. This is suspend-to-disk, not suspend-to-ram, as originally mentioned.
. Although it appeared to be working, the system came back up with root mounted read-only. The quick and easy solution is to have a lilo 'resume' label, append the 'resume' option and don't use read-only. Now it all seems to be working.
. It takes almost as long to suspend/resume as my moderately optimised boot takes!
. Be aware that many daemons will have no concept of sleeping, and will get really confused when they see the clock jump forward several hours.
I just decided to see what would be invloved in getting this to work, and was surprised to find that it's remarkably simple.
Compile a kernel with suspend-to-swap and acpi.
Install acpid (apt-get install acpid)
in/etc/acpi/powerbutton.sh, put;/sbin/lilo -R "current resume=/dev/hda1"
# your label and swap partition will probably be different
echo "4" >/proc/acpi/sleep
And that's all. Works perfectly for me, I just tested it.
it's very strange the tendancy for random word searches to turn up OSS projects, for instance, pathological gives you a rather nice puzzle game, putty gets you the SSH client.
Yes, I've noticed that too..
It also helps that for any large OSS project 'foo' the site "foo.org" is quite likely to be their homepage or a redirect to the sourceforge page. eg kernel.org, mozilla.org, sendmail.org, openoffice.org:)
First hit for 'zcat' on almost every search engine I've checked. I also rank quite highly for other stuff I do. Most of my pagerank comes from having my URL on message boards like slashdot..
I mean, I'm just waiting for a "DRM Virus" which makes use of some DRM scheme or another to prevent anti-virus people from reversing or deactivating it. And lest you think I'm kidding that a provision like this
I've already ranted at great length on this; when DRM becomes common enough, someone is sure to write a virus that wipes out everyone's decryption keys. And you can bet your ass that the **AA is not going to allow you to keep spare copies of your keys, or unprotected backups.
Also you might have missed it, but it's been mentioned several times on Risks already; WindowsXP has a restore feature which restores some of the system files from a 'backup' copy that normal software can't write to. A few times already viruses have managed to infect these backups, which results in Windows faithfully restoring the virus every time the AV software 'damages' it.
If you really want to be secure pack the free space in your laptop with sealed plastic bags of thermite. Wire a detonation circuit to recognise a special code from spare pins on the inside of the parallel port (basically, an electronic hardware interlock so it can't possibly go off accidentally) and have it read from a special URL every time the network comes up. If the correct code is present your laptop becomes worthless to the thief in very short order. With a bit of luck, he's got it on his lap at the time and won't be stealing any more laptops for a while.
Or you could just use a crypto filesystem to protect your data, and claim the stolen laptop on your household insurance..
Voters woh can't see the reciept can just 'blindly' (haha) assume that the printout is correct without seeing it. The machine doesn't know who's blind and who isn't, and if it's printing any significant number of erronious reciepts this would surely be noticed by the much larger number of non-blind voters?
The real difference between Windows and Linux is that Linux -can- be made more secure, and it's possible to know for sure what steps you have taken and how they impact overall security. Windows you just patch-and-pray, there's a lot of times when you 'think' you dissabled a service only to find it still listening, or re-enabled with the next service pack.
Linux is not "completely secure" or "immune to all malware" by default, and Linux zealots do no-one any good by promoting it as such. Traditionally, most distros have been more secure than Windows by default, but there are some exceptions already!! CO-linspire-UGH!
Surprisingly, WinXP's firewall is something Microsoft seems to have 'got right' for the most part. It doesn't try and block outgoing traffic, it doesn't try to analyse or modify packets, and it doesn't pop up alerts for every blocked or unsuccessful connection. It simply blocks or allows incoming connections based on port, leaving as little room as possible in the code for exploitable errors.
I have every confidence that Microsoft will remedy all this at the same time they make the firewall 'on by default'
Until quite recently, SCO were also the top result for "bastards", an amusing side-effect of the "litigious bastards" googlebombing.
If you search right now (I just checked) they don't appear on the first page for any of those searches. Google infuriate me sometimes. On the one hand they claim to be using the democratic nature of the web and all that, but when 2,200 people work together to pull off an innocent prank someone at Google manually overrides the result!
