VMS was on big, expensive iron and Novell was/is a server OS.
Microsoft & Mac started out as consumer, desktop OSes. Drives were small and data not anywhere near as important as say, a bank or hospital. They were also easier to backup, as a tape or two could do it and they didn't cost a lot.
Now, drive sizes are obscene compared to available backup media. Time to back up is through the roof.
I look at this as an idea whose time has come for the new market.
Of course, in the Windows world, you'd have to tie the whole system to a Registry rollback utility as well. That would be much more work to get those to operate in sync.
Searching is all wonderful and that, but not the direction I believe would provide the most benefit.
Embed versioning into the filesystem. I believe Reiser has talked about this. Imagine being able to right-click on a file, folder or even partition and choose "roll back" or "restore" from the context menu. It then presents you with a list of snap-shot points you can restore to, starting with "last change".
Who backs up their hard drives any more? Have you thought of the problems and time involved in backing up 40, 80 or even 200 Gb of data? I'd MUCH MUCH rather have this feature than some enhanced search.
Re-reading the earlier article about James van Allen questioning the validity of human spaceflight, it struck me that his only argument was about scientific knowledge and research.
No mention of capitalistic exploit, such as mining of minerals; low-G manufacturing; etc.
He's probably right as far as it goes, but I don't think any of the teams competing for the X-Prize have scientific research as their primary goal.
If nothing else, just seeing the variety of launch vechile styles and different approaches to the same basic problem is worth the effort.
There is a story over on Wired about how NASA engineers put a thin thermal blanket on the soon-to-be-launched Mercury probe. It supposedly cools the sun side of the craft from a toasty 800+ deg. F to around 95 deg F.
If they can cool down 705 deg F, you'd figure a P4 would be trivial.
The first rocket that explodes on launch will end this idea once and for all.
Powdered plutonium is a serious carcinogen. There were major worries when Cassini was launched, with a few kilos of the stuff and you're suggesting sending TONS up?
Yes, it *IS* a good idea, if we can guarantee 100% safety of the launch.
Note that you can only call people if you're BOTH using phonegaim. You could just exchange (S)IP numbers and use any normal SIP client for the same effect. Nothing to see here. There are already dozens of free SIP clients.
Really? I was under the impression that you could attach a SIP number to a Buddy and call them as long as they had SIP capability. Like...MSN Messenger.
While there may already be dozens of free SIP clients, name one on Linux that integrates IM (presence) with SIP.
STUN "Simple Traversal of UDP through NAT" was designed to go with SIP and deal with NAT. It works pretty flawlessly.
If speed and not closed-source is your main consideration, then how does the Roadsend compiled code stack up against interpreted code fed through the Zend Accelerator, the Turck MMcache or other caches?
mmCache is OSS and free (as in beer), which is a big plus in my book.
I'll take the unpopular opinion here... WEP is a good thing and serves a vital function. By activating WEP, even with all the flaws, you are essentially "locking the door". Yes, it is a paper door with a crappy lock, but that isn't the point. The lock is there to tell you you're not supposed to be in as much as it is to keep you out.
The point is by securing the network at all you are putting up the equivalent of a "private property" sign. Legally, it helps a great deal. I can see a defense argument for an unsecured AP that is shouting it's SSID into a 2 block radius. However, if you have to crack it, then there is no question about legality -- you are breaking the law.
No, don't rely on WEP for security. Use and IPSec tunnel on top of it if you want security. But WEP *does* serve a great purpose in wifi -- covering your ass legally.
What is with all those lovely color pictures (http://www.jackito-pda.com/hardware/overview.php) on a device that has a BLACK & WHITE screen? And by B&W, I mean 2-color and not grey-scale. They call it "extreme contrast".
Mmmmm... $600 for a 2-color PDA w/a proprietary OS and heavy DRM. Sign me up for a dozen! I'll take delivery right after Nader sweeps the elections in November!
[And an OS that is described as an extension to Visual C++, to boot!]
SPA w/NTLM was incorporated into Thunderbird at v0.5. I also believe it is in Mozilla.
As far as #1 -- you've probably gotten lots of answers on that.:-) The only real answer is if you get to the point where an extra 50 Mb is needed, then worry about it. And...if you are in that much of a bind for 50 Mb, you've got bigger problems than deleting a browser.
