The first place I always look in this circumstance is the Rosetta Stone of Unix aka " What do they call that in this world?" Unfortunately, vax mainframes aren't one of the listed. Read up on the DEC stuff, since they had a similar design philosophy. I remember two things about VMS: prepare to go all caps, and version control is with a semicolon and file version after it for every file. Good luck.
Let's transcribe this thing! Here are the first four slides, from the first two images (two slides per image). I'd love it if somebody transcribed the whole presentation, as there seems to be a lot to think about in there in terms of Redmond strategy.
Slide 1: Title of the presentation with Microsoft logo
Slide 2: The Software Ecosystem The flow of shared knowledge goes in a circle. Diagram shows customers to government to academia to industry and back to customers.
Slide 3: The Business of Software subtitle: Source Code Licensing another diagram showing the interactions between source code - Core IP on the left and business model with usage rights and binaries on the right. Arrows showing development, support, deployment, and audit connect the two.
Slide 4: The Open Source Software Model:
complex mix of elements
has produced some great software
has both benefits and drawbacks like any model Diagram showing "development model" surrounded by "philosophy", "business model" and "licensing"
Finally, somebody please mirror these images, the bandwidth on that site is getting sucked dry.
I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.
The NIST has a white paper on AES which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.
Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)
Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?
Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.
In Omaha Nebraska, I shopped for months before getting a NEC model 1720M from Sam's Club for $450. It does 1280x1024, analog input only and I love this thing. I have found that I stay up later because my eyes don't get tired as soon. Would highly recommend LCD to anyone who stares at their display reading things like slashdot all day long. The other best deal I've heard about are the Dell 1600x1200 displays for around $850. Makes me wish I'd saved up for a little longer...
As a Mac developer for some years and MacHack attendee, where this year CmdrTaco keynoted, mostly about l#sbian sim characters on his ThinkPad, I'd like to be one of the first to welcome you to the world of the MacOS X. Seriously, I hope you enjoy the ride, Rob. Great to have you along.
VersionTracker could use some competition, so it is great to have the more Unix-focused Freshmeat and MacUpdate on the scene.
After reading a posting that someone had probably typed in silence and submitted to slashdot, I posted this reply silently and now you're reading it. Chances are you aren't reading this out loud. Nobody said a word, or even had to hear one. Reading can be an astoundingly efficient way to transfer information.
I have yet to meet anyone in good health who prefers getting ten voice mails over ten emails.
What the world needs is fewer karma whores and more good friends. Go ahead, friend.:) Click that white button and turn it green.
Don't forget that you can put AppleScripts into shell scripts via the "open" command and vice versa you can call shell scripts from AppleScript by opening a terminal session for them, i.e., executing a.term file.
There's no need to bicker about scripting languages when they can call each other.
It's all good.
What the world needs is fewer karma whores and more good friends. Go ahead, friend.:) Click that white button and turn it green.
but does it come with a more powerful antenna?
on
802.11 RF Amp
·
· Score: 2
I wonder whether Linksys will include an upgraded antenna in their signal booster kit instead of the little rabbit ears that their current access points come with. For about $100 you can get a 10 decibel gain antenna (for example, see www.telexwireless.com.) Add a 10db gain omni to an amped signal and we may really be able to get some distance out of 802.11b!
What the world needs is fewer karma whores and more good friends. Go ahead, friend.:) Click that white button and turn it green.
Having 550 messages sent based on a bayesian filter such as bogofilter is the best/most adaptive way to handle the problem. Open relay lists have a greater statistical probability of blocking legit email. The challenge this represents is that, unlike with Spews, you have to have clients which convey back to the server which emails get marked as spam.
Looks like the commercial version(s) of ssh and windows ports of the ssh client were most vulnerable. ssh.com people have denied it is a problem, whereas putty developers already have a fix available. This announcement was done very professionally, with details for each vendor that they were notified and what their response was. This is the first I've heard of Rapid7, and I'm impressed at their thorough approach in announcing this vulnerability.
Interesting that home schooling, as carried out by diligent and disciplined parents, addresses his points 1,3,4,7,8.
The family is the fundamental unit of an organic, growing society. Jeopardize the integrity of the family and the state will, sooner or later, lose unity itself.
Behold, an American welfare system that rewards single mothers, an American culture that looks down upon those who pursue a life of dedication to their family, and an American public education system that is in tragic need of overhaul.
So what are the risks involved with not patching your MySQL install ASAP? Should we expect script kiddies to have exploits in their hands in days, weeks, months?
The two flaws in the MySQL server involve TABLE_DUMP and CHANGE_USER, neither of which are typically done regularly, unless you're using dump to backup your db. Interesting that anything that is linked against libmysql is potentially vulnerable to the read_rows Overflow. This means that PHP/Apache/Perl andthere the OS could in theory be exploited this way, though the attacker would have to have some pretty generous write access to the database first. Both client vulnerabilities demand that you feed data into rows that your client is requesting.
