The best tactic, in my opinion, is to make so little that the government gives *you* money. It's kinda fun tweaking you life to live so cheaply, kinda like the days of squeezing every possible byte of lower memory in DOS so you could run decent video games.
I had to laugh a few weeks ago, when I figured my actual *earned* income is hovering around $10k this year -- and I have wife and kids. We live comfortably, just not excessively. If it weren't for an unexpected sale of an investment which resulted in a capital gains hit, Uncle Sam would have written *me* a check for several grand this year, which would easily cover any other taxes I pay during the year (real estate, auto registration, etc.).
Oh well... there's always next year.
If I didn't hate paperwork so damned much, we'd qualify for ~$400/month in food stamps. Hell, for that big of a stipend, I could sack away a very large end-of-the-world food bunker in under a year.
Some of us design our lives to have a *negative* tax rate. How many people can support a family of 4 on 2 hours of work a day (besides maybe Spitzer's whore)?;-)
MAC addresses can be trivially spoofed. There's even a database of MAC ranges for manufactured devices, so you can pick and choose which device to masquerade as on the network.
As for disruptions, Evolution was driving me crazy...
I prefer console apps as much as possible, just for this very reason. However, you can have the best of both, while still having your GUI mail app. Use fetchmail for in-bound mail -- no annoying notices via the GUI, just peek at the syslogs if you think something's wrong. I use postfix to route my email via my gmail account, but if you're using Evolution, you could just as well use that for outbound. I assume Evolution can read mail from a spool file or maildir?
For WfWG 3.11 and older (running on some DOS variant, of course), you'd do better to run under "dosbox". Not a complete hardware emulator, but certainly enough to do 99% of what most would want. Much leaner than VMWare and Qemu. For grins, a few months ago I installed Dark Forces from an old ISO image I had stuffed in a corner of my filesystem. Was pretty cool to see such an old game running under my X desktop -- ran with SB16 sound and everything. Now if I could just find my old copy of Lemmings...
I don't suppose you could provide a site that Does the Right Thing(tm)? Every site I've tried (including one I maintain myself) doesn't come back with anything that seems to indicate the cert can be trusted. Includes my credit union, Wells Fargo, and just about any other big name site I can think of. Perhaps I'm missing something to correctly run this openssl verification command you provide? I can't fathom *all* of the big sites I've tried being incorrectly set up.
Look, you're talking to a group of asshats who are too damned lazy to watch the speed limit or get up in time for work so they mustn't violate said speed limit. Do you *really* think these same dumb-asses are going to make the effort to actually learn the visual cues of the road and drivers to detect cops and traps? Nope -- that's why radar detectors are such a gravy train for the sellers. People want a newfangled whirligig with blinky lights and cool beeps to do the work for them.
You, sir, just made my day with a hearty chuckle. Nonetheless, I will punch in the few traps I know of in my area. As much as I hate chronic speeders/tailgaters (which is why I'll contribute to Trapster -- maybe some will cleanse themselves from the gene pool by twiddling w/ their phones instead of driving well), I hate cops who prey on them even more, since it's a fucking waste of my tax dollars.
I've had several dealings with stubborn local utilities. Most states have a Public Utilities Commission (or PUC), which regulate such entities at the state level. Every single time I've been blown off by a gas or phone company and I've lodged a complaint with the PUC, I get an almost immediate response (as in hours the same day, usually). I don't always get the issue resolved (such as the company not technically violating anything, just being asshats), *but* at least some some manager at the company is forced to do a bunch of paperwork one way or the other to resolve the complaint, so there's a very solid record of my complaint somewhere.
Now, is cable/internet service regulated by the state PUCs (i.e., is the service a "utility")? I don't know. But I urge people to sick their own State on unruly utility providers. It's fun and yet another way us lowly consumers can push back. If I witnessed Comcast pulling this shit with my account (I have DSL with some rural telco, so I can't even look for this), I'd at the least attempt to sick Utah's PUC on them.
I'm sorry, but *any* system that stores email in a binary database is simply lame. Period. Really, the only decent format is something like the Maildir format -- where each message gets its own file. It's as close to elegant for mail storage as you can get these days, easy to backup/restore, less prone to breakage (mbox, here's looking at *you*), and is easy to otherwise massage and manipulate via automated means. Sure, you can't run SQL queries for finding content, but find+grep sure does one hell of a job in that department.