You forgot Vehicle Information Numbers (VINs). I remember an artile somewhere in the last couple weeks about auto manufacturers complaining that they are soon to run out of VINs and will need to make them longer.
And the ARRL started recycling Amatuer Radio call signs several years back, after they started running out.
And fundamentalist Christians worry about the little 3-digit '666' being the Number of the Beast. Hell, I'm starting to lean towards Heinlein's interpretation of 6^6^6.:-)
Looking at all the posts about Sun Rays, VNC over SSH, remote X, and "what if someone hijacks your session", I am absolutely amazed at how many people here seem to completely misunderstand this concept.
1. Sun's Sun Ray is a glorified terminal. All processing takes place on the server, and the resources of the terminal itself are almost non-existant. From Sun's website "Compact, fanless plug-and-work device that processes input and output and manages communication with the shared Sun Ray server." These might be nice if the price stated about $99, not $359. And if I could run the server end on a Linux box (cluster), not some ungodly expensive Solaris behemoth. [Okat, the SunFire v210 isn't expensive, but who the hell wants a 1 GHz UltraSpark IIIi cu to run stuff like this?]
2. VNC over SSH/Remote X. Same issues as the Sun Ray -- not using local resources. You're running everything on a remote server. NOT what the article is describing at all.
3. Hijacking a session, security, etc. Yes, a concern, but it is a totally separate issue. How about keeping a super check, super small USB key with you that has a personal certificate. Then, encrypt all communication between your location and the main servers using that? There are plenty of solutions to this problem.
What this article is talking about using local resources (CPU, sound, 3D acceleration, etc.) to do the task but combine it with a distributed file system. Use the "local" hard drive as a file system CACHE, to speed things up.
Use the "local" CPU and RAM to run programs, not some server on the other side of the world. This way you can run DISCONNECTED or not consume mega networking resources.
Think "IMAP in disconnected mode" or "web browsing while offline".
Sun (and Oracle, IIRC) both eschew this "three tier" client server system in favor of true terminal server sessions. However, terminal sessions, including things like VNC, are too limited when it comes to tasks like 3D display.
By combining the best of terminals (state saved computing) with the power and responsiveness of local resources (think "desktop PC"), they have a lot of potential.
They also have some major hurdles to overcome. Complete hardware abstraction is one. Differences in hardware capabilities, etc. are not trivial problems. (Go from 1280x1024 w/5.1 surround to a 800x600 screen w/o speakers and see how it handles it.)
Unlike Microsoft, you have the option of which parts to install. You also have the option to compile each component for yourself, using optimizations and "--disable-feature" as you see fit.
KDE's patch releases (i.e., 3.2.1, 3.2.2, 3.2.3) are almost exclusively focused on increasing stability and swatting bugs. There has been major efforts by the KDE team towards speed and stability with every release.
Check out http://valgrind.kde.org/ for a good GPLed debugger & profiler. Also look at KCachegrind while you're at it.
If the bloat of binary packages bothers you, then either Konstruct it yourself or buy a faster machine. Don't blame KDE, blame the distro you're using for choosing everything-but-the-kitchen-sink , compiled for the lowest common denominator, in their packages.
The better comparison would be which vulnerabilities affected the average install of Windows & Linux, as opposed to the entire package list supplied.
A quick glance at RHN shows me 17 patches for my registered system. These are dated from 11-15-2002. If you look at just the patches that affect the server system I deployed in February, that narrows it down to 4.
One only applies if using the kernel nfs server. I don't. 3
Two others are local exploits -- and I am the only one with a shell account on my servers. Still, if someone could exploit Apache or my PHP scripts, it is *POSSIBLE* to maybe exploit these.
In all fairness, one of my systems was the victim of a DoS due to the recent OpenSSL vuln.
* * *
And, in the other corner, Windows XP -- the last Windows system I installed for someone.
They live out in the country and had a dial-up account. And the system was infected and 0wn3d before I could download the Windows Update updates -- from a fresh install.
I had to go home, download all the updates to a CD and bring it back. Also all the AV updates. And ZoneAlarm, and a dozen other packages to make the system useful and secure.
I know I compared a server system to a desktop. However, my desktop hasn't had a virus, worm or trojan in almost 10 years on my various Linux desktops. That wasn't a fiar comparison.
Well, 36 ^ 8 = 2,821,109,907,456. How long does it take to compute an MD5 Sum?
