Glad you got a good deal on the hardware. Be careful though.
They have a whole section of the Solaris licensing pages dedicated to relicensing. Don't laugh. For some models, Solaris 9 relicensing fees are in the US$100,000's. Not sure if this link will work because the have some strange session-management junk on the pages with the pricing on them: store.sun.com/catalog
..is that 64 bit desktops are really on their way now. So Sun has to pre-emptively promote its hardware in the areas where 64bit personal computers could be effectively deployed in the data center. IBM's power4/5, AMD and Intel's 64 bit offerings are going to blow Sun off the map and they know it. This will enable robust RAM addressing space that's good enouguh for enterprise-level servers. When 64bit chips start arriving in quantity (late 03 early 04) we can all kiss Sun's licensing and pricey hardware goodbye.
Fink developers have already posted the correct way to embedding a dylib into a bundle on OS X on the McAfee forums The viruses that McAfee attempts to prevent are really from Windows-land anyway. I have yet to run across a true native MacOSX virus. And finally, McAfee wasn't giving any credit to the Fink project. They should know better. No suprise then that Virex got bought out by a company called Network Ass.
Yes, the PEAR project has to crawl before it can walk, but the ability to do both object oriented code and procedural hacks (whichever makes most sense for your project) makes the PHP environment for web applications the better choice. Ever tried finding the location of a JSP bug?
PHP app developer: air force fighter pilot Java app developer: submarine captain shell scripter: special ops MacOSX user: just drafted, still in boot camp
HTML "programmers": enlisted privates RedHat certified: USArmy officer ten years Unix sysadmin: noncommissioned sargeant open source project leads: USArmy captain through colonel Linux kernel maintainers: USArmy four star general Cisco cert: USMC FreeBSD sysadmins: Delta Force OpenBSD sysadmins: Airborne Rangers Oracle DBA's: Navy captains MCSE: cannon fodder MCSE who didn't patch SQLServer: dishonorable discharge
Hell, if I get to spend time on the firing range with some MCSE's, sign me up. See real USArmy rank hierarchy here.
Carry it around as a mobile classroom: serve up notes, audio, video of your presentation when and where you give it. No more "I'll email you my presentation when I get back to the office" stuff.
You could hide one of these things in an airport or some other public place and use it to broadcast advertisements in the form of SSID and/or a 192.168.*.* intranet web site to anyone stumbling for accesspoints. Imagine a bus or taxicab service giving out dispatcher phone numbers or transportation rates. Suddenly advertising in an airport terminal isn't quite so expensive.
Yes, I've tried sodipodi, and it still lacks most of the useful features of Illustrator, including font-file format editing, passably intuitive object handling, drag and drop integration with other GNOME apps, robust gradient support, integration with any animation tool, and cmyk colorspace support. The purpose of indicating these limitations isn't to complain in any way, but hopefully to make clear the kinds of features needed before such a project can be publicly announced as a useful vector graphics tool. Linux has replaced corporate dependence on Windows, and hopefully some day GIMP and killustrator/sodipodi will replace dependence on Adobe's insanely pricey graphics authoring and editing tools.
...to have a really good SVG editing tool. GIMP 1.3.1 shows that some GNOME developers have put some serious thought into Bezier editing tools, but nothing that has been released as a standalone vector editing app. killustrator, sodipodi and similar apps just aren't ready for prime time. If you're willing to spend the time to use it, the GIMP is really about as powerful as photoshop. Unfortunately, there is nothing in the open source world which is anywhere near as close to Adobe Illustrator functionatlity.
Worth noting that NeXT had display Postscript robustly implemented and SGI's window manager also had scalable fonts, but neither of these OS or GUIs are around today. If there's a lesson to be learned here, it is that the UI isn't significantly improved by scalable vector graphics. SVG is an improvement but not one which will make any competitive difference. Fortunately or unfortunately, the 25 year history of user interface points us in a different direction.
Rob Malda (cmdrtaco), Jeff Bates(Hemos), and Chris Nandor(pudge) are all using Mac laptops at least part of the time these days. Who else among the slashdot crowd is sporting either a PowerBook and/or an iBook?
I realize that the point of this story is that computing power is cheaper elsewhere, but wouldn't it be ironic if someone built and used a large-node cluster of these and to crack the Micro$oft XBox keys?? Robinson should up his ante for this case.
What NAI bought was the ability to steer and effectively control the direction of SpamAssassin's development. They didn't purchase the ability to download or use the software, what they purchased was a stake in controlling the userbase.
