The U.S. Government fully understands the need for isolation and just how impossible it really it. There are niche companies out there that make systems that comply with specific DCID 6/3 requirements to make the system match a Protection Level. They use mandatory access control with Solaris 10 Containers, Trusted Solaris/Irix before that, and SELinux nowadays.
Here's their problem though. In order to be effective, an organisation must clearly know what must come in or out, network wise. It is difficult, technically speaking, and managing such an interface point is a speciality either run by expensive people or by cheap, clueless dimwits.
As Bruce Schneier has pointed out, liability laws need to be in place because the market will not apply the proper controls, if for nothing else, then for cost alone. Folks may complain about PCI or SOX compliance and how it doesn't really make things safer and I agree because it just forces compliance but doesn't make them want to be compliant. Companies that are able to equate vulnerability with a decrease in stock price will find themselves motivated to make it right. The fear of lawyers can be pretty good motivation to do the right thing.
Here's my recommendation. Provide an incentive for passing an inspection. Provide an incentive for the inspector. Then clearly set the rules of the competition. The incentives are not based upon a "failure to hijack," but upon an ability to control an intrusion. The inspector does not get incentive for penetration, he gets incentive for control after he's in. The integrators need to pride themselves in limiting the damage that can be done. If they keep the installation simple and easy to understand, then it's harder to find sneaky ways in.
Meanwhile, light one up and pass it over 'cause I'm not holding my breath.
Thanks for the thoughtful reply. I've read through the TRIPS link you graciously provided. There is some good reading in there. What I failed to find though was anything that supported your argument of mandatory enforcement. I'm sure it's in there, I just wasn't having very much luck.
What if the patent holder was required to take a more active role in their patents and the applicability to proposed standards, as governed by industry and government bodies (e.g. ANSI, MILSPEC)? If a call went out looking for patents related to a specific standard, they would be required to participate in the standards body within, say, 3 months of being notified. Failure to respond or to provide reasonable licensing terms (to the standards body) is a forfeit of the holder's right to prosecute those who implement the standard.
I've got this idea because it means that:
Lawyers will be retained to provide continuous monitoring of the standards landscape
It encourages patents to be licensed rather than sat on and thus impeding progress
The sheer volume of patents would either be a boon for the legal industry or a discouragement from filing yet more patents
Patents are encouraged to get organized into standards bodies
Awesome! I'm glad to know that I'm not alone in looking for effective ways to introduce a better balance into the ecosystem. Thanks for the excellent story.
Thanks for the detailed reply, tambo. You are quite right that I am not a lawyer and thus make simple, repeated mistakes in this area. You pointed out a confusing point I had and the more I stew on it, the more I'm convincing myself that this is a complete dead end. It's starting to feel like a Game Theory model is going to have to be built in order to make any significant improvements to the system.
I really like your observation that the first standard established becomes the de facto standard as it would be the only one with any real patent protection according to my plan. The process of even trying to develop the next generation technology would have to stand on the shoulders of the previous work, but since it wouldn't be part of a standard yet, the developers could be easily sued.
As for submarine patents, thanks for calling me out on that. It might have helped if I had run a Google on it before I posted that phrase.
Can you conceive of a plan, then, by which RAND can force non-members to at least identify their patents within a short, finite time span or forfeit most forms of redress? Ideally, a patent search would find relevant conflicts, but I'm starting to get the idea that more and more generic, broad patents are being issued with too much being left to interpretation.
I guess what I kind of want is patent owners to be required to be more involved in nearby issues like the involvement required for trademarks. I'm looking to change the balance of things since the issuing rules don't appear to be up for change any time soon in the U.S. And that's what everybody on Slashdot complains about the most.
These termination fees don't apply just to the whole contract. If you add a family member in for the $9.99/mo, they get their own phone number (duh), which is effectively another contract. If that family member leaves before the end of the contract, they own the remaining balance on the termination fee. The primary holder on the account can also be hit for the remaining balance of the termination fee if they cancel early too.
So, if you subscribe your wife and/or girlfriend on to the plan 18 months into a 24 month plan, they charge you $9.99 a month. I don't remember if they charge a fee to set up the phone, but the cynical side of me says that they probably do. If your significant other dumps you in the 23rd month of the contract, they can prorate the termination fee any way they want. They may take their $175 prorated to remove (23-18=) 5 months and you owe the rest. Then, when that is done making you mad and you decide to leave a month early, they'll hit your side of the contract with the prorated termination fee too.
