Slashdot Mirror


User: ledow

ledow's activity in the archive.

Stories
0
Comments
5,597
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,597

  1. Whoa on First Look At Windows 7 On an Entry-Level Netbook · · Score: 5, Insightful

    Hold on, WTH:

    - It takes 450-odd Mb of RAM to just sit at a clean, freshly installed desktop. I'm still running networks of machines that run on XP with 512Mb and suffer no appreciable performance loss (admittedly well-managed in terms of applications, but we run Office too).
    - When you install Office 2007, it swaps like mad with 1Gb of RAM.
    - It takes 7Gb of drive space to install.

    That is *not* a comfortable operating system for a netbook, it really isn't. My XP laptop is about as powerful as that netbook (although mine is dual-core and has a much nicer graphics card) and yet it'll take all of the above amounts of RAM, for a basic Office install - but I have a ton of other crap installed and running (my current Opera session is taking 70Mb of RAM, for instance). So what you have is *not* a netbook but a run-of-the-mill laptop. However, if I was to try to run this on, say, an Asus EEEPC it's likely to fall flat on its face before you even start (4Gb flash, oops, bang). Where XP would be quite happy, I'd like to add (or at worst, a nLite CD would work). And that's before you even START actually using the damn thing to get work done.

    Just off the top of my head, booting a Slackware CD, pressing "yes" to everything, etc. will get you into a full X-Windows environment with several window managers, thousands of apps, all in under 5Gb storage (most of that being silly stuff like gcc, KDE I18n, and TeX) and able to run in a few hundred Meg RAM. With OpenOffice, yeah you might get a bit of swapping went you first load but the point of netbooks etc. is the nice suspend options, and it sounds like it wouldn't be anywhere near as bad.

    I know this is all based on a "blog-o-expert", but hell... it's obviously not suited to the task. Just like XP isn't really suited to the task. But it sounds like it does an even worse job. Yeah, with some tweaking you can probably get rid of a lot of crap but you're never going to be able to pare it down as far as XP, or any version of Linux.

    So in the age of netbooks, where people are getting them thrown at them with their mobile phone contracts, MS's idea is to release (and thus force upon people) a new OS that doesn't really handle them at all unless you voluntarily soup them up and kill their performance/battery life. Good plan. I was seriously half expecting a special "7 mobile" edition at some point that would merge the CE and NT-based product lines for netbooks, seeing how that's the buzzword at the moment. In the absense of that, another growing OS is hardly a surprise. I'm actually pleasantly surprised that it wasn't a LOT worse than this. Vista upgrades were a really, really big deal and killed many an upgrade plan stone dead. This isn't in those realms, but it's hardly good news.

  2. Re:Are they absolutely sure? on Hundreds of Black Holes Roam Loose In Milky Way · · Score: 1

    Swirly Thing Alert!

  3. And? on Nintendo and the Decline of Hardcore Gaming · · Score: 3, Interesting

    Please, tell me what's new?

    I owned over 200 Spectrum games, I completed *exactly* one (Nonterraqueous). If you go by the number of games that can't *be* completed but which I got very, very, very involved in, then you can probably include the Gauntlet series, Chaos, Bruce Lee and Target:Renegade. I pored thousands of hours into games over several years, but only managed to complete less than 1% of them. That *doesn't* necessarily make me a casual gamer, it just means that I got bored of most of the games quite quickly and played something more interesting. If you look through my software libraries of the time, you can see exactly where the most time was spent and there are entire *years* where I didn't play the new games I was buying because I was so busy with the old ones. Does hardcore gamer mean "plays a lot of games", "spends a lot of time playing games", "plays games through to the absolute finish", "plays the newest games" or what? It's such an obscure term it could mean anything, and technically I've been in all those categories for parts of my gaming life.

    Casual games *are* played by hardcore gamers, it all depends on what and how you want to do with them. When I bought Half-Life 2, I played it through on Medium difficulty. Why? Life is too short to spend thousands of hours on the extreme levels reloading and reloading to get the perfect 100-health, every objective run. But some people did just that. Does that mean that I'm somehow in the same market as the Wii "wiggle the controller once a minute" crowd, or that I am somehow vastly different from that crowd? No. I actually play things like WiiSports all the time, but also find that you just cannot get a good FPS/strategy on such machines. My most common games to play are the old games I used to own via emulation... does that mean I'm not a "hardcore" gamer? I spent hundreds of hours honing my skills on CS and CS:CZ, does that make me one?

    The elements that, to me, make a "hardcore" gamer are:

    Time dedicated to the task.
    Difficulty of the task to a new player.

    Thus, it has *nothing* to do what the actual games that are played. It's like saying that a professional tennis player is a "hardcore sportsman" but that someone who spends every spare moment they have running but doesn't actually compete isn't one. It's really just a matter of dedication.

    Just a few categories to jog people's brains but are the following considered "hardcore" gamers or not: NES Speedrun fanatics? Professional Counterstrike players? Dedicated Counterstrike players that don't compete?