Check out the telex 2.4ghz antenna page for some antennas which will get you some serious signal. I had great luck with their 9.5dbi omni and have strong signal (5 bars on a tibook) at about 30 meters, which is enough to cover my back yard. (Remember that decibel is a logarithmic scale.) They apparently don't advertise these things, but they should.
Step 1: Call it a prototyping language so you get everyone using it but not having great expectations or concerns about liability if it doesn't perform perfectly.
Step 2: Release early. Release often. Fix bugs like it is going out of style and respond to solid feature requests from users. Grow your userbase beyond early adopters. Promote developer adoption by making what they create available in repositories.
Step 3: A few years go by, and you have enough features that you can claim that it is no longer just for prototyping.
See a pattern: Perl did the same thing. PHP is doing it too.
I don't think java ever went through this cycle, though, which makes me suspicious of it. The claim seems to be that ten bearded guys at Sun replaced step 2. Yes, there is more to good technology than grass-roots popularity, but when the grass-roots tools will get the job done, get it done securely, and get it done with high availability, what's the point?
I've spent so much time lately in the (relatively) flat-table world of MySQL that I had forgotten about inherited tables, subselects, constraints in table definitions, and oh yes, vacuuming.;) Looks like it is time to revisit postgres, especially for some db-agnostic PEAR apps I'm building. For me, it's the subselects that really make it worth the effort.
That's a really good point. I went back and read it again, but still stand by my previous post. The sequence number analysis techniques apply only to weaknesses in FakeAP and AirJack which will be easily modified on their part. All they have to do is follow the sequence control frames of their spoofing victim. The man in the middle attack described later is a better example of how sequence analysis could be useful, but it still wouldn't let the access point operator distinguish from an a attacker and the case where a legitimate user simply left the network and came back a short while later. This isn't a trivial problem to overcome on the part of the access point operator. (!)
The most interesting part of the paper to me was the section where Josh mentions that Lucent cards aren't following 802.11b specification in their sequence generation. And I highly agree with his recommendation in the final paragraph for access point vendors to add extra processing power to their hardware to accomodate security tools- such as sequence analysis tools. But it is a two way street, since doing so will give attackers more potential when they've succeeded with an exploit.
There seem to be two separate efforts to bring robust object oriented apps (classes, really ) to PHP. One of them is PEAR, and it is obviously being done in conjunction with the primary PHP development team. The other efforts is Manuel Lemos' PHPClasses.org site. The PHPClasses site is much more grass-roots and currently has a much wider variety of classes available in it. Hopefully these groups can work together. I don't know Manuel personally, but as someone who has followed his web site for about six months or a year, I'm hoping that somebody at Zend or wherever the financial backing is behind PHP can offer this guy a job and take advantage of the momentum that he has built up. It would probably speed up the rate at which classes were submitted to pear.php.net.
Basically what this guy did was realize that the MAC-generation algorithm in spoofing software Wellenreiter has a weakness, namely that the OUI's it generates aren't all legit. (OUI is the organizational unique identified which is in the first few bits of the MAC address.) Also see helpful Sourceforge description of Wellenreiter.
He similarly points out limitations in denial of service tools: AirJack and FakeAP software. However, this isn't the same as giving a general technique for analyzing MAC addresses on 802.11b, something which was strongly implied in the original post.
Dave Hyatt's weblog, the Confessions of a Mozillian, indicates that there is a sizeable team working on Chimera, so I wouldn't expect everyone to just walk out the door all at once. Sure, development on it may become less of a priority, but that doesn't mean the fat lady has sung. Also, the overwhelming response to the safari announcement was for tabbed browsing. It is quite possible that Apple simply won't cave in to the demand for tabbed browsing in which case you can have my chimera when you pry it from my cold dead hands.
Sounds like you need to take a look at the Golden Rules of Consulting. The relevant rules are: be the professional's professional, know when to "no bid" and know your customers. It sounds from the description that you need to provide some assistance with not only execution of the project, but give advice on what is a reasonable methodology and/or time frame for it. Advice to adjust goals is hard to give diplomatically, but often the most needed.
Slashdot Mirror
It looks pretty spiffy, although the antialiasing is a bit rough... : ) Are the two X's supposed to refer to XonX?
Glad you got a good deal on the hardware. Be careful though.