Oh. Did I forget to mention this: when your significant other left you in month 23 and you canceled her phone, you automatically signed yourself up for a different plan. So, if you go to leave at the end of month 24, they find a way to prorate the termination fee because you are leaving the new plan early.
This is insane, you say? Then go to a pay-as-you-go plan where the profits are really juicy. Go ahead. I dare you.
I'm just glad none of these fuzzballs got bailout money. Or at least I'm hoping they didn't.
Rockets from satellites with cameras that used to drop their film back to Earth once fully exposed.
The new (and now discontinued) F-22 Raptor
A full-size B-2 bomber (engineering model with no engines, but everything else)
Many planes formerly known as "Air Force One"
Lots of experimental aircraft, including those from the famous Skunkworks project
Frames from real atomic bombs
Admittedly, this may not be as electronics or computer nerd like we all assume you are, but if you are into any level of mechanical engineering or have been a pilot at any level, then you will surely appreciate this place, even if you only visit it once in your lifetime.
There are no parking or admission fees and they're open just about every day of the year, except for three major holidays.
We use ZenOSS exclusively at work and have enjoyed every minute of it. Pro's include:
2D map with status of all nodes or submaps, organized by network
Application monitoring, with more advanced maps available for purchase (Oracle, JBoss, Cisco) for those things you already paid a lot of money for
Performance monitoring via SNMP or other data sources using RRDtool internally which includes graphs linked to each other during zoom in/out or panning
Nagios plugins already do some of the heavy lifting
Built-in support for watching Windows servers (any metric accessible via WMI)
Access control using at least LDAP and Active Directory
Secondary data collectors for those networks which are too big for just one central source
Highly customizable through Python
It has so, so much more than pathetic commercial solutions like OpenView
Cons:
You have to keep your eye on the back end database
It still takes a long, long time to tune it to remove noise events
If you don't know Python, it can be tough in a few places
Everybody keeps neglecting his use of derms to deliver drugs. Yet, the first "patch" I saw widely in use was the anti-smoking patches in the mid-90's. I'd bet he didn't invent them, but he did envision they would be widely used. Derms even got mentioned in a recent computer-animated flick where a lady peels her sleeve up and shows us about 15 "coffee derms."
For those of you not using Firefox and NoScript, InfoWorld's website pops an error with Firefox that claims InfoWorld would like to run Javascript marked as UNSAFE. That is, it will have access to all windows and panes, which is plain evil.
Tread carefully please, especially if you are using Internet Explorer.
This, of course, assumes that you will RTFA.
Opticks is developed in the U.S. and is also open source, uses the QT library and C++ and is certified for use under Windows and Solaris. It could be compiled for Linux and/or OSX by anyone determined enough to get it compiled. When I last examined the source code, it's build system was focused around Visual C++.
Opticks lists compatibility for reading SAR data and it would be interesting to see what it took to read from the mentioned sensors. It is fully capable of dealing with multiple image or motion typed analysis techniques and formats.
Whether it be a rules designed to stop folks from stealing media, violating their monthly transfer cap, or even using a competitor's VoIP package, they are all susceptible to malware attacks. Given an interesting enough malware that doesn't seek to steal your data, but rather use you as a conduit, we all finally have plausible deniability.
Every time they get into this, there is an assumption that I am in complete control of my hardware and software. History has clearly shown that even with tightly-controlled systems, including those with TPM (Click to read about cracking TPM), a compromise is easy for a determined individual with even limited cracking skills. And what if there's malicious hardware (Click Here for PDF)? Anything can happen.
We may have the hardware sitting on our desk, but every security guy will tell you that physical access is everything. They'll probably try and turn my computer into a multitouch kiosk, but they'll leave a USB or serial port open on the back for bootstrapping. They may dumb computers down, but somebody has to be smart enough to build them, and some will be left to write malware that allows not so honest folk to channel their black market traffic through otherwise unsuspecting innocents who will take the fall for the infraction.
Do this a few times and courts around the globe will rule the laws an unenforcable leaving us with more trash computers and companies with too much power to see into our private lives, which is what this is partly about anyways.
If you're looking for more conversation about Storage Tank and how it compares to Quantum's StorNext product (another clustered filesystem), follow my shameless plug to my blog entry about it. Go there.
Obligatory Disclaimer: I wrote the blog entry, but don't work for Quantum, IBM, or any of their resellers or consultants.
