing to pay, within reason.
So what? Keeping the price secret helps producers to dictate the price, knowing it benefits the consumer. Capitalism is a constant battle between consumers and producers, do you want to allow
producers to use the weapons they have available, while depriving consumers from the same right?
I'll probably never understand why newspapers are never able to quote any references for their news. Even in the absence of a published refereed paper, I would expect that there is at least a preprint or press release from the research group... apparently BBC news is convinced that their readers will drop dead on the floor if they encounter a hyperlink leading to something more than just random blurb from a journalist.
Actually, they don't even say whether 'Professor Gerry Gilmore' is part of the group that did this research, or whether he is just someone they asked 'Hey guy, what do think about this stuff?'. I.e. they don't even identify clearly any member of this 'Institute of Astronomy, Cambridge, team'.
When I was a child, I liked playing with Lego, but now I would not buy Lego for my child, for a reason discussed in the article: there seem to be only specialized sets available today, and these don't encourage creativity.
Instead, we bought something else: on a flea market, we got hold of a huge pile of lego-alike bricks, not the same quality as Lego (I think they were made in the former communist Germany), but they are ok, and I'm always amazed to see what my son creates out of them.
This is Germany. It's not easy to fire anyone over here for any reason short of 'we're closing shop', or some really major issue (murdering your co-workers may qualify;).
The installation method looks truely ancient: seems that you need a floppy drive for installing. Is there
any slackware-based distro with installer CDs?
The FAQ actually suggest an alternative method through MS Windows (with loadlin), but needing Windows to install Linux seems pretty silly.
Slashdot Mirror
No, it isn't that trivial. For portability, you have to round down the memory address to the nearest page boundary (which implies that you have to determine the page size). Also, mlock/munlock does not stack, thus if you lock multiple addresses, you need to keep track of their location to avoid unlocking B if you only wanted to unlock A. I.e. if you have multiple small buffers which may or may not reside in the same page, you would need to implement reference counting for the page, or waste a full page for each buffer. And on many OS you need root privileges to use mlock(). And some OS (older HP-UX, I think) will not return an error, but segfault if a non-root user uses mlock()...
Except that academic conferences usually are not invitation only. The general public is kept out by the admission fee (which for academic participants is usually covered by some grant).
The main problem is that helioseismology gives very precise results about some properties of the sun, like e.g. the depth of the convection zone. If the oxygen abundance is lower than previously assumed, the current models for the structure of the sun fail to reproduce the results from helioseismology.
There is a potential solution floating for some time: increase the abundance of neon. The neon abundance cannot be reliably inferred from spectra, and thus could well be higher than usually assumed. Lowering the oxygen abundance and simultaneously increasing the neon abundance gets the models in line again with the results from helioseismology.
Good luck. Actually tried once (for an x86-64 assembly task), and had problems to find someone. Finally found a coder who did decent work, but there seems to be a significant shortage of assembly coders to hire.
That's not a solution. It will get tested, but nobody will notify you (i.e. upstream developer) if something is broken. Most likely, the maintainer will fix it with some patch that as a side effect will create other bugs. I know this sounds like a rant, but my software is in several distros, and I know what I'm talking about. No distro I am aware of has a policy of notifying upstream developers.
Most open source software development is done on Linux and *BSD, which support the POSIX standard. There's no good reason why open source software couldn't run on almost every POSIX system under the sun, except that you need a testing ground to find and eliminate a few quirks resulting from unspecified behaviour.
C is the only really portable language with decent performance. Java et al. is fine on M$ and Linux, but what if your application should be able to run just as well on some dozen of other operating systems which may not even have an implementation of your favourite managed language (and if, one that is slightly incompatible with all other implementations of that language)? Things may be improving, but at the time the snort project was started, there certainly was no alternative with respect to portability and performance.
Of course this is in Germany; according to my own experience, you'll have a hard time finding good coffee in the US.
Like it or not, in the 'real' world copyright law generates an artificial shortage of an otherwise unlimited virtual resource. A large fraction of todays 'real' economy is based on selling 'virtual' rather than 'physical' goods. In that respect, copyright isn't such a bad thing - it allows potentially unlimited grow for the (real) economy, because the economy no longer relies completely on physical goods which have natural limits.
- valgrind is very nice, but only reports memory corruption if it really occurs (i.e. you have to trigger the bug first). Not very useful to detect bugs.
- splint doesn't understand the flow of control, thus it needs tons of annotations to work properly. A royal PITA if you work on existing code. Also, it just shifts the problem: how do you now prove that your annotations are correct? Besides, it produces tons of spurious warnings.