More to the point, consider "cracking" passwords in this manner:
The NSA has been reported to have ACRES of computer space; their own chip fab and some of the fastest computers in the world.
What if, decades ago, they just dedicated banks of systems to cracking all possible passwords hashed with crypt. Then, a few years later, did the same thing with MD5, SHA-1, and Blowfish -- as each became available.
They store all this stuff in a table, and now getting passwords to most systems is nothing more than a quick table lookup.
Yes, I know the math. However, add in a bit of psychology and statistics.
Most people don't use characters you can't type on a keyboard for a password. VERY few do ALT-nnn or something like that. Most are going to be puire alpha, or alphanumeric. Some will contain special characters.
Meaning, you don't have to exhaust the entire 8-bit character space to get the vast majority of what you're looking for.
Is it really a surprise that something like this is starting to be possible on consumer systems?
Heck, imagine a beowulf cluster dedicated to this...
As far as the "unique and proprietary symbol placement", that isn't 100% bullshit. Map makers do it -- putting intentional small errors or custom features -- to make certain no one copied their maps.
It would really be a clue to the font company, who would then have to look to see if the hinting and code are the same or stolen from theirs. More details are certainly needed, but duplicating a non-standard layout is a clue that it might be a ripoff.
Market conditions have changed.
VMS was on big, expensive iron and Novell was/is a server OS.
Microsoft & Mac started out as consumer, desktop OSes. Drives were small and data not anywhere near as important as say, a bank or hospital. They were also easier to backup, as a tape or two could do it and they didn't cost a lot.
Now, drive sizes are obscene compared to available backup media. Time to back up is through the roof.
I look at this as an idea whose time has come for the new market.
Of course, in the Windows world, you'd have to tie the whole system to a Registry rollback utility as well. That would be much more work to get those to operate in sync.
And who uses Novell and VMS today? I'm talking about end-users. Nobody.
This would be ultra-useful to desktop users today.
Searching is all wonderful and that, but not the direction I believe would provide the most benefit.
Embed versioning into the filesystem. I believe Reiser has talked about this. Imagine being able to right-click on a file, folder or even partition and choose "roll back" or "restore" from the context menu. It then presents you with a list of snap-shot points you can restore to, starting with "last change".
Who backs up their hard drives any more? Have you thought of the problems and time involved in backing up 40, 80 or even 200 Gb of data? I'd MUCH MUCH rather have this feature than some enhanced search.
Re-reading the earlier article about James van Allen questioning the validity of human spaceflight, it struck me that his only argument was about scientific knowledge and research.
No mention of capitalistic exploit, such as mining of minerals; low-G manufacturing; etc.
He's probably right as far as it goes, but I don't think any of the teams competing for the X-Prize have scientific research as their primary goal.
If nothing else, just seeing the variety of launch vechile styles and different approaches to the same basic problem is worth the effort.
There is a story over on Wired about how NASA engineers put a thin thermal blanket on the soon-to-be-launched Mercury probe. It supposedly cools the sun side of the craft from a toasty 800+ deg. F to around 95 deg F.
If they can cool down 705 deg F, you'd figure a P4 would be trivial.
-chill
The first rocket that explodes on launch will end this idea once and for all.
Powdered plutonium is a serious carcinogen. There were major worries when Cassini was launched, with a few kilos of the stuff and you're suggesting sending TONS up?
Yes, it *IS* a good idea, if we can guarantee 100% safety of the launch.
Note that you can only call people if you're BOTH using phonegaim. You could just exchange (S)IP numbers and use any normal SIP client for the same effect. Nothing to see here. There are already dozens of free SIP clients.
Really? I was under the impression that you could attach a SIP number to a Buddy and call them as long as they had SIP capability. Like...MSN Messenger.
While there may already be dozens of free SIP clients, name one on Linux that integrates IM (presence) with SIP.
STUN "Simple Traversal of UDP through NAT" was designed to go with SIP and deal with NAT. It works pretty flawlessly.
-Charles
The open source Crafty tied for 4th out of a field of 14. It placed 2nd in the speed chess competition, losing only one game.
Not a bad showing at all.
-charles
If speed and not closed-source is your main consideration, then how does the Roadsend compiled code stack up against interpreted code fed through the Zend Accelerator, the Turck MMcache or other caches?
mmCache is OSS and free (as in beer), which is a big plus in my book.