And I remember thinking that the U.S. was going to isolate itself from the world economically. The U.S. has been focusing on "removing a dependence on foreign oil" and finally starting to force importers to accept our exports (mainly thanks to a weaker dollar I'm told). International economic inter-dependency is part of what keeps countries from going to war, as long as there is balance.
But to read this article, China will be secluding itself more and more in the name of censorship. Thankfully, the only kind of war that will spark is civil. Fortunately, they have already been through a civil war in the last hundred years, so maybe, just maybe, they won't let it go that far. We all know that people don't like being oppressed. And if the billion or so people in China decided that they didn't like the state anymore, there are enough ants in that population to take over the grasshoppers.
As much as the crowd around here pretends like it's a farce, I turn to faith to provide my much needed avenue away from cynicism and pessimism. So how does it help me?
Paul teaches that we should be all things to all people (1 Corinthians 9:19-23) so that tells me to do whatever job needs done which keeps me humble and sets an example for others.
"Do not love the world or the things in the world" (1 John 2:15) teaches me to not make gadgets or technology the focus of my life, but rather a chance to use my talents - which means I can survive for days at a time without my cell phone or computer. It also allows me to have the patience for the iPhone 3G to flop while you all whine and complain about it.
Matthew 22:39 teaches me to be kind to everyone, including my boss when he gets demanding or unreasonable. ("Treat others the way I want to be treated.")
While I am also a security professional, and also see all the paranoia and distrust you talk about, I use my faith to encourage me to be a friend to all. It's a little like "...keep your enemies closer", but gentler than that. It's like being an adult back in high school, where you're still a kid, and can recognize when another kid is being abused, or isn't making smart decisions. My training tells me what the human condition can be, and I am now educated to help others guard against those conditions. But I'm respected enough (earned) that others take my advice against folly only because it is given out of love. I help them, and lift them up, like it is discussed in Ron Hutchcraft's Blog. I never use my talents to shame others (friendly pranks not included).
So for everyone who says that religion is a crutch, I treat my faith like a scaffold, lifting me up, and giving me the support necessary to paint my life in a way that will please my Father.
Oh, and yes, I still have to fight worry (job security), gossip, and being someone no one likes to hang out with outside of work. I'm not that different from you.
We use JIRA at work. It costs money for commercial use, but it is really, really nice. Integration with Subversion is available as a plugin. The main product is http://www.atlassian.com/software/jira/.
We've been using it for a couple of years now, and I've even taken the class on it. Everyone's gripes here are quite true. I've got three gripes with it. One: the Monitoring module, uses an internal package RedHat bought called NOCPulse. I've got auditing running on our machine and I found that gogo.pl, a piece of NOCPulse, opens/etc/shadow in read/write mode hundreds of times a day. The kicker, is that it's non-obvious from the source code where or how it's doing this, or even why. We've threatened to un-pay for Monitoring unless it gets fixed and now. Since we're using ZenOSS, we'll probably un-pay for it anyway since ZenOSS does all this stuff anyways.
Two: Oracle is their choice for a backend RDBMS. Oracle charges a very fine penny. Now, as RedHat open sources it, folks will hopefully change out the database package. RedHat has already indicated that they will keep the price the same, so my guess is that the expected profit increase will come from goading the OSS community to dump Oracle, thereby relieving them of licensing costs, and putting the new leftovers straight onto the bottom line. If Satellite Server was comparable in cost to Microsoft's SMS, I don't think folks would mind so much.
Three: Incremental updates are impossible for disconnected networks without moving all XX Gigabytes of RPMs. I've heard that under the new version, this might be possible, but I'm not holding my breath. In a world that expects you to maintain patch compliance, it's not so easy to deploy those patches. Where this matters most is isolated U.S. Government networks. Getting patches is non-trivial. Yes, it's the admin's job to sneaker-net the updates which is fine, but importing is not as trivial as you might think it should be.
Usability is something that is really lacking with this product. Notably, in configuration channels (which are a nice idea) while I'm looking at a configuration file, I should have the choice right then and there to deploy it to one or more hosts. Nope. I have to go to the system group and tell them to go get it. And even that is buried unless you've been trained on where it's hiding.
So, can the community do this? Sure. But I think most folks would rather just rewrite it around yum. The best thing Satellite offers is the automation of kickstarting and joining to the Satellite server. Sure, you go over DHCP, TFTP, and kickstart files in class, but Satellite does most of the work for you. I kinda wish mass deployment and patch monitoring was the default way to do RedHat, and the manual method is only meant for your first couple of installs - especially since RedHat has declared that they aren't interested in focusing on a general-user desktop.