The fact that there's a cottage industry for "import/export/repair/archiving/backup tools out there for PST files (and for Exchange)" speaks volumes about the underlying approach itself: it's fragile and not worth using.
I'm not bashing Windows or Exchange, specifically, but *any* system that stuffs email into a database. I assume this includes Notes/Domino and other like systems. I'm pretty sure there are UNIX solutions (Free, free, or otherwise) that fit this classification as well. It's simply a bad, bad approach to email, whether it's on the server *or* the client -- in which case Exchange/Outlook gets two thumbs down.
The wheat (and other non corn farmers) are going to clean up for the next few years, until market forces tilt the scales back to a more normal situation.
Firstly, the US national "wheat stores" (the supply of wheat the country has on-hand at any given time) is at its near lowest point since records began. I'll be damned if I can find the official source now, but I actually browsed a quarterly report from whatever organization that tracks this (USDA perhaps) and read this a few months back. This food storage site (and blog) has been aware of the trends for a while, as his prices have gone through the roof.
On the anecdotal side: 1) Having livestock, I've witnessed the prices of non-corn 50-pound feeds nearly double in the past 6 months -- all were about $7/bag, and last time I bought them, wheat, oats, & barley were $15. Corn even went from about $7 to $9 over the same time; 2) The prices of food-grade wheat have gone from about $10/bag to over $20 (witnessed both on the Wheat Montanna site and a local Macey's store, which sells 50-pound bags of Walton Feed wheat; 3) While recently at a wine store, I witnessed a farmer talking about converting over to hops, because hop crops are being converted to corn for the ethanol subsidies.
This, of course, is also a general trend of the prices of food (and everything else) going up to reflect higher fuel costs. We normally buy whole wheat and grind it fresh -- it's much healthier, and is normally much chepaer. Howeverm due to large mills buying advanced contracts at a set price, the prices of wheat flour haven't caught up with that of whole wheat yet. Right now, it's cheaper to buy 2 25-pound bags of flour than it is to buy a 50-pound sack of whole wheat berries, which is the first time I've witnessed this imbalance in the 10 years my family has been buying whole wheat. (These are typical retail prices -- price club prices may be different.)
Oh, and I found this post while trying to find my link to US wheat stores numbers. Not proof positive of a coming "crisis", but when the the topic of wheat prices starts popping up on mainstream sites, it's worth taking note of. It's quite conceivable that this year we will see a doubling of prices for all wheat-based staples (flour, bread, pasta, etc.) and products which use wheat products will follow shortly thereafter. Even those of us who don't buy processed, pre-made stuff will be feeling the pinch. I really feel sorry for those who buy Eggo Waffles and frozen garlic bread in a box.
Equating the US to Iran or North Korea is ludicrous in the extreme, and you know it.
Indeed. The US is the only one of those countries to actually *use* a nuclear weapon against another country. The US's own "downwinders" don't count here.
Only because the damned legal code (combined federal, state, & local) is *so* huge and complex, even legal scholars (you know, those who dedicate their whole lives to reading the actual laws and relevant case law) can't agree on WTF many of the laws actually mean.
Don't blame *me* for Hatch -- I vote against that fucker every election he's on the ballot. I'm one of maybe a dozen blue pixels on one of the reddest states of the map. Sometimes I wonder if I should sign up with one of those vote trading sites, as my votes here are pretty much spitting in the ocean.
Apache 1.x or 2.x? Seriously, I'd love a link to your benchmark data. Quite the opposite, I manage a very *small* site for a client, and I need to eek out the absolute most from the aging server they rent. I did some half-assed benchmarks between the existing Apache 1.3 install vs whatever the latest lighttpd version in FreeBSD's ports was at the time, and it was a big improvement. However, I then threw on Apache 2.2, and the difference between it and lighttpd were negligible. They require PHP, as well.
I'm admittedly not well versed in current web server benchmarking methodology, so I could have been way off the mark in my tests. I've read a few case studies online about what you propose, and more than a few seem to think Apache 2.2 stacks up pretty well against lighttpd.
I'm in no way biased for or against the "older" popular servers out there. I prefer postfix to sendmail, though I still prefer BIND to the light-weight alternatives. Apache's complexity sometimes bugs me, so I'm always open for the option of ditching it.
However, the site GeoNames has a *huge* world database of features with coordinates. I've used it for a few weird searches for a personal project. It's released under the creative commons attributions license. It's a bit raw for what you need, but I'm sure a dedicated group of folks could groom it to the purpose you require.
