90% of Windows domains needs little more than a net time command in a login script to stay within suitable tolerances for most things. I know, I've done it when external NTP wasn't an option and internal NTP was overkill.
That's not the problem. People are suggesting we throw away ntpd and use alternate ntpd that, for those who need NTP, aren't viable alternates.
And they're suggesting it for a couple of security problems that were found, fixed and patched before they could ever be exploited. And, worst case, you could run things (theoretically) as the ntp daemon user if you have any concept of security whatsoever.
But yet we're still pissing about with OpenSSL in all our libraries and apparently that's fine...
If you need NTP, use it. And then you'll find only ntpd deals with those needs and that it's a huge binary for a reason.
If you don't need NTP, WHY THE HELL ARE YOU INSTALLING OPENNTP? Just, as pointed out, use a simple time sync command on login or in a cron job every hour. Hell, ntpdate in a cron job will more than satisfy your needs.
What you're saying is that you're worried about security but you NEED to run a network-accessible daemon on all your network machines that ultimately connects to the Internet (or a server connecting the ntpd to the Internet) in order to get your clocks within the same minute. It's a nonsense argument.
You're either concerned about security, and so stop using NTP. Or you're concerned about accuracy, clock skew, and your systems having accurate (and correctly calibrated) time, so use ntpd. If you want both, you have little choice but ntpd (which isn't insecure any more as far as we yet know), properly locked down, running as a limited user, in a secure environment, etc. and maybe wait for one of the rewrite projects to hit the same level of functionality and maturity (a year at least, maybe?).
I'm led to believe that the reason we're using ntpd and not any of the other is that, although they are fine for getting your home machine to approximately the right second, they are damn-near useless for anything that you want real time-keeping for.
So if you want to interact with stratum-1's or be a stratum-2, then you'll be using ntpd. And, en-masse, NTP is not something as simple as just clock-skewing. That throws lots of things out of kilter. Granted, you may think you don't care, but these things can come back to bite you if you make a hasty decision now.
When someone like the NTP pool project (that I run a couple of serverse on) come to me and tell me that ntpd isn't secure enough, and that OpenNTP is good enough , then maybe I'll go over to them. Fact is, I haven't heard anything along those lines.
There's a lot of maths behind getting your clocks in sync quickly without going backwards in time, or slowing to a crawl, or messing up timestamps a lot. It's not as simple as "let's just drag the users clock closer to the reference one constantly". ntpd does a LOT that other NTP servers don't, and a lot of that is important for anything that you want to rely on a timeserver for.
Sorry, but this is just blatant "Look at us, we run an NTP project that's secure" when actually it does less than 10% of what ntpd does. And to make it do what ntpd does, presumably will take years of work to secure.
There are various "rewrite" projects at the moment, but all known holes with ntpd are closed. Until there's a compelling reason to move, don't. And by the time there is, you'll find properly-written, full-featured NTP projects being offered.
Nobody's talking about sub-millisecond accuracy here either. We're just talking not cocking up the one thing you plug in an NTP server to get right - the time.
Honestly, people on Slashdot are this stupid now? What happened?
So every nutter that screams "God will kill you all" is similarly worth blaming the entire Christian movement for?
I'm an atheist/agnostic. I disagree with religion in all forms and don't care for it in my personal life. I have no vested interest here.
But you can't enlarge what a nutter yells while he's killing people to be the opinion of billions of people. Honestly, it's just ABSOLUTE STUPIDITY and TOTAL IGNORANCE.
Given the choice between being stuck in a room with people who hold your opinion, people who are insanely religious and even people who just insane, you'd be my last choice... honestly. At least they have a REASON for their insanity, however misguided it may be.
P.S. If I go kill someone and do it in the name of, say, Anonymous, or the Church of the Flying Spaghetti Monster, does that taint those organisations too? Only if they CONDONE my actions.
Because people still equate two French nationals with a particular belief with the Middle East because of racial stereotyping?
It's like saying that some neo-Nazi born in the US committing a terrorist act is because of the deterioration of German laws.
And if you really want to get into the answers, try working out why you have to bomb an entire country to oblivion, including civilians, because a terrorist group from there bombed you once. It's akin to the UK trying to nuke Washington because the KKK came over and planted a bomb in London.
The Middle East gets bombed back to sand every decade or so, and then they'll have an uprising against their oppressors, which their oppressors then try to stomp down harder on. And then they wonder why - when they replace the native government with one of their own - they have to come back a few years later because the country is in revolt again.
You liberate nobody by bombing them and their neighbours back to the Stone Age, almost constantly since the 70's, in one form or another. If you don't want people blaming you, keep the hell out of it.
No, but it is beliefist... more Muslims have condemned the attacks than have instigated, been involved with, or praised them.
As such, you've labelled an entire religion with your preconception of them, without any kind of preponderance of evidence.
It's like blaming Catholics and Protestants for the Northern Ireland bombings (which are STILL HAPPENING... there was an explosive device found only yesterday, terrorism isn't new and just that terrorism on its own has been going on since the 70's but because it's "olds" and not "news", you don't get to hear about it).
Maybe we should throw all the Catholics and Protestants out of Ireland, too, eh? But, no, that doesn't fit in with your racism-by-proxy of using beliefist bollocks to try to justify your own prejudices.
How about this: Terrorists are terrorists, no matter what creed, class, race, colour, belief system or t-shirt they're wearing. No matter what they claim to be acting in support of, they're terrorists. I don't care what you think of my religion or beliefs right up until the moment you say you want to kill people because of it. Then you're just a dangerous nutter, nothing to do with what the last church you happened to walk into was.
Poker, for humans, is luck and psychology in the main. It's about convincing the other guy that your hand is better/worse than it is.
But the problem is that if you're playing against a robot, he doesn't care what you want him to think. He knows exactly what the odds are of you having any particular card, and what that means in terms of him beating you. Playing the odds will win on average. It's how it works. It's how casinos get rich enough to have marble floors and air conditioning in the middle of the desert.
If you don't get this, you'll lose a lot of money playing against this machine.
But no doubt you have a "system". Or you can "read" players.
Expert human poker players have a good enough knowledge to know the odds (even if only approximate) on every turn of the card, but they can't analyse every possible combination in time. The rest of it is trying to "lie" to another human. It's rare for a poker player to be the best poker player consistently and for years, precisely because its not as simple as having skill, but overwhelmingly a good amount of luck.
