They could have had at least cooperative multitasking a long time ago. See here. The key problem with Palm apps is that, if you're not the 'running' application, you don't have access to your globabl variables. Add 'persistent globals' and all kinds of fun things become possible.
I already did that. It's called Ostiary. Much lower bandwidth & CPU requirements, actual cryptographic security, some level of confirmation that the message was received, etc.
you could have a single accessible port that would listen for access, and then receive an encrypted key that determines which other port your server opens for a possible connection.
I did this with Ostiary. Uses salted HMAC-MD5, fixed-length data, etc. Secure from replay, man-in-the-middle, sniffer, and other attacks. Still vulnerable to DOS, but what isn't?
I admit that the human factor limits the reliability of any system. But this is designed to protect against bugs in ssh. I trust at least myself not to do anything really stupid.
Since the client gets no feedback on whether the packets made it, there's no way to check if it worked except to see if the "magic" port has been opened.
This system is going to be unreliable. No way around it. A single dropped packet and you have to try all over again. If you're really paranoid, like some have proposed, and disable the "knock monitor" temporarily if someone tries to connect unsuccessfully, it will also be horribly slow.
If you use it on a LAN, maybe the net will be reliable enough, but then you have to worry about sniffers...
A clever-enough sniffer could figure this out, depending on how much traffic they have to sift through. I've looked at lots of alternative but none gave me a warm fuzzy feeling. So I wrote my own.
It does have an open port. The client connects, and gets 16 bytes (sizeof(md5 hash)) as a salt. It then hashes this using HMAC-MD5 with a secret password, and sends the result (16 bytes) back. Fixed-length data all the way, essentially zero chance of buffer overruns. Essentially impossible to crack, except for dictionary attacks. So low-resource it runs fine on my Mac SE/30 webserver.
I call it Ostiary (mirror here) and I think it's damn secure.
There'll be a Linux Gazette article about it this month (Feb) when it comes out.
It feels like my machine (2xAthlonXP@2GHz, 1GB RAM) is straining to get KDE going. I'm slowly working on getting my wife to switch over from Windows, but until that happens I must dual-boot, and I don't want to be sitting around for an extra thirty seconds. Windomaker startup is practically instantaneous on this box - I don't get 30x the functionality from KDE for my more-than-30x-the-startup-cost.
I always curse the first time I sign on an account and forget to set the window manager to something sane. Then I twiddle my thumbs while those little icons blink.
Maybe it's SUSE's version or something, or maybe I'm just not the target audience, but KDE's speed, or lack thereof, is what keeps me away. I'll look at this new version, but it's going to have to be a major improvement for me to change my mind.
So I wanted something I could use python and pyqt on.... So once you out-grow your HE330, look at the Z again.
What about Palm Python? Okay, limited, no QT, I know.
For my programming needs, the H330 is plenty. There's OnboardC, LispMe, and Dragon Forth. This lets me do the kind of programming I like to do. I recognize that this doesn't fit everyone's needs, but I don't think I'll outgrow my H330 for quite a while.:->
I got some cash for xmas, and tried to decide what to get to replace my Palm IIIxe. I know someone with a Zaurus SL-5000 (the original developer model, 32MB RAM) and was seriously tempted to find a real Zaurus off eBay. There were just a couple of problems.
The first is the battery life. I could go weeks on two AAA batteries in the IIIxe, while all these multi-hundred MHz machines have battery lives measured in hours. On an international flight, or when vacationing on the side of a mountain in rural Italy, that makes a difference.
The second is simple efficiency. On the Palm, apps execute in place; there's no need to copy from "storage" to "executable RAM" or anything like that. This frees up a remarkable amount of memory in practice. Linux's support for XIP is still highly experimental, though it seems some progress is being made.
The other part of efficiency is the apps. The Palm apps are really well-designed, and really work for a small-screen, stylus device. A lot of Linux apps don't translate so well to a dinky screen and pen-based operation, and even the specific PIM apps have some rough spots (though I admit I haven't seen the very latest environments).