The most interesting part of this, by far is the final comment: "Finally it must be mentioned that an attacker can of course use a combination of the described attacks to break into a system or to get access to privileges he normaly does not own. f.e. it is possible for a local user to crash the server with the COM_TABLE_DUMP bug (if he cannot takeover the root account with the COM_CHANGE_USER bug) and then bind a fake server to the MySQL port 3306. And with a fake server he can exploit the libmysqlclient overflow. Another scenario would be an attacker that tries to exploit his favourite mod_scripting language to takeover the webserver by connecting to an external fake server... "
My two cents? Man-in-the-middle attacks are pretty damned hard to pull off, even when the stakes are high and you've got the most skilled cracker interested. Keep current on MySQL releases on a quarterly basis and you should be OK. YMMV
Re:very true, for original language texts too
on
Free Books on CD?
·
· Score: 4, Informative
Jowett translations of Plato, for instance, are easily not the top choices of anyone I know who reads Plato seriously. The only exceptions I can think of this are the ancient Greek mathematical works. It is hard to mess up a translation of Euclid, though some of the Univ. Chicago Apollonius and Archimedes texts did manage to screw up the diamgrams.
Pretty much you have two choices for "complete" Great Books sets: the Harvard set, mentioned here, and the Univ. Chicago's Great Books of the Modern World sets.
I attended a Great Books College in southern California (Thomas Aquinas College) and found neither to my liking, but instead spent a small fortune on individual editions. Note to Cliff: Great Books encompasses far more than literature. Philosophy, science, mathematics all have great seminal sources.
Project Gutenberg is as close as the ideal of freely available good English texts gets, but an eclectic choice of web sites, such as Euclid's elements online, also goes a long way toward satieting the desire to know without having to get up from your computer and trot over to your nearest library. Google is the liberally educated man's best friend.;)
Finally, for those interested in Aquinas in Latin, see www.tacalumni.org/aquinas
The project you are looking for is called RealTime linux. I had a physiology professor in Boston who was using this in precision timing experiments. "RTLinux was created to resolve what has long been considered an inescapable dilemma: to produce a simple real-time system that does not restrict access to the power of hardware platforms." A company called FSMLabs now supports it. See: http://www.fsmlabs.com/community/ Check out the projects page for good examples of what this can be used for (mostly situations where you have to measure real-world events in picoseconds.)
We're currently beta testing LiteSwitch X on Jaguar. Email Mat at Proteron to ask for a copy. This is expected to ship in about a week.
Scientific American web award? I think not.
on
Solar Surgery
·
· Score: 0, Flamebait
A couple months ago, CmdrTaco complained about not being mentioned for SciAm's web awards. With comments posted by michael like "Everyone who used to operate on GI Joe figures with a magnifying glass is cheering for this to be commercially successful." he really should give up. Slashdot is a well-crafted repository for myth and urban legend much more than a conduit for anything remotely resembling the truly scientific. That being said, what do you do when some clouds blow over your hospital while in surgery?
X11 is already taken and refers to the XFree86 protocol. So what will the next major release be named? "But it goes all the way to eleven." (insert Spinal Tap joke here) Which makes me wonder whether Apple will go back to the tradition of calling things "plus" or "II" like the MacPlus or MacII in days of old. MacOSXPlus and MacOSXII sounds bad, but MacOSXIIx would be even worse.
Looks like the site has been taken offline around 11:00PM CST same day that this was posted and google cache hadn't kicked in yet apparently. Can anyone who visited the site post the pages their browser cached somewhere? Please mod up so all can read this request for mirror. Thx.
Tim O'Reilly is keynoting this year's MacHack. It will be interesting to see what all this *nix influence will do to MacHack attendance, easily the most intense Mac-specific wireless LAN party on the planet.;) See you here!
NDA? we don't need no steenkin' NDA.
on
Jaguar Reviewed
·
· Score: 4, Informative
Apparently not. Even though Apple made a big deal about ushering the press out after the WWDC keynote, they never signed NDA's. Developers, on the other hand, did. It is part of being an ADC member, if I remember correctly. So I can neither confirm nor deny that the screenshots at the macthis.org site look just exactly like Jaguar. With all those screenshots, that site is going down in a heartbeat... reload...... already flatlined.:)
Slashdot Mirror
The first place I always look in this circumstance is the Rosetta Stone of Unix aka " What do they call that in this world?" Unfortunately, vax mainframes aren't one of the listed. Read up on the DEC stuff, since they had a similar design philosophy. I remember two things about VMS: prepare to go all caps, and version control is with a semicolon and file version after it for every file. Good luck.