    So discussing hardcore gamers as something seperate from casual gamers (although we can all pick out the two from our friends without needing a formal definition) is crazy. The game I spent five minutes on might well be considered a "hardcore" game. I've never even *loaded* World of Warcraft... does that make me ineligible? But what about the time and money spent, and the skills gained on a ten-year-old game? That doesn't count?

    Hardcore gamers will always want different games to casual gamers. The proportion of each in the world has changed recently, but it doesn't mean *anything* can be predicted from it. For all we know, it might mean that in ten years time *everyone* is a hardcore gamer because they were introduced gradually to games by the casual games and sought out more. Hardcore games won't die while someone wants to pay for them. Casual games won't die while someone wants to pay for them. Discounting actual hardware inadequacies, both types of game can be produced for any hardware. Nothing's going to change.

  4. Re:No plans to support older titles on Hands-on With the Wii MotionPlus · · Score: 1

    It's uncertain.

  5. Re:Stop with the legitimate business line on Pirate Bay Trial Ends In Jail Sentences · · Score: 5, Insightful

    You miss the point.

    It was a generally held belief (and may well still turn out to be so) that what Pirate Bay did was NOT illegal in their country. It's yet to be (convincingly) proved otherwise, because the "evidence" was sparse and technically-incorrect at best. It was that unsure that it took a court to decide it, even after police raids that couldn't find anything "illegal". And it has yet to be appealed against.

    What you name a place has NOTHING to do with the law behind it. You can't be convicted based on what you called something, unless the name itself is somehow illegal.

    And as for "hitting the supply chain", maybe the best analogy then would be to stop camera-recording and/or screener leaks rather than chase down people who downloaded it? In actual fact if you want to eliminate something then you have to take out ALL forms of contact with it - drug dealers, drug pushers, drug takers, etc. This is the equivalent of suing not just the site owners, but the people who leaked your DVD and the people downloading it. By extension of the intentions of this case, that would also imply suing anyone who ever links to those torrents, anywhere, and anyone who carries the links to those torrents (e.g. Google) - it's like arresting people because they had a discussion about drugs, or told someone not to go to a particularly drug-ridden part of town late at night - you're trying to convict people who had only incidental connection with the crime but have performed no criminal act.

    Remember - it's still not established law that what the Pirate Bay did was illegal. That's not true until all Swedish court appeals are finished and no more are allowed to be brought (and even after that, there's the possibility of an EU appeal/intervention).

  6. Re:Not Silly on Obamas Give Queen Elizabeth an iPod · · Score: 1

    "don't have a clue what class is."

    Yes. He's American. Again, back to my original point, who cares?

    Are we trying to outclass each other in the gift stakes or do our bloody job? Personally, I've have a million times more respect for a politician who pre-announced that he wouldn't be buying the other anything because it would be a waste of taxpayers money, and then met in a restaurant or a cafe to sort it all out instead of going for a big over-the-top, you-are-welcome-in-my-country introduction with red carpet etc. I'm waiting for a prime minister/president who turns up to an official engagement in his own car, hops out, gets straight to business, sorts things out and then the *second* he is finished hops back into the car and onto his next appointment. It would show me that he was working for his money.

  7. Re:Silly on Obamas Give Queen Elizabeth an iPod · · Score: 1

    I'm similarly British and, to be honest, this "article" is the first I'd ever heard of it, which is why I made my original post.

  8. Re:Well on Aussie Minister Backs Down on Internet Censorship · · Score: 1

    Whoa... ease back there. *Australians* (as in citizens) can do what they like (but to be honest, I've read ten times more on this on non-AU websites than AU ones, and the AU coverage was very late to the mix - and my Aus friends knew nothing about it before I pointed it out), what I'm questioning is how such a decision got so far (i.e. to a national trial stage) with little-to-no-questioning, not from the citizenry but from rival politicians, internal watchdogs, legal groups within the government etc. It doesn't matter what *YOU* do, you have 1/20,000,000th of a vote as to what actually happens, the same as I have a similar amount of impetus in my own country. What I'm questioning is the lack of hindrances up until this point. It shouldn't take the common citizenry to protest to stop something, there should have been someone in government crying wolf about this YEARS ago, and internal squabbling should have killed it before it got out of the door. By the time Joe on the street hears it, it's almost certain to happen even if only in cut-down form.

    Sorry pal, but your (and your fellow citizens) efforts mean very, very little unless it's election time (and then they don't mean much either). What I'm pointing out is the lack of opposition to it BEFORE it got on the news.

  9. Re:How is the signed photo a common item? on Obamas Give Queen Elizabeth an iPod · · Score: 1

    Who said "common"? I said "readily available"... as in they don't have to do anything special to get hold of one (similar to how Obama was criticised for offering gifts that looked like they came out of the White House gift shop). There aren't going to be many of these things about, granted, but then it's not exactly a *gift* either. You aren't going to go home and stick it on your mantlepiece unless you're one of the common people, and she's supposed to be giving this to *dignitaries*?! It's like a bad joke you might hear about a celebrity... they're so "up themselves" that they give out signed photos instead of paying their bills in restaurants etc.

