A firewall (P100 with no hard disk, 64MB) and a Cyrix 266 (one hard disk, 512MB) put a load of 9% on my MGE Ellipse 650VA UPS.
According to some calculations from the APC site (VA = W * 1.6) that'd be 35W for both of them. So at least the firewall seems to be quite comparable to that wifi router.
Use a distribution like LEAF then. It boots from a floppy, no hard disk needed.
You will have to learn well how firewalls work, but let's be honest, you have to anyway if you want it to be any good. ZoneAlarm or anything else will be useless if you don't understand well what's going on.
All firewalls have bugs in any case, but Linux is easier to secure. Easy recipe to a quite secure firewall:
Get a computer (P100 or so) with two network cards and connect it to your DSL modem or whatever.
Install LEAF on it
Disable all services, excepting SSH from inside for administration. Make sure there are NO daemons listening on the public interface, firewalled or not. This way you can't get hacked while your firewall is down.
Firewall everything.
Start opening ports as you need them, thinking carefully about if you really need them, making sure you only open what's needed. Also, close them if you no longer need them.
And there you go, it's almost 100% safe, since your firewall won't have externally accessible SSH, apache or whatever to hack. I'm pretty sure all the bugs in the firewall code were ironed out quite a while ago. If you need apache, get another computer, a third network card, and make a DMZ.
Nonsense. A P100 is perfectly capable of rendering pages with a very decent speed. It will take quite a while on really big pages though, but most people don't load the whole mySQL documentation as a single html file.
Add enough RAM (say, 256MB) and it should work well enough for any website. The performance problem will come from excessive use of Java, JavaScript and Flash, not HTML rendering.
If you don't mind some bandwidth waste, do a search and replace on the hosts file, and put the IP of some server you hate instead.
Most of the ads are in some specific directory, so it's very unlikenly that any file will be found, and you'll be filling some server's logs with 404s.
So, we build this huge thing, and a hundred years later it gets old, starts having structural problems, develops a huge crack, or whatever, and we need to demolish it. Now, how do we do that?
For example, look at what happened to the towers. They fell down pretty much as nicely as they could, and they still created a huge mess, and tons and tons of dust, some of which included asbestos. And cleaning up the remaining rubble was estimated to take years as well.
I'm curious about how those buildings are going to be destroyed when they can't continue standing anymore.
That's easy. I have a filter in procmail that filters all HTML through lynx -dump. Just do that, and then apply the spam filter. Not sure if it's a good idea for spamassassin though, since it contains HTML specific settings.
Okay, first, you're confusing two things here. The password is simply unknown information. We're talking about the security of algorhitms here, not passwords.
Yes, if you know the password of course you can decrypt a blowfish encrypted message. However, you can't decrypt ALL of them. That's the difference between a compromised password and an insecure algorhitm.
Second, while indeed writing a secret algorhitm that is secure is indeed possible, it doesn't mean that just because you can't break it nobody can. Given two insecure algorhitms, one open and another closed it is possible that the open one will be broken in a month after it's announced by some security expert. The second one might be just as broken, but remain in use for years, at which point somebody will find a flaw and compromise much more information.
Also, open algorhitms like Blowfish and AES have been tested and reviewed by real security experts over all the world. To me, the words of Bruce Schneier have much more weight that somebody who came out of nowhere and announced their unbreakable algorhitm. If you want a concrete example, Meganet's VME "unbreakable" and non-public algorhitm has been successfully reverse-engineered, and proved to be AWFULLY broken. So broken in fact that any message can be decoded within minutes.
If you rely on obscurity, prepare for a nasty surprise. Sooner or later, some smart guy with free time will decide to debug, decompile and reverse-engineer your application. Perhaps in a week or two the algorhitm will be posted on the USENET, or a closed source exploit will appear.
You don't want a situation like above. This smart guy might very well decide to do the same as you're doing, keeping the rest of the people in the obscurity and finding a way of getting a profit from that.
