I suspect it isn't intended for people concerned just about losing the hardware, but actually the data that is on the machine.
If someone steals a machine with the intent to stealing confidential information (god knows what people store on their laptops these days) then this sytem might be worth the money.
Regardless of intended use its more likely that someone in this line of espionage would know about this software and have a disconnected LAN they can use to dissect the machine on, and if its just simple theft, I suspect most thieves these days don't even bother to boot the machine and rather they just wipe it or ghost it so it can be resold quickly, like you say.
So, yeah, pretty much an illusion of security. Marginal at least.
PC version: Worked initially. Started up, created an account, and I edited my profile. Saving my profile however made it lock up and I had to kill it. Starting it again just makes it spin at the Login window.
Mac version: Initially brought up login window, but now dies silently while trying to start. No error log to system.log.
Oops, I guess getting exposure on/. wasn't such a good idea just yet. They will need to get the stability working otherwise a lot of people like myself will try it and be turned off by its quality before it's really ready.
Re:If you are going to duplicate articles:
on
Vehicle for Cockroaches
·
· Score: 0, Offtopic
Brian: Uh..Peter according to this you're not a genius. In fact you're mentally retarded. Peter: Oh yeah? Well would a mentally retarded guy have hired a bulldozer with a drunk driver to level half of his house in celebration of his fantastic test results? Brian: Uhh maybe. Peter: Oh.
Well, not me; if I had my way it would have been in perl and I would have been able to do as Mr my-dick-is-bigger-than-yours suggested and have it done in 5 minutes.
I didn't say I *LIKED* the way we do things, or that it was better, or that the system was good - but its what I have to live with.
I mean, seriously, how many people work for companies that hopelessly complicate things that should really be quite simple to do?
Well, I host several thousand domains... for us to support SPF with all of them, it will require a major engineering effort costing probably $100,000. No joke. Just a day of development time is something like $5,000. The 100 grand above would include all the testing and code review etc that would be required (we wouldn't be doing it manually, our system would need to create the necessary DNS entries, so it would be a coding job).
Its not going to be cheap/quick/easy for a lot of companies to implement SPF. But I think Microsoft will bully people into it. Maybe its for the best.
its just that the crappy camera in the treo can't handle the high contrast very well. The part in shadow are just completely black, because it was a very bright sunny day outside, possi near to midday (look at the shadows) - so I don't have a problem with how the garage interior looks.
In my experience, users who decide to lower the security, overcompensate when doing so. Instead of setting the security to what they need it at, they set it to the "Bend over and rape me" setting.
Microsoft: Stop writing buggy software with "accidental" hooks that let you install device drivers from a god-damn active X control! THEN you won't need crutches like "Security levels".
I agree with the parent 100%: this won't be effective.
Yes, I bought it on ebay for $50,000! I'm actually a 16 yo from Maine.
Oh, and I play EQ2 and I make $5,000 a day from illegally selling level 50 characters and items and plat....
That what you wanted to hear?
Jesus, it was a joke. Of course I've seen tubgirl before. On slashdot. I have no idea why I posted my original post - I think it was because I was fucking BORED.
I hear that as a US citizen, you have to declare all of your income and it is all taxable no matter where you earn it, unlike every other company in the world.
I work with americans here in Japan who really hate that rule:)
The most interesting stories are those where the submitter finds a story that isn't widely reported - lets say, on the mating habits of earfish - and he finds the stories that report on this, links to them and provides some interesting commentary such as "I found the report of earfish in the article at [earfish.com] interesting but this alternative viewpoint at [earfish-habits.com] also noted that earfish can also copulate inside nostrils".
So, clumsy examples aside; stories where the submitted has actually done some kind of research, made some effort to take the reader beyond just a clickfest of reading other sites, but actually has some interesting take - with references - on this story.
Slashdot has always taken the 'omlette' approach - trying to have a good mix of stories each day. Sometimes they don't have enough onions for the omlette, so they have had to mix in some capsicum (pimento in other countries?). Lately however, they've been mixing in a heavy dosage of dog poo.
Are the Slashdot editors reading this? Are they trying to make Slashdot better? Do they even care that people who have religiously read Slashdot in the past are increasingly being fed up with it? I still read Slashdot - not out of any expectation that I'll be informed something interesting - but out of the hope that today might be the day something interesting gets posted.