Otherwise, sorry, but anyone on planet would be rich by just plugging in what cards they were given on PartyPoker into an app that tells them the percentage chance of winning. On those kinds of site (last time I used it) there was no human interaction enough to perform any kind of psychology, so it's entirely skill of the game and luck of the cards. And if you can eliminate the need for skill of the game, then by your theory you'd win (almost) every time. You don't. And poker-playing bots only make money when playing against imperfect humans. Play them against each other and you'll be there forever as the money goes back and forth, back and forth (subject to game rules such as blinds, etc.).
Poker has the "most" skill of any casino game. In any of its variants. But that's not a lot. Claiming that a skilled player would beat a bot hands-down? Strange that the poker sites are so hot on blocking bots, then, isn't it?
Bluffing in poker is only relevant in order to make a human opponent make an irrational decision. That's what you're trying to achieve. If the human makes the rational decision every time, then it comes down to luck alone. Making a rational decision every time involves a hell of a lot of card-counting and knowledge of the odds, so few can actually do it properly (I'm a mathematician, I wouldn't dare state that I could calculate the odds without perfect knowledge and a lot of time).
But no amount of bluffing changes the cards in your hand, the cards left in the deck, what the next card will be, or what your opponent probably has in their hand.
The reason people enjoy poker is because a good player can trick a bad player into playing worse. A computer program like this isn't subject to such tricks.
Prove me wrong. Play a statistically-significant number of games against the thing, I believe the link was in the article? http://poker.srv.ualberta.ca/
3x10^14 decisions isn't even in the same range of something like Chess or Go - you can tell this as we can't yet "prove" those games. A decent human can probably play a perfect game. Strange that poker champions tend not to be poker champions for long, unlike Chess champions, Go champions, etc.
Likely their applications were dealing with dates past 2032 decades ago.
The only problem is whether the hardware ticks over but given other comments, it looks like it's a virtualised system nowadays on more modern mainframe hardware.
Chances are they're the one place that won't care about 2032.
Currently sitting in front of a pretty bog-standard server for a small school, with the disks writing 130MB/s (yes, bytes) when they're just replicating VM's across the network. Not even particularly high-end, not a particularly brilliant network, in the middle of the working day, just normal load, pretty quiet - the servers are on 5% CPU and 10% RAM.
Pretty sure if I had 10Gbit network and a serious amount of users, I could push them even further just on that simple task. 3-500GB/s write is not unusual with even a standard consumer SSD, however.
If you think that people aren't in need of 2GB/s write rates, or couldn't sustain them, you're thinking far too small. These things aren't for grandma or your single-PCIe-slot home machine.
Honestly, if you can afford the 1Tb version of something this tiny and fast and new, you already have hardware capable of making it the bottleneck.
Last time I used a RAM drive, it was on the contents a floppy disk. My brother was sick of slow compile times and worked out how to use the university DOS computers to produce a RAM drive. Autoexec.bat created it and copied his files into it, and then it ran like greased lightning.
But that was back when 1.44Mb of RAM was a lot and he was lucky enough to be somewhere where every computer had that spare.
Last time I saw it when when making a single-floppy Linux distribution that copied itself into RAM because it was often used on diskless workstations. Just like almost every Ubuntu install disk can do now if you select Live CD from the boot menu.
But on ordinary desktop OS? Since Windows 95, RAMDisks have been dead. Since then, we've been using RAM better to cache all recent filesystem accesses. There's very, very, very, very little that will ever benefit from a RAMDisk over just having that RAM as filesystem cache automatically anyway. You still have to read the data from permanent storage anyway, and once you've done that, it's in RAM until you start to fill up RAM. Read it often enough and it will never drop out of the cache. If you're not reading it often enough, why the hell bother to RAMDisk it?
And you lose NOTHING if the machine dies mid-way. With a RAMDisk, any changes you make are gone.
Please. Stop spreading absolute "gold-plated-oxygen-free" junk advice like this.
Anyone who wants to do this can do it with any bit of freeware on any machine. But why they would bother is beyond me. Hell, next you'll be telling me to enable swapfiles and put them on the RAMDisk....
Which run quite a bit less on business kit when you're buying £300 PCs instead of £2k Macs.
Sorry, but the Apple "service" isn't - it's often a "replace with new". Any business can do that and wait while the replacement comes back from the manufacturer.
Macs at developer courses? Sure. But most of those developers will be doing web-stuff mainly, or forced to use Mac if they want their stuff to compile and work ON a Mac as an end-result.
And "same day" only works if you're a) near an Apple store, b) it's open, and c) at the goodwill of Apple. Not something to base your business on versus a 4hr on-site service response with 24-hour turnaround for less than half the price difference between a PC and Mac of equivalent spec.
No. XP was only "good enough" compared to some of its successors. That was the point.
If you WANT me to upgrade, you have to give me a reason to upgrade. I'm not going to do it for your convenience, or to give you free money, there has to be a tangible benefit to myself.
As such, updating to Lollipop is really a couple of new bells and whistles which most people really couldn't care less about. KitKat is "good enough", as are some previous versions still. But without an incentive to upgrade, why take the risk and suffer the bother to do so, if it's even possible?
Last time I upgraded my Samsung S4, it destroyed my satnav app and stopped me doing a couple of things I'd always done before, lumped more crap in that I could no longer properly hide or uninstall, gave me the inability to stop Location going to Google services without suffering constant badgering, and that's about it.
In terms of what it gave me, it was a couple of rearrangements of the top bar.
Most malware is surprisingly benign. I've been saying it for years.
If you wanted to get really nasty, you can do these kinds of tricks and the thing will be damn-near scary to contract.
The problem is that we've bred a generation of people who see malware as nothing more than a distraction. Who will go to "uninstall" to remove it, thinking that's to be trusted, who don't realise that something running in the background is a problem once you close the advert it pops up.
At some point, something like this is going to be combined with a handful of never-seen-before exploits and it'll go across the globe and take weeks before there are effective patches to get rid of it. But the scary part is that the first few seconds of infection are all that's needed to totally control your ability to use your computer and access your data.
Maybe then we'll get proper application whitelisting / sandboxing by default in a desktop OS. And, hell, why do applications get the run of every file I use under my account? Should they not have to request such things first? Even on Unix-likes, if you get on as my user, you can trash all my data - why? Why is the data store not immutable and applications only get a link to the data IF they are allowed access to it? And thus nothing ever actually runs "as" the user, but only as its own separate user with similar permissions and only the files necessary.