Slide 1: Title of the presentation with Microsoft logo
Slide 2: The Software Ecosystem
The flow of shared knowledge goes in a circle.
Diagram shows customers to government to academia to industry and back to customers.
Slide 3: The Business of Software
subtitle: Source Code Licensing
another diagram showing the interactions between source code - Core IP on the left and business model with usage rights and binaries on the right. Arrows showing development, support, deployment, and audit connect the two.
Slide 4: The Open Source Software Model:
complex mix of elements
has produced some great software
has both benefits and drawbacks like any model
Diagram showing "development model" surrounded by "philosophy", "business model" and "licensing"
Finally, somebody please mirror these images, the bandwidth on that site is getting sucked dry.
I kept reading and found the answer to my own question: in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. By trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
According to this helpful how-to, you use the Disk Utility to make an image using AES-128 encryption and then you store your home directory on that image.
The NIST has a white paper on AES which announces that the Rijndael method was the official AES algorithm and that Rijndael is designed with some flexibility in terms of block and key sizes.
Apparently 128 bit AES allows for a possible 3.4 x 10^38 possible keys which (correct me if I'm wrong here) puts it somewhere between DES and triple-DES. (?)
Can any Mac users comment on the limitations that are imposed on your choice of a passphrase?
Basically, I'd like to know how strong a method is this. Is it keep your little sister from reading your diary encryption, or more along the lines of if the Feds busted you they couldn't crack open your data with any computers due out in ten years type of encryption.
In Omaha Nebraska, I shopped for months before getting a NEC model 1720M from Sam's Club for $450. It does 1280x1024, analog input only and I love this thing. I have found that I stay up later because my eyes don't get tired as soon. Would highly recommend LCD to anyone who stares at their display reading things like slashdot all day long. The other best deal I've heard about are the Dell 1600x1200 displays for around $850. Makes me wish I'd saved up for a little longer...
As a Mac developer for some years and MacHack attendee, where this year CmdrTaco keynoted, mostly about l#sbian sim characters on his ThinkPad, I'd like to be one of the first to welcome you to the world of the MacOS X. Seriously, I hope you enjoy the ride, Rob. Great to have you along.
VersionTracker could use some competition, so it is great to have the more Unix-focused Freshmeat and MacUpdate on the scene.
After reading a posting that someone had probably typed in silence and submitted to slashdot, I posted this reply silently and now you're reading it. Chances are you aren't reading this out loud. Nobody said a word, or even had to hear one. Reading can be an astoundingly efficient way to transfer information.
:) Click that white button and turn it green.
I have yet to meet anyone in good health who prefers getting ten voice mails over ten emails.
What the world needs is fewer karma whores and more good friends.
Go ahead, friend.
Don't forget that you can put AppleScripts into shell scripts via the "open" command and vice versa you can call shell scripts from AppleScript by opening a terminal session for them, i.e., executing a .term file.
:) Click that white button and turn it green.
There's no need to bicker about scripting languages when they can call each other.
It's all good.
What the world needs is fewer karma whores and more good friends.
Go ahead, friend.
I wonder whether Linksys will include an upgraded antenna in their signal booster kit instead of the little rabbit ears that their current access points come with. For about $100 you can get a 10 decibel gain antenna (for example, see www.telexwireless.com.) Add a 10db gain omni to an amped signal and we may really be able to get some distance out of 802.11b!
:) Click that white button and turn it green.
What the world needs is fewer karma whores and more good friends.
Go ahead, friend.
Having 550 messages sent based on a bayesian filter such as bogofilter is the best/most adaptive way to handle the problem. Open relay lists have a greater statistical probability of blocking legit email. The challenge this represents is that, unlike with Spews, you have to have clients which convey back to the server which emails get marked as spam.
Looks like the commercial version(s) of ssh and windows ports of the ssh client were most vulnerable. ssh.com people have denied it is a problem, whereas putty developers already have a fix available. This announcement was done very professionally, with details for each vendor that they were notified and what their response was. This is the first I've heard of Rapid7, and I'm impressed at their thorough approach in announcing this vulnerability.
Ben is right on target here.
Interesting that home schooling, as carried out by diligent and disciplined parents, addresses his points 1,3,4,7,8.
The family is the fundamental unit of an organic, growing society. Jeopardize the integrity of the family and the state will, sooner or later, lose unity itself.
Behold, an American welfare system that rewards single mothers, an American culture that looks down upon those who pursue a life of dedication to their family, and an American public education system that is in tragic need of overhaul.
So what are the risks involved with not patching your MySQL install ASAP? Should we expect script kiddies to have exploits in their hands in days, weeks, months?
