Right, which is how both OpenBSD and Linux implement W^X. By somehow mapping everything above a certain address into a different segment which does not allow execute. For whatever reasons, the details i dont know (segments - eek!:) ), only 2 segments can be used, so its a very big hammer - fine grained per page r/w/x protection is not possible on i386.
Excuse me, but Intel's ripped off 64-bit system has no sort of NX bit on it. That is the primary difference between AMD and Intel's 64 bit x86 implementation.
Can you provide a reference to back this up? From a discussion on linux-kernel specifically on differences between IA-32e and AMD64, the conclusion appeared to be that, bar one very obscure difference and a couple of the usual traditional intel/amd model-specific differences, that Intel IA-32e is otherwise identical to AMD64.
Ie, IA-32e has the same bits in its page tables when in long mode as AMD64, ie seperate bits for read, write and execute, ie same level of protection.
I strongly suspect you are wrong.
Re:What, no editorial?
on
Red Hat Recap
·
· Score: 3, Informative
That agreement is essentially much the same as the RHEL agreement but less developed, RHAS is obsolete now, replaced by RHEL AS. Anyway the text quoted prohibits you from lying about how many copies of RHAS you have installed while you are covered by the subscription agreement. Which is quite reasonable for a support & update subscription service.
It does not prohibit copying. My personal opinion is that if you removed RedHat trade marked packages, in accordance with appendix 1 sections 1 and 2 of the RHEL licence, replaced them with your own image packages and called it "My Personal Advanced Linux" you could then install that on other machines without breaching the RHEL subscription agreement. But ask a solicitor first.
Even if you could not, you definitely would be able to give copies of "MPAL" to other parties, as well as individual update packages received via RHEL update channels from RH. (but dont take my word, ask a solicitor).
Re:What, no editorial?
on
Red Hat Recap
·
· Score: 5, Informative
If you would take your own advice and actually read RedHat's "EULA", which is actually not a EULA, but a subscription agreement, you might notice that Appendix 1, section 1 specifically notifies the agreeing party of their right to copy and redistribute the component software under the individual licences of much of the component software in RHEL, further RedHat is quite specific that the agreement does not restrict or limit the customer's rights in any way with respect to those rights granted by the licences of the individual component software which makes up RHEL. Indeed the preamble of Appendix actually grants the agreeing party a licence under the GPL to the collective work.
RedHat are not violating the GPL. You are allowed to copy RHEL, sans the small number of packages containing RedHat Trademarks. And RH even make this easy by seperating the Trademarked art work into seperate packages from the actual GPL'd packages which use those Trademarked images. Indeed the frupping RHEL subscription agreement even goes into detail on this in section 2 of Appendix 1. And you cant call the resulting distro RHEL or even allude to it being RHEL.
There are 0 additional restrictions placed on the RHEL user in terms of what they may do with the software components. The only thing you are not allowed to do as a RHEL subscriber is lie to RedHat about how many copies of RHEL you have installed, which relates to the support & subscription side of RHEL or copy their proprietary RHN server software (which isnt (AFAIK) part of RHEL), which is fair enough.
Whether you use RedHat or not, and you dont have to, there are plenty of linux distro's out there to choose from, you still benefit from the resources RedHat puts into bettering linux by paying people to work on it. Indeed, you can even download a free and unsupported version of a Linux distro into which RedHat invest a lot of engineering resources if you want to. Even if you dont though, you will still be benefiting from the work RedHat employees are paid to do on free Linux software. (as well as those IBM, HP, Sun, SuSe, Mandrakesoft, $whatever_corporation, etc.. etc.. employees who also are paid to work on Linux and linux related free software). If a subscription fee means RedHat can continue to work on contributing to Linux, then that is good, because we will _all_ benefit, regardless of which distro we use.
I wish the clueless "leet" kiddies would grow up, get a clue and stop the inane ill-informed RedHat-bashing, but I guess there's little hope when even long long standing members of the community (such as yourself, thanks for the bovine project;) ) are on the bandwagon too.
Eg, I'm not changing my socks for the next few days, let them get nice and stinky so that the TSA can enjoy the smell when they tell me to remove my (old and stinky) runners (aka sneakers in US-speak). I'll carry a clean pair of socks in my rucksuck or pocket perhaps and change them in front of them perhaps, stick the smelly ones back in my rucksack in the plastic bag of my dirty socks and underwear laundry through which they will already have had to search through (eg because of the batteries and other metal i might have put in there;) ).
Speaking of which, I have a feeling I'll be running into these brave guardians of US homeland security again this Sunday when I fly back home to Eire. Has anyone got any good tips or ideas on how to piss them off enough and make a point of how "good" a job they're doing "protecting" america? Sufficiently strong that they get the point, yet not so strong that i get carted away obviously!;)
Was thinking of singing an old Wehrmacht marching song while they search me, but I doubt the TSA people would get it.
I'm currently in the US, and intend never to visit here again unless I absolutely must, while the US continues with its present insane security levels, and that's just because of how I was treated by the TSA on a domestic US flight (because I had a purple passport, though i understand a random selection of US citizens get same treatment). So if I'm also to be further treated as a criminal in the future and have to submit to fingerprinting, definitely no way...
It's a real shame, cause the people here in the US whom I've met have all been real nice and friendly, my sister lives in the US and my present employer and many colleagues are in the US. But I really never will submit myself to the humiliation of US airport security again, especially not if it comes with fingerprinting for immigration control on top, if i have any choice.