Good software design papers don't try to compare software development with civil engineering because (from reading the article):
The architect frequently fails to design something interesting that can actually be built, on the first draft
Commercial buildings are frequently reused in ways not envisioned by the original developer/builder
Single family dwellings frequently get the room scale off so that the house may only hold 4 people, but it has three bathrooms, making a regular cleaning nightmare
Apartment buildings are built cheap and with little care for inter-apartment noise separation
Builders make lots of mistakes and take many shortcuts because they know that by the time you look inside the wall, you'll never see that they didn't put insulation where they should have and you're stuck with a cold wall, or that a concrete storm drain was improperly substituted for currogated plastic
Principles for building things from wood or brick haven't really changed in a hundred years - slightly greater precision and a few new building materials don't change the fact that carpentry skills learned as a kid are very applicable today
Principles for steam houses, steel structures, etc. haven't changed in over 50 years
Single family dwellings are frequently built all alike for a few dozen or more houses, removing all real engineering from the problem
People who do construction live in a very slow moving world.
I learned C++ in college before STL and try/catch blocks
Guys 7 years my senior never even got to learn C++ in college
My tools to build my software (IDEs, compilers, debuggers, optimizers, static analyzers, etc) change in dramatic ways every two to three years
Places my software is expected to work changes every year
If somebody breaks into my house, I buy an off-the-shelf countermeasure, but if someone breaks into my software I purchased, I frequently just have to wait for the developer/vendor to close it
Construction people don't visit my house every six months and make improvements - which is good - but I'm expected to provide profitable upgrades every 6 months or less to include new features at the least
The list goes on, and is actually rather obvious in many cases. One thing that architects and software developers have in common though: If the customer writing the requirements is an idiot, or worse an idiot who is dead set that they know better than you, then you can rest assured you will never deliver a satisfactory product.
And it's actually this kind of nonsense that keeps otherwise great software from being used on government systems. Large, boring processes are in effect in lots of places that look for phone-home or open ports created by software. Once such a beast is found in any revision of a program, all future releases are tainted and no one is allowed to use them.
Of course, I say that, but XMLSpy and WGA do this and they still let it get used.
Never attribute this kind of stuff to your job unless other factors can be ruled out also. Lots of people without access to free snacks/pop put on weight starting about the age 25. For many, getting married seems to add a the pouch and love handles. Also, about age 25, you aren't as hyper as you were when you were 21, and so you are less anxious to run around. When I was 18-25, and in college, I ate like crap, out of vending machines and a quick pizza for lunch. Lots of un-diet sodas. I was still skinny as a rail. When I turned 25 and got married, then I started putting on weight.
Even with eating better, it still doesn't help because my activity levels are far lower than they were when I was younger.
IT and lights out management have nothing to do with it.
The comic xkcd was there first and called this effect the Ballmer Peak. Most likely, this effect was also tried in Vista and Vista SP1 design meetings, but the balance was all wrong and didn't come out as (they) expected.
For those of you who miss it on the main web-site, Ball Aerospace developed most of the scientific instruments. They are becoming pivotal to many of today's space-based observation instruments. Details on their involvement with Deep Impact are here.
RedHat has put an interesting incentive on the table. Sign up for one of their mentioned classes and they'll ship you a Nintendo Wii about 6 weeks later. Note to the observant reader: this period ends after the holiday rush. As best as I've been able to work out, they've put in an order and Nintendo would have to promise they could deliver, as RedHat becomes contractually obligated to provide the student with a Wii.
Details of the offer are here. Be sure to read the fine print about when and how you sign up. Note that if you are government employee, they won't give you one as that would be seen as a gift, which may be misconstrued as a bribe.
Let's put the burden on the content provider, not the advertiser. In radio, their bandwidth is measures in seconds. Their signal to noise ratio is very bad during commute and popular talk shows. As such, I'm driven away because of advertising. If they moved down to one 30 second ad every 10 minutes or so, I couldn't help but keep listening.
