Ogg is like beta. Technically superior, but (almost) nobody cares.
Well, I thought that too, but try searching on google for "ogg". (gives more hits than "itunes"). Among many things Ogg, that google will find, one can also see fake "search engines" and "directory" sites, using "Ogg" as google-bait. Somebody must think, that this will generate more traffic. I don't think that Ogg is an obscure format anymore.
Say you need to remember a password, put it in an address in your PDA or book. BS name 123 'password here' st
This method is unfortunately quite common. People using it think it is a smart and novel idea, and seems to recommend the method to their friends, whenever the topic arises. In my country a lot of people were (are?) using such a scheme to hide their four digit ATM PIN-code disguised as a telephone number in their calender.
But people would carry their calender/telephonebook together with their ATM card in their wallet or handbag, meanining that a pick-pocket often would get the obfuscated password together with the ATM card.
And pick-pockets tend to be somewhat professionel, and knowing this trick too, they where quite good at spotting the bogus entry. In short, it became so bad, that the banks had to issue repeated warnings to their costumers, not to use this very obvious, and insecure scheme.
They had a bogus data compression patent that they successfully sued Microsoft over. The result was that Microsoft bought out Stac for something like $120 million and incorporated the Stac algorithm into Disk Doubler.
Quarterdeck STAC wasn't bogus at all. It actually worked, while Disk Doubler was nothing but trouble. AFAIK, the lawsuit wasn't about patents, but that MS had verbatim copied code from STAC into DD. Se eg. http://www.newsfactor.com/perl/story/12684.html
MS never bought Quarterdeck (of QEMM and Desqview fame). MS hated Quarterdeck with a passion, probably because of Desqview.
No, we shouldn't rape rapists. We should shoot them. Twice. Once in the crotch, let them suffer the pain and loss of manhood for a few minutes, then shoot them in the head. None of this rehabilitation crap.
When I was young, reading about the atrocities commited by the SS and the Einzatsgruppen, I always wondered what kind of people who could shoot fellow humans in the back of their head, for 8 hours a day, come home covered in blood, gore and brain matter, and then next day continue, and do this for weeks.
At first I thought that it took some kind of special, twisted, sick mind to eg. bayonet a one year old baby. But the real horror was, when I discovered that these killers were totally ordinary people; I mean really ordinary people, with normal families, normal jobs, normal political beliefs, in short people like you and me.
The recipe for getting normal people to commit atrocities like hanging an 11 year old girl in a piano wire, is really simple; just dehumanize the victims. When normal people are convinced about their own moral superiority, and that the victims are not really humans, they can commit the most extreme violence without blinking with their eyes, like shooting other people in the crotch and to enjoy them suffer.
My limited experience with hardware RAID on Linux
on
Managing RAID on Linux
·
· Score: 5, Interesting
3-4 years ago, when we decided to use hardware RAID on our Linux servers, we bought some DPT Smartraid V hardware RAID controllers. Unfortunatly DPT was bought by Adaptec some time after. Adaptec has been really good at getting the driver included in the kernel, but the takeover seemed to delay this proces, so the time in between was a rough ride. The lesson learned was, never have a production Linux system with (binary) drivers tied to a specific kernel or distro version.
That said, we have been very happy with the controllers, and since at least two disks has died without warning, the expense has easely been worth it. Our systems are used 24/7/365, so every minute of downtime annoys somebody. RAID really makes me sleep better, restoring a server from a slow tapestreamer, at some ungodly hour, while people nervously checks in, asking when we will be up again, is something I really want to avoid too much of.
YMMV, but I think hardware RAID still has an edge over software raid, mostly because I find it simpler to maintain in the long run.
If you are into LVM's, FS tools, and software RAID, go to: http://evms.sourceforge.net/ and _drool_. Future stuff for now on production servers, but nevertheless.
[snip: about the limitations of the built in memory controller holdning the Athlon64 back]
AFAIK the Athlon64 memory controller can easely be bypassed by chipset manufactures. So Athlon64 and Opteron motherboards with RDRAM or 400MHz DDR are possible (though unlikely). Besides that 333MHz DDR memory is standard, the SIS 755 chipset support 800MHz FSB speeds. The "Athens" version of the Opteron will include onboard 400MHz DDR II support.
The biggest problem with the Athlon64 cpu is, that I can't buy one until september. In the meantime I will drool over the system from www.newisys.com : dual Opteron, onboard PPC cpu running Linux; http, ssh, ssl for management, dual channel u320 scsi w/mirroring (LSI logic with ARM cpu?) hotswap drives, all packed in a 2U casing.
My favourite quote from the article : As an added bonus, the lights sometimes flash in a side-to-side in a pattern reminiscent of Knight Rider's KITT. We jokingly refer to the blinkenlights on our DPT Smartraid V controllers as "KITT scanners". Since Adaptec bought DPT to get into the SCSI RAID market it is likely that their IDE "KITT scanner" is similar to the DPT. (eg. the DPT Smartraid V driver works with all I2O Adaptec adapters too). If so, then it is a real nice feature, since the DPT "KITT scanner" can morse all kinds of error messages.
He! iputils-20020124-8 from Red Hat 8.0 has an "-a" switch, that makes the ping audible.
[root@helene root]# ping -c3 -a localhost
PING localhost.localdomain (127.0.0.1) from 127.0.0.1 : 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.035 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.031 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=3 ttl=64 time=0.028 ms
It makes a "bell" sound for every packet. Combining -a and -f (flood ping) doesn't work though.
I wouldn't rely on ping too much, though, audible or not; recently one of our servers suddenly lost its root-device. Amazingly the kernel limped on and replyed to pings. Our network monitoring program (www.nagios.org) therefore claimed the host was up, but all services had stopped answering.
A dual panel file manager, like Midnight Commander/Krusader/Norton Commander.