I'll be glad to stay in EU (course, many EU countries are going to go with biometric data encoded passports to satisfy US immigration, so I'll just have to refuse to renew my passport and avoid extra-EU travel altogether it seems, sadly.)
No, OS X is NeXTSTeP with updated BSD. NeXT already was a BSD userspace on top of Mach. OS X just updates it from 4.2BSD (or 4.3, i dont remember exactly which 4.x) to FreeBSD (4?). The major changes were in the addition of the MacOS compat layer (Cocoa?) and much work on refining the UI - but its still essentially, IIUC, display postscript (oops, updated to display PDF, iirc) graphics engine with the OpenSTeP API (oops, called carbon now isnt it?). I dont know if OS X uses Objective C as its primary language of choice for its APIs as OpenSTeP did though (but judging by the docs on apple.com, ObjC bindings are supported).
For a script that does something similar to what you want, policy routing to route based on source IP. It should be easy enough to add an additional 'firewall mark' field to the table and policy route based on that (i'm on holiday, otherwise i might have done that for you). The listed "intranets" will use the main table.
Basically, all you need is:
1. create a table for each policy (edit/etc/iproute2/rt_realms)
2. use iptables to add arbitrary 'fwmarks' to incoming packets based on whatever criteria you have
3. use the 'ip rule' command to direct routing for packets with specific fwmarks to specific routing tables.
4. direct other traffic to the default 'main' table.
then chances are good that 3000 users means a heck of a lot of traffic.
Again, no amount of users will be able to get more than 100Mb/s of data through any of those 4 or 5 interfaces. That's 12.5MB/s * 4 * 2 = 100MB/s - absolute worst case, which PCI can do. However, you're unlikely to get 100Mb/s of multi-stream traffic through a 100BaseT network to the box, never mind into this box itself. So that's 100MB/s of bus bandwidth is an absolute max.
I have an FTP server that you can get a good 20MB sustained (through a gateway), if there was just 4 people downloading at that rate then that's 80M that doesn't leave a lot of room for the other 3 networks that I have connected to that same router.
Firstly, he isnt running an FTP server, he wants to route between 4 or 5 subnets and a T3. Secondly you're saying that this is a limitation of the PC? That a Cisco would magically alleviate those limits?
He did say _4_ interfaces remember.
So you did, what an amazing coincidence then that I was multiplying by four in my previous post.
ALL of the other interfaces will notice severe lag
Not really. If anything the FTP traffic from the box itself will suffer before the forwarded traffic does - but anyway, he only wants to _route_ - he is _not_ running an FTP server. He wants to forward between 4 or 5 subnets, a T3, and oh yes, VPNs. And the (much) faster CPUs in PCs help with that versus Ciscos (unless you get the 3k+ crypto modules, in addition to the extra-cost IOS modules needed to even do anything crypto related, hardware-assisted or not).
If you do decide to do this with a PC, make sure it has a MINIMUM of a 64 bit PCI (507MB theoretical IIRC)
Errr, no. If he wants 4 100Mb/s interfaces a single quad-ethernet card on a low-end PC will most likely do (with polling drivers). Or a bit better (esp for 5 subnets) a machine with 2 32/33 PCI buses - eg if you have an old Proliant lying around that will do perfectly. 64bit/32MHz PCI is 260MB/s burst bandwidth and hence ~200MB/s real, PCI-X @ 66MHz is double that again, PCI-X @ 64/100 double that again. But that only means something if the cards on the bus support it. (esp for the cycle-rate, bus frequency must be lowest common denominator).
1000baseT is even better as the cards have a bigger buffer that will help you even if you aren't routing at that speed.
Right.
Use OpenBSD (if you can)
No, use linux or freebsd, as they both support polling mode for some of their network drivers, the most critical factor if you want to forward lots of traffic on a PC.
the altq functionality of PF will help you to eleviate many of the bandwidth problems
Err, no. You're presuming from the start there will be bandwidth problems, and rate-limiting to begin with? That is a silly approach. The shaping will, for most bursty office subnets, be an unneccessary extra overhead and injection of latency. And all in attempt to solve a bandwidth problem that need not exist in the first place, even on an old PC (presuming 4x FE and half-decent cards), when many of the bottlenecks and bandwidth impedements are most likely elsewhere - eg the packets from these 3000 users most _definitely_ have to be going through a switch or two before being forwarded to one of the relevant links on the PC router.
so that none of the other interfaces can completely wipe another off the map if a few people are using some big time bandwidth.
An interface isnt going to wipe another interface off the map. (where are you getting this form?). The problem is _not_ bandwidth - if you have enough, you have enough, if you dont, that's tough. And the real problem is packets/sec, not bandwidth, be it PC or Cisco. (hence use NICs whose drivers support polling mode operation.)
you're talking max bandwidth there. Would you actually try to route 3000+ users through that?
4x100Mbit is 4x100MBit.. what in gods name does the number of users have to do with it? If you have 400Mbit/s, is that 400MBit/s "bigger" in some way because its generated by 3000 users instead of, eg, 1000 or 500 or even just 1? It isnt.
That's just the max that is _theoretically possible.
Look, if the machine has a quad fast ethernet card then the max that box will have to route is 4x100Mbit/s. No amount of users is going to be able to push more at that box than that, and it's well within the capabilities of PCI. So... ?? what is your point?
The PCI bus (32 bit) is capable of a (again) _theoretical 127MB.
Of raw bandwidth yes, but one out of every 4 cycles is an address cycle, so the amount of sustainable throughput is ~100MB/s.
The asker didn't say what type of business it is, but I'd bet at 3000 users a lot of those are transferring some big files.