  10. Silly on Obamas Give Queen Elizabeth an iPod · · Score: 5, Insightful

    First, who cares who gave who what? Seriously? I mean, if you made a *major* boo-boo and gave Obama some racist memoribilia or something, then you're an idiot, but otherwise who cares? You're talking negotiations over the future of countries, anyone who reads anything into the gifts is clearly desperate for news or clearly focusing on the wrong things.

    Have the governments of the two countries seriously got nothing else better to waste their money on than gifts for other nations? Sure, bring something along but keep it simple. A couple of bouquets for the missus and a bottle of special wine or something to enjoy over dinner one night. Anything else is asking for a cock-up because it'll have been made from the ship that X's father fought against in war Y or something. And, trust me, nobody British really cared what gift was received/given the last time the US president and the UK prime minister met. Nobody. The press obviously had nothing else better to report, or were feeling snubbed themselves. They don't even care that Churchill's bust was moved in the Whitehouse... really... we don't have American presidents lining 10 Downing Street, so why should the American's have anything similar? So long as it was done respectfully (i.e. they didn't kick it down the stairs after drawing a moustache on it), who cares?

    Personally, I think the Queen's gift is the worst out of all those listed (in all the linked articles) anyway - it's too imperialist and overbearing... a signed photo... "Look, I have given you something cheap and readily available to remind you that you were once in my presence". Urk.

  11. Well on Aussie Minister Backs Down on Internet Censorship · · Score: 3, Interesting

    If we have indeed finally passed the stage where every single story on every website is an un-funny April Fool's "joke"...

    What worries me more about stories like this (in any country) is not that anyone thought they could filter a country, or indeed DO (there are countries where this sort of thing is already in place, don't forget) but that no-one questioned HOW it got so far so quickly. Someone, somewhere made a decision to affect every Internet-using citizen in a country and nobody batted an eyelid. You can bet your life if they'd added 1% to Internet connection costs, there would have been uproar. But it took until the lists were ballsed up, leaked (illegally?), those lists were banned in several countries, the news of this all hit the web and from there the mass media, etc. before anyone really decided that, actually, this might not have been the best course of action to embark on.

    I don't expect politicians to have morals - they are given to them by their voters and their fundraisers - but I would have at least expected some sort of two-way consultation on this beforehand. The users said no, the ISP's said no, so who exactly did they ask and who pushed it through anyway? Someone, somewhere must have asked "is this even possible, is it going to cause trouble?" before it got near a trial phase.

    I could also understand it if it came the other way - an ISP decides to implement it for its customers and it gains traction... a bit like Phorm in the UK (targetted advertising delivered by proxying all web traffic at the ISP side).

    There's nothing I hate more than a "decision"/"vote" that has already been decided and even if it hits vast opposition STILL gets implemented. It just makes me detest the person/entity that tried to make me think there was a decision to be made and never trust them ever again. It's like redundancy negotiations - by the time it's GOT to the point where you're announcing that there MAY be redundancies, you already know who, what and how many and everything else is a pointless paperwork exercise to pretend you don't and to fiddle the numbers to come to the same conclusion as you want. The second you reach that point of announcement, you KNOW that you're either in or out and there's no way back. (I've never been made redundant, but I've seen several of these pointless exercises first-hand).

    Here's a clue - before you go affecting more than 10,000 people's lives, ask around and see how people feel (those affected and those not) by telling them every consequence that YOU know of. It'll prevent a lot of stupidly embarassing political mistakes.

  12. Re:Not Really on The Pirate Bay Comes To Facebook · · Score: 5, Insightful

    "Enabling" downloading of copyright material is a highly dubious, very unclear "legal" standard. As such, it doesn't exist in the form that you think it does (or that the RIAA think it does) and it isn't present in a great many legal systems. You can see why - the person who supplies the computer keyboard/mouse is "enabling" the user to download a copyrighted work. So is the monitor manufacturer, and the ISP, and the electricity company.

    Thus the legal standard that is required for proof of such actions needs to be substantially higher than "what the RIAA thinks is enabling". Additionally, jurisdictional boundaries greatly interfere here (the RIAA can be as interested in me as they like, but I don't live in America), as do other relevant laws (i.e. the "right" to free speech, fair use, etc.) and the requirement of hard evidence that not only do I have the copyright material in my possession without a licence grant, but also that my *intention* was to then breach copyright by distributing further etc.

    Additionally, I have saved somewhere a news report from BBC News in which representatives of several major UK record companies state that they allow people to download/convert music they already own to use on their own devices, as many times as they like. This is quite damning and would protect certain usage of certain torrents, whether or not the official word on the copyright laws in my country say so.

