i personally hope it is real because i believe once i purchase the hardware, then i should be able to do whatever i want with it.
i think there's a subtle difference between doing what you want with your hardware and requiring the system they put on that hardware to allow you to do so. i really don't know much about the details of the tivo hardware, but my impression is that it's possible to run your own linux install on it (though not very useful). as such, while you're free to do what you want with the hardware you've bought, it's the service running on it that's limited, and given the nature of tivo's business, i don't fault them for that.
Problem number one: your code will incorrectly serve application/xhtml+xml to browsers that specifically say they don't want it under any circumstances.
i'm curious about this one. i hadn't read the rfc before, but going through it now, i'm not seeing how this would happen. if i'm reading correctly, the presence of "application/xhtml+xml" means that the content-type is in the list of acceptable types (even if it's not preferred, as in #2). how does it go into that list noting it's absolutely not wanted?
i agree with your other points and i've actually worked around them but didn't think that part was relevant here:)
since you asked, i use xhtml+xml because the content part i write comes out a lot cleaner and easier to maintain. that may well be a fault in the habits i've developed for writing html 4, but it's a reason none the less. it's also handy that firefox is so picky with it -- if i screw up, it tells me right away.
as far as i can tell, this does a good job of sending my xhtml correctly to browsers that can handle it while other browsers deal just fine (if incorrectly). the content/display separation makes it a small thing, anyway... my problems with browsers behaving differently have always come from the stylesheet rather than the content.
Quick source view of the main slashdot page shows that "gif" is found about 50 times.
"png" is found twice -- both of which are related to the original post.
Now you know why we care. The web community uses gif more than png. For better or worse...
i'm not sure this web community would be pleased that slashdot's being used as an example of currently-accepted design choices. at least on the front end, slashdot's code is dated and inefficient. alistapart.com has a fun article on how it could be made better.
keep in mind that raid 5's write performance can be pretty nasty. at worst, a single write can require a read from each drive, parity calculation, and a write to record the new parity. raid 5 is great for things like static webserving where reads outnumber writes by a large margin, but for storing something user's home directories or a database with lots of writes, it's best to make sure your raid controller can optimize away the write performance hit, as most do, but you get what you pay for in a lot of cases.
personally, i like raid 10 better than 5 because i don't mind trading a disk for real redundancy. parity-based raid levels require the controller to do more work in normal operation and a lot more in rebuilds. i prefer to just copy the good drive from the mirror to the replacement drive.
anyway, ac&nc's raid.edu has a lot of good info on the advantages and disadvantages of various raid levels.
Get your facts right: "Linux is successfully compromised more than any other operating system". Mostly due to people setting it up straight out of the red box without adequately Reading The Fine Manual.
facts are tricky like that: "We don't know how many total servers the numbers were gathered from or what percentage of those servers is Linux vs. Windows, etc. It is safe to say that these results are true for the servers they monitor, but the percentages may not be true for all servers across the globe."
while there certainly exist a large number of linux machines that have been compromised, i can't imagine the number of infected linux machines is anywhere near that of the win32 systems infected by blaster/welchia/code red/nimda/sql slammer/klez/dumaru/sobig/etc. in the same time frame. i suppose the counting in this case depends quite a bit on the counter's definition of "compromised."
I was under the impression that Sun manufactured hardware for High-Performance Computing;
and i still say you got the wrong impression. sun's systems are built for reliability. the athlon-xp is built for raw speed. both approaches have tradeoffs, as you've seen. google, for instance, uses x86 hardware in their disposable backend systems. they want the fastest hardware for the money and they don't really care if a few systems to be replaced after a few months. sun customers sacrifice cpu power for the knowledge that the server they're getting can do its job for years if not decades.
that their performance libraries would be more efficient than freely-available open-source solutions.
in general, they are. however, there's only so much that library optimizations can do for you when you're competing against a significantly faster processor in a cpu-intensive task. again, you're expecting something that the system wasn't designed to deliver, and i still claim that the system isn't at fault for operating as intended.