Tabbed xterms.
A good CLI: The CLI isn't a GUI, but it is a UI, and a very effective UI for some types of computer interactions. I especially like the feeling of a consistent, single focus point of accessing and manipulate _everything_ on my filesystem.
Multiple desktops/consoles, like KDE/Gnome/etc.
Maximum screen real estate (see above)
"Everything" must be able to be manipulated by keyboard short cuts. A mice is nice, but a short cut is more hot.(yuck)
Decent default settings.
There is a schizma between power users, and people who can be considered newbies/light users. When GUI producers caters for one group, the other group is alianated and vice versa.
Maybe there should be a GUI switch, swithing between power user (advanced) and home user (simple), both with default settings that are apropriate.
The GUI switching could also work across the apps; eg. in "simple mode" the mail client would have few, large icons with text beneath them, optimized only for: get, send, read, write and organize mail. No option for turning on html mails, no cc field, no advanced edit features etc.
If the "simple mode" user needed any one of these features, they could costumize to their hearts content by selecting from the "advanced mode" representation, why deny people anything.
Such a dual GUI setting could cater for the people with simple computer needs, without dumbing down the GUI for those with more complex needs.
is a floppy based solution from http://www.zelow.no/floppyfw
We have a 4Mbit/4Mbit HDSL line, and around 320 nodes. (I am part of a team, that runs a small time volunteer ISP: the whole street I live in, joined together to get good Internet access for a reasonable price; Linux all the way, yaeh!)
floppfw is a quite nice distro, it has loads of add-on packages: VPN(PPTP, Cisco, Intel etc), PPP, ssh etc. It is rock solid and has a high performance (used it for 3-4 years without problems)
There is also a powerfull GUI for configuring it: http://www.fwbuilder.org/ But is very simple to maintain and costumize without. You just mount -o the image, edit, unmount. Rolling and using your own kernel is also quite easy (we use NAT, and some NAT helper modules are outside the kernel).
The downside: No changing the firewall rules on the fly. Changing rules or upgrading, means a reboot lasting a minute or so. We have a spare box (can be used as firewall or proxy, dhcp server if necessary), so by changing the default gateway, we can avoid loss of Internet connectivity, though it means that people cannot access our web-site in the mean time, but we can live with that, other may not).
We also use the spare box, as a testing unit for new firewalls, so we can be confident that it works before it is put into production.
The EFF wrote an article (linked to by the Slashdot article) about that National ID:s are bad, because the data can be abused. I don't see it. If someone could illuminate my mental darkness on this point, and illustrate in what way a database containing all names, ssns and addresses can be significantly abused would perhaps make my image more complete. Lets take an example from Denmark (who has a national ID db called "CPR") from the 80's; The KGB simply bribed a low level county official to keep a tab on all soviet (and east-block) dissidents living here. No matter where the dissident moved, or if they had their named changed, the KGB would know that, besides all the other information kept in databases tied together around the CPR, like where you work, how much you earn, who your doctor are, where you children goes to school, etc. The problems with national ID's are they are very convinient for the state to tie all kinds of information around, and that they are used to "everything". That again means that even the lowliest, demoralized, underpaid county official has access to at least part of that information. Having such a national ID db, could be a major security risc, since it works both ways; all security and defence personel would be in that DB too, and therefore easy to "check out". Personally I always regarded the threat of a Soviet aggression very low, but I am quite sure, that the KGB and GRU had (has) excellent extracts of the national ID db's of both Denmark and Sweden, and that in a conflict, they could have used that info to great effect. During WWII, the NKVD gathered personal files of every german frontline commander, down to "captain" level. And they used that information extremely effectivly. Thanks to our national ID db, they probably had similar files on every officer in the danish (and swedish) army.
ICANN's behaviour has several of the normal danger signs associated with illegal financial activities;
1. Denying and obstructing peoples access to financial records. What makes this even more extreme is that ICANN tried to deny and obstruct a _board member/director_ to this information. Clearly illegal.
2. The elimination of all internal opposition. "Opposition" meaning people who tries to do their job according to the law.
3. Usually when you have the above danger signal, you will also find, that those "third parties" that oversees the financial records/budget, like an accounting firm / law firm, that in theory should act as "watch dogs" have strong "conflicts of interest" regarding their "watch dog" role.
Seen from the outside, it looks like that ICANN is spinning out of control, and that no-one is trying to stop the mess. A financial "crash" and a scandal would not be an unlikely outcome.
And if you're going to argue with me, you have to own up to at least two CDs you bought "with only one or two good songs"...so that we can make fun of you.:)
Well, I certainly own more than two records "with only one or two good songs", that is something that happens when you buy records of bands you don't know; some bands seems to have just one or two good songs in them.
That said, I personally always goes for the whole album. A lot of the bands I like (or perhaps their producers) seems to compose their albums, so even the order of the tracks is part of the listening experience. On a lot of my vinyl albums there is even a distinct difference between the A and B side, regarding sound and mood/feeling.
Right now I am listening to a "best of Madness" album. Since I bought most of their records as they came out, it is a somewhat bizarre to hear a selection of "random" tracks, taken out of their context and even out of chronological order.
So I would never use a "buy one track at a time" service. But perhaps this is not meant for people like me who buys lots of records(*), since all serious record buyers I know, have the same "the whole album or it sucks" attitude.
Perhaps this is service is meant for those who don't buy that many records, and who gets musical inspiration from mainstream music channels. I would make sense if it were so, since the "hits from Top 40" buyers, are the majority.
(*) I actually don't buy that much music anymore, I am getting old:-(.
Note to Editors: For "ask Slashdot" posts, please at least TRY to do a "google" on the question to see if it is lame or not.
Well, "lame" questions may be quite usefull, since they often sparks a good/long discussion. You can see the fenomenon on usenet if you hang around there.