Now let's move to web sites. I'm expected to spend bandwidth (bytes) when no such burden has been placed on the content provider. At least in radio, time given to an advertiser is taken away from the program. On the Internet, the content provider gets to outsource ad serving. If sites want out of AdBlock, then they're going to have to inline their ads on their own servers (or at least proxy the content) and interlace advertisements with their regular content. The advertisers would pay more (the cost of the bandwidth they originally spent) to the site to pay for the bandwidth increase. Then, and only then, will the content provider feel a balance of advertisements to content ratio. They might even get a little picky about the trash advertisers push.
See in today's television market, if someone puts up controversial ads, then the broadcaster is held responsible, if not liable, since they are obliged to screen the ads. A similar accountability for web sites might also clean things up.
You may think of it as product placement, but I use it. I even provide the occasional blog entry on it on Advanced Topics. I sat through a RedHat performance tuning class that was quite excellent. But when they came to the part about ext3 and tuning it, well, let's face it - ext3 just isn't going to scale. I started with Veritas' Filesystem which is pretty nice. If you're a small-time admin, then you never get beyond a local, 4U disk array. Once your group spends more than US$2million on servers though, it's obvious what the problem is: Storage - The Final Frontier. SAN and clustered filesystems allow a level of scalability completely unheard of before.
They also completely left out anything but a tagline of their multi-tiered solution. I wish they'd talked more about how CERN supports 500Gbit per second aggregate throughput to their disks (at least they implied that). 50GB/sec (or so) is probably the toughest I/O problem you've ever dealt with, or will deal with for a long time. Whose RAID controllers did they use? Did they focus on speed (ASIC and ISL minimization), availability (redundant fabrics), or both? Did each node get dual 4Gb links or just one?
If this had been an advertisement, they would have discussed some 3.0 features like LAN clients.
So, in short, it's easy to say it sounds like an advertisement. Quite possibly, Quantum (formerly ADIC) coerced them into getting the piece written. But if this had been an advertisement, there is so much more that is going on under the hood that would have been said. Large, fast, distributed filesystems are non-trivial and take an extreme amount of engineering and testing. StorNext really is good at what they claim to do.
If you want to read about some of the drawbacks though, I yak about them on my blog. Sorry for the plug.
Slashdot Mirror
Interesting. What was the author and title of the book, or as much as you remember? Thanks!
The U.S. Government fully understands the need for isolation and just how impossible it really it. There are niche companies out there that make systems that comply with specific DCID 6/3 requirements to make the system match a Protection Level. They use mandatory access control with Solaris 10 Containers, Trusted Solaris/Irix before that, and SELinux nowadays.
Here's their problem though. In order to be effective, an organisation must clearly know what must come in or out, network wise. It is difficult, technically speaking, and managing such an interface point is a speciality either run by expensive people or by cheap, clueless dimwits.
As Bruce Schneier has pointed out, liability laws need to be in place because the market will not apply the proper controls, if for nothing else, then for cost alone. Folks may complain about PCI or SOX compliance and how it doesn't really make things safer and I agree because it just forces compliance but doesn't make them want to be compliant. Companies that are able to equate vulnerability with a decrease in stock price will find themselves motivated to make it right. The fear of lawyers can be pretty good motivation to do the right thing.
Here's my recommendation. Provide an incentive for passing an inspection. Provide an incentive for the inspector. Then clearly set the rules of the competition. The incentives are not based upon a "failure to hijack," but upon an ability to control an intrusion. The inspector does not get incentive for penetration, he gets incentive for control after he's in. The integrators need to pride themselves in limiting the damage that can be done. If they keep the installation simple and easy to understand, then it's harder to find sneaky ways in.
Meanwhile, light one up and pass it over 'cause I'm not holding my breath.
Thanks for the thoughtful reply. I've read through the TRIPS link you graciously provided. There is some good reading in there. What I failed to find though was anything that supported your argument of mandatory enforcement. I'm sure it's in there, I just wasn't having very much luck.
What if the patent holder was required to take a more active role in their patents and the applicability to proposed standards, as governed by industry and government bodies (e.g. ANSI, MILSPEC)? If a call went out looking for patents related to a specific standard, they would be required to participate in the standards body within, say, 3 months of being notified. Failure to respond or to provide reasonable licensing terms (to the standards body) is a forfeit of the holder's right to prosecute those who implement the standard.
I've got this idea because it means that:
Awesome! I'm glad to know that I'm not alone in looking for effective ways to introduce a better balance into the ecosystem. Thanks for the excellent story.