    Also, the legality or otherwise of a torrent file in even a single country has not been legally locked down (roll on April for PirateBay) and thus it's almost 100% certain that any court case would set a precedent in the particular country that hosts it. Until then, the whole thing is just a legal grey area and thus someone could easily do the above mentioned archiving, with a good technical knowledge and an intention of not breaching copyright, and not be breaking ANY existing laws at all, espeically if they can provide good reason (such as the whole "a torrent isn't its contents" argument which SHOULD damn well be correct).

    Don't let every legal threat you ever hear form a legal fact in your mind. 99% of things never go to court and 50% of those that do fail miserably. Otherwise, bank charges in the UK would be in the order of £5, not £50, Linux would be cleared or convicted of breaching several hundred patents, Microsoft would be dead in the water and I'd be able to eat peanuts without having to read "May contain nuts".

  13. Re:Good for AT&T! on AT&T Won't Terminate User Service For RIAA Without a Court Order · · Score: 1

    There's probably a substantial dollar value attached to that installation.

    Either that, or a hell of a lot of paperwork.

  14. Re:Good for AT&T! on AT&T Won't Terminate User Service For RIAA Without a Court Order · · Score: 4, Insightful

    No kudos required. This is the *only* sensible course of action. It's not up to AT&T to decide if people have done something or not, that's up to a court of law. Allegations are all well and good but if someone wrote to my telecoms company saying I'd been making harassing phone calls, the telecoms company can't cut me off unless they can PROVE those phone calls happened and were harassing (much easier than my ISP proving that I downloaded copyright-infringing material from a third-party without a valid copyright license to the right in question, or under fair-use laws) or a court order telling them to do so. Anything else is just bunkum from companies that have NOT checked their legal requirements and/or liabilities.

    In time, all ISP's will subscribe to this way of thinking, becuase it's the only path they can follow without introducing legal problems for themselves. At the moment, it's a non-issue because your internet doesn't go off without a court order, or legal proof of breach of contract, or customers agreeing to it. There's not a single confirmed case of that ever happening. Ask yourself why.

    And downgrading my speed is no different to cutting me off, if what you're alleging is breach of contract. You still have to prove that breach of contract in a court of law before you can change the terms of the contract.

    Internet access is *not* a right. Neither is telephone access. If you breach the contract or misuse either, you can and will be cut off if it can be proven, not slowed down because "it's a necessity". And the day that it becomes *impossible* to do something without a telephone or internet access is the day that it will be *impossible* to legally cut someone off from either. That day won't happen any time soon.

    I've just had a blazing row with a company demanding that they never contact me by telephone but only on paper. That row turned a two-month-long dispute with multiple, long, telephone calls, being passed through dozens of departments from both sides into two letters (one each) being exchanged and solving the problem within a week. Telephone and Internet communication isn't required and is in fact only a convenience that can reduce the administrative hassle of dealing with people. However, written communication is not only legally binding, easily recorded (you can't necessarily record a telephone conversation in some countries), accepted by courts - it is the one of the very few ways to provide official legal communication (serving notices, court orders, etc.). While written communication exists, your phone and Internet can be cut off without redress and continuing to allow you access to it after a breach of contract on the terms of your use opens up the phone/ISP companies to liability. The only thing to worry about is the MEANS of obtaining that cut-off.

    There will be a case, somewhere soon, where an ISP cuts off a customer with no evidence who then chooses to fight. And then ALL companies will see why AT&T adopted this particular phrasing and standard. Because it's the only one that'll pass a court of law unhindered. My guess is that it won't be an AT&T customer.

    Companies can spout a lot of rubbish at you, but breaching (or even modifying) a legal contract with you on the basis of a third-party's hear-say isn't something that is going to stand up in a court of law. However, don't be surprised if, in the following years, your ISP's terms & conditions include clauses that allow them to use the RIAA or similar as someone with the say-so to terminate your contract, or similar. And once you sign that (or agree to those changes, even if that's just by failing to cancel after you were notified of them), THEN you have a lot bigger problems.

  15. Ways to "win" against any bot on Is Your IM Buddy Really a Computer? · · Score: 1

    I've tried several of these types of bots and here are the best ways to reveal what they are:

    1) Talk nonsense. A human normally reacts with surprise, or incomprehension, or anger, or just ends the conversation. A bot *always* tries to make a reply.

    2) Put one sentence in a foreign language. A human would ask what language, or try to interpret it, etc. A bot generally just tries to make whatever sense it can, even if that's gobbledegook.

    3) One sentence per person... if you try more than that, the conversation gets confused. Whenever I'm on IM, quite often several complete lines will be given before a reaction is brought forward.

    4) Context. Switch between subjects and/or try to limit the context in one particular sentence... you'll find that bots can't keep hold of the context between even consecutive statements, let alone throughout a conversation.

    5) Personal information. Pick a couple of famous movies/books and quiz the bot on them - they won't have "read" them, so they won't have anything but vagueries to answer with.