Occasionally, I'm pleasantly surprised with a story pulled form many sources with an interesting new twist that isn't covered by the traditional sources.
But, more often than not, I see a link to a reg story, or a wired story, or a NYT story... and thats it.
Slashdot *needs* to be better than this.
A good start would be to refuse any stories that just link to another, well known, site such as The Register, without any other kind of interesting twist or angle on the story.
So far this year we've had lots of advertisements for Thinkgeek, fud about google at every turn, fud about microsoft, stupid stories that the GPL is going to require companies to pay money... um...
You know, I am one of the first people who used/read slashdot. You can tell, you know, by the 4 digit user number.
Slashdot is sucking. Hard. Its been bad for at least 2-3 years now. Its not getting any better. Regurgitating stories that are from The Register/Engaged/Ars Technica/etc is NOT news for nerds! Its not even news when its 4 DAYS OLD!. If I wanted a syndicated news site, I'd go to one of the 5000 that are out there, or just do an RSS feed of what I want, NOT have it delayed by Slashdot - with editorials that twist the story or even miss the point.
For the record, (700,000 * 3) = 2.1m queries/day. It's a decent load, but it also depends on what kind of queries are being performed and how many entries there are, etc... Just listing how many queries isn't very telling of performance.
You're right, of course. There are 94,000 entries in the directory. Entries are mostly a posixUser objectClass with a few extra attributes to support our mail system (based on qmail+ldap, but we don't use qmail anymore - we use exim).
The entries are small. Replication is fast. Queries are fast.
crude benchmarking with 'time' and ldapsearch shows me each query taking 0.011s to complete. Most of the has to be network overhead. The directory is small enough to sit in memory.
Those 90,000 entries are using 235MB of ram (i heavily index everything, probably too much to be honest) and lets say it scales linearly, I will hit the 2GB of memory limit at about 700-800,000 entries. At which point I start buying opterons? And start optimizing the directory, I guess.
If OpenLDAP is slow, I don't see any evidence of it yet. Maybe in time I will. I will probably look at the Netscape DS when its released.
My first experience with Netscape DS was when it was iPlanet a few years ago, and I was planning a migration of 2.5 million mail accounts into it. It didn't strike me as anything special, though I did like the user interface;)
1a.) Multi-master replication. Something very handy to have when you're looking at high-availability environments.
Yup, have to agree here. I do believe OpenLDAP is getting this soon though. I think its in the latest betas.
1b.) Speed. OpenLDAP can be tuned quite nicely, but doesn't match the performance of the commercial app's. If someone has anything contrary to this, I'd love to hear it.
I'm sorry I can't give you anything better than colloquial evidence, but I do run a 700,000 email a day system and every mail coming in is one to three LDAP lookups. The CPU load on my load balanced OpenLDAP servers is never more than 0.01 load average.
The machines are 2.8Ghz 2GB memory IBM 306's.
I think performance has less to do with what directory product you use, rather how fast your hardware is.
Considering that licenses for a commercial directory server probably equals an extra server, I'd rather have that extra server;)
It would be really nice for someone to do benchmarks though.
1c.) Supportability. Having a vendor to yell at when it all falls down in pieces is rather handy.
I'm always caught between two opposing viewpoints when I think about the "benefits" of vendor support. If its a company like Oracle or Sun, then I think there is validity to what you say.
But, for smaller products, or smaller vendors, "vendor support" can be a two edged sword. I've been left wishing I could send an email to a public mailing list to ask what the hell was going wrong with a proprietary system and knowing it was impossible.
With products like OpenLDAP, you generally post, and one of the developers answer. How does that compare with Oracle? You usually have to climb through 15 levels of beuracracy before you can talk to an actual developer!
If you're buying these machines to run Oracle, the cost of the hardware is dwarfed by the cost of the Oracle licensing.
Most people wouldn't buy these things for anything other than an Oracle box, I think.
My company is looking at these sun boxes because of the support and nice LOM features, to build a 10g RAC system. I'm expecting it to kick the hell out of the old E4500s we have right now.
But, as I said, the licensing is killer. Its like 80% of the price of the whole system. Don't sweat the hardware price so much.
I guess if I was a real evil computer genius, I would have two passwords - one password that unlocked my hard disk, and another that erased it and placed an innocuous looking false home directory in place of the real one, in order for the police to end up with no evidence, but believe that they have the 'true' password from me.