Graphic artists and engineers, for example, do need 3GHz CPU's, high-end 3D hardware, and 4G of ram to see any decent performance from their applications.
But for some reason it's the bean-counters and chainsaw-consultants who expect everyone else to cut back, "but aren't happy unless their own office toilet flushes with imported mineral water" (not sure where I first saw this comment, but it's so true!)
If you can't afford "any possiblity of data corruption", then in my opinion you can't afford to have this computer on the internet at all. Patched or otherwise.
If you really need to get data to and from the machine, stick it on a LAN with no direct connection to the real world. Or use rewritable CD's, whatever..
Any "Regulatory Compliance" that would let you leave an unpatched Windows machine on the internet is insane.
It doesn't do continuous scanning, but I usually switch that off, on the basis that if I'm scanning everything as it comes in I'm not likely to have written a virus to file in the first place.
we can't apply *anything* without formally testing it.... which brings the question; is sasser certified to install itself on your system? Because if you're unpatched it probably will sooner or later.
Are bagle or netsky certified? How about bugbear? Claria? Hotbar? Ezula? Cydor? ComLoad? B-S Spy?
What about 'copy-protection' CD drivers or the windows media DRM upgrade? It could well have installed itself the last time you played a CD, many of the copy-protected CD's I've seen patch XP on autorun, with no warning at all.
Chances are one or more of these programs are already installed on your system, you just don't know it yet.
The first requirement of any certification program should be that you run an OS where programs and patches (malicious or otherwise) can't easily install and hide themselves.
I thought so too, but just the other day I decided to check out the "firewall" features in W2K. You can set ports, tcp/udp, and whatever, but as far as I can tell there's only two possible settings;
Closed - nothing goes in OR OUT on this port.
Open - Open, both for outbound and inbound traffic.
There doesn't seem to be any way of blocking inbound connections but still allow outgoing traffic, which makes for a pretty worthless firewall. I can only hope XP's firewall is not quite so bad.
Windows; comes with a swiss-cheese browser and mail app, an IM client that will not go the fuck AWAY, a media player that can't play most video clips without a codec download, and eight crappy games, of which four existed in windows 3.11.
Oh.. and no firewall. You have about 30 seconds on average to download one before you get infected by the worm-of-the-week.
Linux; most distros install by default; mozilla, evolution, xmms, mplayer, openoffice, at least 5 other 'office' type applications (three word-processors, a spreadsheet, etc), gimp, about 30 crappy games, frozen bubble, tux racing, cd ripping and burning software, a bunch of different IM and IRC clients.. yada yada yada, and that's just the default install. Feel free to add the full 'developer' environment for 20 different programming languades, servers for everything from http to network tamagochi, and god-knows what else.
I have an idea for watermarking online content that just might work;
At the time of purchase, the track is watermarked with the credit-card details used to buy it. As long as the original purchaser keeps it to themselves, this should never present a problem.
Nothing about the watermarking scheme needs to be published, nobody needs to keep track of infringements. Nobody needs to sue anybody.
If you share your music, you risk sharing your credit card details with the world.
Sure someone will eventually find a way to 'remove' the watermark. A week later someone else will find a way to recover the risidual watermark, and so on.. if it was YOUR credit card and identity, would YOU risk sharing watermarked music online?
Your solution spawns one chown per *base*. The original solution using xargs spawns chown only once (or as few times as possible if there's more *base* files than can be fit on a single command line) and is much more efficient on OS resources.
On the other hand, remind me again what year Redhat decided it wasn't a good idea to install telnet, sendmail, pop3, imap, and a hot of other services _open to the world_ by default? I'm fairly sure they were still doing it in 1999 and a little after 2000.
Slashdot Mirror
HAHA, spoke too soon!
. This is suspend-to-disk, not suspend-to-ram, as originally mentioned.
. Although it appeared to be working, the system came back up with root mounted read-only. The quick and easy solution is to have a lilo 'resume' label, append the 'resume' option and don't use read-only. Now it all seems to be working.
. It takes almost as long to suspend/resume as my moderately optimised boot takes!
