Slashdot Mirror


User: ajs

ajs's activity in the archive.

Stories
0
Comments
4,773
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,773

  1. Just the opposite on Microsoft vs. "Naked PCs" · · Score: 2

    I rarely wipe the original Windows installation, even if I'm not going to use it. 1: the vendor may have been privy to hardware settings that are not documented, and I may need later 2: often, all of the software needed for a re-install is not included. One or more "special" drivers may be included, and a re-install may result in a flaky system.

    I never trust a set of Windows install media (usually just verify that all of the extra drivers are on disk, in case I need them, and then throw out the CD).

    Of course, I use Windows only to run those games and broken pieces of work software which cannot run elsewhere. Both reasons are rapidly declining to 0.

    Naked PCs are not useless to me, but hardly 100% useful. I would want Linux or FreeBSD pre-installed instead.

  2. Silly, but ignorable on CA Legislature Passes Ban On Sale Of Lecture Notes · · Score: 2

    This seems to allow for any sort of notes which condense the content of the class in terms of the field without actually being directly from the instructor.

    For example, if the instructor covers the war of 1812 with a heavy emphasis on linear equations, you could easily distribute a booklet that described all of the relavent points from the war, and linear equations with time-key indexes to indicate which secations would have been covered on which days.

    If the teacher had a slant on the topic (e.g. felt that such equations were NOT the key to victory, as previosly thought, but were in fact tangential to success), you could point out that that point of view is held by some professors, and call out the particular course as an example.

    This sort of second-hand analysis is certainly not covered by the law, and is legal in every other aspect of business that I'm aware of.

    If, on the other hand, the goal of the law is to prevent people from passing tests after skipping class then a) it's a bad law and b) it will never work, no matter how you word it. These are college kids we're talking about. They're the single largest concentration of creative energy on the planet, and if you try to stop them, you will lose. Luckily for the powers that be, they can be easily distracted with shiny things....

    Lawyers: thoughts?

  3. Re:*DO* blame the telemarketers on The Joys Of Big Business; or Why AT&T Long Distance Sux · · Score: 2
    This guy is being WAY too simplistic about it (maybe in the city you live in there are job choices for someone with your skillset, but if your only skill is that you read and speak english and you live in a small city with limited opportunity, I assure you there are very few jobs), but I have to agree with the basic concept.

    Advertising has become the business of anoying people just enough that they remember your name. Pissing off customers is considered the price of getting new ones. I've heard people in marketing cite many such scary mottos. For example:
    "Boycotts have never worked, so why would I be afraid of one?"

    "There's no such thing as bad publicity."

    "We get about a 2% return on these calls, so we're quite happy."

    "Teens are quite attactive because they're just starting to form their opinions, and advertising can mold those opinions in favor of whatever products we want"
    Does this scare you?

    Telemarketers should be treated with the contempt that their job deserves. They may not have had a choice, but they're being rude as hell, and I see no reason to respond to repeated, deliberate rudeness with anything other than a curt dismissal and a hangup.
  4. Red Hat 7.0: A fine release on Red Hat Linux 7 Infested With Bugs · · Score: 3

    I've been running Red Hat 7.0 for a little while. Things I've noticed:

    * I expected the first XFree86 4.0 release to be a little wonky, but it works well! Handled both my Permedia and Voodoo3 cards just fine with no user intervention (though, it's annoying that my monitor was not recognized, but it never was under the older X either).

    * They've adopted a SysV/Solaris-like set of symlinks for the rc files. I like this. They still use the Red Hat style of /etc/rc.d/init.d, but have added /etc/init.d as a link for the Solaris users among us.

    * Disk labels in /etc/fstab: I dislike this. I used to go to /etc/fstab to find the device name of my various partitions. Now it just says "LABEL=/usr" instead of "/dev/hdb6".... This is consistent with the change to fstab where the label name is shown during fsck. I guess I understand the desire to display that information, but dammit, I want my fstab back.