I finally decided I didn't really need to run a webserver off my PDA (however much I wanted to, yeah I'm a geek), or Quake. I got a Handera 330 off eBay (not easy, some guy had bought the last 11 of them; wtf?). CF and SD slots, 240x320 screen (but grayscale, so battery life doesn't suffer), built-in voice recorder, etc.
Re:Also, there are more addresses!
on
The State of IPv6
·
· Score: 1
...one of the major reasons why IPv6 is interesting to us in that weird "foreign" part of the world is that is expands the address space?
And it's really interesting in Asia, haven for spammers? Many sysadmins already block giant ranges of IPs from those countries from their mailservers today. With IPv6, the number will be exponentially vaster...
I obfuscate the contact address for my website with some javascript, and don't otherwise publicise it. No spam yet, and it's been available for a few months. Of course, no one really cares about my website anyway...
I've been working woth the Palm OS for several year and I very much enjoy working with it.
Yes, compared to the Windows API the PalmOS API is much more orthogonal and simpler to use. Yes, you need to pay more attention to resource usage and such. But I compared what could be squeezed into a friend's Viewsonic V37 (a recent, capacious PocketPC) with my old Palm IIIxe. He was amazed at how small the apps were, and since PalmOS is execute-in-place, it's even better. (The app doesn't need to be copied from 'storage' to 'active' memory.)
For big, bloated things, I have a dual-Athlon desktop. For portability, well, PalmOS is the way to go. I can't wait until my Handera 330 comes later this week... weeks on a single set of batteries, but CF and SD slots, hi-res screen, etc.
I don't know how my 1.5 year old knew the exact worst moment to yank the USB cable out while I was installing my new joystick, but he did. Took me two hours to get the thing running again.
Back in 1995 I was working for a robotics company. They had a problem with a factory in Italy, and had to dispatch someone to mess with it. I had a valid passport, so off I went.
I loaded up a laptop with the necessary debug software. It didn't have a NIC available so I used a floppy disk. The next day I'm an hour and a half outside Milan in this factory, trying to load it on the malfunctioning robot.
Oops, it was corrupted on the floppy, but I didn't get any warning during the transfer. So here I am on Friday afternoon in rural Italy without the critical software I need to debug the problem. I try to dial in to the company modem pool, but the Italian phone system doesn't respond to the dial tones my modem puts out, and I don't remember the magic AT commands to force a connection. The company office in Italy is a hundred miles to the south and won't be able to hand-deliver anything until Monday.
Eventually I managed to find a computer store in town that has Internet email, and they allowed me to have the company send them a copy of the software, which I load onto my laptop three times with three different floppies.
We did finally get the customer's problem resolved, but I've never even remotely trusted a floppy disk since. Boy am I glad they're gone...
My previous job was with a robot manufacturer. We sold mostly to the auto companies around Detroit, MI. I worked on the spot welding robots - twelve foot tall beasts that carried heavy spot guns around and put together car and truck bodies.
One of the main problems was collision detection. Not just banging into something (which is surprisingly easy to do when 'training' a path) but also, if the welding tips weren't maintained, they could weld themselves to the car body. I didn't see it, but I was told of a time when a 'tip stick' led to the robot tossing an entire truck body into the aisle. It didn't even notice a few hundred pounds of sheet metal. (No one was hurt, fortunately.)
Our company developed really good collision detection that predicted the expected current draw on the motors for a planned motion, then kept close watch to make sure it didn't deviate too much from that profile. Made a huge difference; I still wouldn't want to get hit by one of those things (shudder) but our favorite demo was crushing a paint can. Without CD, you get a pancake. With CD, it's only depressed an inch or so.
Anyway, for about six months, I was assigned to test this stuff. That's right, my job was to take big industrial robots and bang them into obstacles at high speed. I was the happiest geek on Earth. But having seen what they can do, I would be very leery of riding on one of those Kuka things.
You miss the other problem. If this is a regular part of his job (take on a new task, do it, forget it) his skills will never improve. Think about all the stuff you learn on the job, and even just exploring tech at home. What if you really couldn't take it with you?
He'd be obsolete after his first job. He'd be the perpetual low-paid intern, fresh out of college, for his entire career.