-Charles
I'll take the unpopular opinion here... WEP is a good thing and serves a vital function. By activating WEP, even with all the flaws, you are essentially "locking the door". Yes, it is a paper door with a crappy lock, but that isn't the point. The lock is there to tell you you're not supposed to be in as much as it is to keep you out.
The point is by securing the network at all you are putting up the equivalent of a "private property" sign. Legally, it helps a great deal. I can see a defense argument for an unsecured AP that is shouting it's SSID into a 2 block radius. However, if you have to crack it, then there is no question about legality -- you are breaking the law.
No, don't rely on WEP for security. Use and IPSec tunnel on top of it if you want security. But WEP *does* serve a great purpose in wifi -- covering your ass legally.
-Charles
Damn, I had to read further! :-) A color screen is $138 extra. Add a few options and you can easily hit $1,000!
What is with all those lovely color pictures (http://www.jackito-pda.com/hardware/overview.php) on a device that has a BLACK & WHITE screen? And by B&W, I mean 2-color and not grey-scale. They call it "extreme contrast".
Mmmmm... $600 for a 2-color PDA w/a proprietary OS and heavy DRM. Sign me up for a dozen! I'll take delivery right after Nader sweeps the elections in November!
[And an OS that is described as an extension to Visual C++, to boot!]
-Charles
SPA w/NTLM was incorporated into Thunderbird at v0.5. I also believe it is in Mozilla.
:-) The only real answer is if you get to the point where an extra 50 Mb is needed, then worry about it. And...if you are in that much of a bind for 50 Mb, you've got bigger problems than deleting a browser.
As far as #1 -- you've probably gotten lots of answers on that.
-Charles
You forgot Vehicle Information Numbers (VINs). I remember an artile somewhere in the last couple weeks about auto manufacturers complaining that they are soon to run out of VINs and will need to make them longer.
:-)
And the ARRL started recycling Amatuer Radio call signs several years back, after they started running out.
And fundamentalist Christians worry about the little 3-digit '666' being the Number of the Beast. Hell, I'm starting to lean towards Heinlein's interpretation of 6^6^6.
-Charles
It is more than just BSD who is dying!
Looking at all the posts about Sun Rays, VNC over SSH, remote X, and "what if someone hijacks your session", I am absolutely amazed at how many people here seem to completely misunderstand this concept.
1. Sun's Sun Ray is a glorified terminal. All processing takes place on the server, and the resources of the terminal itself are almost non-existant. From Sun's website "Compact, fanless plug-and-work device that processes input and output and manages communication with the shared Sun Ray server." These might be nice if the price stated about $99, not $359. And if I could run the server end on a Linux box (cluster), not some ungodly expensive Solaris behemoth. [Okat, the SunFire v210 isn't expensive, but who the hell wants a 1 GHz UltraSpark IIIi cu to run stuff like this?]
2. VNC over SSH/Remote X. Same issues as the Sun Ray -- not using local resources. You're running everything on a remote server. NOT what the article is describing at all.
3. Hijacking a session, security, etc. Yes, a concern, but it is a totally separate issue. How about keeping a super check, super small USB key with you that has a personal certificate. Then, encrypt all communication between your location and the main servers using that? There are plenty of solutions to this problem.
What this article is talking about using local resources (CPU, sound, 3D acceleration, etc.) to do the task but combine it with a distributed file system. Use the "local" hard drive as a file system CACHE, to speed things up.
Use the "local" CPU and RAM to run programs, not some server on the other side of the world. This way you can run DISCONNECTED or not consume mega networking resources.
Think "IMAP in disconnected mode" or "web browsing while offline".
Sun (and Oracle, IIRC) both eschew this "three tier" client server system in favor of true terminal server sessions. However, terminal sessions, including things like VNC, are too limited when it comes to tasks like 3D display.
By combining the best of terminals (state saved computing) with the power and responsiveness of local resources (think "desktop PC"), they have a lot of potential.
They also have some major hurdles to overcome. Complete hardware abstraction is one. Differences in hardware capabilities, etc. are not trivial problems. (Go from 1280x1024 w/5.1 surround to a 800x600 screen w/o speakers and see how it handles it.)
-Charles
Where to begin...