    * Just the right balance of new vs old software. The kernel is 2.2 (wise, even though 2.4.0-test is pretty darn stable as far as I can tell); I hear gcc is a snapshot release, but I have compiled a whole hell of a lot with it so far; latest GNOME goodies are nice (not quite Helixcode nice)

    * No problems yet. I've installed on two systems. One was having problems under both Windows and Linux, and the upgrade did not help, but did not hurt. The other was a test system, where I wanted to play with squid, and all worked just fine.

    Things that scare me overall:

    * Big distribution for Red Hat
    * Semi-graphical LILO ala Corel
    * xntp becomes ntp, which breaks a lot of scripts, and it's not on disk1

    Looks good for a .1 release, the fact that it's a .0 blows me away.

  5. Re:Companies are using other platforms on Red Hat Abandons Sparc · · Score: 2

    there's a lot of sparc32 hardware out there going cheap ... If you want up to date software (IPv6 support, for example) on your IPX, you have to run something other than Solaris.

    I hear this kind of reasoning a lot. I just don't get it. An IPX was a kick-ass system for it's day. Now, it's the rough equivalent of a P90 with much poorer support available for video, scanning and many other hardware periperals where under Linux for X86, you have all of the above plus the average P90 is going for even less than that IPX! Why would you waste your time?

    The only reason to run Suns is 1) you have a broken application that cannot take advantage of multiple systems and so you need to build it a big old E10k pile of iron to run on (don't go Linux in that case) or b) because your management won't accept that Intel-based systems are "enterprise ready" (in which case they won't accept Linux for roughly the same non-reason).

    If you're looking to build out high-capacity infrastructure you go with a large farm of identical 2u Linux or BSD systems (e.g. VA/Linux' FullOn 2xxx series which I have had nothing but good luck with) and you parcel them out as needed. For storage, you probably go with Network Appliance who have the baddest network-attached storage in the business (you'll never go back after taking your first snapshot... 200G of disk... backup time?... 5 seconds).

    So, for the home enthusiast Sparc loses. For the the business user this is not even a question, as your constraints are likely pretty simple.

  6. How to do encrypted passwords in Slash on Yup, Somebody Cracked Slashdot · · Score: 2

    So, the code looks like this in getUser:

    if($uid > 0) { # Authenticate
    $I{U} = sqlSelectHashref('*', 'users',
    ' uid = ' . $I{dbh}->quote($uid) .
    ' AND passwd = ' . $I{dbh}->quote($passwd)
    );
    }

    So I think you want to change the definition of passwd to be a char(32) and change "passwd = $I{dbh}->quote($passwd)" to "passwd = MD5->hexhash($I{dbh}->quote{$passwd})".

    You would, of course, have to change the code for adding users and changing passwords, but you get the basic idea. This is easy stuff. The only thing that it does not allow for is mailing a user their password. How to solve for this?

    Well, I would add a two-step process where a users says "I forget my password". You then invent a temporary password which you mail to their email address. This password is sent with a link to a special "verify that you forgot your password" page. If it's an attacker, the primary account password has not changed, and the user gets annoyed by an email message (as they would now). If it is the real user, they authenticate themselves via this temporary token and THEN you email them a new primary password which they are required or at least asked to change immediately. In fact if you want to make it really easy add the temporary token to the URL for the verification page (e.g. http://sd.org/verify?user=ajs&token=3485839828).

    All the security of the current system plus encrypted passwords in the database.

    For coming up with the new primary password, I would use the trick of using a random dictionary word followed by a random digit and a random noise character. This works out to be around 2^21 easily remembered passwords (about 5e4 words with a good list of 4-6 letter words, 10 digits, 32 noise characters = 16x10^6 = ~2^21). An easily cracked space woefully, but decent for throwaway passwords, especially if they're required to change them.

  7. Arrowpoint? on Solution To DoS Attacks · · Score: 2

    I think Arrowpoint (now Cisco) claims patents over some of this idea (though how it is or is not the Bernstien/IPv6 idea I don't know).

    What they claim to do is respond to the SYN, and forget about it. Then, they initiate a session when the SYNACK comes through. The interesting part is that they're not the host. They just initiate the session and then do some basic setup if it's one of the protocols (e.g. HTTP) that they know. Cool stuff, actually, as you can have complex load-balancing rules based on information which something like a LocalDirector would not know (e.g. URL, browser, HTTP version, etc).