In this case I actually learned some stuff: A couple of friends are going to an old archive in eastern Europe. It is a very financially poor archive; there is an absolut limit of 100 copies per person for the entire stay, but there are at least 25.000 documents they have to sift through.
The place is warmed by old fashioned coal-stoves. There are no power outlets for their notebooks, so using a flat-bed usb scanner is not an option either. (though this thread gave me a good reference to a flatbed scanner, designed for book scanning) Besides, the documents are old and fragile, and often impossible to OCR.
But several people on this thread mentionend how they used digital cameras to copy documents with good results. That looks like a promesing approach to my friends problem.
And I do really value peoples own experiences on how a technology work (or not). Besides peoples experience with technology, there is only marketing material, - and that I don't trust.
So I (at least) learned something from the _answers_ in this discussion, even though the _question_ did not pertain to "my" problem.
There are some security concerns and there is a very strict legislation about how to handle this system, but the economical benefits are huge and it does benefit society a lot.
The security around the CPR ID database system wasn't really that good some years ago; an internal audit made them tighten up the security a lot. And usually, the control around any public database system in Denmark is a joke; all most all cops use the KR (criminal register) to snoop on their neighbours. The register is never cleaned for old records, even though the law requires it. A combination of these two vices, were demonstrated, when nosey police officers, leaked the criminal record of a well known conservative politician; he had a "drinking & driving" offence when he was around 18, in the 1950'ies. This costed him his post as a leader of the conservative party. As usually, the police was unable to even discover which policy officer had leaked the information. For what I know, your conviction that your data is safe in the states database systems, is pretty much nothing more than a conviction.
Besides, there are a major problem with centralized ID systems, besides the states tendency to abuse the system, namely, that such a system is a benefit for the Bad Guys too.
Eg. In Denmark the CPR ID number is slabbed around the newborn babies wrist, even before it is handed over to its mother. Everybody has a CPR id number. A huge amount of data is tied around that number, since all transactions with the state/county are tied to the CPR. Fortunately, a lot of the information is compartmentalized, meaning that one cannot (easily) make a centralized query of all the information regarding a citizen.
But since the CPR system is so convenient and omnipresent, even the lowliest, unmotivated, underpaid county clerk has access to it. (the open terminals that are so convenient when dealing with the state/county). So getting access to all that real time information on people, is staggering easy. One case to illustrate the point. During the 80'ies, the KGB just bribed such a county clerk, to tag all russian dissidents living here in Denmark. So the KGB had instant updates on them, even if they changed their name and address constantly. All those queries on russian dissidents (who weren't even living in this small county) were never discovered by an internal audit.
Another case: "Blekingegade banden" was a violent extremist group, that supplied extremist palestinian terror groups with weapons and money, stemming from violent robberies. They were not stupid as many criminals actually are; they were intelligent and educated, and planted a man inside the institution that was running not only the CPR, but also the KR (criminal register), and countless other databases. So this small "terrorist" group had an excellent tab on, how much the police new about them and their crimes.
I am sure, that both the KGB, Stasi, CIA etc, all had tremendous benefit of the Danish centralized register. Just as a lot of countries intelligence services will benefit from eg. a central US, or Japanese citizen ID database. Eg. Agent [ID] just moved to an area where [fascilitate] is located. He also got a raise, putting him in the same income bracket as known agents performing [function].
The ending of this rant: Identity theft is just as easy with a centralized ID database as without, and probably more convenient for the thief. And finally don't even think about the mess of troubles if one ever is deleted by the Danish CPR register (happens sometimes). Even with a valid ID as a passport, two hundred witnesses and your birth certificate, you are denied everything, like wage, a bank account, pension, etc. Even if the state/county officials/bank tellers/insurence agents are convinced about your identity, nothing can be done, since you are not in the CPR.
It certainly looks like it, not only because of the name but also since the syntax/switches (http://www.amigarealm.com/) basicly are the same as in BRU from tolisgroup. Eg. BRU -G for getting archive info etc.
We have been using BRU backup backup software on our Linux servers the last couple of years. Recommended. The price is right too. They have fully working demoes for download. http://www.tolisgroup.com/
The main reason that we chose a commercial package was, that backups, especially on DAT streamers, can be a nasty experience. After experiencing a couple of "write-only" backup incidents (on NT 4.0 using DAT 1 and 2 streamers), I wanted something that actually verified the backup, and had extremely good error-logging, and CLI/scripting facilities. Since BRU probably is the oldest commecial Linux and BSD backup package, it was the best choice at the time. There are several other solutions now.
Some advanteges with BRU: Good CRC-32 check to ensure that what you _try_ to back up, actually end up on the tape in a non-corrupted state. Fast verify.
Excellent error-logging.
Back up of live filesystems, and special files like sparse files, pipes, special device links etc.
Excellent CLI options, like regex selecting files, or filesystems to backup.
We still use v.16. But v.17 has Quick File Access (QFA. It also has a better GUI, but BRUs real power is as CLI program.
They also have a free (QPL lince) program called CRU, that enables booting from tape (if the streamer supports it, like HP's), and making a complete restore of the OS and data, including fdisk'ing, in one go. (You just press a button on the DAT streamer, while the server boots).
This becomes more of an issue with printers that just have a direct ethernet jacks.
All those LAN embedded devices like printers, printservers, routers, managed switches are becoming a security risk for several reasons:
1. They are often not designed with security in mind. Eg. even fairly new switches doesn't support SSH or SNMP v.3. Most printers are a joke regarding security, and the vendors doesn't always seem eager to fix known problems. See the article on http://freshmeat.net/articles/view/445/ Note how one can use eg. a printer that supports ftp, to scan the network, or how some printers has vendor enabled backdoors.