So, its another example of a law that just inconveniences the true evil genius computer hackers and shits on the privacy of the common man.
Slashdot Mirror
I suspect it isn't intended for people concerned just about losing the hardware, but actually the data that is on the machine.
If someone steals a machine with the intent to stealing confidential information (god knows what people store on their laptops these days) then this sytem might be worth the money.
Regardless of intended use its more likely that someone in this line of espionage would know about this software and have a disconnected LAN they can use to dissect the machine on, and if its just simple theft, I suspect most thieves these days don't even bother to boot the machine and rather they just wipe it or ghost it so it can be resold quickly, like you say.
So, yeah, pretty much an illusion of security. Marginal at least.
Well, I just installed it on my PC and my Mac.
/. wasn't such a good idea just yet. They will need to get the stability working otherwise a lot of people like myself will try it and be turned off by its quality before it's really ready.
PC version: Worked initially. Started up, created an account, and I edited my profile. Saving my profile however made it lock up and I had to kill it. Starting it again just makes it spin at the Login window.
Mac version: Initially brought up login window, but now dies silently while trying to start. No error log to system.log.
Oops, I guess getting exposure on
Mod parent up.
Watch out! They all link to tubgirl!
Brian: Uh..Peter according to this you're not a genius. In fact you're mentally retarded.
Peter: Oh yeah? Well would a mentally retarded guy have hired a bulldozer with a drunk driver to level half of his house in celebration of his fantastic test results?
Brian: Uhh maybe.
Peter: Oh.
Well, not me; if I had my way it would have been in perl and I would have been able to do as Mr my-dick-is-bigger-than-yours suggested and have it done in 5 minutes.
I didn't say I *LIKED* the way we do things, or that it was better, or that the system was good - but its what I have to live with.
I mean, seriously, how many people work for companies that hopelessly complicate things that should really be quite simple to do?
Thats my point.
And ... here we go ... argument boils down to "My dick is bigger than yours".
Clap.
Clap.
Clap.
Not everyone does everything the way you do; not everyone can make this an easy change.
My figures might have been pulled out of my arse; but they were used to demonstrate a point. Which was exactly that.
We don't manage the DNS records manually. If you actually read what I wrote, you'd understand that.
We have a site admin system, written in java, that manages all the config files. We have coding standards and testing processes.
You obviously have never worked for a company that makes more than $1 a year.
Well, I host several thousand domains ... for us to support SPF with all of them, it will require a major engineering effort costing probably $100,000. No joke. Just a day of development time is something like $5,000. The 100 grand above would include all the testing and code review etc that would be required (we wouldn't be doing it manually, our system would need to create the necessary DNS entries, so it would be a coding job).
Its not going to be cheap/quick/easy for a lot of companies to implement SPF. But I think Microsoft will bully people into it. Maybe its for the best.
its just that the crappy camera in the treo can't handle the high contrast very well. The part in shadow are just completely black, because it was a very bright sunny day outside, possi near to midday (look at the shadows) - so I don't have a problem with how the garage interior looks.
In my experience, users who decide to lower the security, overcompensate when doing so. Instead of setting the security to what they need it at, they set it to the "Bend over and rape me" setting.
Microsoft: Stop writing buggy software with "accidental" hooks that let you install device drivers from a god-damn active X control! THEN you won't need crutches like "Security levels".
I agree with the parent 100%: this won't be effective.
haha, thats pretty funny.
Well, as I said, I was bored.
I may even have been drunk.
Hahahaha.
...
Yes, I bought it on ebay for $50,000! I'm actually a 16 yo from Maine.
Oh, and I play EQ2 and I make $5,000 a day from illegally selling level 50 characters and items and plat.
That what you wanted to hear?
Jesus, it was a joke. Of course I've seen tubgirl before. On slashdot. I have no idea why I posted my original post - I think it was because I was fucking BORED.
I've had to type this comment blind as I have put out both my eyes.
This was a bad move because now the thing that I remember last seeing was that site.
Ow, my brain.
I hear that as a US citizen, you have to declare all of your income and it is all taxable no matter where you earn it, unlike every other company in the world.