. Be aware that many daemons will have no concept of sleeping, and will get really confused when they see the clock jump forward several hours.
I just decided to see what would be invloved in getting this to work, and was surprised to find that it's remarkably simple.
/etc/acpi/powerbutton.sh, put; /sbin/lilo -R "current resume=/dev/hda1" /proc/acpi/sleep
Compile a kernel with suspend-to-swap and acpi.
Install acpid (apt-get install acpid)
in
# your label and swap partition will probably be different
echo "4" >
And that's all. Works perfectly for me, I just tested it.
it's very strange the tendancy for random word searches to turn up OSS projects, for instance, pathological gives you a rather nice puzzle game, putty gets you the SSH client.
:)
Yes, I've noticed that too..
It also helps that for any large OSS project 'foo' the site "foo.org" is quite likely to be their homepage or a redirect to the sourceforge page. eg kernel.org, mozilla.org, sendmail.org, openoffice.org
Or French Military Victories
First hit for 'zcat' on almost every search engine I've checked. I also rank quite highly for other stuff I do. Most of my pagerank comes from having my URL on message boards like slashdot..
I mean, I'm just waiting for a "DRM Virus" which makes use of some DRM scheme or another to prevent anti-virus people from reversing or deactivating it. And lest you think I'm kidding that a provision like this
I've already ranted at great length on this; when DRM becomes common enough, someone is sure to write a virus that wipes out everyone's decryption keys. And you can bet your ass that the **AA is not going to allow you to keep spare copies of your keys, or unprotected backups.
Also you might have missed it, but it's been mentioned several times on Risks already; WindowsXP has a restore feature which restores some of the system files from a 'backup' copy that normal software can't write to. A few times already viruses have managed to infect these backups, which results in Windows faithfully restoring the virus every time the AV software 'damages' it.
If you really want to be secure pack the free space in your laptop with sealed plastic bags of thermite. Wire a detonation circuit to recognise a special code from spare pins on the inside of the parallel port (basically, an electronic hardware interlock so it can't possibly go off accidentally) and have it read from a special URL every time the network comes up. If the correct code is present your laptop becomes worthless to the thief in very short order. With a bit of luck, he's got it on his lap at the time and won't be stealing any more laptops for a while.
Or you could just use a crypto filesystem to protect your data, and claim the stolen laptop on your household insurance..
Voters woh can't see the reciept can just 'blindly' (haha) assume that the printout is correct without seeing it. The machine doesn't know who's blind and who isn't, and if it's printing any significant number of erronious reciepts this would surely be noticed by the much larger number of non-blind voters?
"zcat.meta.net.nz"
That's a dynamic link. My IP address changes every few days.
Your tinfoil hat is cutting off the circulation to your brain..
The real difference between Windows and Linux is that Linux -can- be made more secure, and it's possible to know for sure what steps you have taken and how they impact overall security. Windows you just patch-and-pray, there's a lot of times when you 'think' you dissabled a service only to find it still listening, or re-enabled with the next service pack.
Linux is not "completely secure" or "immune to all malware" by default, and Linux zealots do no-one any good by promoting it as such. Traditionally, most distros have been more secure than Windows by default, but there are some exceptions already!! CO-linspire-UGH!
Surprisingly, WinXP's firewall is something Microsoft seems to have 'got right' for the most part. It doesn't try and block outgoing traffic, it doesn't try to analyse or modify packets, and it doesn't pop up alerts for every blocked or unsuccessful connection. It simply blocks or allows incoming connections based on port, leaving as little room as possible in the code for exploitable errors.
I have every confidence that Microsoft will remedy all this at the same time they make the firewall 'on by default'
Likewise, Windows is only $99 if you consider your time worthless, and practically unlimited.
So what you're saying is that the box is on a strictly controlled LAN (what I was suggesting) and highly unlikely to ever see any malware.
:)
Thank you. You're not part of the problem
Until quite recently, SCO were also the top result for "bastards", an amusing side-effect of the "litigious bastards" googlebombing.
If you search right now (I just checked) they don't appear on the first page for any of those searches. Google infuriate me sometimes. On the one hand they claim to be using the democratic nature of the web and all that, but when 2,200 people work together to pull off an innocent prank someone at Google manually overrides the result!