Thanks for the detailed reply, tambo. You are quite right that I am not a lawyer and thus make simple, repeated mistakes in this area. You pointed out a confusing point I had and the more I stew on it, the more I'm convincing myself that this is a complete dead end. It's starting to feel like a Game Theory model is going to have to be built in order to make any significant improvements to the system.
I really like your observation that the first standard established becomes the de facto standard as it would be the only one with any real patent protection according to my plan. The process of even trying to develop the next generation technology would have to stand on the shoulders of the previous work, but since it wouldn't be part of a standard yet, the developers could be easily sued.
As for submarine patents, thanks for calling me out on that. It might have helped if I had run a Google on it before I posted that phrase.
Can you conceive of a plan, then, by which RAND can force non-members to at least identify their patents within a short, finite time span or forfeit most forms of redress? Ideally, a patent search would find relevant conflicts, but I'm starting to get the idea that more and more generic, broad patents are being issued with too much being left to interpretation.
I guess what I kind of want is patent owners to be required to be more involved in nearby issues like the involvement required for trademarks. I'm looking to change the balance of things since the issuing rules don't appear to be up for change any time soon in the U.S. And that's what everybody on Slashdot complains about the most.
Thanks again!
These termination fees don't apply just to the whole contract. If you add a family member in for the $9.99/mo, they get their own phone number (duh), which is effectively another contract. If that family member leaves before the end of the contract, they own the remaining balance on the termination fee. The primary holder on the account can also be hit for the remaining balance of the termination fee if they cancel early too.
So, if you subscribe your wife and/or girlfriend on to the plan 18 months into a 24 month plan, they charge you $9.99 a month. I don't remember if they charge a fee to set up the phone, but the cynical side of me says that they probably do. If your significant other dumps you in the 23rd month of the contract, they can prorate the termination fee any way they want. They may take their $175 prorated to remove (23-18=) 5 months and you owe the rest. Then, when that is done making you mad and you decide to leave a month early, they'll hit your side of the contract with the prorated termination fee too.
Oh. Did I forget to mention this: when your significant other left you in month 23 and you canceled her phone, you automatically signed yourself up for a different plan. So, if you go to leave at the end of month 24, they find a way to prorate the termination fee because you are leaving the new plan early.
This is insane, you say? Then go to a pay-as-you-go plan where the profits are really juicy. Go ahead. I dare you.
I'm just glad none of these fuzzballs got bailout money. Or at least I'm hoping they didn't.
There is a museum in Dayton, OH which is just about Dayton's only attraction. This is the National Museum of the United States Air Force. Some of their exhibits include:
Admittedly, this may not be as electronics or computer nerd like we all assume you are, but if you are into any level of mechanical engineering or have been a pilot at any level, then you will surely appreciate this place, even if you only visit it once in your lifetime.
There are no parking or admission fees and they're open just about every day of the year, except for three major holidays.
Cons:
Everybody keeps neglecting his use of derms to deliver drugs. Yet, the first "patch" I saw widely in use was the anti-smoking patches in the mid-90's. I'd bet he didn't invent them, but he did envision they would be widely used. Derms even got mentioned in a recent computer-animated flick where a lady peels her sleeve up and shows us about 15 "coffee derms."
For those of you not using Firefox and NoScript, InfoWorld's website pops an error with Firefox that claims InfoWorld would like to run Javascript marked as UNSAFE. That is, it will have access to all windows and panes, which is plain evil. Tread carefully please, especially if you are using Internet Explorer. This, of course, assumes that you will RTFA.
Opticks is developed in the U.S. and is also open source, uses the QT library and C++ and is certified for use under Windows and Solaris. It could be compiled for Linux and/or OSX by anyone determined enough to get it compiled. When I last examined the source code, it's build system was focused around Visual C++.
Opticks lists compatibility for reading SAR data and it would be interesting to see what it took to read from the mentioned sensors. It is fully capable of dealing with multiple image or motion typed analysis techniques and formats.
Opticks is available at https://opticks.ballforge.net/ and is released under the LGPL 2.1.
Whether it be a rules designed to stop folks from stealing media, violating their monthly transfer cap, or even using a competitor's VoIP package, they are all susceptible to malware attacks. Given an interesting enough malware that doesn't seek to steal your data, but rather use you as a conduit, we all finally have plausible deniability.
Every time they get into this, there is an assumption that I am in complete control of my hardware and software. History has clearly shown that even with tightly-controlled systems, including those with TPM (Click to read about cracking TPM), a compromise is easy for a determined individual with even limited cracking skills. And what if there's malicious hardware (Click Here for PDF)? Anything can happen.