    I like the Arrowpoint, but it's important to know it's limitations. If you get one, don't get carried away thinking it's a router. It's not. It will "forward" packets to its VLANs in a way that make it look like a router, but that a router does not make.

  8. Geek house has problems on Constructing A Geek House · · Score: 2

    I have some friends who started such a house. The problems that I see:

    1. People working in the "Internet industry" (as if there is such a thing) tend to have a problem with allocating enough time to keep up a house.

    2. It's amazing how people who work with computers during the day can so easily become Ludites in their private lives.

    3. The ability to run a network does not speak to one's ability to figure out such things as landscaping, home repairs, etc.

    Of course, this is from the point of view of a bunch of people BUYING a house, which may not be what you had in mind, but if you want a truely geekified home, that's really the way to go. Then you can do things like rip the wiring out and replace it with 110/220/2 pair RJ11/4 pair CAT5 RJ45 every 6 feet in every room with a patch-panel in the computer room.

    Yes indeed, that's the way to go.

  9. Re:When amazon is cracked, people fry. What of me? on FreeVeracity: Network Intrusion Detection · · Score: 2

    I don't want to get into a blame-the-victim scenario, here, but I do worry about this sort of thing. We're transitioning from a frontier mode (where the law DOES get snooty if you try to complain about rustlers) to a homesteader mode where the future of law enforcement will begin to take form.

    Because of this, we need to think about HOW we ask for help. Do you really want an FBI consumer-equipment intrusion team, or should that be something handled by your local law enforcement agencies? Personally, I'd be a lot happier with an international network of local law enforcement teams that deal with intrusions of this sort. Individually, they may not have the resources, but if all they need is 1-2 staff per precinct/district/whatever and a computer connected to the Internet with "Fuzz 2.0" installed, we could keep power in the hands that local-scale elections can at least control by proxy (e.g. the Mayor of your city has some control over the police). In this way, individual citizens have a significant say in how Internet policies and laws are implimented in their corner of the world.

    Thoughts?

  10. Open Source the best thing to happen to DoD? on Linux -- Government Acceptance vs. Actual Use · · Score: 2

    One of the DoD's biggest problems right now is that they cannot use truely complex systems for highly classified work and still be very certain that there are no security bugs. NT is obviously a lost cause in this respect, even with hordes of people at the NSA with nothing better to do than read NT source code and write buffer-overflow guards. On the other hand, Linux and the BSDs offer a new option: let millions of people pour over the source to find problems, and then pick and choose the most solid and secure programs.

    Obviously, you would still have your screening process which would involve an intense security code-review. Not really a problem.

    I think in the end, you would still have a linux.mil distribution, but it could track current development MUCH faster than with any other OS. The real trick would be convincing the pencil-pushers that contributing their security fixes back to the projects would be a good thing. Everyone who has had to maintain such a thing knows that you don't want to be stuck maintaining even a 5-line patch over more than 1 or 2 versions of a large piece of software, but most of the people setting policy have never had to do that.

    The thing that's going to kill Open source software usage is, though, is the people who think that any program written under Linux must be GPLed. Even *BSD ships a lot of GPLed software, and thus hackles get raised. Someone needs to take on the role of championing GPL PR. I don't mean this is the sense that the GPL should be pushed over the *PL of the week, but that the misunderstandings about what the GPL means should be countered.

  11. Inside info on Non Disclosure Agreements in Interviews? · · Score: 2

    One thing that a lot of companies strugle with is that during interviews, employees often discuss details of what's going on in the company that are not public. This tactic is probably aimed at closing up such information leeks. I have seen the situation where information reached the wrong company that way, but it's rare.

  12. Nitrogen... on Are Nitrogen Powered Cars The Future? · · Score: 2

    I'm sure others will point it out as well, but since the atmosphere is over 70% nitrogen, even if you were cobbling the nitrogen atoms together out of CmdrTaco's old gym socks using Stephenson-esque nanotech, you would have to spit an awful lot of nitrogen into the air to cause a problem (e.g. thinning of available oxygen). I can't imagine that cars and trucks could do it.