    6) Parsing language for meaning and concepts. A particular trick is to say something like "Wait ten seconds, then type Fred for me", if the bot doesn't respond with questions or refusals, it won't be able to follow the instruction.

    Of course, you can counteract most of these tricks in a bot but you'll never be able to cover all bases. In the last example, you can change the conditions/instructions to a million different things and it can't understand the concept.

  16. Re:Power on Companies Waste $2.8 Billion Per Year Powering Unused PCs · · Score: 1

    I am *perfectly* aware of the issues at hand. And if you think that even a million people switching off their PC's is going to make an ounce of difference to the global problem, then you're sadly mistaken. Do you have any idea how much power China pumps through their cities each night? Or Las Vegas? And that's not even 1% of the problem, and neither is a poor consumer attitude. There are 10 million political problems that currently block perfectly good solutions to such problems (building more nuclear stations, etc.). That's the problem - not people forgetting to switch off a light - and that's exactly what got us into this mess.

    I'm stating that trying to convince businesses that their systems need to be redesigned, retested, thrown up and down overnight to do the same job that they do now but with less power is STUPID from a social point of view compared to the million and one other things that save MORE power (substantially more) with LESS effort / upheaval. You don't "win" people around to a scientific/humanitarian way of thinking by making their lives difficult, you give them an incentive for an easy task that is within the realms of capability to do out of habit and gradually show what a difference they can make with simple tasks.

    I agree that none of the ideas are mutually exclusive but, being an IT manager, given that list, I'd rather try ANY of them than trying to get my networks (i.e. not pre-designed to do such things) to come up and down on demand given my previous experiences with sleep modes, wake-on-lan, dodgy BIOS's and everything else.

  17. Re:NX and ASLR on Pwn2Own 2009 Winner Charlie Miller Interviewed · · Score: 1

    An internet connection tied to my name and address?

    I work in schools - I can't afford for some little plonker down the road to hack into it and then decide to use it to browse websites which may or may not be illegal and traceable to me (I'm thinking of one particular kind of website, the kind banned in most of the world and which Australia recently tried to block with a blacklist, but I'm currently behind a heavy filter on some of the keywords associated with that particular topic).

    Internet access is convenient, sure, and my friends *do* use it (they have my USB key, it takes seconds for it to connect securely), or I lend them my laptop. It's not to protect me against my friends (I just find it funny that they can't figure out why it's locked down, much like you can't), it's to ensure that only people I choose can use it. You think it doesn't happen? There are published cases of arrests for people getting unauthorised access to WLAN's from parked cars every month where I live. You think that I wouldn't be prosecuted? Probably not, but proving that is quite difficult and the law is currently biased towards suspicion rather than leniency in that area. Additionally, just the *mention* of such things would be enough to lose my job with little-to-no recourse against my employer for getting rid of me... they can't afford that sort of reputation.

    I also don't see why other people think their WLAN's should be open like this - everything comes back to you and creates hassle, if nothing else (the RIAA are now even talking about cutting off your connection if you get too much downloading going on from your home!). Also, depending on the setup, the wireless provides access (indirectly or not) to your home network. I don't let *anybody* on some of the machines I bring home from work and have to connect to my network (Data Protection, Child Protection, etc.) and I don't like the idea of anyone but me looking at the contents of any of my personal hard drives (no matter how benign they are in general, there will be credit card traces, receipts, logins, passwords, etc.). I have even done this in a live-demo for someone who didn't believe me ("Oh, there's nothing interesting on my computer" and in another case "Oh, you won't see anything going through my wireless without the passwords") and you'd be AMAZED what you can find out from an unsecured (or poorly secured) WLAN.

    If you would let someone into your house to plug in an Ethernet lead into your network/computers, then fine... that's your problem. Otherwise, secure your wireless, or at least limit it to "Guest" access to just the Internet if you are using it to attract custom as part of your business.

  18. Power on Companies Waste $2.8 Billion Per Year Powering Unused PCs · · Score: 4, Interesting

    And any company THAT bothered by this would be using more power-efficient PC's anyway. Face it, 99% of staff using a computer as part of their daily work don't need a full desktop PC and certainly don't need dual-core systems with Gbs of RAM. So instead of faffing about trying to recoup some of the loss from buying that terrible hardware in the first place (monetary costs, environmental costs, maintenance costs, etc.) they would be much better off buying some low-power desktops (like the Atom's, Via's etc.) and thus not pumping most of their electricity into heat wastage, fans, office cooling, etc. when they could just have a small 60W or so (maximum) PC that does the same jobs.