Actaully, there's a tiny bit of plot to tie it together... suppose "Bootstrap Bill" got free and was above water at the time the curse was lifted. Now, he's in danger, and Will needs to go save his father? Not much to work with, but the writers did a heck of job turning a theme park ride into a movie.
Now, I'll accept that perhaps what they had tried to do might have been quite ambitious but to suggest that they succeeded admirably was just too much to take.
I dunno. I submit that maybe if the Hulk had moved like a real human it might have worked better. Consider, the 'hulk dogs' - did they look convincing to you?
Human brains have some highly refined hardware for recognizing and predicting human movement. (Humans have been way more likely to fight other humans than animals throughout our history.) We're not as finely tuned to pick up on, say, quadruped motion.
Now (faithfully to the comics, I'll note) the Hulk did some things which just aren't physically possible. Tossing tanks the way he did would require him to be absurdly dense and heavy, even if his muscles were made of diamond nanofibers. If he were that heavy, he couldn't bounce around the way he did at other times. Mass, inertia, and balance didn't add up.
The point is, I think people pick up on this much faster with an anthropomorphic character than with a dinosaur, or a dragon, or a CGI cat, or what-have-you. The close-up scenes of the Hulk's face worked quite well for me, actually. I think he looked much more realistic than the people in "Final Fantasy", and I don't think the effects guys need to hang their heads in shame. I believe the technology is more "there" than you do, but that there's no amount of technology that can make an utterly impossible movement look 'real'.
Aside from that, there were other real triumphs. The multi-panel scenes took some getting used to, but really worked most of the time. The bit where Talbot is walking away from Bruce as Betty looks on, and for a moment you can see all three of their faces, tells you all about their relationships in a couple seconds.
Some of the plot was, well, problematic. The dialogue could have used polishing in places. I agree that its flaws keep it from being one of the "best" movies of the year. But where it works, it works very well, and some of the problems with it have been very overblown.
The first Aliens Vs. Predator PC game had a really well-thought-out soundtrack. All three species had a set of music that was in keeping with the movies that they came from, and was uniformly good. I loved the last Predator song the best, though.
However at some point the embryo becomes a human. No argument there I assume. But when is that ? [...] When does that vital spark appear?
It's not possible to be conscious without a brain. Brains are utterly necessary for human cognition and self-awareness. Damage to the brain (e.g. Alzheimer's) damages consciousness and cognition - "no argument there, I assume". Religious types might argue that it's not a sufficient condition ("a soul is also needed") but I can't see any rational argument for considering a living thing without a functional brain as being 'human' in an ethically significant sense.
Now, how much brain is necessary to support consciousness? I dunno. It's not just number of neurons, it's their arrangment, too. (Consider all the neurons in a human brain, but just connected in a big long line. You then have nerve, not a brain. Arrangement matters.) But I'm squeamish and conservative; if we can't positively demonstrate a minimum size, we should assume any brain has at least the potential to be conscious.
The brain doesn't form in a human fetus before about a month. I've got no real problem with abortion or experimentation before that point. After that point, it becomes more and more certain that an actual human consciousness is present and abortion is much, much more problematic.
(I still think it can be justified in the case of 'risk to the life of the mother'; I can't see forcing someone to risk their life for someone else. But aside from that case, I have real problems with later abortions. In the case of rape or incest, it's the woman't responsibility to find out if she's pregnant ASAP.)
This is going to make me move my web server to OpenBSD 3.4-stable on macppc even sooner.
Mine is running an uncommon httpd on an uncommon OS on an uncommon hardware platform in a chrooted jail running as 'nobody', on a DMZ that is not allowed to send anything to the Internet except replies to http requests.
Even if someone cared enough to break in, they couldn't use it to do anything, not even a DOS. The worst they could do would be to deface my web pages, and nobody cares about them anyway.
This is way overkill for what is essentially a home vanity site, but I sleep easy at night.
That's why I wrote Ostiary, because I can't afford to keep up with all the latest patches the instant they come out. It can be used to remotely enable and disable services (by starting/stopping, them, altering the hosts.allow/deny files, etc.)