2. The vendors embedded of these embedded devices, doesn't seem to test their devices so rigously: eg. when the Code Red worm was at its height, people were reporting that all kind of equipment with build in web-servers, was crashing or locking up. Not because they suffered from the same buffer overflow problem as MS IIS, but because the large amount of invalid request, would expose memory leaks or other similar errors. And again, the vendors aren't always quick to admit or fix the problems. Eg. When the recent SNMP problem affecting huge amount of different vendors equipment was discovered, a lot of vendors denied, or ignored, that their equipment was affected.
3. Such embedded devices are often "configure and forget". When a managed switch or a printserver works, people tend to forget to track and install new security releases of firmware.
4. People tend to think, that devices on the LAN side are secure, and therefore tend not to update, or lock down the devices. This is only true sofar, that such devices are less likely to become targets for hackers, as long as all the LAN side servers are easier to hack. Again, Code Red showed how people are less likely to secure their LAN side; many, many internal networks broke down, or was shut down, because CR was wrecking havoc once it had gotten inside. Another thing CR showed was, that VPN's aren't a security tool, but a security risk, since a lot of sites were infected, by compromised machines logging into the LAN by VPN.
Of course, a lot of the problems above, can be worked around by good admins, with a decent budget for designing their network in a secure manner. A hacker once described most networks as "hard on the outside, but soft and mushy on the inside". (this hacker would, interestingly, often use plain old war-dialing, to circumvent the firewall and IDS).
Maybe more people should start regarding their LAN as just as exposed as anything on the internet side, and employ a "defence in depth" strategy, including making an inventory of their embedded devices, formalize the tracking and installing of new firmware, and generally locking them down. Eg. place a really locked down BSD/Linux box with the CUPSd printer server in front of the printers. That way one gets encryption and authentification, anti spoofing, "load balancing", logging, secure administration (SSH & SSL), and a firewall that not only controls traffic to the printers, but also from them. And why not place IDS's on the LAN side too? etc, etc.
There was a time when Red Hat were seemingly pushing Linuxconf as the system admin tool. Now they have developed their own. Anyone know why?
I don't know the details. But there were some serious problems with Linuxconf, since it had a tendency to mess up the config files.
Besides, such monolitic configuration tools, are difficult to make and maintain for a Linux distro, since all the programs (and their config files), and the configuration program, all are made by different people, without any common standard for config files etc.
nice that LVM is now supported by default, so you dont have to mess with kernel modules and initrds..
Check out IBM's EVMS (Enterprise Volume Management System). It is a plug-in based "front end/API" for storage management tools like LVM. Basicly that means, that you can create, destroy, resize LVM 'volumes', software RAID volumes, partitions, and use chkdisk etc, with the same tool. There are are one CLI, and two GUI's, one ncurses based(console), and one Gnome based. The latter simply makes me drool.
see http://evms.sourceforge.net/gui_screen/
No, it isn't ready for production systems. But that won't stop me from drooling. (and trying it soon)
Further, it looks like it (EVMS) also has plug-ins for various filesystems and their tools, like; Ext2/Ext3, ReiserFS, JFS, Linux swap. And how about making snap-shots of a volume, and later a roll-back?
My biggest gripe with RH is the install/configuration too. The standard options doesn't fit my need on my desktop or my servers. So I always end up using "costum" with "kernel-development" (and "XFree"), and then select the rest of the individual packages. The best solution is probably spending some time, learning to use "Kick-start". Another thing: if you dislike being a CD DJ, and have the disk space, then remember that it is possible to install RH directly from the downloaded ISO images on a harddisk partition.
About maintance. Hm. My experience is different from yours. I think RH has become much easier to maintain, especially with RH-network. Mastering RPM to a certain degree is a must though. Simple stuff like "rpm -Fvh *.rpm --test" or "rpm -qa | grep foo" or "rpm -qf/etc/foo.conf" saves the day. And underappreciated tool is "mc" or Midnight Commander", a dual panel "Norton Commander" ncurses based clone. Among other things, it is able to browse inside rpm packages. Nifty.
You mention that up2date filled "/". It is configurable where up2date dumps the downloaded rpms. On my servers "/var" and "/home" are on seperate partitions, so that eg. huge, growing log-files etc. doesn't spill over the "/" partition.
Gentoo Linux looks very interesting, and the guy that makes it, D. Robbins has written some extremely well written tutorials for IBM on: http://www-106.ibm.com/developerworks/
It depends; first, the main reason for using beta software is to participate in bug-hunting, and request features. Second, if you need some non-RH rpms, you may run into dependency problems, since the beta is compiled against spanking new libraries. This problem may be fixed by compiling from the src rpms. Finally, some code doesn't compile on GCC 3.x, though RH probably ships a compat-2.9x-GCC.
My suggestion: if you have the time, then do it. If you got more than one box, then eg. try to perform a network install. So if the beta sucks, then at least you learned something new.
It seems to be alot like Linux In A Box, http://www.liab.dk . Except LIAB is actually a small computer, not just the bios.
I guess you could use them for really small firewalls:-)
We actually use a liab box to monitor the status of our washing machines (a small laundry shared by 450 apartments), so all the teneants can see whether the machines are available. Nifty stuff.
Retina scanners won't work on a dried-up old eyball, but they'd have a hard time detecting a fresh drippy one
I have several times encountered historical descriptions of criminals having an eye poked/beaten out of the eyesocket. The fascinating part is, that there seems to be a technique, to hit a human head with a stick in such a way , that a single blow would pop out the eye of the eyesocket. This kind of punishment seems to have been a specialists job. I have seen a description, where an old woman was summonend to execute this particular kind of punishment (17th. century, Europe). This arcane technique is probably forgotten by now, but one never know if it would resurected if retinal scans became common:-0
Slashdot Mirror
Ogg is like beta. Technically superior, but (almost) nobody cares.
Well, I thought that too, but try searching on google for "ogg". (gives more hits than "itunes").