However, there's such a thing as real security, which doesn't rely on obscurity. Take encryption for example. Right now, you can google a bit and find the full source code of Blowfish. You can take this code, lots of plain text and its encrypted versions and study it. And you will still be unable to decrypt a message without knowing the key. THAT is security.
Or, take the Unix security. The basic ideas (/etc/passwd,/etc/shadow) are known. The encryption/hash algorhitm is known. However, if you take an old/etc/passwd with the passwords in it, and try to use that information to log in, your only possibility is a brute force attack against the hashed passwords. THAT is also security.
A system that relies on that its method of operation is kept secret and becomes instantly exploitable as soon as somebody figures out how it works is simply CRAP.
Re:What about Linux itself?
on
Software Fashion
·
· Score: 2, Insightful
Of course, just like everything, I'm pretty sure that Linux will eventually die, morph into something completely different from what it was, or be replaced by a better implementation.
I think that Linux is going to last for a long time though. Given its open nature it can adapt much better to changing requirements than say, Windows. It looks like Windows is going to have to break the API soon, and become incompatible with older versions.
Meanwhile, Linux, not having such a closed and monolithic design will almost surely remain compatible with old versions for a long time. I wouldn't be surprised if 4.0 was still able to run programs written to run under 2.0.
You buy at really expensive places. An Athlon MP 2000+ when I bought it was about $150 each. RAM cost me $70 for a 512MB *registered ECC DDR* module. I can get a hard disk for $100 or less. A $400 video card is way overkill, I use a GeForce 2MX. Very good cards can be found for $200. My motherboard did cost $270 though.
While the Opteron might be great and all that, and as an AMD fan I'll almost certainly buy one at some point, they just came out and are *way* overpriced. Besides, even if I had the money, and the need to buy such a machine, I still probably wouldn't. Losing a $150 CPU (more or less the price of one of mine) of course sucks, but it's affordable. Breaking a $810 one though...
And given the prices you quote above I'd probably get better preformance by buying two dual boxes. My dual motherboard was about $240, btw.
The Lian Li case cost about $120, more or less the same for the power supply.
Besides, at the risk of getting offtopic, this computer is the best designed one I ever used. For once, I have a computer that doesn't crash for strange reasons. Previously I had problems with the VIA chipset, SB Live sound card, and with some BIOS settings it didn't even boot.
The time I invested in selecting the components has more than paid off. Of course it's somewhat slower than the Apple one, but if I had the money for the Apple one, I'd just upgrade the CPUs to 3000+ or whatever is the fastest MP available, buy a second identical box, and still have remaining money to buy say, a decent UPS.
Hah. It cost me about $1100 to buy a dual motherboard, two Athlon MP 2000+, 1GB of ECC DRR RAM, a Lian Li case and an Enermax supply.
None of the above components are cheap, and still the price isn't near what you said. Of course the hard disk, CD drive, video and sound cards aren't included, but I'd have to fill the case with drives and buy the most expensive video card to get near that.
Of course mine isn't 64 bit, but I didn't see Opteron motherboards being sold anywhere when I was buying the components.
Well, that makes it even more annoying. Either you don't play online at all, or you only become able to play when you have an internet connection. Not a very nice choice to make, IMHO.
I'm pretty sure this is going to appear on Freenet or Entropy sooner or later.
So, once it appears there anybody will be able to download it without getting tracked. So the question is, what will be the long term effects of this?
Will the programmers from the competence download it to take a look at how it's done, and perhaps use the learned things to improve their games? Not necessarily anything like copy/paste, but I guess that a developer or two might look at it, hoping to find the solution to some difficult problem.
Perhaps Valve will have to redesign the protocol to stop people from writing servers and bypassing Steam?
Maybe a few programmers will secretly team up and make their own game with it? I can imagine such a thing being released on Freenet.
Steam won't let you play without an internet connection. There are many reasons not to like that. Like not having a stable connection, for example. The user might have a modem, or might want to play the game on a laptop without a network connection.