Malware could be a lot worse than even this. Why it isn't yet, I haven't figured out - I presume because money-making is at the heart of it now rather than actually malintent with your data. But that won't last forever.
I'm sorry, but the very concept of a virus scan happening "at scheduled intervals" or after you've already double-clicked on the file just tells you that it's too late before you start. We've got away with it for decades in desktop OS, but it can't continue forever.
Getting a virus on my networks scares the crap out of me. People think I overreact when I just remote-off the machine (or tell them to pull the plug) and just re-image for even the most basic of adware. Fact is, I didn't install it and I have no idea what it ACTUALLY does. And I'll be damned if it's going to get the chance to go on my shared areas and do anything, even with file history, backups, etc. available.
Is this a factor of science spending or, as the summary has to hint around, the fact that it spends SO MUCH on its military?
In the 60's it was a different situation and getting satellites into the air was a military advantage. And, don't forget, the military is close to NASA.
Once that advantage was secured / no longer relevant, quite why would they bother to keep dropping money into it? That's the problem you have - science got a boost because military needed it to happen. Once it happened, science took a back-seat again.
Sorry, but even science + welfare + healthcare all added together would take only a percentage of what's spent on the military.
Your problem is not that science isn't funded. It's that all your money is going to stupid foreign "wars" instead. And there's no military advantage, until someone builds some new type of space-based weapon or some country decides it owns the Moon if it can get there, to be got from funding anything more.
Wait until the Chinese or Russians start building a space-base in earnest, and you'll have all the money you can dream of to do space-related missions. Until then, you'll have to settle with working in THE MOST EXPENSIVE region of science, with getting some of the SMALLEST practically-relevant scientific results back from it.
Awareness of all the related conditions is growing. I work in schools and I've spoken to several school nurses who have each said "Oh, yes, I've got a couple of kids on my books with that condition, I know what that is".
My wife's cousin (much younger than her) has also been diagnosed with EDS since and there are several "traits" of her mother and father that - now we're looking for them - look like she may have just been a bad combination of both their genes (both having pseudo-JHS/EDS conditions in their families of varying degrees of severity).
She moved to a warmer climate, it improved. She got onto proper medication, it improved. She learned that it's not normal and stopped suffering it and got more careful, it improved. She still has bad days and, having been to residential weekends for sufferers of the various related conditions, she's nowhere near the worst sufferer from it any more.
There's a story she likes to spread about one of her friends from one of the online support groups - her friend has much more serious, but quite variable, EDS and is eligible for a disabled parking badge. The friend parked at a supermarket in a disabled space, stumbled out of the car, and went to walk inside. An old woman passed and shouted "You don't look disabled!". The reply she got was "You don't look stupid, but appearances can be deceptive, can't they!".
It can be that manageable, although it never quite goes away, that others won't realise you have it.
Arthritis-specialists in the UK have leaflets available for the conditions, now, because it's so often mis-diagnosed under their specialism.
My ex-wife and I have a daughter together, and she shows no symptoms. I think when you "mix" the genes with someone who's not got family histories of the conditions (which are often so minor they go unnoticed into the background of being "flexible" or "a dancer" or "a gymnast" or whatever), it doesn't necessarily travel down every time.
But I think that we'll see increasing cases of this as the gene pools expand and mix, but hopefully resulting only in flexible people with watered-down versions of the condition, and not people in pain. And, for woman, being flexible of the bodily tissues is at least one bonus when it comes to childbirth!
My ex-wife had a serious, debilitating condition that saw her in chronic pain and sometimes housebound.
It was only when I met her and realised that there was something wrong that I asked her about it and she realised it WASN'T normal to be in constant pain, unable to walk. But there was more than that. The doctors had put her on painkillers, antidepressants, sleeping tablets, etc. to try to ease the symptoms but nobody had actually bothered to diagnose it.
And there were odd things. Her joints were in constant pain but, when she wasn't hurting, she was able to do karate moves that Jean Claude Van Damme would be jealous of. She had an extreme range of movement. And when she was in pain, things like her knees and elbows would GO BACKWARDS, making it even more painful to do anything and making her unable to walk.
We looked up the symptoms. The first batch of hits was Hypermobility Syndrome (now called Joint Hypermobility Syndrome). The list of things is gave as common side-effects and symptoms fit perfectly, as well as a number of things that until we read them we didn't think were related at all. It's a genetic defect in the way collagen is made, which gives so many odd and unrelated symptoms that it stands out by a mile.
We printed everything off, went to the doctor. He was astounded. He'd never heard of it. He'd never realised she had the range of symptoms available to match it even if he had. He sent her immediately to a consultant specialist. In two minutes, and a simple joint-range test, he said "Yes, you have hypermobility". Within a month, she was able to claim disability. Within a couple of years, she was managing the condition and had enough support to return back to work and live a pretty normal life (even teaches karate). Because now she KNOWS what she has, she knows what to do and what not to do, and has constant, background medication of the right kind to combat the pain. At one point, she was going to be put on morphine to stop the pain because they just didn't know what it was.
It was that easy. And it wouldn't have happened without a bit of Internet research. She'd suffered for nearly 30 years with it without any diagnosis (once she was told she might have arthritis - which is an extremely common misdiagnosis of hypermobility symptoms - but they excluded it because, well, she could move her joints more than anyone else!). And she'd had suffered at least several more if we hadn't bothered to check symptoms.
Doctors aren't perfect. Don't just assume they are stupid, though. But only you know your symptoms, only you have the time and effort and impetus to find out what you have (especially if you live in a country where doctors get paid by the test, fucking disgusting), and only you are the one who will benefit if you find out what you have.
The doctor was great, once he knew we were right. He was supportive and immediately helpful. He just didn't know about every condition on the planet. And although she has a diagnosis, there is no real prognosis - the condition never gets better, but at least you can manage it. The consultant basically diagnosed her and then that was it - there's nothing you can really do, medically, to "fix" it.
So don't be a hyperchondriac and think you have everything. But if you're certain something's wrong, and you find something that matches, see what the differentials are and see if you can't get it eliminated. At the very least, if your doctors note that you asked about it and they said it "couldn't be" that thing, then you have something to go and push in their face when they turn out to be wrong. But more likely, they will try to appease you that it's NOT that thing, run a few tests, and therefore get you closer to a real diagnosis.