Not everyone is a bean-counter or secretary.
Graphic artists and engineers, for example, do need 3GHz CPU's, high-end 3D hardware, and 4G of ram to see any decent performance from their applications.
But for some reason it's the bean-counters and chainsaw-consultants who expect everyone else to cut back, "but aren't happy unless their own office toilet flushes with imported mineral water" (not sure where I first saw this comment, but it's so true!)
If you can't afford "any possiblity of data corruption", then in my opinion you can't afford to have this computer on the internet at all. Patched or otherwise.
If you really need to get data to and from the machine, stick it on a LAN with no direct connection to the real world. Or use rewritable CD's, whatever..
Any "Regulatory Compliance" that would let you leave an unpatched Windows machine on the internet is insane.
ClamAV has a windows version, and an OE plugin.
It doesn't do continuous scanning, but I usually switch that off, on the basis that if I'm scanning everything as it comes in I'm not likely to have written a virus to file in the first place.
Nice easy installer, and everything. http://clamwin.sourceforge.net/
we can't apply *anything* without formally testing it.. .. which brings the question; is sasser certified to install itself on your system? Because if you're unpatched it probably will sooner or later.
Are bagle or netsky certified? How about bugbear? Claria? Hotbar? Ezula? Cydor? ComLoad? B-S Spy?
What about 'copy-protection' CD drivers or the windows media DRM upgrade? It could well have installed itself the last time you played a CD, many of the copy-protected CD's I've seen patch XP on autorun, with no warning at all.
Chances are one or more of these programs are already installed on your system, you just don't know it yet.
The first requirement of any certification program should be that you run an OS where programs and patches (malicious or otherwise) can't easily install and hide themselves.
Nobody?
0 3 * * * root apt-get update && apt-get dist-upgrade
My desktop is highly customised. What the fsck does that have to do with the security of the underlying OS?
"perhaps"
I thought so too, but just the other day I decided to check out the "firewall" features in W2K. You can set ports, tcp/udp, and whatever, but as far as I can tell there's only two possible settings;
Closed - nothing goes in OR OUT on this port.
Open - Open, both for outbound and inbound traffic.
There doesn't seem to be any way of blocking inbound connections but still allow outgoing traffic, which makes for a pretty worthless firewall. I can only hope XP's firewall is not quite so bad.
Wha..?!!
Windows; comes with a swiss-cheese browser and mail app, an IM client that will not go the fuck AWAY, a media player that can't play most video clips without a codec download, and eight crappy games, of which four existed in windows 3.11.
Oh.. and no firewall. You have about 30 seconds on average to download one before you get infected by the worm-of-the-week.
Linux; most distros install by default; mozilla, evolution, xmms, mplayer, openoffice, at least 5 other 'office' type applications (three word-processors, a spreadsheet, etc), gimp, about 30 crappy games, frozen bubble, tux racing, cd ripping and burning software, a bunch of different IM and IRC clients.. yada yada yada, and that's just the default install. Feel free to add the full 'developer' environment for 20 different programming languades, servers for everything from http to network tamagochi, and god-knows what else.
I have an idea for watermarking online content that just might work;
At the time of purchase, the track is watermarked with the credit-card details used to buy it. As long as the original purchaser keeps it to themselves, this should never present a problem.
Nothing about the watermarking scheme needs to be published, nobody needs to keep track of infringements. Nobody needs to sue anybody.
If you share your music, you risk sharing your credit card details with the world.
Sure someone will eventually find a way to 'remove' the watermark. A week later someone else will find a way to recover the risidual watermark, and so on.. if it was YOUR credit card and identity, would YOU risk sharing watermarked music online?
Your solution spawns one chown per *base*. The original solution using xargs spawns chown only once (or as few times as possible if there's more *base* files than can be fit on a single command line) and is much more efficient on OS resources.
;)
Sorry to be pedantic
On the other hand, remind me again what year Redhat decided it wasn't a good idea to install telnet, sendmail, pop3, imap, and a hot of other services _open to the world_ by default? I'm fairly sure they were still doing it in 1999 and a little after 2000.