I know that many reasons use cracks on their legal games because they hate the "Insert game CD" crap.
Just wouldn't be much faster. I have a dual system. I'm pretty sure the CPU is not the bottleneck. It's the hard disk.
Loading my RAM (1GB of it) from disk is probably going to take longer than booting the old fashioned way. In any case, whatever you read from the disk can't be much smaller than the sum of all the executables
Whatever calculation you're doing there it's got to be wrong. 2MB is only 3.2 times more than 640 KB. Of course maybe you mean kilobits, but in that case the difference is 25.6 times, which still is very far from 200.
Well, that's a pretty useless argument since we don't have a time machine, so we can talk about what might have happened if MS didn't exist and still get nowhere.
However, I don't see why you think the current situation is a natural one. Look at other markets. Are all TVs made by Philips? Are all cars made by Ford? Are all UPSes made by APC? Of course not.
While in many markets there's a leader, like say, Cisco, or APC, the software market is almost unique in having a company like Microsoft. The existence of APC doesn't stop MGE from making their own UPSes, that can be used in place of APC ones without any compatibility problems. Cisco doesn't sign contracts with shops preventing them from selling OvisLink switches.
Of course choice is going to be a minor inconvenience to new people. Say, you can buy an UPS from: APC, Belkin, Best Power, Clary, Cyber Power Systems, ETA, Ever UPS, HP, MasterGuard, MGE, Online, Powercom, PowerWare, Tripp-Lite, and many others. All of those surely implement the same idea in many different ways and with different characteristics. Plenty to be confused with! But somehow I don't see anybody saying that they all should sell UPSes with the same shape, capacity and characteristics.
Slashdot Mirror
A firewall (P100 with no hard disk, 64MB) and a Cyrix 266 (one hard disk, 512MB) put a load of 9% on my MGE Ellipse 650VA UPS.
According to some calculations from the APC site (VA = W * 1.6) that'd be 35W for both of them. So at least the firewall seems to be quite comparable to that wifi router.
Use a distribution like LEAF then. It boots from a floppy, no hard disk needed.
You will have to learn well how firewalls work, but let's be honest, you have to anyway if you want it to be any good. ZoneAlarm or anything else will be useless if you don't understand well what's going on.
All firewalls have bugs in any case, but Linux is easier to secure. Easy recipe to a quite secure firewall:
Get a computer (P100 or so) with two network cards and connect it to your DSL modem or whatever.
Install LEAF on it
Disable all services, excepting SSH from inside for administration. Make sure there are NO daemons listening on the public interface, firewalled or not. This way you can't get hacked while your firewall is down.
Firewall everything.
Start opening ports as you need them, thinking carefully about if you really need them, making sure you only open what's needed. Also, close them if you no longer need them.
And there you go, it's almost 100% safe, since your firewall won't have externally accessible SSH, apache or whatever to hack. I'm pretty sure all the bugs in the firewall code were ironed out quite a while ago. If you need apache, get another computer, a third network card, and make a DMZ.
Nonsense. A P100 is perfectly capable of rendering pages with a very decent speed. It will take quite a while on really big pages though, but most people don't load the whole mySQL documentation as a single html file.
Add enough RAM (say, 256MB) and it should work well enough for any website. The performance problem will come from excessive use of Java, JavaScript and Flash, not HTML rendering.
If you don't mind some bandwidth waste, do a search and replace on the hosts file, and put the IP of some server you hate instead.
Most of the ads are in some specific directory, so it's very unlikenly that any file will be found, and you'll be filling some server's logs with 404s.
So, we build this huge thing, and a hundred years later it gets old, starts having structural problems, develops a huge crack, or whatever, and we need to demolish it. Now, how do we do that?
For example, look at what happened to the towers. They fell down pretty much as nicely as they could, and they still created a huge mess, and tons and tons of dust, some of which included asbestos. And cleaning up the remaining rubble was estimated to take years as well.