We may have the hardware sitting on our desk, but every security guy will tell you that physical access is everything. They'll probably try and turn my computer into a multitouch kiosk, but they'll leave a USB or serial port open on the back for bootstrapping. They may dumb computers down, but somebody has to be smart enough to build them, and some will be left to write malware that allows not so honest folk to channel their black market traffic through otherwise unsuspecting innocents who will take the fall for the infraction.
Do this a few times and courts around the globe will rule the laws an unenforcable leaving us with more trash computers and companies with too much power to see into our private lives, which is what this is partly about anyways.
Go ahead, Britain. Keep leading the way.
If you're looking for more conversation about Storage Tank and how it compares to Quantum's StorNext product (another clustered filesystem), follow my shameless plug to my blog entry about it. Go there. Obligatory Disclaimer: I wrote the blog entry, but don't work for Quantum, IBM, or any of their resellers or consultants.
And I remember thinking that the U.S. was going to isolate itself from the world economically. The U.S. has been focusing on "removing a dependence on foreign oil" and finally starting to force importers to accept our exports (mainly thanks to a weaker dollar I'm told). International economic inter-dependency is part of what keeps countries from going to war, as long as there is balance.
But to read this article, China will be secluding itself more and more in the name of censorship. Thankfully, the only kind of war that will spark is civil. Fortunately, they have already been through a civil war in the last hundred years, so maybe, just maybe, they won't let it go that far. We all know that people don't like being oppressed. And if the billion or so people in China decided that they didn't like the state anymore, there are enough ants in that population to take over the grasshoppers.
As much as the crowd around here pretends like it's a farce, I turn to faith to provide my much needed avenue away from cynicism and pessimism. So how does it help me?
So for everyone who says that religion is a crutch, I treat my faith like a scaffold, lifting me up, and giving me the support necessary to paint my life in a way that will please my Father.
Oh, and yes, I still have to fight worry (job security), gossip, and being someone no one likes to hang out with outside of work. I'm not that different from you.
We use JIRA at work. It costs money for commercial use, but it is really, really nice. Integration with Subversion is available as a plugin. The main product is http://www.atlassian.com/software/jira/.
We've been using it for a couple of years now, and I've even taken the class on it. Everyone's gripes here are quite true. I've got three gripes with it. One: the Monitoring module, uses an internal package RedHat bought called NOCPulse. I've got auditing running on our machine and I found that gogo.pl, a piece of NOCPulse, opens /etc/shadow in read/write mode hundreds of times a day. The kicker, is that it's non-obvious from the source code where or how it's doing this, or even why. We've threatened to un-pay for Monitoring unless it gets fixed and now. Since we're using ZenOSS, we'll probably un-pay for it anyway since ZenOSS does all this stuff anyways.
Two: Oracle is their choice for a backend RDBMS. Oracle charges a very fine penny. Now, as RedHat open sources it, folks will hopefully change out the database package. RedHat has already indicated that they will keep the price the same, so my guess is that the expected profit increase will come from goading the OSS community to dump Oracle, thereby relieving them of licensing costs, and putting the new leftovers straight onto the bottom line. If Satellite Server was comparable in cost to Microsoft's SMS, I don't think folks would mind so much.
Three: Incremental updates are impossible for disconnected networks without moving all XX Gigabytes of RPMs. I've heard that under the new version, this might be possible, but I'm not holding my breath. In a world that expects you to maintain patch compliance, it's not so easy to deploy those patches. Where this matters most is isolated U.S. Government networks. Getting patches is non-trivial. Yes, it's the admin's job to sneaker-net the updates which is fine, but importing is not as trivial as you might think it should be.
Usability is something that is really lacking with this product. Notably, in configuration channels (which are a nice idea) while I'm looking at a configuration file, I should have the choice right then and there to deploy it to one or more hosts. Nope. I have to go to the system group and tell them to go get it. And even that is buried unless you've been trained on where it's hiding.
So, can the community do this? Sure. But I think most folks would rather just rewrite it around yum. The best thing Satellite offers is the automation of kickstarting and joining to the Satellite server. Sure, you go over DHCP, TFTP, and kickstart files in class, but Satellite does most of the work for you. I kinda wish mass deployment and patch monitoring was the default way to do RedHat, and the manual method is only meant for your first couple of installs - especially since RedHat has declared that they aren't interested in focusing on a general-user desktop.