The protocol it uses is so brick stupid it's effectively unhackable. It can still be DOSed, of course, but nobody's come up with a way to directly subvert it. It's very small and light, there's even a Palm client for it. No, it's not the answer to everything, but several people have found it useful already.
I can't imagine this hack provides any of the security functionality at all, and that should send shivers down any Linux user's spine.
Well, if you allow random users write access to partitions, then yeah, you don't have any security. If you set things up rationally, so that only root can mount the partitions, then you don't have to worry about users messing with the data without authorisation. Mount it with a particular uid & gid (e.g. group "Windows-enabled-users") and let Linux's permission system sort it out.
How exactly is this any less secure than a typical recovery disk? If someone has physical access to the machine, you're screwed anyway. Does the fact that there exist ext2 readers in Windows send shivers up your spine, too?
Easycalc is good, but without scripts and a mathematics keypad, it is nothing compared to my 83+, let alone my 89.
Well, there's also LyME, and Mathpad. Not exactly Mathematica or Matlab or Maple, but if you really need that kind of power you should carry a laptop with you...
Slashdot Mirror
They could have had at least cooperative multitasking a long time ago. See here. The key problem with Palm apps is that, if you're not the 'running' application, you don't have access to your globabl variables. Add 'persistent globals' and all kinds of fun things become possible.
I already did that. It's called Ostiary. Much lower bandwidth & CPU requirements, actual cryptographic security, some level of confirmation that the message was received, etc.
Linksys routers have had a simple version of this for a while that they call port triggering.
I did this with Ostiary. Uses salted HMAC-MD5, fixed-length data, etc. Secure from replay, man-in-the-middle, sniffer, and other attacks. Still vulnerable to DOS, but what isn't?
I admit that the human factor limits the reliability of any system. But this is designed to protect against bugs in ssh. I trust at least myself not to do anything really stupid.
This system is going to be unreliable. No way around it. A single dropped packet and you have to try all over again. If you're really paranoid, like some have proposed, and disable the "knock monitor" temporarily if someone tries to connect unsuccessfully, it will also be horribly slow.
If you use it on a LAN, maybe the net will be reliable enough, but then you have to worry about sniffers...
It does have an open port. The client connects, and gets 16 bytes (sizeof(md5 hash)) as a salt. It then hashes this using HMAC-MD5 with a secret password, and sends the result (16 bytes) back. Fixed-length data all the way, essentially zero chance of buffer overruns. Essentially impossible to crack, except for dictionary attacks. So low-resource it runs fine on my Mac SE/30 webserver.
I call it Ostiary (mirror here) and I think it's damn secure.
There'll be a Linux Gazette article about it this month (Feb) when it comes out.
It feels like my machine (2xAthlonXP@2GHz, 1GB RAM) is straining to get KDE going. I'm slowly working on getting my wife to switch over from Windows, but until that happens I must dual-boot, and I don't want to be sitting around for an extra thirty seconds. Windomaker startup is practically instantaneous on this box - I don't get 30x the functionality from KDE for my more-than-30x-the-startup-cost.
I always curse the first time I sign on an account and forget to set the window manager to something sane. Then I twiddle my thumbs while those little icons blink.
Maybe it's SUSE's version or something, or maybe I'm just not the target audience, but KDE's speed, or lack thereof, is what keeps me away. I'll look at this new version, but it's going to have to be a major improvement for me to change my mind.
Almost always a good deal in that category.
What about Palm Python? Okay, limited, no QT, I know.
For my programming needs, the H330 is plenty. There's OnboardC, LispMe, and Dragon Forth. This lets me do the kind of programming I like to do. I recognize that this doesn't fit everyone's needs, but I don't think I'll outgrow my H330 for quite a while. :->
The first is the battery life. I could go weeks on two AAA batteries in the IIIxe, while all these multi-hundred MHz machines have battery lives measured in hours. On an international flight, or when vacationing on the side of a mountain in rural Italy, that makes a difference.
The second is simple efficiency. On the Palm, apps execute in place; there's no need to copy from "storage" to "executable RAM" or anything like that. This frees up a remarkable amount of memory in practice. Linux's support for XIP is still highly experimental, though it seems some progress is being made.