I'm curious about how those buildings are going to be destroyed when they can't continue standing anymore.
I can see an UNIX fire extinguisher in the trains in the spanish underground.
It's just that for some reason the editors decided to link to www6. Just try other numbers, for example, I read it on www4. Links:
www4
www5
That's easy. I have a filter in procmail that filters all HTML through lynx -dump. Just do that, and then apply the spam filter. Not sure if it's a good idea for spamassassin though, since it contains HTML specific settings.
Okay, first, you're confusing two things here. The password is simply unknown information. We're talking about the security of algorhitms here, not passwords.
Yes, if you know the password of course you can decrypt a blowfish encrypted message. However, you can't decrypt ALL of them. That's the difference between a compromised password and an insecure algorhitm.
Second, while indeed writing a secret algorhitm that is secure is indeed possible, it doesn't mean that just because you can't break it nobody can. Given two insecure algorhitms, one open and another closed it is possible that the open one will be broken in a month after it's announced by some security expert. The second one might be just as broken, but remain in use for years, at which point somebody will find a flaw and compromise much more information.
Also, open algorhitms like Blowfish and AES have been tested and reviewed by real security experts over all the world. To me, the words of Bruce Schneier have much more weight that somebody who came out of nowhere and announced their unbreakable algorhitm. If you want a concrete example, Meganet's VME "unbreakable" and non-public algorhitm has been successfully reverse-engineered, and proved to be AWFULLY broken. So broken in fact that any message can be decoded within minutes.
If you rely on obscurity, prepare for a nasty surprise. Sooner or later, some smart guy with free time will decide to debug, decompile and reverse-engineer your application. Perhaps in a week or two the algorhitm will be posted on the USENET, or a closed source exploit will appear.
You don't want a situation like above. This smart guy might very well decide to do the same as you're doing, keeping the rest of the people in the obscurity and finding a way of getting a profit from that.
Bugs always happen.
/etc/shadow) are known. The encryption/hash algorhitm is known. However, if you take an old /etc/passwd with the passwords in it, and try to use that information to log in, your only possibility is a brute force attack against the hashed passwords. THAT is also security.
However, there's such a thing as real security, which doesn't rely on obscurity. Take encryption for example. Right now, you can google a bit and find the full source code of Blowfish. You can take this code, lots of plain text and its encrypted versions and study it. And you will still be unable to decrypt a message without knowing the key. THAT is security.
Or, take the Unix security. The basic ideas (/etc/passwd,
A system that relies on that its method of operation is kept secret and becomes instantly exploitable as soon as somebody figures out how it works is simply CRAP.
Of course, just like everything, I'm pretty sure that Linux will eventually die, morph into something completely different from what it was, or be replaced by a better implementation.
I think that Linux is going to last for a long time though. Given its open nature it can adapt much better to changing requirements than say, Windows. It looks like Windows is going to have to break the API soon, and become incompatible with older versions.
Meanwhile, Linux, not having such a closed and monolithic design will almost surely remain compatible with old versions for a long time. I wouldn't be surprised if 4.0 was still able to run programs written to run under 2.0.
You buy at really expensive places. An Athlon MP 2000+ when I bought it was about $150 each. RAM cost me $70 for a 512MB *registered ECC DDR* module. I can get a hard disk for $100 or less. A $400 video card is way overkill, I use a GeForce 2MX. Very good cards can be found for $200. My motherboard did cost $270 though.
Btw, $4198 - $2490 = $1708, not $509.
Then I'm not buying one any time soon.
While the Opteron might be great and all that, and as an AMD fan I'll almost certainly buy one at some point, they just came out and are *way* overpriced. Besides, even if I had the money, and the need to buy such a machine, I still probably wouldn't. Losing a $150 CPU (more or less the price of one of mine) of course sucks, but it's affordable. Breaking a $810 one though...
And given the prices you quote above I'd probably get better preformance by buying two dual boxes. My dual motherboard was about $240, btw.