I've spent the whole day trying to work around boneheaded compiler bugs which stop me running my codes on my department's V480. Only to find that, when my codes did eventually work correctly, they only ran half as fast as on my $600 desktop Athlon XP.
sun's hardware isn't marketed for its computational power. people buy sun hardware for its reliability and for the ability to run solaris/sunos on its native platform. if you want something that will crunch numbers as fast as an athlon xp, you're using the wrong tool.
last i'd read, intel will be releasing a chip with the amd64 extensions (i think that'll happen with prescott), so even if it helps amd, it would still be in their best interest to make 2.6 work well with x86-64
I went with a couple of P-4 (after watching the TomsHardware video of the athlon going poof)...
ok... so exactly how many times have your heatsinks fallen off the chip during operation? there are plenty of valid reasons to go with a p4, but that's not one of them.
Okay, so external drives aren't as cheap as internal drives, but they are a lot easier to cool (40 cm fan for instance), easier to swap if needs be, easier to expand the capacity (just plug in yet another drive into your FireWire-bus).
at my last job, my boss needed more space for video work on her mac and bought a stack of 4 external firewire drives. within a year, 3 of the 4 40mm fans had died. it could just be my bad experience, but i've found the smaller fans to have rather pitiful life spans, be it in video card cooling, north bridge cooling, 5.25 drive bay cooling or external hard drive cooling. the one exception i've seen is an original fan on a pentium 200's heatsink that's still going strong. my point is that i wouldn't recommend putting too much stock in the long-term cooling capacity of those little fans.
Every drive that has ever failed on me has been because of heat. I put several fans in the case to make sure the drives don't overheat. So far so good (knocks wood)
for drive cooling without a specialized cage, i've been really happy with the antec sx1040 (among other antecs). both of the internal 3x1" drive cages have an 80mm fan mount at the front to direct air over the hard disks. right now, i've got a 15k rpm drive in the top and bottom slots of each cage with the fan pushing air through the middle and the drives are barely warm to the touch (before the cooling, they burned my fingertips).
having experienced the before & after, i don't see myself ever putting important and/or hot drives into production without dedicated cooling.
whether my personal server needs 15k rpm raid10 is another matter...
<pedantic> Probably? Assuredly, I would say. If transistor count continues to double every 2 years, with 42M transistors per CPU in 2000, you would have 43 billion in 2010, 44 trillion in 2020, 47*10^21 in 2050, and 53*10^36 in 2100. If that hasn't reached the number of atoms in the known universe, then keep counting years and it will. </pedantic>
<more pedantic> you are, of course, overlooking the inevitable creation of sub-atomic transistors! </more pedantic>
Though disapproved of by many, pronunciations ending in \-ky&-l&r\ have been found in widespread use among educated speakers including scientists, lawyers, professors, congressmen, U.S. cabinet members, and at least one U.S. president and one vice president. While most common in the U.S., these pronunciations have also been heard from British and Canadian speakers.
that merely says that there exist people who pronounce the word in that fashion. it doesn't say anything about their inability to associate letters with sounds being correct.
When comparing against a hyperthreading (HT) processor, do you count a HT CPU as one or two.
it's one processor. it represents itself as two logical processors with no instruction cache to trick the operating system into letting the hardware take care of optimizing instruction scheduling. even though linux identifies two full speed processors, there's only one chip doing the work, so it would be silly to expect it to perform twice as well.
i think this is a case where too much automation is a bad thing. updating apache 1.3.x to apache 2.0.x isn't something you want done automatically, but when 2.0.x was stable in portage, that's what would've happened. similarly, with the recent openssh issues, you'd have recompiled the new version, but still had the old version listening for connections/exploits. if nothing else, you should probably email yourself a list of all the packages that were updated so you know services need restarting or you should check on to make sure it didn't break.
After all these years since I first tried to dial in to a Microsoft network I still can't do it without first compiling my own kernel and pppd! I'm just a bit annoyed as I'm sitting here watching my Debian Unstable kernel recompile. For one change: added CONFIG_PPP_MPPE=m. This is a frustrating waste of time! Will this be built in the 2.6 kernels, or do I have to hope that somebody comes up with a better implementation (in Debian non-free perhaps) for this?
how many users would benefit from having that as a default option? no, really, you're the exception here. build a kernel every few months and get on with life.
you've got to be shitting me. if you're too fucking stupid to understand the difference between a vulnerability and a virus, you should just disconnect yourself from the internet. running symantec's virus removal tool doesn't fix the problem.
the format and reinstall requirement is a pretty standard course of action. if a user has one virus, it's not unlikely that they have more. but the bigger reason for the policy is usually user education. if someone's personally inconvenienced by their own negligence, they might take more proactive measures to stop it from happening again. simply cleaning the virus doesn't provide the user with any incentive to care.