The other part of efficiency is the apps. The Palm apps are really well-designed, and really work for a small-screen, stylus device. A lot of Linux apps don't translate so well to a dinky screen and pen-based operation, and even the specific PIM apps have some rough spots (though I admit I haven't seen the very latest environments).
I finally decided I didn't really need to run a webserver off my PDA (however much I wanted to, yeah I'm a geek), or Quake. I got a Handera 330 off eBay (not easy, some guy had bought the last 11 of them; wtf?). CF and SD slots, 240x320 screen (but grayscale, so battery life doesn't suffer), built-in voice recorder, etc.
And it's really interesting in Asia, haven for spammers? Many sysadmins already block giant ranges of IPs from those countries from their mailservers today. With IPv6, the number will be exponentially vaster...
I obfuscate the contact address for my website with some javascript, and don't otherwise publicise it. No spam yet, and it's been available for a few months. Of course, no one really cares about my website anyway...
Yes, compared to the Windows API the PalmOS API is much more orthogonal and simpler to use. Yes, you need to pay more attention to resource usage and such. But I compared what could be squeezed into a friend's Viewsonic V37 (a recent, capacious PocketPC) with my old Palm IIIxe. He was amazed at how small the apps were, and since PalmOS is execute-in-place, it's even better. (The app doesn't need to be copied from 'storage' to 'active' memory.)
For big, bloated things, I have a dual-Athlon desktop. For portability, well, PalmOS is the way to go. I can't wait until my Handera 330 comes later this week... weeks on a single set of batteries, but CF and SD slots, hi-res screen, etc.
I don't know how my 1.5 year old knew the exact worst moment to yank the USB cable out while I was installing my new joystick, but he did. Took me two hours to get the thing running again.
Oops, it was corrupted on the floppy, but I didn't get any warning during the transfer. So here I am on Friday afternoon in rural Italy without the critical software I need to debug the problem. I try to dial in to the company modem pool, but the Italian phone system doesn't respond to the dial tones my modem puts out, and I don't remember the magic AT commands to force a connection. The company office in Italy is a hundred miles to the south and won't be able to hand-deliver anything until Monday.
Eventually I managed to find a computer store in town that has Internet email, and they allowed me to have the company send them a copy of the software, which I load onto my laptop three times with three different floppies.
We did finally get the customer's problem resolved, but I've never even remotely trusted a floppy disk since. Boy am I glad they're gone...
One of the main problems was collision detection. Not just banging into something (which is surprisingly easy to do when 'training' a path) but also, if the welding tips weren't maintained, they could weld themselves to the car body. I didn't see it, but I was told of a time when a 'tip stick' led to the robot tossing an entire truck body into the aisle. It didn't even notice a few hundred pounds of sheet metal. (No one was hurt, fortunately.)
Our company developed really good collision detection that predicted the expected current draw on the motors for a planned motion, then kept close watch to make sure it didn't deviate too much from that profile. Made a huge difference; I still wouldn't want to get hit by one of those things (shudder) but our favorite demo was crushing a paint can. Without CD, you get a pancake. With CD, it's only depressed an inch or so.
Anyway, for about six months, I was assigned to test this stuff. That's right, my job was to take big industrial robots and bang them into obstacles at high speed. I was the happiest geek on Earth. But having seen what they can do, I would be very leery of riding on one of those Kuka things.
He'd be obsolete after his first job. He'd be the perpetual low-paid intern, fresh out of college, for his entire career.
Actaully, there's a tiny bit of plot to tie it together... suppose "Bootstrap Bill" got free and was above water at the time the curse was lifted. Now, he's in danger, and Will needs to go save his father? Not much to work with, but the writers did a heck of job turning a theme park ride into a movie.
I dunno. I submit that maybe if the Hulk had moved like a real human it might have worked better. Consider, the 'hulk dogs' - did they look convincing to you?
Human brains have some highly refined hardware for recognizing and predicting human movement. (Humans have been way more likely to fight other humans than animals throughout our history.) We're not as finely tuned to pick up on, say, quadruped motion.