Among many things Ogg, that google will find, one can also see fake "search engines" and "directory" sites, using "Ogg" as google-bait. Somebody must think, that this will generate more traffic.
I don't think that Ogg is an obscure format anymore.
Say you need to remember a password, put it in an address in your PDA or book.
/telephonebook together with their ATM card in their wallet or handbag, meanining that a pick-pocket often would get the obfuscated password together with the ATM card.
BS name
123 'password here' st
This method is unfortunately quite common. People using it think it is a smart and novel idea, and seems to recommend the method to their friends, whenever the topic arises. In my country a lot of people were (are?) using such a scheme to hide their four digit ATM PIN-code disguised as a telephone number in their calender.
But people would carry their calender
And pick-pockets tend to be somewhat professionel, and knowing this trick too, they where quite good at spotting the bogus entry. In short, it became so bad, that the banks had to issue repeated warnings to their costumers, not to use this very obvious, and insecure scheme.
They had a bogus data compression patent that they successfully sued Microsoft over. The result was that Microsoft bought out Stac for something like $120 million and incorporated the Stac algorithm into Disk Doubler.
Quarterdeck STAC wasn't bogus at all. It actually worked, while Disk Doubler was nothing but trouble. AFAIK, the lawsuit wasn't about patents, but that MS had verbatim copied code from STAC into DD.
Se eg. http://www.newsfactor.com/perl/story/12684.html
MS never bought Quarterdeck (of QEMM and Desqview fame). MS hated Quarterdeck with a passion, probably because of Desqview.
No, we shouldn't rape rapists. We should shoot them. Twice. Once in the crotch, let them suffer the pain and loss of manhood for a few minutes, then shoot them in the head. None of this rehabilitation crap.
When I was young, reading about the atrocities commited by the SS and the Einzatsgruppen, I always wondered what kind of people who could shoot fellow humans in the back of their head, for 8 hours a day, come home covered in blood, gore and brain matter, and then next day continue, and do this for weeks.
At first I thought that it took some kind of special, twisted, sick mind to eg. bayonet a one year old baby. But the real horror was, when I discovered that these killers were totally ordinary people; I mean really ordinary people, with normal families, normal jobs, normal political beliefs, in short people like you and me.
The recipe for getting normal people to commit atrocities like hanging an 11 year old girl in a piano wire, is really simple; just dehumanize the victims. When normal people are convinced about their own moral superiority, and that the victims are not really humans, they can commit the most extreme violence without blinking with their eyes, like shooting other people in the crotch and to enjoy them suffer.
3-4 years ago, when we decided to use hardware RAID on our Linux servers, we bought some DPT Smartraid V hardware RAID controllers. Unfortunatly DPT was bought by Adaptec some time after. Adaptec has been really good at getting the driver included in the kernel, but the takeover seemed to delay this proces, so the time in between was a rough ride.
The lesson learned was, never have a production Linux system with (binary) drivers tied to a specific kernel or distro version.
That said, we have been very happy with the controllers, and since at least two disks has died without warning, the expense has easely been worth it. Our systems are used 24/7/365, so every minute of downtime annoys somebody. RAID really makes me sleep better, restoring a server from a slow tapestreamer, at some ungodly hour, while people nervously checks in, asking when we will be up again, is something I really want to avoid too much of.
YMMV, but I think hardware RAID still has an edge over software raid, mostly because I find it simpler to maintain in the long run.
If you are into LVM's, FS tools, and software RAID, go to:
http://evms.sourceforge.net/
and _drool_. Future stuff for now on production servers, but nevertheless.
[snip: about the limitations of the built in memory controller holdning the Athlon64 back]
AFAIK the Athlon64 memory controller can easely be bypassed by chipset manufactures. So Athlon64 and Opteron motherboards with RDRAM or 400MHz DDR are possible (though unlikely). Besides that 333MHz DDR memory is standard, the SIS 755 chipset support 800MHz FSB speeds. The "Athens" version of the Opteron will include onboard 400MHz DDR II support.
The biggest problem with the Athlon64 cpu is, that I can't buy one until september.
In the meantime I will drool over the system from www.newisys.com : dual Opteron, onboard PPC cpu running Linux; http, ssh, ssl for management, dual channel u320 scsi w/mirroring (LSI logic with ARM cpu?) hotswap drives, all packed in a 2U casing.
My favourite quote from the article : As an added bonus, the lights sometimes flash in a side-to-side in a pattern reminiscent of Knight Rider's KITT.
We jokingly refer to the blinkenlights on our DPT Smartraid V controllers as "KITT scanners".
Since Adaptec bought DPT to get into the SCSI RAID market it is likely that their IDE "KITT scanner" is similar to the DPT. (eg. the DPT Smartraid V driver works with all I2O Adaptec adapters too).
If so, then it is a real nice feature, since the DPT "KITT scanner" can morse all kinds of error messages.
iputils-20020124-8 from Red Hat 8.0 has an "-a" switch, that makes the ping audible.
It makes a "bell" sound for every packet. Combining -a and -f (flood ping) doesn't work though.
I wouldn't rely on ping too much, though, audible or not; recently one of our servers suddenly lost its root-device. Amazingly the kernel limped on and replyed to pings. Our network monitoring program (www.nagios.org) therefore claimed the host was up, but all services had stopped answering.
A dual panel file manager, like Midnight Commander/Krusader/Norton Commander.
Tabbed xterms.
A good CLI: The CLI isn't a GUI, but it is a UI, and a very effective UI for some types of computer interactions. I especially like the feeling of a consistent, single focus point of accessing and manipulate _everything_ on my filesystem.
Multiple desktops/consoles, like KDE/Gnome/etc.
Maximum screen real estate (see above)
"Everything" must be able to be manipulated by keyboard short cuts. A mice is nice, but a short cut is more hot.(yuck)
Decent default settings. /light users. When GUI producers caters for one group, the other group is alianated and vice versa.