They have a whole section of the Solaris licensing pages dedicated to relicensing. Don't laugh. For some models, Solaris 9 relicensing fees are in the US$100,000's. Not sure if this link will work because the have some strange session-management junk on the pages with the pricing on them: store.sun.com/catalog
..is that 64 bit desktops are really on their way now. So Sun has to pre-emptively promote its hardware in the areas where 64bit personal computers could be effectively deployed in the data center. IBM's power4/5, AMD and Intel's 64 bit offerings are going to blow Sun off the map and they know it. This will enable robust RAM addressing space that's good enouguh for enterprise-level servers. When 64bit chips start arriving in quantity (late 03 early 04) we can all kiss Sun's licensing and pricey hardware goodbye.
The files that get overwritten by Virex are:
//sw
/sw/lib
/sw/lib/libcrypto.0.9.6.dylib
/sw/lib/libcurl.2.0.2.dylib
/sw/lib/libcurl.2.dylib
/sw/lib/libdl.0.dylib
/sw/lib/libssl.0.9.6.dylib
Fink developers have already posted the correct way to embedding a dylib into a bundle on OS X on the McAfee forums
The viruses that McAfee attempts to prevent are really from Windows-land anyway. I have yet to run across a true native MacOSX virus. And finally, McAfee wasn't giving any credit to the Fink project. They should know better. No suprise then that Virex got bought out by a company called Network Ass.
Yes, the PEAR project has to crawl before it can walk, but the ability to do both object oriented code and procedural hacks (whichever makes most sense for your project) makes the PHP environment for web applications the better choice. Ever tried finding the location of a JSP bug?
All they put in the source tarball is the default twm. Thanks Apple.
That's what we need access to!
PHP app developer: air force fighter pilot
Java app developer: submarine captain
shell scripter: special ops
MacOSX user: just drafted, still in boot camp
HTML "programmers": enlisted privates
RedHat certified: USArmy officer
ten years Unix sysadmin: noncommissioned sargeant
open source project leads: USArmy captain through colonel
Linux kernel maintainers: USArmy four star general
Cisco cert: USMC
FreeBSD sysadmins: Delta Force
OpenBSD sysadmins: Airborne Rangers
Oracle DBA's: Navy captains
MCSE: cannon fodder
MCSE who didn't patch SQLServer: dishonorable discharge
Hell, if I get to spend time on the firing range with some MCSE's, sign me up. See real USArmy rank hierarchy here.
Carry it around as a mobile classroom: serve up notes, audio, video of your presentation when and where you give it. No more "I'll email you my presentation when I get back to the office" stuff.
You could hide one of these things in an airport or some other public place and use it to broadcast advertisements in the form of SSID and/or a 192.168.*.* intranet web site to anyone stumbling for accesspoints. Imagine a bus or taxicab service giving out dispatcher phone numbers or transportation rates. Suddenly advertising in an airport terminal isn't quite so expensive.
Yes, I've tried sodipodi, and it still lacks most of the useful features of Illustrator, including font-file format editing, passably intuitive object handling, drag and drop integration with other GNOME apps, robust gradient support, integration with any animation tool, and cmyk colorspace support. The purpose of indicating these limitations isn't to complain in any way, but hopefully to make clear the kinds of features needed before such a project can be publicly announced as a useful vector graphics tool. Linux has replaced corporate dependence on Windows, and hopefully some day GIMP and killustrator/sodipodi will replace dependence on Adobe's insanely pricey graphics authoring and editing tools.
Apple is using an optimized PDF rendering engine in OS X, not display PostScript, which had to be licensed from Adobe.
...to have a really good SVG editing tool. GIMP 1.3.1 shows that some GNOME developers have put some serious thought into Bezier editing tools, but nothing that has been released as a standalone vector editing app. killustrator, sodipodi and similar apps just aren't ready for prime time. If you're willing to spend the time to use it, the GIMP is really about as powerful as photoshop. Unfortunately, there is nothing in the open source world which is anywhere near as close to Adobe Illustrator functionatlity.
Worth noting that NeXT had display Postscript robustly implemented and SGI's window manager also had scalable fonts, but neither of these OS or GUIs are around today. If there's a lesson to be learned here, it is that the UI isn't significantly improved by scalable vector graphics. SVG is an improvement but not one which will make any competitive difference. Fortunately or unfortunately, the 25 year history of user interface points us in a different direction.
Rob Malda (cmdrtaco), Jeff Bates(Hemos), and Chris Nandor(pudge) are all using Mac laptops at least part of the time these days. Who else among the slashdot crowd is sporting either a PowerBook and/or an iBook?
I realize that the point of this story is that computing power is cheaper elsewhere, but wouldn't it be ironic if someone built and used a large-node cluster of these and to crack the Micro$oft XBox keys?? Robinson should up his ante for this case.