Ah yes, and those big files will clog up the PCI bus wont they, even though the bandwidth of 4 100BaseT NICs is well within bandwidth of the lowest-end PCI. Those big files will magically somehow make more than 100MBs go through those 4 12.5MB/s * 2 (in and out) ethernet interfaces. Yes of course, how silly of me.
You are just plumb plain wrong. Indeed, if people were transferring big files all day long, that would actually be the ideal situation for a PC router. Provided that your bus bandwidth is sufficient (and with 66MHz/64bit PCI it is even for multiple GigE) it is the packet rate that is the obstacle. Polling mode drivers helps for this.
You're better off going with gigabit and a cisco router.
Maybe, if you have the money and you actually need high-end performance. The cheap (ie 5 to 10k) low-end Cisco's actually perform no better, sometimes worse, than PCs, and wont handle GigE at linerate either. Also, how will GigE make their T3 any faster? Yay - i've got GigE connectivity to my 43MB/s internet connection.
you simply cannot pump that much through a standard PC..... Unless anyone knows if those quad cards can route between connectors at faster (much much muuuuuch faster) than the PCI bus will allow
If its 100baseT, 4x12.5MB/s = 50MB/s is easily within the capabilities of a standard 32bit/33MHz PCI bus (100MB/s sustained), at least in terms of transfer rate. Make sure to use a card that has drivers which support polling (aka NAPI on linux).
It really boils down to this: show me where in the GPL it says that the copyright holder can alter or revoke the license? It says that, due to actions of the user the user may not be eligible to exercise the license, but there is absolutely no verbiage that says that the copyright holder can unilaterally revoke a user's rights.
Absolutely agreed. The GPL licensor does not retain the right to arbitrarily revoke a licensees right to use. So the nmap people havnt got a leg to stand on there.
However, one could argue that SCO, by deed and action (eg sending of letters to Congress, press statements etc.) do not accept the GPL licence, and hence if one does not accept the GPL licence one may not avail of the rights it grants licence to. To reiterate this, Section 5 of the GPL reads as follows:
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
So, there are 2 possibilities here:
1. SCO do not accept the GPL licence as a valid licence. Hence, they do not have any rights to distribute _any_ GPL software. Hence, they are clearly in violation of the GPL.
or
2. By distributing GPL software, they have indicated their acceptance of the GPL licence.
So, it seems to me SCO are in a dangerous position. All it would take really is for the NMAP people, rather than issue a futile "we revoke your licence" statement, is to instead sue SCO for breach of the GPL licence. SCOs only defence (if i may borrow from Eblen Moglen's recent talk) would be to say "But your honour, we do have a licence, the GPL, which we accept of course." Which would at least force their hypocrisy out into the open. Their only other option would be to argue that they have no licence at all.
That is a really cute trick the GPL pulls, isnt it?
Addresses don't need to be distinct per physical machine, they need to be distinct per logical server.
Define a logical server? Providing a unique and coherent service? No, that isnt needed. You could use anycast for anything such that you are directed to the topologically closest host. (where "topologically closest" is defined by routing). Eg, you could setup an anycast address for "PGP public key server", or "web proxy" or "SMTP server", etc. Indeed, let me clarify my remark on statelessness - it is easiest to use anycast for stateless services, however one could use them for stateful services too, provided one had control over the stability of the topology. (eg a corporate, geographically diverse network, where topology changes were infrequent, could use anycast addresses to direct mobile users to the closest host providing a service).
Two different servers (probably owned by different people) having the same address wouldn't work too well, how would you say which one you wanted to talk to?
You dont, that's the entire point of anycast. Instead the routing domain picks the best host for you.
There aren't too many names in open source software bigger than his.
Or egos.../me whistles innocently and looks around
ESR has done a few good things yes, written a good paper, maintained and hacked on a few things, but he also has a tendency to draw certain other beliefs he holds into his open-source related dealings.
1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible
Incorrect. Addresses need not be unique at all,
Indeed one can make very good use of non-unique addresses. Quite a few of the IP addresses for the root DNS servers (eg those operated by ISC) are assigned to multiple different computers, diversely located geographically. Go google for "anycast". The 6to4 relay service also uses a public, non-unique address (ie anycast) for the 6to4 gateway.
Any stateless network service can be deployed using anycast addresses.
Crikey. Are you incapable of reading? The poster you replied to stated:
this is not a matter of Apple supporting the product, it is a mater of Apple not willing to accept a return of the product.
It has nothing to do with guarantees. It's simply about a customer who changed his mind and wanted to return it, perfectly functional, after the sale. Apple do not offer their "not happy after 15 days, get your money back" returns policy on non-standard-config machines, so they wouldnt take it back. Nothing to do with guarantees what so ever, there's no reason to think Apple do not guarantee custom-config machines.
Read the bloody story, no, just read _even_ the post you are replying to.
Unless you have written your application to run in multiple threads, or forks...
Surprisingly, while a single application might not be able take advantage of SMP, often an expensive computer will run/many/ applications and hence take advantage of SMP that way. And the fork model doesnt cover a huge swathe of apps, eg apache serving a dynamic content site - lots of php/perl/whatever processing going on in lots of seperate processes, perhaps using a database backend (typically also either threaded or multi-process+shared memory). Or what about thin-client application servers? (eg client server for X-terminals or SunRays) - SMP is a/huge/ win there.
If you are CPU limited across a bundle of processes, SMP can help - and it's easily determinable by looking at top. And Sun have a whole bundle of hefty SMP boxes they can sell you.