There is a schizma between power users, and people who can be considered newbies
Maybe there should be a GUI switch, swithing between power user (advanced) and home user (simple), both with default settings that are apropriate.
The GUI switching could also work across the apps; eg. in "simple mode" the mail client would have few, large icons with text beneath them, optimized only for: get, send, read, write and organize mail. No option for turning on html mails, no cc field, no advanced edit features etc.
If the "simple mode" user needed any one of these features, they could costumize to their hearts content by selecting from the "advanced mode" representation, why deny people anything.
Such a dual GUI setting could cater for the people with simple computer needs, without dumbing down the GUI for those with more complex needs.
is a floppy based solution from http://www.zelow.no/floppyfw
We have a 4Mbit/4Mbit HDSL line, and around 320 nodes. (I am part of a team, that runs a small time volunteer ISP: the whole street I live in, joined together to get good Internet access for a reasonable price; Linux all the way, yaeh!)
floppfw is a quite nice distro, it has loads of add-on packages: VPN(PPTP, Cisco, Intel etc), PPP, ssh etc. It is rock solid and has a high performance (used it for 3-4 years without problems)
There is also a powerfull GUI for configuring it: http://www.fwbuilder.org/
But is very simple to maintain and costumize without. You just mount -o the image, edit, unmount. Rolling and using your own kernel is also quite easy (we use NAT, and some NAT helper modules are outside the kernel).
The downside:
No changing the firewall rules on the fly.
Changing rules or upgrading, means a reboot lasting a minute or so.
We have a spare box (can be used as firewall or proxy, dhcp server if necessary), so by changing the default gateway, we can avoid loss of Internet connectivity, though it means that people cannot access our web-site in the mean time, but we can live with that, other may not).
We also use the spare box, as a testing unit for new firewalls, so we can be confident that it works before it is put into production.
The EFF wrote an article (linked to by the Slashdot article) about that National ID:s are bad, because the data can be abused. I don't see it. If someone could illuminate my mental darkness on this point, and illustrate in what way a database containing all names, ssns and addresses can be significantly abused would perhaps make my image more complete.
Lets take an example from Denmark (who has a national ID db called "CPR") from the 80's;
The KGB simply bribed a low level county official to keep a tab on all soviet (and east-block) dissidents living here.
No matter where the dissident moved, or if they had their named changed, the KGB would know that, besides all the other information kept in databases tied together around the CPR, like where you work, how much you earn, who your doctor are, where you children goes to school, etc.
The problems with national ID's are they are very convinient for the state to tie all kinds of information around, and that they are used to "everything". That again means that even the lowliest, demoralized, underpaid county official has access to at least part of that information.
Having such a national ID db, could be a major security risc, since it works both ways; all security and defence personel would be in that DB too, and therefore easy to "check out".
Personally I always regarded the threat of a Soviet aggression very low, but I am quite sure, that the KGB and GRU had (has) excellent extracts of the national ID db's of both Denmark and Sweden, and that in a conflict, they could have used that info to great effect.
During WWII, the NKVD gathered personal files of every german frontline commander, down to "captain" level. And they used that information extremely effectivly.
Thanks to our national ID db, they probably had similar files on every officer in the danish (and swedish) army.
ICANN's behaviour has several of the normal danger signs associated with illegal financial activities;
/budget, like an accounting firm / law firm, that in theory should act as "watch dogs" have strong "conflicts of interest" regarding their "watch dog" role.
1. Denying and obstructing peoples access to financial records. What makes this even more extreme is that ICANN tried to deny and obstruct a _board member/director_ to this information. Clearly illegal.
2. The elimination of all internal opposition. "Opposition" meaning people who tries to do their job according to the law.
3. Usually when you have the above danger signal, you will also find, that those "third parties" that oversees the financial records
Seen from the outside, it looks like that ICANN is spinning out of control, and that no-one is trying to stop the mess.
A financial "crash" and a scandal would not be an unlikely outcome.
And if you're going to argue with me, you have to own up to at least two CDs you bought "with only one or two good songs"...so that we can make fun of you. :)
/feeling.
:-(.
Well, I certainly own more than two records "with only one or two good songs", that is something that happens when you buy records of bands you don't know; some bands seems to have just one or two good songs in them.
That said, I personally always goes for the whole album. A lot of the bands I like (or perhaps their producers) seems to compose their albums, so even the order of the tracks is part of the listening experience. On a lot of my vinyl albums there is even a distinct difference between the A and B side, regarding sound and mood
Right now I am listening to a "best of Madness" album. Since I bought most of their records as they came out, it is a somewhat bizarre to hear a selection of "random" tracks, taken out of their context and even out of chronological order.
So I would never use a "buy one track at a time" service. But perhaps this is not meant for people like me who buys lots of records(*), since all serious record buyers I know, have the same "the whole album or it sucks" attitude.
Perhaps this is service is meant for those who don't buy that many records, and who gets musical inspiration from mainstream music channels.
I would make sense if it were so, since the "hits from Top 40" buyers, are the majority.
(*) I actually don't buy that much music anymore, I am getting old
Note to Editors: For "ask Slashdot" posts, please at least TRY to do a "google" on the question to see if it is lame or not.
/long discussion. You can see the fenomenon on usenet if you hang around there.
Well, "lame" questions may be quite usefull, since they often sparks a good
In this case I actually learned some stuff: A couple of friends are going to an old archive in eastern Europe. It is a very financially poor archive; there is an absolut limit of 100 copies per person for the entire stay, but there are at least 25.000 documents they have to sift through.
The place is warmed by old fashioned coal-stoves. There are no power outlets for their notebooks, so using a flat-bed usb scanner is not an option either. (though this thread gave me a good reference to a flatbed scanner, designed for book scanning) Besides, the documents are old and fragile, and often impossible to OCR.