Congrats on being one of the black sheep and raising your kids to be individuals! Truly. More people should. However, schools, like society in general, pretty much bludgeon people into conformity (or, by design, attempt to). Most parents want their kids to fit in at all costs, usually so the parents *themselves* can feel that they fit in. This leads to, well, conformity, or in those cases where folks don't fit in, anxiety over the lack of conformity.
Some people are naturally born to not give a shit, do their own thing, and go about their lives. My wife was one such person. I, however, was not, and only gained that self confidence well into my adult years. Who knows how the kid are -- they could go either direction. Still, we both think that keeping the public school system's influence to a minimum is a great idea, so we've mostly kept them out of school thus far.
And in case you haven't noticed, most adults these days behave like spoiled, over-privileged children. I doubt that's a result of them *not* being allowed to act like children at 9 or 11. Besides, WTF does opting out of State compulsory daily absence from their family have to do with whether our kids get to be kids?
But what is wrong with this picture (from one of the Wikipedia links above)? Is she some sort or slave woman whose chains were photoshopped from her legs but not all of her shadow? WTF?
Meh! Anyone can learn to socialize, at any point in life.
We homeschool our 2 kids (currently 4th & 7th grade). We live a bit out of the way, and we just don't care for the wasted time and resources public education drains on everyone (us, the kids, etc.). We're in the middle of a family debate on whether to re-introduce them back. They want more social interaction, but that just means they want daily contact w/ kids their own age, not that they have any trouble socializing.
Our kids lack a bit of "street smarts", but they're pretty sharp. The are not finely tuned to pass standardized tests, but they have the ability to figure stuff out. Combined with the fact that we haven't had TV in 7 or so years, they are also a bit lacking in current pop culture references and almost totally lack the branded, consumerist mindset most kids (and adults) have today. Sure, I doubt my kids will be National Honor Society material, but I think that's a good thing.
Personally, my wife and I feel that for the vast majority of occupations, college is more of a liability than anything these days. Education has become such a boogeyman for gullible parents that it has become commoditized and commercialized to the point of loosing any meaning it once had. The cost (and potential debt) is outrageous, and it seems so few actually ever use their degree (for example, I once had a manager when I was waiting tables that had a chemistry degree -- WTF?!?). If my kids *want* to go down a career path that requires tons of education (academia, law, medicine, etc.), then they'll be motivated to find a way to get there. If not, then they'll start off in a slightly lower caste, but with substantially less baggage than their college-educated, debt-laden, Prozac-popping peers.
Sure, home-schooled kids *may* be slightly less equipped to handle the "real, big bad world" than their hardened, systemically-programmed public education counterparts. However, we believe that it will be far easier for our kids to catch up on any good things they missed out on in school once they are adults than it will be for them to shed the stupid habits and conformity they would have gained there.
I just noticed that this is exactly what I did. Traditionally, I believe that/var/tmp is meant to be a little more persistent than/tmp. For example, 'vi' usually keeps "recover" files in/var/tmp, so that if you're editing a file and you lose your connection or the machine crashes, you can use the "-r" option to recover what you were working on. On a one-time-key encrypted/var/tmp, you would obviously loose those files each time the system restarted. I think this is a fair compromise for my system, though.
It's pretty easy to tell, though, that if you do my procedure and grep for "example" then see "http://www.example.com" in the result, which hasn't been visited in weeks/days (even after reboots and power-downs), then it's clearly appears to be lingering in RAM.
Someone mentioned browser cache, but that's set to be cleared each time Firefox is loaded. Perhaps file system slack space is the culprit here.
Someone else mentioned the VFS cache, which I don't know enough about to comment. Would such meta data be preserved on disk and end up in memory after a restart of the OS? Certainly, I know that without wiping inodes, that file names can persist on disk. For the curious, this can be seen by deleting a uniquely-named file from a directory, then doing a "dd if=[dir] | strings" which shows strings of current and deleted filenames. (Oddly enough, this worked for UFS, but not for my ZFS volume -- must handle things much differently.)
I do agree that your dump-to-file-then-grep method is much more sane than mine and less prone to false alarms.
That's very cool indeed. However, after thinking about it, even something simpler might work. Would it be possible to amend the kernel API so that when a page is released from use, it could do a secure wipe on each physical page? Not nearly as thorough as a system where plain-text pages never hit the ram chip, but it may be a relatively easy stop-gap measure to use in the interim. You could even use an extended file system attribute to designate which exec'ed binaries are affected by such a system.