I don't know anything about the project, but from the information on the website it seems that it is an extension of SGI's source code. How did the author get the source code in the first place to extend?
He didnt, AFAICT, it's a clone of SGI's Indigo Magic Desktop, including the window manager, 4Dwm (hence why his site is 5Dwm) and the widgets SGI added, as well as some of the apps. Read the information on the front page of the site a bit more carefully:
IMD4Linux is the IRIX Interactive Desktop rebuilt from scratch on Linux using today's technologies and SGI's Interactive Desktop as guideline.
The legal issues are presumably due to the use of SGI trademarks, which is hinted at in the letter, the bit where he says:
I changed the project name from 'Indigo Magic Desktop for Linux' to 'IMD4Linux'
However, it's hard to tell for sure as the site doesnt seem to have more in the way of detail on the SGI legal/whatever issues bar that letter of his. It does appear to be his source though.
The chunky Motif widgets look perhaps just a bit dated, compared to todays mostly 'flat' widget looks, but that's just fashion really. Indigo Magic was an amazing desktop though, you have to use it to appreciate it. Especially the icon-zoom widget used in Indigo Magic's file browser - it had a thumbwheel along the side which you could roll to zoom in and out, and the vector drawn icons would smoothly zoom in and out. Also, there were neat eye-candy things thrown in for when you double-clicked on an icon - the icon would have an animated sparkle while the app started. The whole desktop was just nicely integrated, everything used SGI's Motif-extended IMD widgets. Really nice.
What you have to remember is that this desktop came into being around 94 or so. I'm not quite sure when, but I was using it in 95. It was just amazingly advanced, at least in terms of eye-candy:). Other systems were still using TWM or OpenLook. Indigo Magic Desktop still holds it own today against the likes of GNOME 2, even with the unfashionable chunky widget look.
How is.... less readable or less expressive than this:?
Because the latter doesnt have all the clutter of the . The former is easy to parse at a glance, for a human, the latter you have to drill your eyeballs into to see through the XML clutter.
Re:Magnusson Moss Warranty Act
on
Hack Your Car
·
· Score: 1
He was replying to a post which pointed out some US act which prohibits manufacturers from accepting liability for faults in their cars on the grounds that an owner made unrelated modification.
Here is what he said:
I didn't read the article so it's not 100% clear what there doing but this doesn't seem knew. Changing these settings can cause the engine to die prematurely. While you may be able to reprogram the chip back to factory specs before you get it repaired it's still illegal and immoral.
So, not only did he not read the article, he then immediately equates, for all intents and purposes, using such chips with illegal/immoral behaviour, at least he said "it's still illegal and immoral" not "but that would be illegal and immoral" - ie even if you reprogrammed it, it'd still be illegal and immoral. Maybe that was just an unfortunate mistake on the poster's part which changed what he wrote from what he had intended, but the rest of his post continues on in a similarly confused fashion, continuing on with the notion that "people who modify chip" == "people who (might) try rip off their dealer", when the clearly the context, which the poster is making his reply in, relates to going to your dealer for unrelated faults.
If the suspension on your chipped car fails and you take it back to the manufacturer to have it fixed under warranty, is that illegal? Clearly it is not, indeed that act exists because the _manufacters_ were, previously, immorally refusing to honour their warrantees or other obligations due to unrelated modifications.
The poster who I replied to either is living on another planet, due to their unique outlook on morality, or is simply a dolt, who is neither bothered to read the article concerned nor even the post he replies to.
Does that clear it up for you?:)
Re:Magnusson Moss Warranty Act
on
Hack Your Car
·
· Score: 0, Troll
Our weather finds that in the Spring, Summer and Fall I am subject to having the temperature in my car reach 80 Deg C in the mid day. Opening the windows finds the exterior temperature reaching between 35 and 40 Deg C.
Strange... I've been in spain a good few times, similar temperatures to the above, if not hotter, yet most people seem to do fine without A/C in their cars there.:)
Hehe, well it turns out you actually might be right. Honda and BMW appear to have variable valve timing systems. So you could potentially adjust that.Though, at a guess I would imagine the stock settings would already be close to optimum. And valve timing is not the first thing you'd change to get more power out of a stock engine - ignition timing and fuel ratios are where stock engines can be (easily) improved on the most, in general, AFAIK.
but its still the (and the stroke of the pistons) relative position to the spark (as you say) that determines the amount that the fuel/air mixture is compressed which is directly relevant to the amount of power which is produced...
No, the ignition advance does not determine the compression ratio. It determines only when the spark lights.:) The flame front in the mixture travels at reasonably constant speed, so at higher RPM (on 4 strokes) you typically need ever increasing ignition advance to allow enough time for the flame front to reach through the mixture.
Valve timing can affect compression ratio though. Which potentially is adjustable to varying degrees on some engines (from "not very much, choice of 2 settings" on VTEC, to "lots" on the BMW engines it appears from googling).
I hope i did not imply that higher octane fuel has more energy... simply put, that energy can be harnessed more effectively
Right, yes.
by allowing greater compression before combustion.
No, compression doesnt come into it. You can not change the compression ratio without changing mechanical characteristics of the engine (valve timing, variable or not, included.)
Hence in a tuned engine (chipped) greater power can be made from the same amount of fuel, though the potential energy of it had never changed.
Right. Though, I wouldnt call a chipped engine a tuned one.