    On the other hand, since you'll likely be getting the nitrogen from the copious supply that is floating around in our atmosphere, the only problem would be the waste oxygen and CO2 at the separation facilities. I can imagine that that much pure O2 getting thrown around is a dangerous thing....

  13. A few more facts about global warming on Water On The North Pole · · Score: 2
    Global Warming (key ominous music) is a known, regularly occuring phenomenon. Core samples taken from glaciers demonstrate large thermal swings over the past 10,000 years. Just under 2000 years ago (I think it was in the mid first millenia), there was a terrible warming that struck Europe and had massive reprocussions to the populations there. The current warming trend is not nearly as severe as then, but give it time, it could get worse.

    However, to say that the current warming trend is influenced by man would require us to explain some hard facts:
    1. Volcanic eruptions alone pour out pollutants every year than anything humans can come close to
    2. Solar cycles seem to be tightly linked with annual variance
    3. Man could not have had any serious impact on the global warming trends that have been observed in the geological record.
    4. All historical indicators (that is to say, going back 200+ years), seem to indicate that our current tempratures might be a bit on the cool side, as compared to the average.
    Global warming trends will likely continue as long as the Sun keeps powering them. Don't confuse this for an anti-ecological rant. I'm as much a tree-hugger as the next person who grew up in Vermont, and I'd love to see our conservation efforts get a little more reasonable. You cannot, however, base any reasonable discussion of the environment on misinformation (much as many will doubtless try).
  14. KDE not chosen? A shock? I think not. on KDE Developer on the GNOME Foundation · · Score: 2

    The bottom line is that no matter how much you may love or hate KDE or Gnome; C or C++; CORBA or KDE's document alternative... you still have to admit that KDE was never even in the running, nor could it be. First, C++ is an unacceptable language for the core of a desktop on a UNIX box. You might love C++, but as KDE shows quite clearly, the diverstity of languages that UNIX supports cannot be matched through a C++ API (or any other language for that matter). Write your API in C and everyone (including the C++ folks) will have a interface, but write it in ANYTHING else, and you're locked to that language. As an example, I love Perl, but if someone suggested writing a major toolkit in Perl, I'd gently suggest that they go get their frontal lobes flossed. You write it in C and then create the Perl interface module using XS.

    The real problem, though, is Trolltech. Both Sun and HP were burned by the political problems of OSF (later The Open Group). They really don't want to turn Trolltech (not even a US company, which means less control) into another OSF. It's not that Trolltech is a bad company, it's that Trolltech is a company.

    Of course there are other reasons: CORBA is something both companies want to be part of their core offerings; GNOME brings with it a very nice set of C libraries that, if made standard across UNIX systems, would make development of even non-graphical programs much more reasonable (e.g. glib, libgtop, the XML and HTTP libraries, etc); Gimp....

    KDE will slowly become another Caldera... the legacy Linux desktop. It's not a comment on the quality of the code or the holy wars that have been fought. It's just the reality of the UNIX and post-UNIX world.

  15. Re:Top 10 Reasons I will not be attending.... on Party Tonight In San Jose · · Score: 2

    What do you mean "Would miss ``Family Guy'' episode tonight"?!

    Does this mean you have failed to buy a TiVO?! Taitor to the Cause! ;-)

  16. Re:Dammit on Online Rights And Real World Censorship? · · Score: 2

    it is not censorship for a biz to say "I don't want certain things on my computers'

    You can say anything you want, but the moment you modify or restrict a medium in order to impose an agenda (e.g. children should not see smut), you are censoring.

    I think what you were trying to say was that it is perfectly reasonable for a business to display what it wants, and no more. This is fair, however the business in this case (according to our questioner) did nto want to censor, it felt compelled to because of the possible legal implications of allowing "inappropriate material" to be displayed so close to a school.

    What was it about this that you felt was inappropriate for a Slashdot discussion?

  17. Re:One university? No. on University to Review Carnivore · · Score: 5

    What we need here is a redundant array of inexpensive universities (RAIU). At least four universities should be set to the task of evaluating Carnivore, independantly. Meanwhile, one additional university is given the task of checking the findings of the other four as they come in. If any of the results don't match previous statements made by the FBI, you throw them out.