Then again, I've been waiting for years for an in-kernel system where only signed-binaries can be run, and that seems nowhere in sight. This stuff must be enormously difficult to do, or the pool of people wanting such features is immeasurably small.
I run my FreeBSD (7.0RC3) system with some geli-encrypted volumes, and one-time encrypted swap and/tmp. Very little data can leak out to non-encrypted space (yeah,/var/tmp is one).
However, for grins one day, I decided to run "dd if=/dev/mem bs=1m count=[mem size] | strings | grep [whatever]" and found not only various passwords, but URLs for sites visited *weeks* ago, even after reboots. So, I installed the "secure_delete" port and ran "smem". No luck -- some stuff got wiped, but some remained in memory. So I booted to a memtest86 CD-ROM, and ran the full test (this test does all kinds of writes/reads to memory). Then, I booted *back* to the normal system, and I was *still* able to recover juicy bits from/dev/mem. WTF?
We need a kernel module for the common OSes that can encrypt virtual pages (is that the right term?) so that whether in core or paged, they won't be vulnerable.
The point of the script is to query bogus/random domains via a "watched" interface (web site, certain 'whois' servers, etc.). The automation that the Bad Guys use to snarf up these "interesting" (but as-of-yet not registered) domain names would result in those same bad guys eating the 20-cents for each domain.
In other words, it's not the vengeful script operators who would incur any cost, but rather the vultures who are watching people search for available domain names.
Slashdot Mirror
I had to laugh a few weeks ago, when I figured my actual *earned* income is hovering around $10k this year -- and I have wife and kids. We live comfortably, just not excessively. If it weren't for an unexpected sale of an investment which resulted in a capital gains hit, Uncle Sam would have written *me* a check for several grand this year, which would easily cover any other taxes I pay during the year (real estate, auto registration, etc.).
Oh well... there's always next year.
If I didn't hate paperwork so damned much, we'd qualify for ~$400/month in food stamps. Hell, for that big of a stipend, I could sack away a very large end-of-the-world food bunker in under a year.
Some of us design our lives to have a *negative* tax rate. How many people can support a family of 4 on 2 hours of work a day (besides maybe Spitzer's whore)? ;-)
MAC addresses can be trivially spoofed. There's even a database of MAC ranges for manufactured devices, so you can pick and choose which device to masquerade as on the network.
I prefer console apps as much as possible, just for this very reason. However, you can have the best of both, while still having your GUI mail app. Use fetchmail for in-bound mail -- no annoying notices via the GUI, just peek at the syslogs if you think something's wrong. I use postfix to route my email via my gmail account, but if you're using Evolution, you could just as well use that for outbound. I assume Evolution can read mail from a spool file or maildir?
Anyway, it's potentially the best of both worlds.
For WfWG 3.11 and older (running on some DOS variant, of course), you'd do better to run under "dosbox". Not a complete hardware emulator, but certainly enough to do 99% of what most would want. Much leaner than VMWare and Qemu. For grins, a few months ago I installed Dark Forces from an old ISO image I had stuffed in a corner of my filesystem. Was pretty cool to see such an old game running under my X desktop -- ran with SB16 sound and everything. Now if I could just find my old copy of Lemmings...
I don't suppose you could provide a site that Does the Right Thing(tm)? Every site I've tried (including one I maintain myself) doesn't come back with anything that seems to indicate the cert can be trusted. Includes my credit union, Wells Fargo, and just about any other big name site I can think of. Perhaps I'm missing something to correctly run this openssl verification command you provide? I can't fathom *all* of the big sites I've tried being incorrectly set up.
You, sir, just made my day with a hearty chuckle. Nonetheless, I will punch in the few traps I know of in my area. As much as I hate chronic speeders/tailgaters (which is why I'll contribute to Trapster -- maybe some will cleanse themselves from the gene pool by twiddling w/ their phones instead of driving well), I hate cops who prey on them even more, since it's a fucking waste of my tax dollars.
Now, is cable/internet service regulated by the state PUCs (i.e., is the service a "utility")? I don't know. But I urge people to sick their own State on unruly utility providers. It's fun and yet another way us lowly consumers can push back. If I witnessed Comcast pulling this shit with my account (I have DSL with some rural telco, so I can't even look for this), I'd at the least attempt to sick Utah's PUC on them.