The two flaws in the MySQL server involve TABLE_DUMP and CHANGE_USER, neither of which are typically done regularly, unless you're using dump to backup your db. Interesting that anything that is linked against libmysql is potentially vulnerable to the read_rows Overflow. This means that PHP/Apache/Perl andthere the OS could in theory be exploited this way, though the attacker would have to have some pretty generous write access to the database first. Both client vulnerabilities demand that you feed data into rows that your client is requesting.
The most interesting part of this, by far is the final comment: "Finally it must be mentioned that an attacker can of course use a combination of the described attacks to break into a system or to get access to privileges he normaly does not own. f.e. it is possible for a local user to crash the server with the COM_TABLE_DUMP bug (if he cannot takeover the root account with the COM_CHANGE_USER bug) and then bind a fake server to the MySQL port 3306. And with a fake server he can exploit the libmysqlclient overflow. Another scenario would be an attacker that tries to exploit his favourite mod_scripting language to takeover the webserver by connecting to an external fake server... "
My two cents? Man-in-the-middle attacks are pretty damned hard to pull off, even when the stakes are high and you've got the most skilled cracker interested. Keep current on MySQL releases on a quarterly basis and you should be OK. YMMV
Jowett translations of Plato, for instance, are easily not the top choices of anyone I know who reads Plato seriously. The only exceptions I can think of this are the ancient Greek mathematical works. It is hard to mess up a translation of Euclid, though some of the Univ. Chicago Apollonius and Archimedes texts did manage to screw up the diamgrams.
;)
Pretty much you have two choices for "complete" Great Books sets: the Harvard set, mentioned here, and the Univ. Chicago's Great Books of the Modern World sets.
I attended a Great Books College in southern California (Thomas Aquinas College) and found neither to my liking, but instead spent a small fortune on individual editions. Note to Cliff: Great Books encompasses far more than literature. Philosophy, science, mathematics all have great seminal sources.
Project Gutenberg is as close as the ideal of freely available good English texts gets, but an eclectic choice of web sites, such as Euclid's elements online, also goes a long way toward satieting the desire to know without having to get up from your computer and trot over to your nearest library. Google is the liberally educated man's best friend.
Finally, for those interested in Aquinas in Latin, see www.tacalumni.org/aquinas
The project you are looking for is called RealTime linux.
I had a physiology professor in Boston who was using this in precision timing experiments. "RTLinux was created to resolve what has long been considered an inescapable dilemma: to produce a simple real-time system that does not restrict access to the power of hardware platforms." A company called FSMLabs now supports it. See: http://www.fsmlabs.com/community/ Check out the projects page for good examples of what this can be used for (mostly situations where you have to measure real-world events in picoseconds.)
Use exec() for deleting the files after they have been accessed. Deleting 24 hours later will require some timed event (think cron.) Here you go:
<?php
$dh=opendir('/home/');
while($ file=readdir($dh))
{
print"<ahref=$file>". "$file"."</a><br>"."\r";
}
closedir($dh);
?>
We're currently beta testing LiteSwitch X on Jaguar. Email Mat at Proteron to ask for a copy. This is expected to ship in about a week.
A couple months ago, CmdrTaco complained about not being mentioned for SciAm's web awards. With comments posted by michael like "Everyone who used to operate on GI Joe figures with a magnifying glass is cheering for this to be commercially successful." he really should give up. Slashdot is a well-crafted repository for myth and urban legend much more than a conduit for anything remotely resembling the truly scientific. That being said, what do you do when some clouds blow over your hospital while in surgery?
http://www.activestate.com
X11 is already taken and refers to the XFree86 protocol. So what will the next major release be named? "But it goes all the way to eleven." (insert Spinal Tap joke here) Which makes me wonder whether Apple will go back to the tradition of calling things "plus" or "II" like the MacPlus or MacII in days of old. MacOSXPlus and MacOSXII sounds bad, but MacOSXIIx would be even worse.
tabbed browsing
Looks like the site has been taken offline around 11:00PM CST same day that this was posted and google cache hadn't kicked in yet apparently. Can anyone who visited the site post the pages their browser cached somewhere? Please mod up so all can read this request for mirror. Thx.
So that's why those CD's weren't ejecting! ;) For the uninitiated, shift-Command-1 on Macs does a force media eject.
Tim O'Reilly is keynoting this year's MacHack. It will be interesting to see what all this *nix influence will do to MacHack attendance, easily the most intense Mac-specific wireless LAN party on the planet. ;) See you here!
Apparently not. Even though Apple made a big deal about ushering the press out after the WWDC keynote, they never signed NDA's. Developers, on the other hand, did. It is part of being an ADC member, if I remember correctly. So I can neither confirm nor deny that the screenshots at the macthis.org site look just exactly like Jaguar. With all those screenshots, that site is going down in a heartbeat... reload...... already flatlined. :)