    Those who are committed to their existing hardware - well, they should have been specifying and testing WOL, ACPI sleep, etc. in the first place if they wanted to make sure it worked in their particular environment. Chances are those stuck on old machines will have more problems trying to get the PC to sleep and to wake on cue than they would have just to buy a new cheap desktop. My pet hate is machines that won't WOL without having first been turned on manually - a power cut overnight (when the machines aren't on) means that the PC's just sit there and ignore WOL packets. And that is on fairly recent hardware (2 years old?). I know it's "wake" on LAN, but a full boot and complete shutdown (not sleep mode) will let it respond to WOL packets forever until the power disappears again.

    I would hazard a guess that the following ALL save more power than would be saved by shutting off PC's overnight for a lot less hassle and inconvenience:

    - Cutting off background services in Windows.
    - Replacing hardware with more modern equipment.
    - Disabling, centralising and/or just changing vendor of the antivirus programs to use less CPU, disk-access, etc.
    - Replacing 10% of computers with a low-power alternative (even a laptop!)
    - Turning off WAP's and other unnecessary networking hardware overnight.
    - Turning the room temperature up/down by half a degree permanently (depending on the outside environment)
    - Installing doors that shut themselves to keep hot/cold air in.
    - Opening a couple of blinds/curtains to let sunlight into some of the less-used but still heated areas (cold-countries only) or fitting blinds/curtains to reduce the heat taken in from outside (hot-countries only).
    - Training users to use shortcut keys instead of clicking the mouse for everything.
    - Or removing that poxy plasma TV in the company reception which is on permanent loop playing to nobody.

    The thing is, we take power so much for granted that when we get told to "save" it, we worry over the little bits (energy-saving bulbs) and completely forget about the larger draws (heating / cooling). $36 / year / PC is nothing, no matter the scale of the company. Even a 100 PC office (which could theoretically save $3600 / year) will probably spend multiples of that on heating/cooling, bringing someone in to do the work, or make multiples of that amount by selling off some of their old IT kit, fitting those light fittings that only switch on if someone is actually in an office, etc.

    Getting businesses to understand means providing a valid, comparable reason. That normally means *money*. But even the green-friendly companies will save much, much, much, much more money by just replacing el-cheapo PC World computer with a decent low-power one and then selling off the old kit. If you do it right, you would even MAKE money by doing this (I know it's about £200/unit for a decent mini-ITX machine, and you could easily get that for a recent second-hand machine of good spec).

    It's a *waste* of time. The proportion of power you save does not justify the effort to do it, especially not when a tiny, unnoticeable adjustment to a thermostat saves ten times the amount of power, and the hassle associated with implementing power-friendly PC's does not justify the end. Put a sign up and send a memo round to staff to turn off their PC

  19. Re:NX and ASLR on Pwn2Own 2009 Winner Charlie Miller Interviewed · · Score: 4, Interesting

    Yes, layers of security are indeed the key. Any one layer isn't totally impenetrable but, like layering nets over nets over nets, if you have enough layers then eventually you end up with something that's damn-near watertight.

    People always laugh at me because they can't get on my wireless at home easily when they visit. This is because it has:

    - WPA2 with secure passphrase and MAC filtering (so this defeats 99% of my visitor's casual attempts to log on)
    - Onto a locked-down network with only one visible IP and on that IP, only one visible port (all clients have their own firewalls so that they regard the wireless as "untrusted" and don't transmit information over it) and that port is only open to known IP's. So even if they do get onto the network by sniffing / guessing /stealing the key (or WPA2 is cracked, etc.), there's nothing interesting to look at with nmap or sniff.
    - On that port, an instance of OpenVPN which is secured by its own key infrastructure with passphrases.
    - On that VPN, you have to set IP's, DNS and proxy correctly (and manually, no DHCP!) or nothing goes out.

    Yet, on the "authentic" client side, all you have to do is copy some keys from a USB key and run one little tiny script and everything just runs... I even play Counterstrike over the wireless/VPN and don't even notice any extra latency. But when WPA2 is cracked, or OpenVPN has a bug discovered in it, or MAC filtering is rendered useless (already is, I know), or they guess my internal network numbering etc. then I have still bought myself an incredible amount of time and security to fix the problem before anybody can get onto the network - and anyone trying will be tripping over so many wires that I will notice them trying and just switch it off until I'm sure it's secure. And, from the outside, it just looks like an ordinary wireless connection. You could go overboard - I could run SSH over the VPN, I could hide the wireless broadcasts, I even have a port-knocking setup that I can use to authenticate the opening of ports, without affecting my use of the system.

    Security is a question of probability... it's not that your security guard couldn't be overcome, or the safe cracked, or the cameras disabled, or the alarm cut, but that the chances of that ALL happening without anyone noticing are incredibly slim.

  20. Re:A UPS on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 1

    I have a wonderful data point here - by sheer coincidence, I have a computer that's been running for 8 years, with plenty of power outages and not a single kernel oops ever (it's on its five or sixth kernel upgrade, at least) - in fact, it would worry me if I saw a kernel oops on a machine I was relying on to store my data, as suggested by the OP, and I would probably want to integrity-check the whole damn computer. Similarly for power-supply failures, or anything else. Once you get those sorts of problems, you have bigger problems than "was the fs journalled?". I *have* seen a journalled fs that quite happily passed fsync after a power failure and had lost data - it's much easier than you think, and you can't trust it.