Slashdot Mirror
Right, which is how both OpenBSD and Linux implement W^X. By somehow mapping everything above a certain address into a different segment which does not allow execute. For whatever reasons, the details i dont know (segments - eek! :) ), only 2 segments can be used, so its a very big hammer - fine grained per page r/w/x protection is not possible on i386.
Excuse me, but Intel's ripped off 64-bit system has no sort of NX bit on it. That is the primary difference between AMD and Intel's 64 bit x86 implementation.
Can you provide a reference to back this up? From a discussion on linux-kernel specifically on differences between IA-32e and AMD64, the conclusion appeared to be that, bar one very obscure difference and a couple of the usual traditional intel/amd model-specific differences, that Intel IA-32e is otherwise identical to AMD64.
Ie, IA-32e has the same bits in its page tables when in long mode as AMD64, ie seperate bits for read, write and execute, ie same level of protection.
I strongly suspect you are wrong.
That agreement is essentially much the same as the RHEL agreement but less developed, RHAS is obsolete now, replaced by RHEL AS. Anyway the text quoted prohibits you from lying about how many copies of RHAS you have installed while you are covered by the subscription agreement. Which is quite reasonable for a support & update subscription service.
It does not prohibit copying. My personal opinion is that if you removed RedHat trade marked packages, in accordance with appendix 1 sections 1 and 2 of the RHEL licence, replaced them with your own image packages and called it "My Personal Advanced Linux" you could then install that on other machines without breaching the RHEL subscription agreement. But ask a solicitor first.
Even if you could not, you definitely would be able to give copies of "MPAL" to other parties, as well as individual update packages received via RHEL update channels from RH. (but dont take my word, ask a solicitor).
If you would take your own advice and actually read RedHat's "EULA", which is actually not a EULA, but a subscription agreement, you might notice that Appendix 1, section 1 specifically notifies the agreeing party of their right to copy and redistribute the component software under the individual licences of much of the component software in RHEL, further RedHat is quite specific that the agreement does not restrict or limit the customer's rights in any way with respect to those rights granted by the licences of the individual component software which makes up RHEL. Indeed the preamble of Appendix actually grants the agreeing party a licence under the GPL to the collective work.
;) ) are on the bandwagon too.
RedHat are not violating the GPL. You are allowed to copy RHEL, sans the small number of packages containing RedHat Trademarks. And RH even make this easy by seperating the Trademarked art work into seperate packages from the actual GPL'd packages which use those Trademarked images. Indeed the frupping RHEL subscription agreement even goes into detail on this in section 2 of Appendix 1. And you cant call the resulting distro RHEL or even allude to it being RHEL.
There are 0 additional restrictions placed on the RHEL user in terms of what they may do with the software components. The only thing you are not allowed to do as a RHEL subscriber is lie to RedHat about how many copies of RHEL you have installed, which relates to the support & subscription side of RHEL or copy their proprietary RHN server software (which isnt (AFAIK) part of RHEL), which is fair enough.
Whether you use RedHat or not, and you dont have to, there are plenty of linux distro's out there to choose from, you still benefit from the resources RedHat puts into bettering linux by paying people to work on it. Indeed, you can even download a free and unsupported version of a Linux distro into which RedHat invest a lot of engineering resources if you want to. Even if you dont though, you will still be benefiting from the work RedHat employees are paid to do on free Linux software. (as well as those IBM, HP, Sun, SuSe, Mandrakesoft, $whatever_corporation, etc.. etc.. employees who also are paid to work on Linux and linux related free software). If a subscription fee means RedHat can continue to work on contributing to Linux, then that is good, because we will _all_ benefit, regardless of which distro we use.
I wish the clueless "leet" kiddies would grow up, get a clue and stop the inane ill-informed RedHat-bashing, but I guess there's little hope when even long long standing members of the community (such as yourself, thanks for the bovine project
excellent idea. thanks! got anymore? ;)
;) ).
;)
Eg, I'm not changing my socks for the next few days, let them get nice and stinky so that the TSA can enjoy the smell when they tell me to remove my (old and stinky) runners (aka sneakers in US-speak). I'll carry a clean pair of socks in my rucksuck or pocket perhaps and change them in front of them perhaps, stick the smelly ones back in my rucksack in the plastic bag of my dirty socks and underwear laundry through which they will already have had to search through (eg because of the batteries and other metal i might have put in there
The ideas are starting to flow, thanks!
how I was treated by the TSA
;)
Speaking of which, I have a feeling I'll be running into these brave guardians of US homeland security again this Sunday when I fly back home to Eire. Has anyone got any good tips or ideas on how to piss them off enough and make a point of how "good" a job they're doing "protecting" america? Sufficiently strong that they get the point, yet not so strong that i get carted away obviously!
Was thinking of singing an old Wehrmacht marching song while they search me, but I doubt the TSA people would get it.
I'm currently in the US, and intend never to visit here again unless I absolutely must, while the US continues with its present insane security levels, and that's just because of how I was treated by the TSA on a domestic US flight (because I had a purple passport, though i understand a random selection of US citizens get same treatment). So if I'm also to be further treated as a criminal in the future and have to submit to fingerprinting, definitely no way...
It's a real shame, cause the people here in the US whom I've met have all been real nice and friendly, my sister lives in the US and my present employer and many colleagues are in the US. But I really never will submit myself to the humiliation of US airport security again, especially not if it comes with fingerprinting for immigration control on top, if i have any choice.
I'll be glad to stay in EU (course, many EU countries are going to go with biometric data encoded passports to satisfy US immigration, so I'll just have to refuse to renew my passport and avoid extra-EU travel altogether it seems, sadly.)