Internet research isn't useless, if you have half a brain.
I go to a place I never knew, take a route nothing like the one on the GPS and can find all sorts of stuff. Because I know that I'll then take the most-direct route to my destination anyway, no matter how far I wander.
It's not unusual for my gf and I to get in a car, drive for an hour at random, and then let the satnav drive us back.
Something like a third of the 800 games on my Steam account "just work" on Linux.
It is, indeed, fabulous. There's honestly no excuse any more. If your game isn't Linux-compatible and Mac-compatible as well, it's just sheer laziness or being cheap.
"once" = several weeks of fighting with the damn thing to do one simple task, clearly specified, that's way within it's scope.
There is no serious documentation. The examples are given as documentation and are vastly incomplete.
It's not a question of "glanced at it, it was horrible", but for anything serious even a quick glance will show whether or not it's a nicely-produced library or not. One quick glance at a library is normally all I do in order to get a handle on whether it's good enough and clean enough for me to program against.
The problem with OpenSSL was that the only people who knew how it worked never bothered to simplify that or document that enough. There is no "is this certificate valid" function, that returns a enum from a list of potential problems (CERT_EXPIRED, CERT_NOT_YET_VALID, CERT_CORRUPT, CERT_UNTRUSTED, CERT_INSECURE, etc.), for instance. There are lots of things that LOOK like that, but none actually do it in OpenSSL.
Given that it's a library who's primary purpose is - given a configuration of particular algorithms and keys - to produce a encrypted bitstream from an unencrypted one (or vice versa), it's suprisingly complex to do anything simple with any guarantee that you're doing it right.
Open-source does not make code automatically bug-free. No more than using a safe-malloc-library does, or deploying DEP on your executable, or ASLR, or coding only in a language that's considered "secure".
What it does is allows certain types of security problems to be POTENTIALLY spotted. It's a +1 on the score, not a game winner. And it doesn't mean that proprietary is -1, either. It just means that you are so confident in the quality of your code, you can show people that by opening it up.
What gets me about proprietary software is not that they choose to do it so their rivals can't copy (a bogus argument in any country that properly enforces licensing agreements, which is why you can get a peek at MS code if you have a need to), but that they are SO ASHAMED of their code they don't want you to see it.
The 3DFX card drivers, for decades, basically allowed complete DMA access to all of RAM. It was that easy. But nobody could spot it because nobody could see the 3DFX code. You don't get that in open-source drivers and the SECOND it's spotted, by anyone, it will get fixed. That's the difference - the reaction. When we found these problems, they were urgently fixed immediately. When we find problems in proprietary code, it can be (as recent articles state) known for 90 days or more without anyone bothering to even look at them.
Open-source isn't security. But it's like saying to a guy, at a security conference, "Here, I'm so confident in my gadget, that I'll let you play with it". Sure, he might break it, he might compromise it live in front of all your customers. But in an technology sector concerned with SECURITY, not profits, that's actually exactly what you want and the perfect impetus to keep improving so that next week you can do the same again, and again, and again until you've ironed out most of the bugs. You'll NEVER get them all.
But the confidence to do that is critical. I've been at tech conferences for my sector where suppliers hand out products and, in the space of a few minutes, I point out massive flaws and problems with them. They soon stop handing them out for people like me to play with. That's not the attitude to have when it comes to security, but I understand why a business would do that.
It's not the be-all-and-end-all but it's a nice thing that does not hurt to do. Those that don't understand this do not have security uppermost in their mind, only oneupmanship, and "my OS is better than yours" crap.
In security, and cryptography especially, given your enemy the source is a show of bravado and confidence. It's like the old backup adage. If you're so confident in your backups, high-availability, failover, etc. then why are you not prepared to let me take an axe to your primary server? If I was in charge of a large company and my IT guy assured me the disaster recovery was so easy and already-in-place, I might well choose to say "Yes... go on. Take an axe to it.", if nothing else than to see their reaction and see the plan kick into place.
Passing that test would cement your place on my team for a long while. Failing or chickening out of it might well mean I test it more regularly and keep a close eye on you.
Open-source doesn't have automatic properties. But it a checkmark in your favour if you're claiming to write software well that millions of people might choose to use.
I touched OpenSSL once. It was a nightmare. No idea where or how it passed anything as it wasn't at all clear the path that simple things, like certificate checking, were supposed to take.
In the end, I hacked onto it rather than play with it. The documentation was non-existent. The code samples were incomplete and with almost zero explanation of what you were supposed to be checking for and where things COULD go wrong. Hence 90% of the code I see that touches OpenSSL looks exactly like the samples and nothing more.
All I wanted to do was have two x509 certificates, and check that both were valid and one properly signed the other, as part of a primitive DRM scheme I was toying with. It turned into a nightmare scenario of IMAGINING every possible outcome and specifically coding for each one, rather than anything sensible.
I don't think I'd ever touch it again, and was not at all surprised that there were problems with it. I was more surprised that others had had the same problems, yet OpenSSL was still regarded as the "gold standard" library to integrate with.
I don't do the cinema. I can count on my fingers how many times I've been in my life.
I'm not going to pay to sit next to a bunch of talking, chomping idiots who have no idea what the films about and ask stupid questions, then get up to use the loo at the critical point of the film, in a dirty, sticky seat with half-hour of trailers before I can watch a (usually substandard but not always) movie, having paid what could have bought me the DVD over and over and over and over again just to get in and buy a drink.
I don't actually get why people do, to be honest.
That said, the last time I went to see The Imitation Game, I really enjoyed it. A movie I wanted to see, that wasn't the usual Hollywood fare, in a cinema that was near-empty, at a half-decent time, without many of the above (but certainly quite a lot of things), and we smuggled our own food in.
When you take into account the tripe that's normally showing, I do not understand how they make money. But then, I wouldn't let myself be PAID to watch most of the junk that's out.
Slashdot Mirror
You already have to do that with the MAC, the s/n, etc. so what difference does it make?
Just make the default password be the serial number of the device.
90% of Windows domains needs little more than a net time command in a login script to stay within suitable tolerances for most things. I know, I've done it when external NTP wasn't an option and internal NTP was overkill.
That's not the problem. People are suggesting we throw away ntpd and use alternate ntpd that, for those who need NTP, aren't viable alternates.