    And what makes you think that the journalling in the case of kernel oops would help you escape a corrupt filesystem? Almost by definition, if the kernel oopses, it has messed up and done something it should NEVER have done (like trawled data across memory etc.), and that might well be in the filesytem code. Maybe I could expand my suggestion and say "UPS + a backup", but that much is obvious if you care about your data. And I do use journalling FS, but I don't *rely* on them, precisely because of things like the recent fsync() discussion... even if you THINK it's working, it doesn't mean it is. A UPS is worth MORE than a journalling fs, because it negates the need for one to a certain extent in a much simpler fashion. However, if you care about your data, the only way to be sure is to have UPS + journalling + backups + integrity check.

  21. Re:A UPS on Kernel Hackers On Ext3/4 After 2.6.29 Release · · Score: 2, Insightful

    Yeah, I have to second this... all the journalling filesystems in the world can't compete with a bog-standard, home-based UPS. You just need to make ABSOLUTELY sure that the system shuts down when the battery STARTS going (don't try and be fancy about getting it to run until the battery lifetime) and that the system WILL shut down, no questions asked.

    A UPS costs, what, £50 for a cheap, home-based one? Batteries might cost you £20 a year or so on average (and probably a lot less if you just need "shutdown safely" rather than "carry on running"). You don't need it to give a lot of power (run ONLY the base unit off it... anything else and you could hit overloads, etc... you *won't* be operating the PC when it's on battery, you just want it to shut down and, optionally, give you a beep or two when it has shut down successfully), or for very long at all. You just need a fail-safe way of detecting when the power is out so that you can safely shutdown. You also want to check that your cabling is good (nothing more embarassing than having a UPS and then pulling the wrong cable out).

    Above and beyond that, filesystem and/or data corruption is one of those things that are almost guaranteed to happen unless you put a lot of effort into it (battery-backed RAID controllers, filesystems with slow-but-sure settings, integrity checking etc.). Make it easy on yourself - use a UPS to stop the problem happening ever, rather than try to have something *might* clean up nicely if it does happen. Even Google don't bother with journalling - if a PC loses power, it's rebuilt from an image. It's not worth faffing about to see if/when/how a filesystem can be repaired, just ensure you have adequate backups and try to stop it happening in the first place.

  22. Backups on How To Prevent Being Hacked Via Backups? · · Score: 2, Insightful

    Tape drive (or even other external device) with encrypted data. There, problem solved. Do you see why such devices/features are standard on anything that has the word "backup" on it?

    However, if you insist on having servers running all day long that you want to backup to, then at least make sure they are a million times more secure than your production servers - as the name suggests, they are your BACKUP if anything goes wrong. This means - encrypted data, locked-down networking (i.e. absolute minimum necessary - one port, one user, one ultra-secure key), proper permissioning (it might not be a bad idea to set the permissions so that you can append to a file but can't read it, thus forcing you to have physical access in order to restore any data from backup, or certainly that you can't overwrite existing files) and physical security (i.e. properly hosted in a decent hosting outfit and/or securely placed in an offsite location where they can't be got at - even if this is in a secure cage in a branch office).

    And letting the backup server have ANY permissions on your local network is just stupid. Push, don't pull. Tell the backup server what to backup, don't let it pick and choose and require access back to your network - it's a backup device not "just another machine". A simple "nothing outbound" firewall rule on that machine would have stopped them coming back to you, providing the backup was encrypted (I'm assuming they actually piggy-backed onto your network than stole the db passwords from your backups). And the backup should ALWAYS be encrypted because it might well contain information such as your passwords in it, especially so if you are storing other people's data.

    Yeah, it costs money to do this properly, but that's the price you pay for not losing thousands of people's data. I imagine the kick-back from that data loss will run to more than the price of a tape drive or two in the long run. What they had was NOT a backup. It was a rapid-restore machine. That's fine to have *as well as* a backup, but no better than hanging a 250Gb USB drive off the database server (in fact, worse, because that machine was able to be remotely-compromised).

  23. Piracy on How Do You Deal With Pirated Programs At Work? · · Score: 2, Informative

    Ask for an indemnity in writing from your employer saying that everything they use is legitimate and legal. If they refuse to provide it, you *have* to go somewhere else, because they will blame YOU when they are reported for it (in actual fact, walking and reporting them yourself wouldn't be too bad an idea if you don't want to be party to the charges, plus it covers you if they decide to pin it on you as you walk out the door). If they provide an indemnity (which they won't, but keep reading), you have a piece of paper that says you were assured it was all genuine. The person who signed it gets the blame.