yes, i'm aware of the dangerous internals of a crt. note that i'm not pictured in the video. that's because i was wearing a whole lot of protective gear and didn't look like much the (female) protagonist.
i had the opportunity to take a sledgehammer to a burned-out imac for work this summer. the footage was used in a commercial for the dorm cable channel reminding students that they can get help for their computers before they get aggravated enough to take a sledgehammer to them. but the full video's kind of boring (and a big download), so here's the footage of the smashing:
it's dorm move-in weekend at the university where i work. after looking at a sample of the machines brought to school by students given the privilege of early move-in (ra's, mainly), we found that less than 5% of our students were patched for both blaster/lovesan and welchia/naichi. as such, it was decided that shutting off the entire residence hall network would be easier than shutting off ~95% of the ports once they got infected (typically takes 3-5 seconds in this environment). so our student workers and a few full-timers like me get to make our way to every single student machine (~8,000 students in the dorms) and analyze, clean, patch, and install a current virus scanner.
this is a battle of bad worm vs. less obviously bad worm. i don't understand why nobody seems to realize that naichi is also a threat. besides the fact that it's a worm, it leaves behind a pair of services, exposing the "repaired" computer to future exploitation, next time through a more convenient tftp interface.
it patches the rpc hole and installs a tftp server on the saved machine. it then propogates to other machines, infecting them and patching the vulnerability so a later variant of the same worm won't be able to uninstall it.
windows has flaws, but if you protect the os from its users, it's not really that bad.
What kind of bullshit is that?
no bullshit. most problems with windows flakiness and crashing are influenced (not necessarily caused) by poorly-written or intentionally malicious software. specifically, i mean p2p software, its associated spyware, and things like bonzi buddy. at best, they waste cpu time. at worst, they outright break things.
as i remember, bearshare had a penchant for replacing windows' tcp stack with its own. as a result, https:// urls couldn't be loaded in ie. of course, there are many, many examples of 3rd party software destabilizing windows.
my original point was that if an admin sets up the system such that it doesn't allow the user to install their favorite suite of unnecessary software, then it's likely that the system will run much better. if nothing else, it requires that all the software on the system be installed by someone who (hopefully) knows the effects it will have.
So, we went from the two of us supporting 700 - 1000 users to 18 people.
And the user populace was not happy. The standard rebuild time of a machine went from 'when they got new ones' to once a week. We had device driver issues, and SLAs of getting machines back up and running in two hours so we ended up just ghosting machines over and over to clear up whatever went wrong.
i don't want this to sound like a personal attack, but that sounds like it's more your team's fault than windows'. we all know that windows has flaws, but if you protect the os from its users, it's not really that bad. an install of 700-1000 users really should be given the budget to purchase appropriate tools for their administrative needs.
i'm responsible for ~400 lab machines at uiuc, all running win2k, and with some file permissions and some software to automate software/hotfix installation and updates, we're to the point that our machines are rebuilt once a year. the only exceptions are hardware failures. i'm not trying to say i'm better than anyone else, just that weekly rebuilds are far from a necessary facet of a windows admin's life.
Slashdot Mirror
i think there's a subtle difference between doing what you want with your hardware and requiring the system they put on that hardware to allow you to do so. i really don't know much about the details of the tivo hardware, but my impression is that it's possible to run your own linux install on it (though not very useful). as such, while you're free to do what you want with the hardware you've bought, it's the service running on it that's limited, and given the nature of tivo's business, i don't fault them for that.
i'm curious about this one. i hadn't read the rfc before, but going through it now, i'm not seeing how this would happen. if i'm reading correctly, the presence of "application/xhtml+xml" means that the content-type is in the list of acceptable types (even if it's not preferred, as in #2). how does it go into that list noting it's absolutely not wanted?
i agree with your other points and i've actually worked around them but didn't think that part was relevant here
since you asked, i use xhtml+xml because the content part i write comes out a lot cleaner and easier to maintain. that may well be a fault in the habits i've developed for writing html 4, but it's a reason none the less. it's also handy that firefox is so picky with it -- if i screw up, it tells me right away.
it's not really that bad. i do the content-negotiation in two lines of php:(php defaults to text/html if that's not matched)
as far as i can tell, this does a good job of sending my xhtml correctly to browsers that can handle it while other browsers deal just fine (if incorrectly). the content/display separation makes it a small thing, anyway... my problems with browsers behaving differently have always come from the stylesheet rather than the content.