And they're suggesting it for a couple of security problems that were found, fixed and patched before they could ever be exploited. And, worst case, you could run things (theoretically) as the ntp daemon user if you have any concept of security whatsoever.
But yet we're still pissing about with OpenSSL in all our libraries and apparently that's fine...
If you need NTP, use it. And then you'll find only ntpd deals with those needs and that it's a huge binary for a reason.
If you don't need NTP, WHY THE HELL ARE YOU INSTALLING OPENNTP? Just, as pointed out, use a simple time sync command on login or in a cron job every hour. Hell, ntpdate in a cron job will more than satisfy your needs.
What you're saying is that you're worried about security but you NEED to run a network-accessible daemon on all your network machines that ultimately connects to the Internet (or a server connecting the ntpd to the Internet) in order to get your clocks within the same minute. It's a nonsense argument.
You're either concerned about security, and so stop using NTP. Or you're concerned about accuracy, clock skew, and your systems having accurate (and correctly calibrated) time, so use ntpd. If you want both, you have little choice but ntpd (which isn't insecure any more as far as we yet know), properly locked down, running as a limited user, in a secure environment, etc. and maybe wait for one of the rewrite projects to hit the same level of functionality and maturity (a year at least, maybe?).
I'm led to believe that the reason we're using ntpd and not any of the other is that, although they are fine for getting your home machine to approximately the right second, they are damn-near useless for anything that you want real time-keeping for.
So if you want to interact with stratum-1's or be a stratum-2, then you'll be using ntpd. And, en-masse, NTP is not something as simple as just clock-skewing. That throws lots of things out of kilter. Granted, you may think you don't care, but these things can come back to bite you if you make a hasty decision now.
When someone like the NTP pool project (that I run a couple of serverse on) come to me and tell me that ntpd isn't secure enough, and that OpenNTP is good enough , then maybe I'll go over to them. Fact is, I haven't heard anything along those lines.
There's a lot of maths behind getting your clocks in sync quickly without going backwards in time, or slowing to a crawl, or messing up timestamps a lot. It's not as simple as "let's just drag the users clock closer to the reference one constantly". ntpd does a LOT that other NTP servers don't, and a lot of that is important for anything that you want to rely on a timeserver for.
Sorry, but this is just blatant "Look at us, we run an NTP project that's secure" when actually it does less than 10% of what ntpd does. And to make it do what ntpd does, presumably will take years of work to secure.
There are various "rewrite" projects at the moment, but all known holes with ntpd are closed. Until there's a compelling reason to move, don't. And by the time there is, you'll find properly-written, full-featured NTP projects being offered.
Nobody's talking about sub-millisecond accuracy here either. We're just talking not cocking up the one thing you plug in an NTP server to get right - the time.
Honestly, people on Slashdot are this stupid now? What happened?
So every nutter that screams "God will kill you all" is similarly worth blaming the entire Christian movement for?
I'm an atheist/agnostic. I disagree with religion in all forms and don't care for it in my personal life. I have no vested interest here.
But you can't enlarge what a nutter yells while he's killing people to be the opinion of billions of people. Honestly, it's just ABSOLUTE STUPIDITY and TOTAL IGNORANCE.
Given the choice between being stuck in a room with people who hold your opinion, people who are insanely religious and even people who just insane, you'd be my last choice... honestly. At least they have a REASON for their insanity, however misguided it may be.
P.S. If I go kill someone and do it in the name of, say, Anonymous, or the Church of the Flying Spaghetti Monster, does that taint those organisations too? Only if they CONDONE my actions.
Because people still equate two French nationals with a particular belief with the Middle East because of racial stereotyping?
It's like saying that some neo-Nazi born in the US committing a terrorist act is because of the deterioration of German laws.
And if you really want to get into the answers, try working out why you have to bomb an entire country to oblivion, including civilians, because a terrorist group from there bombed you once. It's akin to the UK trying to nuke Washington because the KKK came over and planted a bomb in London.
The Middle East gets bombed back to sand every decade or so, and then they'll have an uprising against their oppressors, which their oppressors then try to stomp down harder on. And then they wonder why - when they replace the native government with one of their own - they have to come back a few years later because the country is in revolt again.
You liberate nobody by bombing them and their neighbours back to the Stone Age, almost constantly since the 70's, in one form or another. If you don't want people blaming you, keep the hell out of it.
"It's not racist"
No, but it is beliefist... more Muslims have condemned the attacks than have instigated, been involved with, or praised them.
As such, you've labelled an entire religion with your preconception of them, without any kind of preponderance of evidence.
It's like blaming Catholics and Protestants for the Northern Ireland bombings (which are STILL HAPPENING... there was an explosive device found only yesterday, terrorism isn't new and just that terrorism on its own has been going on since the 70's but because it's "olds" and not "news", you don't get to hear about it).
Maybe we should throw all the Catholics and Protestants out of Ireland, too, eh? But, no, that doesn't fit in with your racism-by-proxy of using beliefist bollocks to try to justify your own prejudices.
How about this: Terrorists are terrorists, no matter what creed, class, race, colour, belief system or t-shirt they're wearing. No matter what they claim to be acting in support of, they're terrorists. I don't care what you think of my religion or beliefs right up until the moment you say you want to kill people because of it. Then you're just a dangerous nutter, nothing to do with what the last church you happened to walk into was.
Poker, for humans, is luck and psychology in the main. It's about convincing the other guy that your hand is better/worse than it is.
But the problem is that if you're playing against a robot, he doesn't care what you want him to think. He knows exactly what the odds are of you having any particular card, and what that means in terms of him beating you. Playing the odds will win on average. It's how it works. It's how casinos get rich enough to have marble floors and air conditioning in the middle of the desert.
If you don't get this, you'll lose a lot of money playing against this machine.
But no doubt you have a "system". Or you can "read" players.
Expert human poker players have a good enough knowledge to know the odds (even if only approximate) on every turn of the card, but they can't analyse every possible combination in time. The rest of it is trying to "lie" to another human. It's rare for a poker player to be the best poker player consistently and for years, precisely because its not as simple as having skill, but overwhelmingly a good amount of luck.