What NAI bought was the ability to steer and effectively control the direction of SpamAssassin's development. They didn't purchase the ability to download or use the software, what they purchased was a stake in controlling the userbase.
Check out the telex 2.4ghz antenna page for some antennas which will get you some serious signal. I had great luck with their 9.5dbi omni and have strong signal (5 bars on a tibook) at about 30 meters, which is enough to cover my back yard. (Remember that decibel is a logarithmic scale.) They apparently don't advertise these things, but they should.
Apparently I was wrong, my friend at Sun tells me it was really only six bearded gurus, not ten.
Step 1: Call it a prototyping language so you get everyone using it but not having great expectations or concerns about liability if it doesn't perform perfectly.
Step 2: Release early. Release often. Fix bugs like it is going out of style and respond to solid feature requests from users. Grow your userbase beyond early adopters. Promote developer adoption by making what they create available in repositories.
Step 3: A few years go by, and you have enough features that you can claim that it is no longer just for prototyping.
See a pattern: Perl did the same thing. PHP is doing it too.
I don't think java ever went through this cycle, though, which makes me suspicious of it. The claim seems to be that ten bearded guys at Sun replaced step 2. Yes, there is more to good technology than grass-roots popularity, but when the grass-roots tools will get the job done, get it done securely, and get it done with high availability, what's the point?
...that the entire O'Reilly Practical PostgreSQL book was put online?
;) Looks like it is time to revisit postgres, especially for some db-agnostic PEAR apps I'm building. For me, it's the subselects that really make it worth the effort.
I've spent so much time lately in the (relatively) flat-table world of MySQL that I had forgotten about inherited tables, subselects, constraints in table definitions, and oh yes, vacuuming.
That's a really good point. I went back and read it again, but still stand by my previous post. The sequence number analysis techniques apply only to weaknesses in FakeAP and AirJack which will be easily modified on their part. All they have to do is follow the sequence control frames of their spoofing victim. The man in the middle attack described later is a better example of how sequence analysis could be useful, but it still wouldn't let the access point operator distinguish from an a attacker and the case where a legitimate user simply left the network and came back a short while later. This isn't a trivial problem to overcome on the part of the access point operator. (!)
The most interesting part of the paper to me was the section where Josh mentions that Lucent cards aren't following 802.11b specification in their sequence generation. And I highly agree with his recommendation in the final paragraph for access point vendors to add extra processing power to their hardware to accomodate security tools- such as sequence analysis tools. But it is a two way street, since doing so will give attackers more potential when they've succeeded with an exploit.
There seem to be two separate efforts to bring robust object oriented apps (classes, really ) to PHP. One of them is PEAR, and it is obviously being done in conjunction with the primary PHP development team. The other efforts is Manuel Lemos' PHPClasses.org site. The PHPClasses site is much more grass-roots and currently has a much wider variety of classes available in it. Hopefully these groups can work together. I don't know Manuel personally, but as someone who has followed his web site for about six months or a year, I'm hoping that somebody at Zend or wherever the financial backing is behind PHP can offer this guy a job and take advantage of the momentum that he has built up. It would probably speed up the rate at which classes were submitted to pear.php.net.
Basically what this guy did was realize that the MAC-generation algorithm in spoofing software Wellenreiter has a weakness, namely that the OUI's it generates aren't all legit. (OUI is the organizational unique identified which is in the first few bits of the MAC address.) Also see helpful Sourceforge description of Wellenreiter.
He similarly points out limitations in denial of service tools: AirJack and FakeAP software. However, this isn't the same as giving a general technique for analyzing MAC addresses on 802.11b, something which was strongly implied in the original post.
Dave Hyatt's weblog, the Confessions of a Mozillian, indicates that there is a sizeable team working on Chimera, so I wouldn't expect everyone to just walk out the door all at once. Sure, development on it may become less of a priority, but that doesn't mean the fat lady has sung. Also, the overwhelming response to the safari announcement was for tabbed browsing. It is quite possible that Apple simply won't cave in to the demand for tabbed browsing in which case you can have my chimera when you pry it from my cold dead hands.
Sounds like you need to take a look at the Golden Rules of Consulting. The relevant rules are: be the professional's professional, know when to "no bid" and know your customers. It sounds from the description that you need to provide some assistance with not only execution of the project, but give advice on what is a reasonable methodology and/or time frame for it. Advice to adjust goals is hard to give diplomatically, but often the most needed.