i'm not sure this web community would be pleased that slashdot's being used as an example of currently-accepted design choices. at least on the front end, slashdot's code is dated and inefficient. alistapart.com has a fun article on how it could be made better.
keep in mind that raid 5's write performance can be pretty nasty. at worst, a single write can require a read from each drive, parity calculation, and a write to record the new parity. raid 5 is great for things like static webserving where reads outnumber writes by a large margin, but for storing something user's home directories or a database with lots of writes, it's best to make sure your raid controller can optimize away the write performance hit, as most do, but you get what you pay for in a lot of cases.
personally, i like raid 10 better than 5 because i don't mind trading a disk for real redundancy. parity-based raid levels require the controller to do more work in normal operation and a lot more in rebuilds. i prefer to just copy the good drive from the mirror to the replacement drive.
anyway, ac&nc's raid.edu has a lot of good info on the advantages and disadvantages of various raid levels.
facts are tricky like that:
"We don't know how many total servers the numbers were gathered from or what percentage of those servers is Linux vs. Windows, etc. It is safe to say that these results are true for the servers they monitor, but the percentages may not be true for all servers across the globe."
while there certainly exist a large number of linux machines that have been compromised, i can't imagine the number of infected linux machines is anywhere near that of the win32 systems infected by blaster/welchia/code red/nimda/sql slammer/klez/dumaru/sobig/etc. in the same time frame. i suppose the counting in this case depends quite a bit on the counter's definition of "compromised."
and i still say you got the wrong impression. sun's systems are built for reliability. the athlon-xp is built for raw speed. both approaches have tradeoffs, as you've seen. google, for instance, uses x86 hardware in their disposable backend systems. they want the fastest hardware for the money and they don't really care if a few systems to be replaced after a few months. sun customers sacrifice cpu power for the knowledge that the server they're getting can do its job for years if not decades.
in general, they are. however, there's only so much that library optimizations can do for you when you're competing against a significantly faster processor in a cpu-intensive task. again, you're expecting something that the system wasn't designed to deliver, and i still claim that the system isn't at fault for operating as intended.
sun's hardware isn't marketed for its computational power. people buy sun hardware for its reliability and for the ability to run solaris/sunos on its native platform. if you want something that will crunch numbers as fast as an athlon xp, you're using the wrong tool.
last i'd read, intel will be releasing a chip with the amd64 extensions (i think that'll happen with prescott), so even if it helps amd, it would still be in their best interest to make 2.6 work well with x86-64
ok... so exactly how many times have your heatsinks fallen off the chip during operation? there are plenty of valid reasons to go with a p4, but that's not one of them.
at my last job, my boss needed more space for video work on her mac and bought a stack of 4 external firewire drives. within a year, 3 of the 4 40mm fans had died. it could just be my bad experience, but i've found the smaller fans to have rather pitiful life spans, be it in video card cooling, north bridge cooling, 5.25 drive bay cooling or external hard drive cooling. the one exception i've seen is an original fan on a pentium 200's heatsink that's still going strong. my point is that i wouldn't recommend putting too much stock in the long-term cooling capacity of those little fans.
for drive cooling without a specialized cage, i've been really happy with the antec sx1040 (among other antecs). both of the internal 3x1" drive cages have an 80mm fan mount at the front to direct air over the hard disks. right now, i've got a 15k rpm drive in the top and bottom slots of each cage with the fan pushing air through the middle and the drives are barely warm to the touch (before the cooling, they burned my fingertips).
having experienced the before & after, i don't see myself ever putting important and/or hot drives into production without dedicated cooling.
whether my personal server needs 15k rpm raid10 is another matter...
<more pedantic>
you are, of course, overlooking the inevitable creation of sub-atomic transistors!
</more pedantic>
that merely says that there exist people who pronounce the word in that fashion. it doesn't say anything about their inability to associate letters with sounds being correct.
it's one processor. it represents itself as two logical processors with no instruction cache to trick the operating system into letting the hardware take care of optimizing instruction scheduling. even though linux identifies two full speed processors, there's only one chip doing the work, so it would be silly to expect it to perform twice as well.
i think this is a case where too much automation is a bad thing. updating apache 1.3.x to apache 2.0.x isn't something you want done automatically, but when 2.0.x was stable in portage, that's what would've happened. similarly, with the recent openssh issues, you'd have recompiled the new version, but still had the old version listening for connections/exploits. if nothing else, you should probably email yourself a list of all the packages that were updated so you know services need restarting or you should check on to make sure it didn't break.