Otherwise, sorry, but anyone on planet would be rich by just plugging in what cards they were given on PartyPoker into an app that tells them the percentage chance of winning. On those kinds of site (last time I used it) there was no human interaction enough to perform any kind of psychology, so it's entirely skill of the game and luck of the cards. And if you can eliminate the need for skill of the game, then by your theory you'd win (almost) every time. You don't. And poker-playing bots only make money when playing against imperfect humans. Play them against each other and you'll be there forever as the money goes back and forth, back and forth (subject to game rules such as blinds, etc.).
Poker has the "most" skill of any casino game. In any of its variants. But that's not a lot. Claiming that a skilled player would beat a bot hands-down? Strange that the poker sites are so hot on blocking bots, then, isn't it?
Bluffing in poker is only relevant in order to make a human opponent make an irrational decision. That's what you're trying to achieve. If the human makes the rational decision every time, then it comes down to luck alone. Making a rational decision every time involves a hell of a lot of card-counting and knowledge of the odds, so few can actually do it properly (I'm a mathematician, I wouldn't dare state that I could calculate the odds without perfect knowledge and a lot of time).
But no amount of bluffing changes the cards in your hand, the cards left in the deck, what the next card will be, or what your opponent probably has in their hand.
The reason people enjoy poker is because a good player can trick a bad player into playing worse. A computer program like this isn't subject to such tricks.
Prove me wrong. Play a statistically-significant number of games against the thing, I believe the link was in the article? http://poker.srv.ualberta.ca/
3x10^14 decisions isn't even in the same range of something like Chess or Go - you can tell this as we can't yet "prove" those games. A decent human can probably play a perfect game. Strange that poker champions tend not to be poker champions for long, unlike Chess champions, Go champions, etc.
They deal in pensions.
Likely their applications were dealing with dates past 2032 decades ago.
The only problem is whether the hardware ticks over but given other comments, it looks like it's a virtualised system nowadays on more modern mainframe hardware.
Chances are they're the one place that won't care about 2032.
Currently sitting in front of a pretty bog-standard server for a small school, with the disks writing 130MB/s (yes, bytes) when they're just replicating VM's across the network. Not even particularly high-end, not a particularly brilliant network, in the middle of the working day, just normal load, pretty quiet - the servers are on 5% CPU and 10% RAM.
Pretty sure if I had 10Gbit network and a serious amount of users, I could push them even further just on that simple task. 3-500GB/s write is not unusual with even a standard consumer SSD, however.
If you think that people aren't in need of 2GB/s write rates, or couldn't sustain them, you're thinking far too small. These things aren't for grandma or your single-PCIe-slot home machine.
Honestly, if you can afford the 1Tb version of something this tiny and fast and new, you already have hardware capable of making it the bottleneck.
Last time I used a RAM drive, it was on the contents a floppy disk. My brother was sick of slow compile times and worked out how to use the university DOS computers to produce a RAM drive. Autoexec.bat created it and copied his files into it, and then it ran like greased lightning.
But that was back when 1.44Mb of RAM was a lot and he was lucky enough to be somewhere where every computer had that spare.
Last time I saw it when when making a single-floppy Linux distribution that copied itself into RAM because it was often used on diskless workstations. Just like almost every Ubuntu install disk can do now if you select Live CD from the boot menu.
But on ordinary desktop OS? Since Windows 95, RAMDisks have been dead. Since then, we've been using RAM better to cache all recent filesystem accesses. There's very, very, very, very little that will ever benefit from a RAMDisk over just having that RAM as filesystem cache automatically anyway. You still have to read the data from permanent storage anyway, and once you've done that, it's in RAM until you start to fill up RAM. Read it often enough and it will never drop out of the cache. If you're not reading it often enough, why the hell bother to RAMDisk it?
And you lose NOTHING if the machine dies mid-way. With a RAMDisk, any changes you make are gone.
Please. Stop spreading absolute "gold-plated-oxygen-free" junk advice like this.
Anyone who wants to do this can do it with any bit of freeware on any machine. But why they would bother is beyond me. Hell, next you'll be telling me to enable swapfiles and put them on the RAMDisk....
Er... welcome to business level warranties.
Which run quite a bit less on business kit when you're buying £300 PCs instead of £2k Macs.
Sorry, but the Apple "service" isn't - it's often a "replace with new". Any business can do that and wait while the replacement comes back from the manufacturer.
Macs at developer courses? Sure. But most of those developers will be doing web-stuff mainly, or forced to use Mac if they want their stuff to compile and work ON a Mac as an end-result.
And "same day" only works if you're a) near an Apple store, b) it's open, and c) at the goodwill of Apple. Not something to base your business on versus a 4hr on-site service response with 24-hour turnaround for less than half the price difference between a PC and Mac of equivalent spec.
No. XP was only "good enough" compared to some of its successors. That was the point.
If you WANT me to upgrade, you have to give me a reason to upgrade. I'm not going to do it for your convenience, or to give you free money, there has to be a tangible benefit to myself.
As such, updating to Lollipop is really a couple of new bells and whistles which most people really couldn't care less about. KitKat is "good enough", as are some previous versions still. But without an incentive to upgrade, why take the risk and suffer the bother to do so, if it's even possible?
Last time I upgraded my Samsung S4, it destroyed my satnav app and stopped me doing a couple of things I'd always done before, lumped more crap in that I could no longer properly hide or uninstall, gave me the inability to stop Location going to Google services without suffering constant badgering, and that's about it.
In terms of what it gave me, it was a couple of rearrangements of the top bar.
Give me a reason to upgrade and I'll consider it.
Most malware is surprisingly benign. I've been saying it for years.
If you wanted to get really nasty, you can do these kinds of tricks and the thing will be damn-near scary to contract.
The problem is that we've bred a generation of people who see malware as nothing more than a distraction. Who will go to "uninstall" to remove it, thinking that's to be trusted, who don't realise that something running in the background is a problem once you close the advert it pops up.
At some point, something like this is going to be combined with a handful of never-seen-before exploits and it'll go across the globe and take weeks before there are effective patches to get rid of it. But the scary part is that the first few seconds of infection are all that's needed to totally control your ability to use your computer and access your data.
Maybe then we'll get proper application whitelisting / sandboxing by default in a desktop OS. And, hell, why do applications get the run of every file I use under my account? Should they not have to request such things first? Even on Unix-likes, if you get on as my user, you can trash all my data - why? Why is the data store not immutable and applications only get a link to the data IF they are allowed access to it? And thus nothing ever actually runs "as" the user, but only as its own separate user with similar permissions and only the files necessary.