    What *will* happen, if you do it right, is that when they are asked to sign a bit of paper, they will get incredibly stroppy and either get rid of you in time anyway (and you should be LONG GONE by then, if that's the case), or they will wake up and say "Okay, well, I suppose we have to do something about that, then", even if they end up hating you. It's nice earning money, and all, but they don't care about you so when the penny drops and someone does come in and audit you, at least you won't get caught up it in - short term unemployment versus police record for failing to do your job legally.

    And, I *have* done this exact thing to my employers, in order to ensure that they are, and that they stay compliant with the law. Fortunately, it was somewhere where they did have all the right licenses, but were just careless about recording them - they actually bought 10% more than they needed most of the time because they knew their record-keeping was poor. They were able to chase up 99% of the licenses, or get the seller to put it in writing, or similar, and a few extra licenses they either bought or didn't care about (because they weren't using them any more). The legitimate companies will see it as an hassle, but they will happily do it if it means legal compliance. If your place won't do this, you have to ask what *else* they are doing... Not enough money in the pension fund? Spying on staff? Fiddling the accounts? Mis-selling? Sending out false references about their ex-staff? Who knows?

  24. Okay on New Service Aims To Replace Consoles With Cloud Gaming · · Score: 1

    I realise I'm oversimplifying this a bit but what you're suggesting is:

    Games over VNC. (or other similar technology, e.g. RDP, X-Windows protocols etc.)

    Okay. No problem with that. You can even do 3D acceleration with local hardware running remote programs, vice versa and all sorts of fancy stuff. The problem, though, is the next logical step they have taken:

    Games over VNC via the Internet.

    Not being funny but on a bog-standard DSL business line communicating with a bog-standard DSL consumer line, if my VNC isn't in one of the ridiculously limited colour modes and high compression, it struggles. Sure, I can do 24-bit colour etc. but my FPS drop even on an empty-ish desktop. Both lines are capable of 8MBps and both touch that in real life, on idle networks, and both have 2Mbps upstream.

    So their claim of "only 1.5Mbps" is pushing it a bit for "real-time" traffic, especially if they are relying on MPEG compression of highly-graphical scenes. Now, I *can* stream movies and TV-shows from the Internet at phenomenal rates and I can get full-screen (non-HD), full motion video quite easily. However, I usually have at least a 5-second buffer on such things because otherwise it gets about a second into the stream and then just stutters constantly. I assume that's because trying to do "real-time" streaming is much, much, much harder than just streaming a video by brute force.

    You can *already* demonstrate this with VideoLAN and some sticky tape if you can be bothered - you can stream anything but trying to keep it in synch requires a lot more bandwidth and effort than just the video and normally relies on heavy buffering and synching "in the past" (i.e. buffer 5 seconds ahead at all times, but just co-ordinate what frame should be shown *now*). That can't happen on a real-time-response game, and as pointed out by many, the latencies are already horrendous once you get out onto the net (the best latency I get to a remote location is about 10-15ms, and that's not even leaving my ISP).

    It's a wonderful idea, it really is. But if it was remotely plausible, Nintendo would have done it with their Wii originally, had it as a bolt-on, or be announcing it for their successor. Wii is the perfect machine for this - network connected, in the home, connected to the TV, payment infrastructure already in place, online gaming, games are quite small and downloadable, little backing storage to reduce costs, etc. You could even offload the GL parts to the local hardware rather than trying to create a super-server somewhere just yet (there's a version of X-Windows that can do this already). But the fact is that it would be *fantastic* for something like, say, a gaming cybercafe. And then it's usefulness stops dead. And in that sort of arena, you're looking at it being orders of magnitude cheaper and easier to just slap a real computer on each seat.

    I wouldn't even like to THINK of the 3D calculations and rendering that would have to be done for even a simple point-and-shoot running over the Internet from 16 or 32 different points of view, the MPEG'ing the result and then trying to stream it to 32 different people in under, say, 50ms. Sure, you can just build a server farm packed full of GPU's, but you're looking at one GPU per simultaneous customer, and it would have to be able to handle quite modern games and be upgraded constantly. Then the infrastructure (bandwidth alone! 1.5Mbps to each simultaneous online customer. Wow!), codec licensing, etc. You'd never be able to even do it for $29.99 a month, even if it was terrible and you had to cutback.

    Just the bandwidth - a 1.5Mbps, uncacheable, non-multicastable stream to, say, 2000 simultaneous users - that would be 3Gbps.

    According to my ISP, quite a large ISP owned by British Telecom now, the iPlayer application is a big bandwidth problem for them.

    http://community.plus.net/blog/2008/08/19/online-o

  25. Re:IANABPE (I am not a BIOS programming expert) bu on Researchers Demo BIOS Attack That Survives Disk Wipes · · Score: 1

    Okay, every *sensible* BIOS in any half-decent board. Seriously, the option is in Award, Pheonix, etc. all the major BIOS's in all the major-name computers I've ever seen. I think I saw a laptop without it once, and once PC that was some bodged-together thing from Japan under a company I'd never heard of.