The Lian Li case cost about $120, more or less the same for the power supply.
Besides, at the risk of getting offtopic, this computer is the best designed one I ever used. For once, I have a computer that doesn't crash for strange reasons. Previously I had problems with the VIA chipset, SB Live sound card, and with some BIOS settings it didn't even boot.
The time I invested in selecting the components has more than paid off. Of course it's somewhat slower than the Apple one, but if I had the money for the Apple one, I'd just upgrade the CPUs to 3000+ or whatever is the fastest MP available, buy a second identical box, and still have remaining money to buy say, a decent UPS.
Hah. It cost me about $1100 to buy a dual motherboard, two Athlon MP 2000+, 1GB of ECC DRR RAM, a Lian Li case and an Enermax supply.
None of the above components are cheap, and still the price isn't near what you said. Of course the hard disk, CD drive, video and sound cards aren't included, but I'd have to fill the case with drives and buy the most expensive video card to get near that.
Of course mine isn't 64 bit, but I didn't see Opteron motherboards being sold anywhere when I was buying the components.
ok, then how about kemerge, kportage, portagemaster?
emerge mplayer?
Well, that makes it even more annoying. Either you don't play online at all, or you only become able to play when you have an internet connection. Not a very nice choice to make, IMHO.
I'm pretty sure this is going to appear on Freenet or Entropy sooner or later.
So, once it appears there anybody will be able to download it without getting tracked. So the question is, what will be the long term effects of this?
Will the programmers from the competence download it to take a look at how it's done, and perhaps use the learned things to improve their games? Not necessarily anything like copy/paste, but I guess that a developer or two might look at it, hoping to find the solution to some difficult problem.
Perhaps Valve will have to redesign the protocol to stop people from writing servers and bypassing Steam?
Maybe a few programmers will secretly team up and make their own game with it? I can imagine such a thing being released on Freenet.
Steam won't let you play without an internet connection. There are many reasons not to like that. Like not having a stable connection, for example. The user might have a modem, or might want to play the game on a laptop without a network connection.
I know that many reasons use cracks on their legal games because they hate the "Insert game CD" crap.
Just wouldn't be much faster. I have a dual system. I'm pretty sure the CPU is not the bottleneck. It's the hard disk.
Loading my RAM (1GB of it) from disk is probably going to take longer than booting the old fashioned way. In any case, whatever you read from the disk can't be much smaller than the sum of all the executables
You mean there's a CPU with 128MB of cache? :-P
Whatever calculation you're doing there it's got to be wrong. 2MB is only 3.2 times more than 640 KB. Of course maybe you mean kilobits, but in that case the difference is 25.6 times, which still is very far from 200.
Which is just fine for everybody involved! If they don't like the GPL they can just use BSD, or pay royalties to Microsoft.
Intel could have called it "Sexium", but that might not have been welcome. They seriously trademarked that, btw.
Well, that's a pretty useless argument since we don't have a time machine, so we can talk about what might have happened if MS didn't exist and still get nowhere.
However, I don't see why you think the current situation is a natural one. Look at other markets. Are all TVs made by Philips? Are all cars made by Ford? Are all UPSes made by APC? Of course not.
While in many markets there's a leader, like say, Cisco, or APC, the software market is almost unique in having a company like Microsoft. The existence of APC doesn't stop MGE from making their own UPSes, that can be used in place of APC ones without any compatibility problems. Cisco doesn't sign contracts with shops preventing them from selling OvisLink switches.
Of course choice is going to be a minor inconvenience to new people. Say, you can buy an UPS from: APC, Belkin, Best Power, Clary, Cyber Power Systems, ETA, Ever UPS, HP, MasterGuard, MGE, Online, Powercom, PowerWare, Tripp-Lite, and many others. All of those surely implement the same idea in many different ways and with different characteristics. Plenty to be confused with! But somehow I don't see anybody saying that they all should sell UPSes with the same shape, capacity and characteristics.