The fact that there's a cottage industry for "import/export/repair/archiving/backup tools out there for PST files (and for Exchange)" speaks volumes about the underlying approach itself: it's fragile and not worth using.
I'm not bashing Windows or Exchange, specifically, but *any* system that stuffs email into a database. I assume this includes Notes/Domino and other like systems. I'm pretty sure there are UNIX solutions (Free, free, or otherwise) that fit this classification as well. It's simply a bad, bad approach to email, whether it's on the server *or* the client -- in which case Exchange/Outlook gets two thumbs down.
Firstly, the US national "wheat stores" (the supply of wheat the country has on-hand at any given time) is at its near lowest point since records began. I'll be damned if I can find the official source now, but I actually browsed a quarterly report from whatever organization that tracks this (USDA perhaps) and read this a few months back. This food storage site (and blog) has been aware of the trends for a while, as his prices have gone through the roof.
On the anecdotal side: 1) Having livestock, I've witnessed the prices of non-corn 50-pound feeds nearly double in the past 6 months -- all were about $7/bag, and last time I bought them, wheat, oats, & barley were $15. Corn even went from about $7 to $9 over the same time; 2) The prices of food-grade wheat have gone from about $10/bag to over $20 (witnessed both on the Wheat Montanna site and a local Macey's store, which sells 50-pound bags of Walton Feed wheat; 3) While recently at a wine store, I witnessed a farmer talking about converting over to hops, because hop crops are being converted to corn for the ethanol subsidies.
This, of course, is also a general trend of the prices of food (and everything else) going up to reflect higher fuel costs. We normally buy whole wheat and grind it fresh -- it's much healthier, and is normally much chepaer. Howeverm due to large mills buying advanced contracts at a set price, the prices of wheat flour haven't caught up with that of whole wheat yet. Right now, it's cheaper to buy 2 25-pound bags of flour than it is to buy a 50-pound sack of whole wheat berries, which is the first time I've witnessed this imbalance in the 10 years my family has been buying whole wheat. (These are typical retail prices -- price club prices may be different.)
Oh, and I found this post while trying to find my link to US wheat stores numbers. Not proof positive of a coming "crisis", but when the the topic of wheat prices starts popping up on mainstream sites, it's worth taking note of. It's quite conceivable that this year we will see a doubling of prices for all wheat-based staples (flour, bread, pasta, etc.) and products which use wheat products will follow shortly thereafter. Even those of us who don't buy processed, pre-made stuff will be feeling the pinch. I really feel sorry for those who buy Eggo Waffles and frozen garlic bread in a box.
Indeed. The US is the only one of those countries to actually *use* a nuclear weapon against another country. The US's own "downwinders" don't count here.
Only because the damned legal code (combined federal, state, & local) is *so* huge and complex, even legal scholars (you know, those who dedicate their whole lives to reading the actual laws and relevant case law) can't agree on WTF many of the laws actually mean.
Don't blame *me* for Hatch -- I vote against that fucker every election he's on the ballot. I'm one of maybe a dozen blue pixels on one of the reddest states of the map. Sometimes I wonder if I should sign up with one of those vote trading sites, as my votes here are pretty much spitting in the ocean.
I'm admittedly not well versed in current web server benchmarking methodology, so I could have been way off the mark in my tests. I've read a few case studies online about what you propose, and more than a few seem to think Apache 2.2 stacks up pretty well against lighttpd.
I'm in no way biased for or against the "older" popular servers out there. I prefer postfix to sendmail, though I still prefer BIND to the light-weight alternatives. Apache's complexity sometimes bugs me, so I'm always open for the option of ditching it.
Sounds like a grand idea! I'm all for it.
However, the site GeoNames has a *huge* world database of features with coordinates. I've used it for a few weird searches for a personal project. It's released under the creative commons attributions license. It's a bit raw for what you need, but I'm sure a dedicated group of folks could groom it to the purpose you require.
Some people are naturally born to not give a shit, do their own thing, and go about their lives. My wife was one such person. I, however, was not, and only gained that self confidence well into my adult years. Who knows how the kid are -- they could go either direction. Still, we both think that keeping the public school system's influence to a minimum is a great idea, so we've mostly kept them out of school thus far.
And in case you haven't noticed, most adults these days behave like spoiled, over-privileged children. I doubt that's a result of them *not* being allowed to act like children at 9 or 11. Besides, WTF does opting out of State compulsory daily absence from their family have to do with whether our kids get to be kids?