Now (faithfully to the comics, I'll note) the Hulk did some things which just aren't physically possible. Tossing tanks the way he did would require him to be absurdly dense and heavy, even if his muscles were made of diamond nanofibers. If he were that heavy, he couldn't bounce around the way he did at other times. Mass, inertia, and balance didn't add up.
The point is, I think people pick up on this much faster with an anthropomorphic character than with a dinosaur, or a dragon, or a CGI cat, or what-have-you. The close-up scenes of the Hulk's face worked quite well for me, actually. I think he looked much more realistic than the people in "Final Fantasy", and I don't think the effects guys need to hang their heads in shame. I believe the technology is more "there" than you do, but that there's no amount of technology that can make an utterly impossible movement look 'real'.
Aside from that, there were other real triumphs. The multi-panel scenes took some getting used to, but really worked most of the time. The bit where Talbot is walking away from Bruce as Betty looks on, and for a moment you can see all three of their faces, tells you all about their relationships in a couple seconds.
Some of the plot was, well, problematic. The dialogue could have used polishing in places. I agree that its flaws keep it from being one of the "best" movies of the year. But where it works, it works very well, and some of the problems with it have been very overblown.
The first Aliens Vs. Predator PC game had a really well-thought-out soundtrack. All three species had a set of music that was in keeping with the movies that they came from, and was uniformly good. I loved the last Predator song the best, though.
It's not possible to be conscious without a brain. Brains are utterly necessary for human cognition and self-awareness. Damage to the brain (e.g. Alzheimer's) damages consciousness and cognition - "no argument there, I assume". Religious types might argue that it's not a sufficient condition ("a soul is also needed") but I can't see any rational argument for considering a living thing without a functional brain as being 'human' in an ethically significant sense.
Now, how much brain is necessary to support consciousness? I dunno. It's not just number of neurons, it's their arrangment, too. (Consider all the neurons in a human brain, but just connected in a big long line. You then have nerve, not a brain. Arrangement matters.) But I'm squeamish and conservative; if we can't positively demonstrate a minimum size, we should assume any brain has at least the potential to be conscious.
The brain doesn't form in a human fetus before about a month. I've got no real problem with abortion or experimentation before that point. After that point, it becomes more and more certain that an actual human consciousness is present and abortion is much, much more problematic.
(I still think it can be justified in the case of 'risk to the life of the mother'; I can't see forcing someone to risk their life for someone else. But aside from that case, I have real problems with later abortions. In the case of rape or incest, it's the woman't responsibility to find out if she's pregnant ASAP.)
Mine is running an uncommon httpd on an uncommon OS on an uncommon hardware platform in a chrooted jail running as 'nobody', on a DMZ that is not allowed to send anything to the Internet except replies to http requests.
Even if someone cared enough to break in, they couldn't use it to do anything, not even a DOS. The worst they could do would be to deface my web pages, and nobody cares about them anyway. This is way overkill for what is essentially a home vanity site, but I sleep easy at night.
That's why I wrote Ostiary, because I can't afford to keep up with all the latest patches the instant they come out. It can be used to remotely enable and disable services (by starting/stopping, them, altering the hosts.allow/deny files, etc.)
The protocol it uses is so brick stupid it's effectively unhackable. It can still be DOSed, of course, but nobody's come up with a way to directly subvert it. It's very small and light, there's even a Palm client for it. No, it's not the answer to everything, but several people have found it useful already.
Well, if you allow random users write access to partitions, then yeah, you don't have any security. If you set things up rationally, so that only root can mount the partitions, then you don't have to worry about users messing with the data without authorisation. Mount it with a particular uid & gid (e.g. group "Windows-enabled-users") and let Linux's permission system sort it out.
How exactly is this any less secure than a typical recovery disk? If someone has physical access to the machine, you're screwed anyway. Does the fact that there exist ext2 readers in Windows send shivers up your spine, too?
Well, there's also LyME, and Mathpad. Not exactly Mathematica or Matlab or Maple, but if you really need that kind of power you should carry a laptop with you...