OS X is a NeXT derivative with some *BSD
No, OS X is NeXTSTeP with updated BSD. NeXT already was a BSD userspace on top of Mach. OS X just updates it from 4.2BSD (or 4.3, i dont remember exactly which 4.x) to FreeBSD (4?). The major changes were in the addition of the MacOS compat layer (Cocoa?) and much work on refining the UI - but its still essentially, IIUC, display postscript (oops, updated to display PDF, iirc) graphics engine with the OpenSTeP API (oops, called carbon now isnt it?). I dont know if OS X uses Objective C as its primary language of choice for its APIs as OpenSTeP did though (but judging by the docs on apple.com, ObjC bindings are supported).
See:
/etc/iproute2/rt_realms)
http://hibernia.jakma.org/~paul/rc.iprules
For a script that does something similar to what you want, policy routing to route based on source IP. It should be easy enough to add an additional 'firewall mark' field to the table and policy route based on that (i'm on holiday, otherwise i might have done that for you). The listed "intranets" will use the main table.
Basically, all you need is:
1. create a table for each policy (edit
2. use iptables to add arbitrary 'fwmarks' to incoming packets based on whatever criteria you have
3. use the 'ip rule' command to direct routing for packets with specific fwmarks to specific routing tables.
4. direct other traffic to the default 'main' table.
Finally, see the Linux Advanced Routing & Traffic Control site for further information.
true...sort of.
There's no sort of about it, sorry.
then chances are good that 3000 users means a heck of a lot of traffic.
Again, no amount of users will be able to get more than 100Mb/s of data through any of those 4 or 5 interfaces. That's 12.5MB/s * 4 * 2 = 100MB/s - absolute worst case, which PCI can do. However, you're unlikely to get 100Mb/s of multi-stream traffic through a 100BaseT network to the box, never mind into this box itself. So that's 100MB/s of bus bandwidth is an absolute max.
I have an FTP server that you can get a good 20MB sustained (through a gateway), if there was just 4 people downloading at that rate then that's 80M that doesn't leave a lot of room for the other 3 networks that I have connected to that same router.
Firstly, he isnt running an FTP server, he wants to route between 4 or 5 subnets and a T3. Secondly you're saying that this is a limitation of the PC? That a Cisco would magically alleviate those limits?
He did say _4_ interfaces remember.
So you did, what an amazing coincidence then that I was multiplying by four in my previous post.
ALL of the other interfaces will notice severe lag
Not really. If anything the FTP traffic from the box itself will suffer before the forwarded traffic does - but anyway, he only wants to _route_ - he is _not_ running an FTP server. He wants to forward between 4 or 5 subnets, a T3, and oh yes, VPNs. And the (much) faster CPUs in PCs help with that versus Ciscos (unless you get the 3k+ crypto modules, in addition to the extra-cost IOS modules needed to even do anything crypto related, hardware-assisted or not).
If you do decide to do this with a PC, make sure it has a MINIMUM of a 64 bit PCI (507MB theoretical IIRC)
Errr, no. If he wants 4 100Mb/s interfaces a single quad-ethernet card on a low-end PC will most likely do (with polling drivers). Or a bit better (esp for 5 subnets) a machine with 2 32/33 PCI buses - eg if you have an old Proliant lying around that will do perfectly. 64bit/32MHz PCI is 260MB/s burst bandwidth and hence ~200MB/s real, PCI-X @ 66MHz is double that again, PCI-X @ 64/100 double that again. But that only means something if the cards on the bus support it. (esp for the cycle-rate, bus frequency must be lowest common denominator).
1000baseT is even better as the cards have a bigger buffer that will help you even if you aren't routing at that speed.
Right.
Use OpenBSD (if you can)
No, use linux or freebsd, as they both support polling mode for some of their network drivers, the most critical factor if you want to forward lots of traffic on a PC.
the altq functionality of PF will help you to eleviate many of the bandwidth problems
Err, no. You're presuming from the start there will be bandwidth problems, and rate-limiting to begin with? That is a silly approach. The shaping will, for most bursty office subnets, be an unneccessary extra overhead and injection of latency. And all in attempt to solve a bandwidth problem that need not exist in the first place, even on an old PC (presuming 4x FE and half-decent cards), when many of the bottlenecks and bandwidth impedements are most likely elsewhere - eg the packets from these 3000 users most _definitely_ have to be going through a switch or two before being forwarded to one of the relevant links on the PC router.
so that none of the other interfaces can completely wipe another off the map if a few people are using some big time bandwidth.
An interface isnt going to wipe another interface off the map. (where are you getting this form?). The problem is _not_ bandwidth - if you have enough, you have enough, if you dont, that's tough. And the real problem is packets/sec, not bandwidth, be it PC or Cisco. (hence use NICs whose drivers support polling mode operation.)
you're talking max bandwidth there. Would you actually try to route 3000+ users through that?
4x100Mbit is 4x100MBit.. what in gods name does the number of users have to do with it? If you have 400Mbit/s, is that 400MBit/s "bigger" in some way because its generated by 3000 users instead of, eg, 1000 or 500 or even just 1? It isnt.
That's just the max that is _theoretically possible.
Look, if the machine has a quad fast ethernet card then the max that box will have to route is 4x100Mbit/s. No amount of users is going to be able to push more at that box than that, and it's well within the capabilities of PCI. So... ?? what is your point?
The PCI bus (32 bit) is capable of a (again) _theoretical 127MB.
Of raw bandwidth yes, but one out of every 4 cycles is an address cycle, so the amount of sustainable throughput is ~100MB/s.