:)
I work with americans here in Japan who really hate that rule
The most interesting stories are those where the submitter finds a story that isn't widely reported - lets say, on the mating habits of earfish - and he finds the stories that report on this, links to them and provides some interesting commentary such as "I found the report of earfish in the article at [earfish.com] interesting but this alternative viewpoint at [earfish-habits.com] also noted that earfish can also copulate inside nostrils".
... and thats it.
So, clumsy examples aside; stories where the submitted has actually done some kind of research, made some effort to take the reader beyond just a clickfest of reading other sites, but actually has some interesting take - with references - on this story.
Slashdot has always taken the 'omlette' approach - trying to have a good mix of stories each day. Sometimes they don't have enough onions for the omlette, so they have had to mix in some capsicum (pimento in other countries?). Lately however, they've been mixing in a heavy dosage of dog poo.
Are the Slashdot editors reading this? Are they trying to make Slashdot better? Do they even care that people who have religiously read Slashdot in the past are increasingly being fed up with it? I still read Slashdot - not out of any expectation that I'll be informed something interesting - but out of the hope that today might be the day something interesting gets posted.
Occasionally, I'm pleasantly surprised with a story pulled form many sources with an interesting new twist that isn't covered by the traditional sources.
But, more often than not, I see a link to a reg story, or a wired story, or a NYT story
Slashdot *needs* to be better than this.
A good start would be to refuse any stories that just link to another, well known, site such as The Register, without any other kind of interesting twist or angle on the story.
Therein lies the problem :(
I've been trained over many years to go to slashdot when I've nothing else better to do. Or even when I have many things better to do.
But really, I usually am just disappointed.
Yup.
... um ...
/. can do better than this.
So far this year we've had lots of advertisements for Thinkgeek, fud about google at every turn, fud about microsoft, stupid stories that the GPL is going to require companies to pay money
You know, I am one of the first people who used/read slashdot. You can tell, you know, by the 4 digit user number.
Slashdot is sucking. Hard. Its been bad for at least 2-3 years now. Its not getting any better. Regurgitating stories that are from The Register/Engaged/Ars Technica/etc is NOT news for nerds! Its not even news when its 4 DAYS OLD!. If I wanted a syndicated news site, I'd go to one of the 5000 that are out there, or just do an RSS feed of what I want, NOT have it delayed by Slashdot - with editorials that twist the story or even miss the point.
COME ON.
Agree with parent 100%.
You're right, of course. There are 94,000 entries in the directory. Entries are mostly a posixUser objectClass with a few extra attributes to support our mail system (based on qmail+ldap, but we don't use qmail anymore - we use exim).
The entries are small. Replication is fast. Queries are fast.
crude benchmarking with 'time' and ldapsearch shows me each query taking 0.011s to complete. Most of the has to be network overhead. The directory is small enough to sit in memory.
Those 90,000 entries are using 235MB of ram (i heavily index everything, probably too much to be honest) and lets say it scales linearly, I will hit the 2GB of memory limit at about 700-800,000 entries. At which point I start buying opterons? And start optimizing the directory, I guess.
If OpenLDAP is slow, I don't see any evidence of it yet. Maybe in time I will. I will probably look at the Netscape DS when its released.
My first experience with Netscape DS was when it was iPlanet a few years ago, and I was planning a migration of 2.5 million mail accounts into it. It didn't strike me as anything special, though I did like the user interface
you must be. I'm running a similar directory for about 90,000 mail accounts and the lookups are blindingly fast. Updating also.
One master, two replicas.
Use fast machines with lots of ram, hold everything in memory. Run a recent version of OpenLDAP.
Perhaps you should have been more clear in your post.
RTFA. He is running PPC Linux.
If you're buying these machines to run Oracle, the cost of the hardware is dwarfed by the cost of the Oracle licensing.
Most people wouldn't buy these things for anything other than an Oracle box, I think.
My company is looking at these sun boxes because of the support and nice LOM features, to build a 10g RAC system. I'm expecting it to kick the hell out of the old E4500s we have right now.
But, as I said, the licensing is killer. Its like 80% of the price of the whole system. Don't sweat the hardware price so much.
Thats awesome.
I guess if I was a real evil computer genius, I would have two passwords - one password that unlocked my hard disk, and another that erased it and placed an innocuous looking false home directory in place of the real one, in order for the police to end up with no evidence, but believe that they have the 'true' password from me.
So, its another example of a law that just inconveniences the true evil genius computer hackers and shits on the privacy of the common man.