Malware could be a lot worse than even this. Why it isn't yet, I haven't figured out - I presume because money-making is at the heart of it now rather than actually malintent with your data. But that won't last forever.
I'm sorry, but the very concept of a virus scan happening "at scheduled intervals" or after you've already double-clicked on the file just tells you that it's too late before you start. We've got away with it for decades in desktop OS, but it can't continue forever.
Getting a virus on my networks scares the crap out of me. People think I overreact when I just remote-off the machine (or tell them to pull the plug) and just re-image for even the most basic of adware. Fact is, I didn't install it and I have no idea what it ACTUALLY does. And I'll be damned if it's going to get the chance to go on my shared areas and do anything, even with file history, backups, etc. available.
Is this a factor of science spending or, as the summary has to hint around, the fact that it spends SO MUCH on its military?
In the 60's it was a different situation and getting satellites into the air was a military advantage. And, don't forget, the military is close to NASA.
Once that advantage was secured / no longer relevant, quite why would they bother to keep dropping money into it? That's the problem you have - science got a boost because military needed it to happen. Once it happened, science took a back-seat again.
Sorry, but even science + welfare + healthcare all added together would take only a percentage of what's spent on the military.
Your problem is not that science isn't funded. It's that all your money is going to stupid foreign "wars" instead. And there's no military advantage, until someone builds some new type of space-based weapon or some country decides it owns the Moon if it can get there, to be got from funding anything more.
Wait until the Chinese or Russians start building a space-base in earnest, and you'll have all the money you can dream of to do space-related missions. Until then, you'll have to settle with working in THE MOST EXPENSIVE region of science, with getting some of the SMALLEST practically-relevant scientific results back from it.
Awareness of all the related conditions is growing. I work in schools and I've spoken to several school nurses who have each said "Oh, yes, I've got a couple of kids on my books with that condition, I know what that is".
My wife's cousin (much younger than her) has also been diagnosed with EDS since and there are several "traits" of her mother and father that - now we're looking for them - look like she may have just been a bad combination of both their genes (both having pseudo-JHS/EDS conditions in their families of varying degrees of severity).
She moved to a warmer climate, it improved. She got onto proper medication, it improved. She learned that it's not normal and stopped suffering it and got more careful, it improved. She still has bad days and, having been to residential weekends for sufferers of the various related conditions, she's nowhere near the worst sufferer from it any more.
There's a story she likes to spread about one of her friends from one of the online support groups - her friend has much more serious, but quite variable, EDS and is eligible for a disabled parking badge. The friend parked at a supermarket in a disabled space, stumbled out of the car, and went to walk inside. An old woman passed and shouted "You don't look disabled!". The reply she got was "You don't look stupid, but appearances can be deceptive, can't they!".
It can be that manageable, although it never quite goes away, that others won't realise you have it.
Arthritis-specialists in the UK have leaflets available for the conditions, now, because it's so often mis-diagnosed under their specialism.
My ex-wife and I have a daughter together, and she shows no symptoms. I think when you "mix" the genes with someone who's not got family histories of the conditions (which are often so minor they go unnoticed into the background of being "flexible" or "a dancer" or "a gymnast" or whatever), it doesn't necessarily travel down every time.
But I think that we'll see increasing cases of this as the gene pools expand and mix, but hopefully resulting only in flexible people with watered-down versions of the condition, and not people in pain. And, for woman, being flexible of the bodily tissues is at least one bonus when it comes to childbirth!
My ex-wife had a serious, debilitating condition that saw her in chronic pain and sometimes housebound.
It was only when I met her and realised that there was something wrong that I asked her about it and she realised it WASN'T normal to be in constant pain, unable to walk. But there was more than that. The doctors had put her on painkillers, antidepressants, sleeping tablets, etc. to try to ease the symptoms but nobody had actually bothered to diagnose it.
And there were odd things. Her joints were in constant pain but, when she wasn't hurting, she was able to do karate moves that Jean Claude Van Damme would be jealous of. She had an extreme range of movement. And when she was in pain, things like her knees and elbows would GO BACKWARDS, making it even more painful to do anything and making her unable to walk.
We looked up the symptoms. The first batch of hits was Hypermobility Syndrome (now called Joint Hypermobility Syndrome). The list of things is gave as common side-effects and symptoms fit perfectly, as well as a number of things that until we read them we didn't think were related at all. It's a genetic defect in the way collagen is made, which gives so many odd and unrelated symptoms that it stands out by a mile.
We printed everything off, went to the doctor. He was astounded. He'd never heard of it. He'd never realised she had the range of symptoms available to match it even if he had. He sent her immediately to a consultant specialist. In two minutes, and a simple joint-range test, he said "Yes, you have hypermobility". Within a month, she was able to claim disability. Within a couple of years, she was managing the condition and had enough support to return back to work and live a pretty normal life (even teaches karate). Because now she KNOWS what she has, she knows what to do and what not to do, and has constant, background medication of the right kind to combat the pain. At one point, she was going to be put on morphine to stop the pain because they just didn't know what it was.
It was that easy. And it wouldn't have happened without a bit of Internet research. She'd suffered for nearly 30 years with it without any diagnosis (once she was told she might have arthritis - which is an extremely common misdiagnosis of hypermobility symptoms - but they excluded it because, well, she could move her joints more than anyone else!). And she'd had suffered at least several more if we hadn't bothered to check symptoms.
Doctors aren't perfect. Don't just assume they are stupid, though. But only you know your symptoms, only you have the time and effort and impetus to find out what you have (especially if you live in a country where doctors get paid by the test, fucking disgusting), and only you are the one who will benefit if you find out what you have.
The doctor was great, once he knew we were right. He was supportive and immediately helpful. He just didn't know about every condition on the planet. And although she has a diagnosis, there is no real prognosis - the condition never gets better, but at least you can manage it. The consultant basically diagnosed her and then that was it - there's nothing you can really do, medically, to "fix" it.
So don't be a hyperchondriac and think you have everything. But if you're certain something's wrong, and you find something that matches, see what the differentials are and see if you can't get it eliminated. At the very least, if your doctors note that you asked about it and they said it "couldn't be" that thing, then you have something to go and push in their face when they turn out to be wrong. But more likely, they will try to appease you that it's NOT that thing, run a few tests, and therefore get you closer to a real diagnosis.
Internet research isn't useless, if you have half a brain.
3 years ago and, apart from some prototypes and some old games converted to "use" it, what do we actually have?