After all these years since I first tried to dial in to a Microsoft network I still can't do it without first compiling my own kernel and pppd! I'm just a bit annoyed as I'm sitting here watching my Debian Unstable kernel recompile. For one change: added CONFIG_PPP_MPPE=m. This is a frustrating waste of time! Will this be built in the 2.6 kernels, or do I have to hope that somebody comes up with a better implementation (in Debian non-free perhaps) for this?
how many users would benefit from having that as a default option? no, really, you're the exception here. build a kernel every few months and get on with life.
you've got to be shitting me. if you're too fucking stupid to understand the difference between a vulnerability and a virus, you should just disconnect yourself from the internet. running symantec's virus removal tool doesn't fix the problem.
the format and reinstall requirement is a pretty standard course of action. if a user has one virus, it's not unlikely that they have more. but the bigger reason for the policy is usually user education. if someone's personally inconvenienced by their own negligence, they might take more proactive measures to stop it from happening again. simply cleaning the virus doesn't provide the user with any incentive to care.
yes, i'm aware of the dangerous internals of a crt. note that i'm not pictured in the video. that's because i was wearing a whole lot of protective gear and didn't look like much the (female) protagonist.
i had the opportunity to take a sledgehammer to a burned-out imac for work this summer. the footage was used in a commercial for the dorm cable channel reminding students that they can get help for their computers before they get aggravated enough to take a sledgehammer to them. but the full video's kind of boring (and a big download), so here's the footage of the smashing:
http://tuxedo.housing.uiuc.edu/~ckuehn/imac.mov
if anyone's curious, it felt pretty good.
it's dorm move-in weekend at the university where i work. after looking at a sample of the machines brought to school by students given the privilege of early move-in (ra's, mainly), we found that less than 5% of our students were patched for both blaster/lovesan and welchia/naichi. as such, it was decided that shutting off the entire residence hall network would be easier than shutting off ~95% of the ports once they got infected (typically takes 3-5 seconds in this environment). so our student workers and a few full-timers like me get to make our way to every single student machine (~8,000 students in the dorms) and analyze, clean, patch, and install a current virus scanner.
overtime is great.
this is a battle of bad worm vs. less obviously bad worm. i don't understand why nobody seems to realize that naichi is also a threat. besides the fact that it's a worm, it leaves behind a pair of services, exposing the "repaired" computer to future exploitation, next time through a more convenient tftp interface.
is it really that much to ask people to read an advisory of how the worm works before cheering it on?
it patches the rpc hole and installs a tftp server on the saved machine. it then propogates to other machines, infecting them and patching the vulnerability so a later variant of the same worm won't be able to uninstall it.
What kind of bullshit is that?
no bullshit. most problems with windows flakiness and crashing are influenced (not necessarily caused) by poorly-written or intentionally malicious software. specifically, i mean p2p software, its associated spyware, and things like bonzi buddy. at best, they waste cpu time. at worst, they outright break things.
as i remember, bearshare had a penchant for replacing windows' tcp stack with its own. as a result, https:// urls couldn't be loaded in ie. of course, there are many, many examples of 3rd party software destabilizing windows.
my original point was that if an admin sets up the system such that it doesn't allow the user to install their favorite suite of unnecessary software, then it's likely that the system will run much better. if nothing else, it requires that all the software on the system be installed by someone who (hopefully) knows the effects it will have.
So, we went from the two of us supporting 700 - 1000 users to 18 people.
And the user populace was not happy. The standard rebuild time of a machine went from 'when they got new ones' to once a week. We had device driver issues, and SLAs of getting machines back up and running in two hours so we ended up just ghosting machines over and over to clear up whatever went wrong.
i don't want this to sound like a personal attack, but that sounds like it's more your team's fault than windows'. we all know that windows has flaws, but if you protect the os from its users, it's not really that bad. an install of 700-1000 users really should be given the budget to purchase appropriate tools for their administrative needs.
i'm responsible for ~400 lab machines at uiuc, all running win2k, and with some file permissions and some software to automate software/hotfix installation and updates, we're to the point that our machines are rebuilt once a year. the only exceptions are hardware failures. i'm not trying to say i'm better than anyone else, just that weekly rebuilds are far from a necessary facet of a windows admin's life.