The asker didn't say what type of business it is, but I'd bet at 3000 users a lot of those are transferring some big files.
Ah yes, and those big files will clog up the PCI bus wont they, even though the bandwidth of 4 100BaseT NICs is well within bandwidth of the lowest-end PCI. Those big files will magically somehow make more than 100MBs go through those 4 12.5MB/s * 2 (in and out) ethernet interfaces. Yes of course, how silly of me.
You are just plumb plain wrong. Indeed, if people were transferring big files all day long, that would actually be the ideal situation for a PC router. Provided that your bus bandwidth is sufficient (and with 66MHz/64bit PCI it is even for multiple GigE) it is the packet rate that is the obstacle. Polling mode drivers helps for this.
You're better off going with gigabit and a cisco router.
Maybe, if you have the money and you actually need high-end performance. The cheap (ie 5 to 10k) low-end Cisco's actually perform no better, sometimes worse, than PCs, and wont handle GigE at linerate either. Also, how will GigE make their T3 any faster? Yay - i've got GigE connectivity to my 43MB/s internet connection.
you simply cannot pump that much through a standard PC. .... Unless anyone knows if those quad cards can route between connectors at faster (much much muuuuuch faster) than the PCI bus will allow
If its 100baseT, 4x12.5MB/s = 50MB/s is easily within the capabilities of a standard 32bit/33MHz PCI bus (100MB/s sustained), at least in terms of transfer rate. Make sure to use a card that has drivers which support polling (aka NAPI on linux).
It really boils down to this: show me where in the GPL it says that the copyright holder can alter or revoke the license? It says that, due to actions of the user the user may not be eligible to exercise the license, but there is absolutely no verbiage that says that the copyright holder can unilaterally revoke a user's rights.
Absolutely agreed. The GPL licensor does not retain the right to arbitrarily revoke a licensees right to use. So the nmap people havnt got a leg to stand on there.
However, one could argue that SCO, by deed and action (eg sending of letters to Congress, press statements etc.) do not accept the GPL licence, and hence if one does not accept the GPL licence one may not avail of the rights it grants licence to. To reiterate this, Section 5 of the GPL reads as follows:
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
So, there are 2 possibilities here:
1. SCO do not accept the GPL licence as a valid licence. Hence, they do not have any rights to distribute _any_ GPL software. Hence, they are clearly in violation of the GPL.
or
2. By distributing GPL software, they have indicated their acceptance of the GPL licence.
So, it seems to me SCO are in a dangerous position. All it would take really is for the NMAP people, rather than issue a futile "we revoke your licence" statement, is to instead sue SCO for breach of the GPL licence. SCOs only defence (if i may borrow from Eblen Moglen's recent talk) would be to say "But your honour, we do have a licence, the GPL, which we accept of course." Which would at least force their hypocrisy out into the open. Their only other option would be to argue that they have no licence at all.
That is a really cute trick the GPL pulls, isnt it?
Addresses don't need to be distinct per physical machine, they need to be distinct per logical server.
Define a logical server? Providing a unique and coherent service? No, that isnt needed. You could use anycast for anything such that you are directed to the topologically closest host. (where "topologically closest" is defined by routing). Eg, you could setup an anycast address for "PGP public key server", or "web proxy" or "SMTP server", etc. Indeed, let me clarify my remark on statelessness - it is easiest to use anycast for stateless services, however one could use them for stateful services too, provided one had control over the stability of the topology. (eg a corporate, geographically diverse network, where topology changes were infrequent, could use anycast addresses to direct mobile users to the closest host providing a service).
Two different servers (probably owned by different people) having the same address wouldn't work too well, how would you say which one you wanted to talk to?
You dont, that's the entire point of anycast. Instead the routing domain picks the best host for you.
There aren't too many names in open source software bigger than his.
/me whistles innocently and looks around
Or egos...
ESR has done a few good things yes, written a good paper, maintained and hacked on a few things, but he also has a tendency to draw certain other beliefs he holds into his open-source related dealings.
1) Public IP addresses must be globally unique. If they weren't, routing traffic would be effectively impossible
Incorrect. Addresses need not be unique at all,
Indeed one can make very good use of non-unique addresses. Quite a few of the IP addresses for the root DNS servers (eg those operated by ISC) are assigned to multiple different computers, diversely located geographically. Go google for "anycast". The 6to4 relay service also uses a public, non-unique address (ie anycast) for the 6to4 gateway.
Any stateless network service can be deployed using anycast addresses.
Crikey. Are you incapable of reading? The poster you replied to stated:
this is not a matter of Apple supporting the product, it is a mater of Apple not willing to accept a return of the product.
It has nothing to do with guarantees. It's simply about a customer who changed his mind and wanted to return it, perfectly functional, after the sale. Apple do not offer their "not happy after 15 days, get your money back" returns policy on non-standard-config machines, so they wouldnt take it back. Nothing to do with guarantees what so ever, there's no reason to think Apple do not guarantee custom-config machines.
Read the bloody story, no, just read _even_ the post you are replying to.
Unless you have written your application to run in multiple threads, or forks...
/many/ applications and hence take advantage of SMP that way. And the fork model doesnt cover a huge swathe of apps, eg apache serving a dynamic content site - lots of php/perl/whatever processing going on in lots of seperate processes, perhaps using a database backend (typically also either threaded or multi-process+shared memory). Or what about thin-client application servers? (eg client server for X-terminals or SunRays) - SMP is a /huge/ win there.