90's-style VR with upgraded graphics?
Sorry, but VR needs to find some kind of use case. Gaming, apparently, just isn't enough on its own to justify it.
Three years and many millions of dollars to basically strap two screens to your head like we did back in the days of VRML and flat-shaded polygons.
A GPS app lets me get lost in safety.
I go to a place I never knew, take a route nothing like the one on the GPS and can find all sorts of stuff. Because I know that I'll then take the most-direct route to my destination anyway, no matter how far I wander.
It's not unusual for my gf and I to get in a car, drive for an hour at random, and then let the satnav drive us back.
Something like a third of the 800 games on my Steam account "just work" on Linux.
It is, indeed, fabulous. There's honestly no excuse any more. If your game isn't Linux-compatible and Mac-compatible as well, it's just sheer laziness or being cheap.
Factorials tend to cancel out nicely with other factorials.
And, also, 69! factorial is too big for most calculators - even a pre-calculated table could probably do a ton to speed things alone.
Somewhat cancelled out by the fact that you can fit a few more people on a plane.
"once" = several weeks of fighting with the damn thing to do one simple task, clearly specified, that's way within it's scope.
There is no serious documentation. The examples are given as documentation and are vastly incomplete.
It's not a question of "glanced at it, it was horrible", but for anything serious even a quick glance will show whether or not it's a nicely-produced library or not. One quick glance at a library is normally all I do in order to get a handle on whether it's good enough and clean enough for me to program against.
The problem with OpenSSL was that the only people who knew how it worked never bothered to simplify that or document that enough. There is no "is this certificate valid" function, that returns a enum from a list of potential problems (CERT_EXPIRED, CERT_NOT_YET_VALID, CERT_CORRUPT, CERT_UNTRUSTED, CERT_INSECURE, etc.), for instance. There are lots of things that LOOK like that, but none actually do it in OpenSSL.
Given that it's a library who's primary purpose is - given a configuration of particular algorithms and keys - to produce a encrypted bitstream from an unencrypted one (or vice versa), it's suprisingly complex to do anything simple with any guarantee that you're doing it right.
Open-source does not make code automatically bug-free. No more than using a safe-malloc-library does, or deploying DEP on your executable, or ASLR, or coding only in a language that's considered "secure".
What it does is allows certain types of security problems to be POTENTIALLY spotted. It's a +1 on the score, not a game winner. And it doesn't mean that proprietary is -1, either. It just means that you are so confident in the quality of your code, you can show people that by opening it up.
What gets me about proprietary software is not that they choose to do it so their rivals can't copy (a bogus argument in any country that properly enforces licensing agreements, which is why you can get a peek at MS code if you have a need to), but that they are SO ASHAMED of their code they don't want you to see it.
The 3DFX card drivers, for decades, basically allowed complete DMA access to all of RAM. It was that easy. But nobody could spot it because nobody could see the 3DFX code. You don't get that in open-source drivers and the SECOND it's spotted, by anyone, it will get fixed. That's the difference - the reaction. When we found these problems, they were urgently fixed immediately. When we find problems in proprietary code, it can be (as recent articles state) known for 90 days or more without anyone bothering to even look at them.
Open-source isn't security. But it's like saying to a guy, at a security conference, "Here, I'm so confident in my gadget, that I'll let you play with it". Sure, he might break it, he might compromise it live in front of all your customers. But in an technology sector concerned with SECURITY, not profits, that's actually exactly what you want and the perfect impetus to keep improving so that next week you can do the same again, and again, and again until you've ironed out most of the bugs. You'll NEVER get them all.
But the confidence to do that is critical. I've been at tech conferences for my sector where suppliers hand out products and, in the space of a few minutes, I point out massive flaws and problems with them. They soon stop handing them out for people like me to play with. That's not the attitude to have when it comes to security, but I understand why a business would do that.
It's not the be-all-and-end-all but it's a nice thing that does not hurt to do. Those that don't understand this do not have security uppermost in their mind, only oneupmanship, and "my OS is better than yours" crap.
In security, and cryptography especially, given your enemy the source is a show of bravado and confidence. It's like the old backup adage. If you're so confident in your backups, high-availability, failover, etc. then why are you not prepared to let me take an axe to your primary server? If I was in charge of a large company and my IT guy assured me the disaster recovery was so easy and already-in-place, I might well choose to say "Yes... go on. Take an axe to it.", if nothing else than to see their reaction and see the plan kick into place.
Passing that test would cement your place on my team for a long while. Failing or chickening out of it might well mean I test it more regularly and keep a close eye on you.
Open-source doesn't have automatic properties. But it a checkmark in your favour if you're claiming to write software well that millions of people might choose to use.
Amen.
I touched OpenSSL once. It was a nightmare. No idea where or how it passed anything as it wasn't at all clear the path that simple things, like certificate checking, were supposed to take.
In the end, I hacked onto it rather than play with it. The documentation was non-existent. The code samples were incomplete and with almost zero explanation of what you were supposed to be checking for and where things COULD go wrong. Hence 90% of the code I see that touches OpenSSL looks exactly like the samples and nothing more.
All I wanted to do was have two x509 certificates, and check that both were valid and one properly signed the other, as part of a primitive DRM scheme I was toying with. It turned into a nightmare scenario of IMAGINING every possible outcome and specifically coding for each one, rather than anything sensible.
I don't think I'd ever touch it again, and was not at all surprised that there were problems with it. I was more surprised that others had had the same problems, yet OpenSSL was still regarded as the "gold standard" library to integrate with.
I don't do the cinema. I can count on my fingers how many times I've been in my life.
I'm not going to pay to sit next to a bunch of talking, chomping idiots who have no idea what the films about and ask stupid questions, then get up to use the loo at the critical point of the film, in a dirty, sticky seat with half-hour of trailers before I can watch a (usually substandard but not always) movie, having paid what could have bought me the DVD over and over and over and over again just to get in and buy a drink.
I don't actually get why people do, to be honest.
That said, the last time I went to see The Imitation Game, I really enjoyed it. A movie I wanted to see, that wasn't the usual Hollywood fare, in a cinema that was near-empty, at a half-decent time, without many of the above (but certainly quite a lot of things), and we smuggled our own food in.
When you take into account the tripe that's normally showing, I do not understand how they make money. But then, I wouldn't let myself be PAID to watch most of the junk that's out.