- flawfinder, rats, et. al. just grep the code for suspicious functions like strcpy(). They don't understand C/C++, and thus produce warnings even in cases where it's perfectly clear that these functions are used safely.
- some academic projects (like e.g. uno, ccured,
...) look interesting, but usually don't work on nontrivial code
(at least not unless you are part of the development team and know the required wizardry to make them work). Also,
most acedemic project go into limbo as soon as the thesis is written.
I think one of the major problems is that commercial vendors like e.g. Coverity offer free service at least to major open-source projects, thus stifling any initiative to produce open-source counterparts of such tools.Yes. We're using it. And gnome-screensaver sucks like hell. We have several hundred user accounts on NFS-mounted homedirectories, and gnome-screensaver takes ages to respond, which makes Dapper next to unuseable as-is in an enterprise setting.
I actually had a look at the source code for gnome-screensaver, and was taken aback by the level of WTFery there - no caching at all, and while it uses the gdm configuration, it does so in a home-brewed way that is a WFT for itself. Needed to eliminate all of the silly 'faces' stuff and recompile to make this crap work at all.
Do you check for updates of 3rd party apps installed on your windows box? Updating the OS is trivial, regardless whether you use Windows Update or apt-get. Tracking 3rd party applications is a PITA, and requires a significant effort. If you want to stay secure, you either have plenty of spare time, or avoid 3rd party apps like hell.
I had an Ericsson T39m, and then switched to a Philips 650. Both have no camera or MP3 player, are relatively lightweight, and the standby/talk time is very good. Sales apparently have been abysmal; for both phones, I actually had trouble to find a dealer that could offer them. While people may complain about more and more features in newer phones, they are apparently not willing to buy phones lacking such features.
I've yet to see any 'mere mortal' who really can USE Windows without guidance from some friend or relative that happens to know a bit more than this 'mere mortal'. I think it's quite telling that people choose Windows over Mac because they are afraid of problems, and feel more comfortable with an OS that is used by more people (and thus the chance of finding a helpful hand is higher).
I'm not trying to argue that Linux would be more usable, but I think the usability argument is a joke.
If there's a security issue, you need to upgrade. So I would put ease of upgrade first on the list. Dumped drupal after a failed upgrade. Of course, the fact that it was overkill for my needs helped a lot in that decision.
Many sites use them although they don't need them. In particular, forums and blogs wouldn't need them if they would simply discard any post containg an offsite hyperlink; allow plaintext URLs, but ban hyperlinks, and the problem disappears. Forum/blog spams always represent an effort to boost the pagerank of some other page, and thus always contain hyperlinks.
Forum spammers want to submit very specific content: hyperlinks (to boost their Google page rank). Our forum gets hammered by spambots hundreds of times per day, yet nothing comes through - we simply filter away any message containing a hyperlink (plain, non-clickable URLs are allowed). Works like a charm - no user registration, no fancy and annoying CAPTCHAs.
Yes - definitely more fun than ironing a shirt!
More precisely: there are things that I consider more worthy of my time - like, e.g., getting some work done, or spending some time with the rest of my family. If you spend your time on ironing shirts, then neccessarily you will miss out something else. Actually, from time to time, I evaluate the idea of dressing nicer, but there are always other things with higher priority.
First of all, -O2 or -O3 might not be the best choice - for each given piece of code, there is almost always some arcane combination of switches that produces faster (10 per cent or more) executables than -O2 or -O3. There is an open-source tool (acovea) to find the best combination of switches for a given program. See the benchmarks posted there.
Second, if you compile yourself, you can use icc (the Intel compiler), which usually (but not always) produces faster executables than gcc (see the benchmarks).
So what? Keeping the price secret helps producers to dictate the price, knowing it benefits the consumer. Capitalism is a constant battle between consumers and producers, do you want to allow producers to use the weapons they have available, while depriving consumers from the same right?
Actually, they don't even say whether 'Professor Gerry Gilmore' is part of the group that did this research, or whether he is just someone they asked 'Hey guy, what do think about this stuff?'. I.e. they don't even identify clearly any member of this 'Institute of Astronomy, Cambridge, team'.
Instead, we bought something else: on a flea market, we got hold of a huge pile of lego-alike bricks, not the same quality as Lego (I think they were made in the former communist Germany), but they are ok, and I'm always amazed to see what my son creates out of them.
This is Germany. It's not easy to fire anyone over here for any reason short of 'we're closing shop', or some really major issue (murdering your co-workers may qualify ;).
The FAQ actually suggest an alternative method through MS Windows (with loadlin), but needing Windows to install Linux seems pretty silly.