But several people on this thread mentionend how they used digital cameras to copy documents with good results. That looks like a promesing approach to my friends problem.
And I do really value peoples own experiences on how a technology work (or not).
Besides peoples experience with technology, there is only marketing material, - and that I don't trust.
So I (at least) learned something from the _answers_ in this discussion, even though the _question_ did not pertain to "my" problem.
[snip about the Danish CPR -ID system]
/county are tied to the CPR. Fortunately, a lot of the information is compartmentalized, meaning that one cannot (easily) make a centralized query of all the information regarding a citizen.
/county).
/county officials /bank tellers /insurence agents are convinced about your identity, nothing can be done, since you are not in the CPR.
There are some security concerns and there is a very strict legislation about how to handle this system, but the economical benefits are huge and it does benefit society a lot.
The security around the CPR ID database system wasn't really that good some years ago; an internal audit made them tighten up the security a lot.
And usually, the control around any public database system in Denmark is a joke; all most all cops use the KR (criminal register) to snoop on their neighbours. The register is never cleaned for old records, even though the law requires it. A combination of these two vices, were demonstrated, when nosey police officers, leaked the criminal record of a well known conservative politician; he had a "drinking & driving" offence when he was around 18, in the 1950'ies. This costed him his post as a leader of the conservative party.
As usually, the police was unable to even discover which policy officer had leaked the information.
For what I know, your conviction that your data is safe in the states database systems, is pretty much nothing more than a conviction.
Besides, there are a major problem with centralized ID systems, besides the states tendency to abuse the system, namely, that such a system is a benefit for the Bad Guys too.
Eg. In Denmark the CPR ID number is slabbed around the newborn babies wrist, even before it is handed over to its mother. Everybody has a CPR id number. A huge amount of data is tied around that number, since all transactions with the state
But since the CPR system is so convenient and omnipresent, even the lowliest, unmotivated, underpaid county clerk has access to it. (the open terminals that are so convenient when dealing with the state
So getting access to all that real time information on people, is staggering easy.
One case to illustrate the point. During the 80'ies, the KGB just bribed such a county clerk, to tag all russian dissidents living here in Denmark.
So the KGB had instant updates on them, even if they changed their name and address constantly.
All those queries on russian dissidents (who weren't even living in this small county) were never discovered by an internal audit.
Another case: "Blekingegade banden" was a violent extremist group, that supplied extremist palestinian terror groups with weapons and money, stemming from violent robberies.
They were not stupid as many criminals actually are; they were intelligent and educated, and planted a man inside the institution that was running not only the CPR, but also the KR (criminal register), and countless other databases.
So this small "terrorist" group had an excellent tab on, how much the police new about them and their crimes.
I am sure, that both the KGB, Stasi, CIA etc, all had tremendous benefit of the Danish centralized register. Just as a lot of countries intelligence services will benefit from eg. a central US, or Japanese citizen ID database. Eg. Agent [ID] just moved to an area where [fascilitate] is located. He also got a raise, putting him in the same income bracket as known agents performing [function].
The ending of this rant:
Identity theft is just as easy with a centralized ID database as without, and probably more convenient for the thief.
And finally don't even think about the mess of troubles if one ever is deleted by the Danish CPR register (happens sometimes). Even with a valid ID as a passport, two hundred witnesses and your birth certificate, you are denied everything, like wage, a bank account, pension, etc. Even if the state
It certainly looks like it, not only because of the name but also since the syntax /switches (http://www.amigarealm.com/) basicly are the same as in BRU from tolisgroup. Eg. BRU -G for getting archive info etc.
We have been using BRU backup backup software on our Linux servers the last couple of years. Recommended. The price is right too. They have fully working demoes for download. http://www.tolisgroup.com/
The main reason that we chose a commercial package was, that backups, especially on DAT streamers, can be a nasty experience. After experiencing a couple of "write-only" backup incidents (on NT 4.0 using DAT 1 and 2 streamers), I wanted something that actually verified the backup, and had extremely good error-logging, and CLI/scripting facilities.
Since BRU probably is the oldest commecial Linux and BSD backup package, it was the best choice at the time. There are several other solutions now.
Some advanteges with BRU:
Good CRC-32 check to ensure that what you _try_ to back up, actually end up on the tape in a non-corrupted state.
Fast verify.
Excellent error-logging.
Back up of live filesystems, and special files like sparse files, pipes, special device links etc.
Excellent CLI options, like regex selecting files, or filesystems to backup.
We still use v.16. But v.17 has Quick File Access (QFA. It also has a better GUI, but BRUs real power is as CLI program.
They also have a free (QPL lince) program called CRU, that enables booting from tape (if the streamer supports it, like HP's), and making a complete restore of the OS and data, including fdisk'ing, in one go.
(You just press a button on the DAT streamer, while the server boots).
This becomes more of an issue with printers that just have a direct ethernet jacks.
/Linux box with the CUPSd printer server in front of the printers. That way one gets encryption and authentification, anti spoofing, "load balancing", logging, secure administration (SSH & SSL), and a firewall that not only controls traffic to the printers, but also from them. And why not place IDS's on the LAN side too?
All those LAN embedded devices like printers, printservers, routers, managed switches are becoming a security risk for several reasons:
1. They are often not designed with security in mind. Eg. even fairly new switches doesn't support SSH or SNMP v.3. Most printers are a joke regarding security, and the vendors doesn't always seem eager to fix known problems. See the article on http://freshmeat.net/articles/view/445/
Note how one can use eg. a printer that supports ftp, to scan the network, or how some printers has vendor enabled backdoors.
2. The vendors embedded of these embedded devices, doesn't seem to test their devices so rigously:
eg. when the Code Red worm was at its height, people were reporting that all kind of equipment with build in web-servers, was crashing or locking up. Not because they suffered from the same buffer overflow problem as MS IIS, but because the large amount of invalid request, would expose memory leaks or other similar errors.