    Seems simple to me... ;-)

  18. Re:Speaking of logical arguments... on RIAA Responds to Napster - Raises Serious Questions · · Score: 2
    you deride the argument constructing abilities of others by posting web pages


    Before you start constructing arguments, you must begin by constructing phrases. What did you mean by this?

    This would be like Kodak advertising special, enhanced "Kiddie Porn friendly film" or Sony releasing a dual-tape deck VCR under the advertising "This will really piss off Blockbuster!"


    Then the suit should be focusing on the advertizing campaign and Napster's implicit concent, which is sort of the way that the RIAA is trying to go with their most recent documents. See,they've realized that their original grounds (which were entirely based on the idea that Napster was a pirating service) don't work, so now they're trying to point to the idea that Napster executives knew that their users were copying copyrighted material. I wish them luck, actually, but doubt that the judge will fall for the reversal.

    You bring up some good points, but do not support the premise that I failed to complete my metaphor. Napster is a medium (regargless of another poster's illogical claim that a medium cannot be implimented on top of another medium, e.g. IP over phone lines) and all transport media should, IMHO, be treated the same. Laws of free speach and the responsibilities of the media owner apply. In that light, I think that Napster, Kodak and The Phone Company all have the same rights and obligations.
  19. Re:Moral stand? on RIAA Responds to Napster - Raises Serious Questions · · Score: 5
    I did not state a non sequitur. You introduced a logical fallacy known as a straw man (which you can find on the site that I link to above). The specifics of your straw man are:

    1. Pizza parlors were started by the mob (could be true, I don't know).
    2. Lots of valid business at pizza parlors (true)
    3. Money laundering is illegal (true)


    Woefully, points 1 and 2 (which seemed to be going somewhere) do not lead to point 3. Neither does point 3 serve to tie the premise together. It is true, compelling and misleading. Thus, unless you can shed light on what you meant I cannot say that I see this as anything but a logical fallacy.

    Again, please construct an argument. Napster is a filesystem over which users share files containing sound. It turns out that, given a filesystem, users will share copyrighted sounds. Really not Napster's problem any more than it's Kodak's problem that child pornographers use their film. I am strongly in the camp that says that the use of a medium where monitoring activity is possible should not lead to a mandate to monitor activity. Digital camaras should not be required to transmit their images to the FBI, phone switches should not have pre-installed taps and Napster should not have to monitor it's users file sharing transactions in order to prevent copyright infringement. These are all, as far as I can tell, the same issue: should the medium provider (profit-making or not) be required to sanitize and/or monitor it's usage?

    You appear to believe half of the RIAA's answer (that shutting down services that don't sanitize or monitor is reasonable), but do you believe what I think is the logical conclusion: that sanitization and monitoring should be required? I'm not trying to say that the RIAA wants this (I think they do, but that's just my personal theory for which I have zero evidence). However, they have certainly taken a big first step.

    If people start using Slashdot to share uuencoded MP3s, should Slashdot be shut down? What if they advertize that they're the hottest site for discussion forums full of MP3s? What if they say "fuck the RIAA, we have pirated MP3s on our site"? When does it become a problem of the media provider? Is Exodus (Andover.net's ISP) responsible for the MP3s? Should they be sanitizing the bits at the router? Monitoring for Brittany Spears patterns in the HTTP traffic?

    You begin a long and slippery slide the way that the RIAA is going. The only thing I think they can justify is pressing charges against the people trading the music and getting a warrant for the logs on the Napster servers. If there's anything there that identifies users, then they could be busted. The problem is that that would mean directly going after thousands of mostly kids. Can you imagine how pissed their parents will be? How long before that turns into an anti-RIAA backlash that could cost the RIAA millions in legal fees? All for what? To punish fans who tend to be good customers in the first place? No, RIAA wants to shut Napster down so that they look like bad-guys only in the short-term and concentrate their legal guns on a single, easy target.

    Welcome to copyright in THIS century.
  20. Re:Moral stand? on RIAA Responds to Napster - Raises Serious Questions · · Score: 4

    But you cannot shut down all pizza parlors because they can be used for money laundering.