Surprisingly, while a single application might not be able take advantage of SMP, often an expensive computer will run
If you are CPU limited across a bundle of processes, SMP can help - and it's easily determinable by looking at top. And Sun have a whole bundle of hefty SMP boxes they can sell you.
I don't know anything about the project, but from the information on the website it seems that it is an extension of SGI's source code. How did the author get the source code in the first place to extend?
He didnt, AFAICT, it's a clone of SGI's Indigo Magic Desktop, including the window manager, 4Dwm (hence why his site is 5Dwm) and the widgets SGI added, as well as some of the apps. Read the information on the front page of the site a bit more carefully:
IMD4Linux is the IRIX Interactive Desktop rebuilt from scratch on Linux using today's technologies and SGI's Interactive Desktop as guideline.
The legal issues are presumably due to the use of SGI trademarks, which is hinted at in the letter, the bit where he says:
I changed the project name from 'Indigo Magic Desktop for Linux' to 'IMD4Linux'
However, it's hard to tell for sure as the site doesnt seem to have more in the way of detail on the SGI legal/whatever issues bar that letter of his. It does appear to be his source though.
The chunky Motif widgets look perhaps just a bit dated, compared to todays mostly 'flat' widget looks, but that's just fashion really. Indigo Magic was an amazing desktop though, you have to use it to appreciate it. Especially the icon-zoom widget used in Indigo Magic's file browser - it had a thumbwheel along the side which you could roll to zoom in and out, and the vector drawn icons would smoothly zoom in and out. Also, there were neat eye-candy things thrown in for when you double-clicked on an icon - the icon would have an animated sparkle while the app started. The whole desktop was just nicely integrated, everything used SGI's Motif-extended IMD widgets. Really nice.
:). Other systems were still using TWM or OpenLook. Indigo Magic Desktop still holds it own today against the likes of GNOME 2, even with the
What you have to remember is that this desktop came into being around 94 or so. I'm not quite sure when, but I was using it in 95. It was just amazingly advanced, at least in terms of eye-candy
unfashionable chunky widget look.
Arg, sorry, yes I must have! :) Apologies, your post is in that case a perfect example of how XML would be worse. :)
--paulj
How is .... less readable or less expressive than this:?
Because the latter doesnt have all the clutter of the . The former is easy to parse at a glance, for a human, the latter you have to drill your eyeballs into to see through the XML clutter.
He was replying to a post which pointed out some US act which prohibits manufacturers from accepting liability for faults in their cars on the grounds that an owner made unrelated modification.
:)
Here is what he said:
I didn't read the article so it's not 100% clear what there doing but this doesn't seem knew. Changing these settings can cause the engine to die prematurely. While you may be able to reprogram the chip back to factory specs before you get it repaired it's still illegal and immoral.
So, not only did he not read the article, he then immediately equates, for all intents and purposes, using such chips with illegal/immoral behaviour, at least he said "it's still illegal and immoral" not "but that would be illegal and immoral" - ie even if you reprogrammed it, it'd still be illegal and immoral. Maybe that was just an unfortunate mistake on the poster's part which changed what he wrote from what he had intended, but the rest of his post continues on in a similarly confused fashion, continuing on with the notion that "people who modify chip" == "people who (might) try rip off their dealer", when the clearly the context, which the poster is making his reply in, relates to going to your dealer for unrelated faults.
If the suspension on your chipped car fails and you take it back to the manufacturer to have it fixed under warranty, is that illegal? Clearly it is not, indeed that act exists because the _manufacters_ were, previously, immorally refusing to honour their warrantees or other obligations due to unrelated modifications.
The poster who I replied to either is living on another planet, due to their unique outlook on morality, or is simply a dolt, who is neither bothered to read the article concerned nor even the post he replies to.
Does that clear it up for you?
Our weather finds that in the Spring, Summer and Fall I am subject to having the temperature in my car reach 80 Deg C in the mid day. Opening the windows finds the exterior temperature reaching between 35 and 40 Deg C.
:)
Strange... I've been in spain a good few times, similar temperatures to the above, if not hotter, yet most people seem to do fine without A/C in their cars there.
you are correct (my mistake) on the cam...
:) The flame front in the mixture travels at reasonably constant speed, so at higher RPM (on 4 strokes) you typically need ever increasing ignition advance to allow enough time for the flame front to reach through the mixture.
Hehe, well it turns out you actually might be right. Honda and BMW appear to have variable valve timing systems. So you could potentially adjust that.Though, at a guess I would imagine the stock settings would already be close to optimum. And valve timing is not the first thing you'd change to get more power out of a stock engine - ignition timing and fuel ratios are where stock engines can be (easily) improved on the most, in general, AFAIK.
but its still the (and the stroke of the pistons) relative position to the spark (as you say) that determines the amount that the fuel/air mixture is compressed which is directly relevant to the amount of power which is produced...
No, the ignition advance does not determine the compression ratio. It determines only when the spark lights.
Valve timing can affect compression ratio though. Which potentially is adjustable to varying degrees on some engines (from "not very much, choice of 2 settings" on VTEC, to "lots" on the BMW engines it appears from googling).
I hope i did not imply that higher octane fuel has more energy... simply put, that energy can be harnessed more effectively
Right, yes.
by allowing greater compression before combustion.
No, compression doesnt come into it. You can not change the compression ratio without changing mechanical characteristics of the engine (valve timing, variable or not, included.)
Hence in a tuned engine (chipped) greater power can be made from the same amount of fuel, though the potential energy of it had never changed.
Right. Though, I wouldnt call a chipped engine a tuned one.