And again, the vendors aren't always quick to admit or fix the problems. Eg. When the recent SNMP problem affecting huge amount of different vendors equipment was discovered, a lot of vendors denied, or ignored, that their equipment was affected.
3. Such embedded devices are often "configure and forget". When a managed switch or a printserver works, people tend to forget to track and install new security releases of firmware.
4. People tend to think, that devices on the LAN side are secure, and therefore tend not to update, or lock down the devices. This is only true sofar, that such devices are less likely to become targets for hackers, as long as all the LAN side servers are easier to hack.
Again, Code Red showed how people are less likely to secure their LAN side; many, many internal networks broke down, or was shut down, because CR was wrecking havoc once it had gotten inside.
Another thing CR showed was, that VPN's aren't a security tool, but a security risk, since a lot of sites were infected, by compromised machines logging into the LAN by VPN.
Of course, a lot of the problems above, can be worked around by good admins, with a decent budget for designing their network in a secure manner.
A hacker once described most networks as "hard on the outside, but soft and mushy on the inside". (this hacker would, interestingly, often use plain old war-dialing, to circumvent the firewall and IDS).
Maybe more people should start regarding their LAN as just as exposed as anything on the internet side, and employ a "defence in depth" strategy, including making an inventory of their embedded devices, formalize the tracking and installing of new firmware, and generally locking them down. Eg. place a really locked down BSD
etc, etc.
There was a time when Red Hat were seemingly pushing Linuxconf as the system admin tool. Now they have developed their own. Anyone know why?
I don't know the details. But there were some serious problems with Linuxconf, since it had a tendency to mess up the config files.
Besides, such monolitic configuration tools, are difficult to make and maintain for a Linux distro, since all the programs (and their config files), and the configuration program, all are made by different people, without any common standard for config files etc.
nice that LVM is now supported by default, so you dont have to mess with kernel modules and initrds ..
/API" for storage management tools like LVM.
Check out IBM's EVMS (Enterprise Volume Management System). It is a plug-in based "front end
Basicly that means, that you can create, destroy, resize LVM 'volumes', software RAID volumes, partitions, and use chkdisk etc, with the same tool. There are are one CLI, and two GUI's, one ncurses based(console), and one Gnome based. The latter simply makes me drool.
see http://evms.sourceforge.net/gui_screen/
No, it isn't ready for production systems. But that won't stop me from drooling. (and trying it soon)
Further, it looks like it (EVMS) also has plug-ins for various filesystems and their tools, like; Ext2/Ext3, ReiserFS, JFS, Linux swap.
And how about making snap-shots of a volume, and later a roll-back?
My biggest gripe with RH is the install /configuration too. The standard options doesn't fit my need on my desktop or my servers. So I always end up using "costum" with "kernel-development" (and "XFree"), and then select the rest of the individual packages.
/etc/foo.conf" saves the day.
The best solution is probably spending some time, learning to use "Kick-start".
Another thing: if you dislike being a CD DJ, and have the disk space, then remember that it is possible to install RH directly from the downloaded ISO images on a harddisk partition.
About maintance. Hm. My experience is different from yours. I think RH has become much easier to maintain, especially with RH-network. Mastering RPM to a certain degree is a must though.
Simple stuff like "rpm -Fvh *.rpm --test" or "rpm -qa | grep foo" or "rpm -qf
And underappreciated tool is "mc" or Midnight Commander", a dual panel "Norton Commander" ncurses based clone. Among other things, it is able to browse inside rpm packages. Nifty.
You mention that up2date filled "/". It is configurable where up2date dumps the downloaded rpms. On my servers "/var" and "/home" are on seperate partitions, so that eg. huge, growing log-files etc. doesn't spill over the "/" partition.
Gentoo Linux looks very interesting, and the guy that makes it, D. Robbins has written some extremely well written tutorials for IBM on: http://www-106.ibm.com/developerworks/
It depends; first, the main reason for using beta software is to participate in bug-hunting, and request features.
Second, if you need some non-RH rpms, you may run into dependency problems, since the beta is compiled against spanking new libraries.
This problem may be fixed by compiling from the src rpms.
Finally, some code doesn't compile on GCC 3.x, though RH probably ships a compat-2.9x-GCC.
My suggestion: if you have the time, then do it. If you got more than one box, then eg. try to perform a network install. So if the beta sucks, then at least you learned something new.
It seems to be alot like Linux In A Box, http://www.liab.dk . Except LIAB is actually a small computer, not just the bios.
:-)
I guess you could use them for really small firewalls
We actually use a liab box to monitor the status of our washing machines (a small laundry shared by 450 apartments), so all the teneants can see whether the machines are available.
Nifty stuff.
You (and all those who come after you) would find it significantly easier if you simply did:
/sbin/chkconfig --del nfslock
/sbin/chkconfig --del portmap
It is important to note, that the services continues to run after this, until the box is restarted, or the services are explicitly shutted down.
A "/etc/init.d/[service] stop" should be issued after deleting it with chkconfig.
That said, chkconfig is a breeze to work with, and probably the first command I use, on a newly installed Red Hat box.
Retina scanners won't work on a dried-up old eyball, but they'd have a hard time detecting a fresh drippy one
/beaten out of the eyesocket.
I have several times encountered historical descriptions of criminals having an eye poked
The fascinating part is, that there seems to be a technique, to hit a human head with a stick in such a way , that a single blow would pop out the eye of the eyesocket.
This kind of punishment seems to have been a specialists job. I have seen a description, where an old woman was summonend to execute this particular kind of punishment (17th. century, Europe).
This arcane technique is probably forgotten by now, but one never know if it would resurected if retinal scans became common:-0