    Perhaps you meant to construct an argument instead of introducing a logical fallacy.

  21. Re:Size is not the issue on 30+ GB Databases On Unix? · · Score: 2
    Are you seriously suggesting running Oracle on an NFS filesystem?
    Not only am I suggesting it, but in timing tests, Oracle is performing a little better over the Filer! We were previously using a locally-attached diff-SCSI Sun A1000.

    Oh, also, you can write your Oracle redo logs to the Filer, even though they recommend against doing so to anything other than flat disk or RAID 0/1. Why? Because the Filer uses a journaling filesystem in NVRAM, so the writes happen as fast as the wire (GigE in our case) can run.

    would have to recommend against this. By buying hardware RAID and an appropriate filesystem add/on (e.g. Veritas File System) you can get all the benefits of the filer with all the benefits of local disk.
    How long does it take to back up that local disk? For us, it takes about 2 seconds, and takes up almost NO STORAGE SPACE! The Filer has a feature called "snapshot" which is basically a copy-on-write filesystem. You tell it to snap and it comes back after a second or two. After that, you can always go back to that point in time and recover files on-line, without any sort of programatic interface (just filesystem access). There is even an add-on package called snap restore that will instantly restore the entire filesystem to that previous state....

    So, get this, our Oracle backup is: put all of our Oracle tablespaces in locked/suspended mode; call tell the filer to snap; unlock the tablespaces. Now if we ever need to restore, we just bring Oracle down, swap in the old data files, bring Oracle up. We can also do tape backups this way, as the Filer backup program uses snapshots. Thus, as soon as a backup is started, you can start writing to the data again safely!

  22. Size is not the issue on 30+ GB Databases On Unix? · · Score: 3

    I run a database of this size, and it's not a challenge. Cost is very high, but that's mostly because a database of that size is one that you cannot afford to have to restore.

    I currently use a Sun architecture, but I know of sites that use Intel/Linux, HP PA/RISC and even (may all the little gods help you) Intel/MS/SQL server which does have it's place in non-mission-critical places where you're never going to have a good DBA.

    I can seriously recommend the Network Appliance Filer for back-end storage. Their claim that their network-attached storage array is faster than local disk sounds silly on the face of it, but there are good and valid reasons that it's true (mostly due to their journaling and caching strategy which is highly optimized for NFS). The Filer makes databases a lot easier to manage. For example, the Filer can make an online backup in less than 5 seconds, no matter how much data you have!

    Back to your original point: 30GB is small, don't sweat it. But, don't cut corners either!

  23. Is this the future? on Kuro5hin Forced Down By DOS · · Score: 3

    Is the future of the Internet a place where only the most well-monied companies can afford to defend themselves from the onslaught of attackers? Is popularity a death-sentance on the Internet? Sad, but it may come to that....

    I will have to think twice about a few of the cool volunteer community sites that I had been thinking of building on my home systems.

  24. Editorial? on The Hunkapiller Syndrome · · Score: 4

    A lot of editorializing, here. It would be nice to hear from someone inside that industry on what this company and person are like, and how much of this is Slashdot-headline-fodder and how much of the MS/PE comparison is valid.

    Any hard facts?

  25. Some perspective on Specs On New SGI Onyx And Origin · · Score: 3

    People are asking things like "why would I use this" and "who wants these?" Let me tell you, in the era of bloatware like Oracle and any of the content management systems out there (possible exception of Zope), the incredible scalability of these systems will be a huge selling point. Oracle, for example, is very careful to build and market their software to be monolithic so that you have to buy big hardware to run it, and then they charge you based on the size of the hardware you're running. Thus, they drive the purchase of huge systems like this, and then charge you up the ass for their "Enterprise class" database.

    Believe it or not, this is actually the kind of business model that the Fortune 500 are not only happy with, but demand.

    Personally, I'd be happy with a database that could run on a loose, fault-tollerant network of a dozen or so small (e.g. 2-processor Intel or Alpha) systems.

    Then again, I'd really like to play with some of SGI's big iron....