Unlike Microsoft, you have the option of which parts to install. You also have the option to compile each component for yourself, using optimizations and "--disable-feature" as you see fit.
KDE's patch releases (i.e., 3.2.1, 3.2.2, 3.2.3) are almost exclusively focused on increasing stability and swatting bugs. There has been major efforts by the KDE team towards speed and stability with every release.
Check out http://valgrind.kde.org/ for a good GPLed debugger & profiler. Also look at KCachegrind while you're at it.
If the bloat of binary packages bothers you, then either Konstruct it yourself or buy a faster machine. Don't blame KDE, blame the distro you're using for choosing everything-but-the-kitchen-sink , compiled for the lowest common denominator, in their packages.
-chill
The better comparison would be which vulnerabilities affected the average install of Windows & Linux, as opposed to the entire package list supplied.
A quick glance at RHN shows me 17 patches for my registered system. These are dated from 11-15-2002. If you look at just the patches that affect the server system I deployed in February, that narrows it down to 4.
One only applies if using the kernel nfs server. I don't. 3
Two others are local exploits -- and I am the only one with a shell account on my servers. Still, if someone could exploit Apache or my PHP scripts, it is *POSSIBLE* to maybe exploit these.
In all fairness, one of my systems was the victim of a DoS due to the recent OpenSSL vuln.
* * *
And, in the other corner, Windows XP -- the last Windows system I installed for someone.
They live out in the country and had a dial-up account. And the system was infected and 0wn3d before I could download the Windows Update updates -- from a fresh install.
I had to go home, download all the updates to a CD and bring it back. Also all the AV updates. And ZoneAlarm, and a dozen other packages to make the system useful and secure.
I know I compared a server system to a desktop. However, my desktop hasn't had a virus, worm or trojan in almost 10 years on my various Linux desktops. That wasn't a fiar comparison.
-Charles
...image blocking and adblock. Then you can get around all them nifty ads on Slate and MSN!
chill
Root exploit will do it. Especially the way many people use the same password at multiple locations.
Another way would be to send in the FBI on a new Patriot Act "we can search and not even tell you" warrant.
Send the root hash via SMS to an auto-decrypt bot and voila! Instant root access to install key sniffer, etc.
Well, 36 ^ 8 = 2,821,109,907,456. How long does it take to compute an MD5 Sum?
More to the point, consider "cracking" passwords in this manner:
The NSA has been reported to have ACRES of computer space; their own chip fab and some of the fastest computers in the world.
What if, decades ago, they just dedicated banks of systems to cracking all possible passwords hashed with crypt. Then, a few years later, did the same thing with MD5, SHA-1, and Blowfish -- as each became available.
They store all this stuff in a table, and now getting passwords to most systems is nothing more than a quick table lookup.
Yes, I know the math. However, add in a bit of psychology and statistics.
Most people don't use characters you can't type on a keyboard for a password. VERY few do ALT-nnn or something like that. Most are going to be puire alpha, or alphanumeric. Some will contain special characters.
Meaning, you don't have to exhaust the entire 8-bit character space to get the vast majority of what you're looking for.
Is it really a surprise that something like this is starting to be possible on consumer systems?
Heck, imagine a beowulf cluster dedicated to this...
There is one Internet Cafe in Wallace, ID and the ad in the local newspaper claims $1/hour access time for e-mail, web browsing or what ever.
So did phone book compilers - nothing proprietary about them, or about the phone numbers themselves, as was eventually ruled.
Except that lists, recipes, scents and a few other items were always considered non-copyrightable.
I know they're spouting bullshit. It is on par with the MPAA and RIAA.
"It's free! It *MUST* be stolen!" Sad...
He was reading mail sent by Amazon. You expect Amazon to start using PGP for every e-mail query?
No mention is made if he was reading other mail. I use GnuPG w/KMail regularly and I can't think of why I'd encrypt a book request to Amazon.
I only use signatures and encryption on stuff that I think should have it.
-Charles
Sorry, I was tired and trying to be funny.
As far as the "unique and proprietary symbol placement", that isn't 100% bullshit. Map makers do it -- putting intentional small errors or custom features -- to make certain no one copied their maps.
It would really be a clue to the font company, who would then have to look to see if the hinting and code are the same or stolen from theirs. More details are certainly needed, but duplicating a non-standard layout is a clue that it might be a ripoff.
-Charles