Ugh. Is it me, or does that woman have a face like Odo?
But what is wrong with this picture (from one of the Wikipedia links above)? Is she some sort or slave woman whose chains were photoshopped from her legs but not all of her shadow? WTF?
We homeschool our 2 kids (currently 4th & 7th grade). We live a bit out of the way, and we just don't care for the wasted time and resources public education drains on everyone (us, the kids, etc.). We're in the middle of a family debate on whether to re-introduce them back. They want more social interaction, but that just means they want daily contact w/ kids their own age, not that they have any trouble socializing.
Our kids lack a bit of "street smarts", but they're pretty sharp. The are not finely tuned to pass standardized tests, but they have the ability to figure stuff out. Combined with the fact that we haven't had TV in 7 or so years, they are also a bit lacking in current pop culture references and almost totally lack the branded, consumerist mindset most kids (and adults) have today. Sure, I doubt my kids will be National Honor Society material, but I think that's a good thing.
Personally, my wife and I feel that for the vast majority of occupations, college is more of a liability than anything these days. Education has become such a boogeyman for gullible parents that it has become commoditized and commercialized to the point of loosing any meaning it once had. The cost (and potential debt) is outrageous, and it seems so few actually ever use their degree (for example, I once had a manager when I was waiting tables that had a chemistry degree -- WTF?!?). If my kids *want* to go down a career path that requires tons of education (academia, law, medicine, etc.), then they'll be motivated to find a way to get there. If not, then they'll start off in a slightly lower caste, but with substantially less baggage than their college-educated, debt-laden, Prozac-popping peers.
Sure, home-schooled kids *may* be slightly less equipped to handle the "real, big bad world" than their hardened, systemically-programmed public education counterparts. However, we believe that it will be far easier for our kids to catch up on any good things they missed out on in school once they are adults than it will be for them to shed the stupid habits and conformity they would have gained there.
This can be seen with nearly any resource which approaches depletion. IPv4 addresses will, inevitably, be no exception.
I just noticed that this is exactly what I did. Traditionally, I believe that /var/tmp is meant to be a little more persistent than /tmp. For example, 'vi' usually keeps "recover" files in /var/tmp, so that if you're editing a file and you lose your connection or the machine crashes, you can use the "-r" option to recover what you were working on. On a one-time-key encrypted /var/tmp, you would obviously loose those files each time the system restarted. I think this is a fair compromise for my system, though.
It's pretty easy to tell, though, that if you do my procedure and grep for "example" then see "http://www.example.com" in the result, which hasn't been visited in weeks/days (even after reboots and power-downs), then it's clearly appears to be lingering in RAM.
Someone mentioned browser cache, but that's set to be cleared each time Firefox is loaded. Perhaps file system slack space is the culprit here.
Someone else mentioned the VFS cache, which I don't know enough about to comment. Would such meta data be preserved on disk and end up in memory after a restart of the OS? Certainly, I know that without wiping inodes, that file names can persist on disk. For the curious, this can be seen by deleting a uniquely-named file from a directory, then doing a "dd if=[dir] | strings" which shows strings of current and deleted filenames. (Oddly enough, this worked for UFS, but not for my ZFS volume -- must handle things much differently.)
I do agree that your dump-to-file-then-grep method is much more sane than mine and less prone to false alarms.
In any case, this is a most interesting topic.
Then again, I've been waiting for years for an in-kernel system where only signed-binaries can be run, and that seems nowhere in sight. This stuff must be enormously difficult to do, or the pool of people wanting such features is immeasurably small.
However, for grins one day, I decided to run "dd if=/dev/mem bs=1m count=[mem size] | strings | grep [whatever]" and found not only various passwords, but URLs for sites visited *weeks* ago, even after reboots. So, I installed the "secure_delete" port and ran "smem". No luck -- some stuff got wiped, but some remained in memory. So I booted to a memtest86 CD-ROM, and ran the full test (this test does all kinds of writes/reads to memory). Then, I booted *back* to the normal system, and I was *still* able to recover juicy bits from /dev/mem. WTF?
We need a kernel module for the common OSes that can encrypt virtual pages (is that the right term?) so that whether in core or paged, they won't be vulnerable.
In other words, it's not the vengeful script operators who would incur any cost, but rather the vultures who are watching people search for available domain names.