Good software design papers don't try to compare software development with civil engineering because (from reading the article):
People who do construction live in a very slow moving world.
The list goes on, and is actually rather obvious in many cases. One thing that architects and software developers have in common though: If the customer writing the requirements is an idiot, or worse an idiot who is dead set that they know better than you, then you can rest assured you will never deliver a satisfactory product.
And it's actually this kind of nonsense that keeps otherwise great software from being used on government systems. Large, boring processes are in effect in lots of places that look for phone-home or open ports created by software. Once such a beast is found in any revision of a program, all future releases are tainted and no one is allowed to use them.
Of course, I say that, but XMLSpy and WGA do this and they still let it get used.
Never attribute this kind of stuff to your job unless other factors can be ruled out also. Lots of people without access to free snacks/pop put on weight starting about the age 25. For many, getting married seems to add a the pouch and love handles. Also, about age 25, you aren't as hyper as you were when you were 21, and so you are less anxious to run around. When I was 18-25, and in college, I ate like crap, out of vending machines and a quick pizza for lunch. Lots of un-diet sodas. I was still skinny as a rail. When I turned 25 and got married, then I started putting on weight.
Even with eating better, it still doesn't help because my activity levels are far lower than they were when I was younger.
IT and lights out management have nothing to do with it.
The comic xkcd was there first and called this effect the Ballmer Peak. Most likely, this effect was also tried in Vista and Vista SP1 design meetings, but the balance was all wrong and didn't come out as (they) expected.
For those of you who miss it on the main web-site, Ball Aerospace developed most of the scientific instruments. They are becoming pivotal to many of today's space-based observation instruments. Details on their involvement with Deep Impact are here.
Details of the offer are here. Be sure to read the fine print about when and how you sign up. Note that if you are government employee, they won't give you one as that would be seen as a gift, which may be misconstrued as a bribe.
Let's put the burden on the content provider, not the advertiser. In radio, their bandwidth is measures in seconds. Their signal to noise ratio is very bad during commute and popular talk shows. As such, I'm driven away because of advertising. If they moved down to one 30 second ad every 10 minutes or so, I couldn't help but keep listening.
Now let's move to web sites. I'm expected to spend bandwidth (bytes) when no such burden has been placed on the content provider. At least in radio, time given to an advertiser is taken away from the program. On the Internet, the content provider gets to outsource ad serving. If sites want out of AdBlock, then they're going to have to inline their ads on their own servers (or at least proxy the content) and interlace advertisements with their regular content. The advertisers would pay more (the cost of the bandwidth they originally spent) to the site to pay for the bandwidth increase. Then, and only then, will the content provider feel a balance of advertisements to content ratio. They might even get a little picky about the trash advertisers push.
See in today's television market, if someone puts up controversial ads, then the broadcaster is held responsible, if not liable, since they are obliged to screen the ads. A similar accountability for web sites might also clean things up.
You may think of it as product placement, but I use it. I even provide the occasional blog entry on it on Advanced Topics. I sat through a RedHat performance tuning class that was quite excellent. But when they came to the part about ext3 and tuning it, well, let's face it - ext3 just isn't going to scale. I started with Veritas' Filesystem which is pretty nice. If you're a small-time admin, then you never get beyond a local, 4U disk array. Once your group spends more than US$2million on servers though, it's obvious what the problem is: Storage - The Final Frontier. SAN and clustered filesystems allow a level of scalability completely unheard of before.
They also completely left out anything but a tagline of their multi-tiered solution. I wish they'd talked more about how CERN supports 500Gbit per second aggregate throughput to their disks (at least they implied that). 50GB/sec (or so) is probably the toughest I/O problem you've ever dealt with, or will deal with for a long time. Whose RAID controllers did they use? Did they focus on speed (ASIC and ISL minimization), availability (redundant fabrics), or both? Did each node get dual 4Gb links or just one?
If this had been an advertisement, they would have discussed some 3.0 features like LAN clients.
So, in short, it's easy to say it sounds like an advertisement. Quite possibly, Quantum (formerly ADIC) coerced them into getting the piece written. But if this had been an advertisement, there is so much more that is going on under the hood that would have been said. Large, fast, distributed filesystems are non-trivial and take an extreme amount of engineering and testing. StorNext really is good at what they claim to do.
If you want to read about some of the drawbacks though, I yak about them on my blog. Sorry for the plug.