It seems to me that someone who lives in a tightly knit community and only drives a few miles to work and school should invest in a bicycle.
Much cleaner.
As a cyclist, I can tell you that the waste products from biking everywhere are far greater than the water vapor produced by a hydrogen vehicle. In addition to producing much larger volumes of urine from massive water intake, my feces production is also increased dramatically as I eat more to compensate for a huge loss of calories. On top of that, the human body is terribly inefficient at extracting energy from the food it consumes. 99% of it passes through unprocessed only to be flushed down the toilet and out into the river. Sheesh!
You just don't get it, man! Why can't you be on our side for once, huh? Why do you always have to pick on the little guy? This isn't about "citations" or "backing up your statements", it's about fighting The Man.
Notice They're Using Bleeding-Edge X.Org
on
SUSE 9.2 Released
·
· Score: 4, Interesting
The X.Org Foundation's new X Window System X11R.6.8.1 also contributes to overall better hardware support.
So does this mean SuSE is going to be one of the first "user-friendly" distros to offer OSX-esque eye-candy like drop-shadows and transparency?
And as for cutting ignition and losing power steering and braking, well every car I've ever seen has a vacuum reservoir that will give power assist for a couple stops if the engine stops providing vacuum (stops running).
Interesting mention. This is exactly what gasoline-electric hybrids like the Civic Hybrid and the Prius rely on when they shut off their engines. I've personally found that this reserve braking power can do quite a bit for stopping your car. (Basically, the Civic Hybrid will restart the engine if it detects this reserve running low. So, after coasting down a hill and reaching high speeds with the engine off, I can easily bring the car to a stop without the engine kicking back in.)
The article does a great job of making Linux seem like a steaming pile of shit whereas Windows is the shining knight. You are expected to just accept this despite the fact that the applications they are using, not the operating system were to blame.
In the second case they complain about how their ecommerce system crashed because of a built-in limit. How does switching to Windows fix this? That's a flaw in the application code and nowhere else. The first case is a little weaker in this regard, but still subtly close. Using Windows doesn't give you more enterprise class database vendor options than Linux does. So again, somehow the availability of applications and their quality is the fault of open source. (Plus, if we take the idiot factor into account, I wonder how much upgrading took place on their 9 year-old deployment.) Right.
I am not, of course, trying to discount their complaints. Open source support is a niche that requires some serious progress. However, that article is so loaded with spin it makes my head hurt.
Actually, the grandparent post is correct. My statement was sarcasm, and in that, meant to be humorous. It's pretty pathetic how all the other reply posts seem to miss this (as do the moderators). You think this fact would be evident in the first paragraph of my original post. Standing behind the "President", on a battle field... yuck-yuck.
We are at war. Our country needs to be unified behind our president. So why do you hate America?
You know what? I agree entirely. Let's put Bush out on the front lines of his war and we'll stand behind him!
(By the way, do the moderators not like free speech? This guy has a perfectly valid viewpoint. He's not a troll or flamebait just because you disagree with him.)
I think it needs to be made clear (no pun) yet again, that all this work is not just about drop shadows (they are just one thing you can do with it) or "useless" eye-candy (sometimes beautification is critical to the user). This work is about new options in enhancing usability and improving performance. These new extentions do far more than just add shadows and transparency (no, not translucency, that is something else).
Off-screen compositing allows new effects that can add emphasis to certain user interface elements. They allow for windows with arbitrary shapes that do not appear "jagged" and "rough". Better performance means we can create more fluid effects in windowing systems. For instance, users are much more comfortable with things that slide around or fade smoothly rather than just snapping into position. It allows the eye to keep track of what's changing. Tools like Exposé are now possible. Overall, there are more possibilities for open source user interface developers to add significantly more polish to the desktop without resorting to cheap hacks (such as the static transparency found in KDE, Eterm, and Aterm).
And just to reinforce the classic uses of this: drop shadows really do add emphasis to the current focused window (I write this on an OSX box). Also, it can be really convenient to have window transparency in many cases (for example, when I have multiple Terminals open I can read a man page behind the console I'm currently typing in). Again, keep in mind that these features are not the goal but simply benefits of the new extentions.
The future of the F/OSS desktop is really looking up thanks to new technology like this. Eventually these things will be hardware accelerated (like Quartz Extreme) and then some really cool things will be possible.
So, in conclusion, don't knock or belittle the work that's going into X.org these days. In the future, most of you will appreciate them the same way you appreciate the flexibility you have now with choosing how to configure your window managers to your liking. No doubt a lot of people will take this stuff and produce a lot of crap, but we'll definitely see a lot of excellent work that will use it to improve the user experience.
I have managed to convince some at my company that we should use Debian in favor of other Linux distros. The secret, I think, is to focus on Debian's excellent packaging system. Focus on the fact that software installations, updates, and roll-backs are all done through a simple tool and are done over the Internet. (No dependencies, no hassle, and so on.) Once I demonstrated how straight-forward and convenient all of this was, I got the go-ahead to set up a web server and start using Debian on my workstation with future expansions planned. Many (good) system administrators will appreciate Debian's key features, so be sure to emphasize them. Quite often (unfortunately) in a corporate environment, factors such as security, stability, free(dom) and so on, are secondary to being quick to install and easy to maintain.
So "growing up" somehow has something to do with not questioning what people say, going along with being mislead or deceived, or having a knee-jerk reaction to everything that falls outside your myopic world view? (These are personal observations I've made of Fox "news".) Right. No thanks; I'll stick to liberalism. Sure, all the thinking takes a lot more effort, but it's worth it in the long run.
But a recent string of attacks on primary Internet services and the unraveling of major encryption routines are raising concerns in the Internet operator community.
Sounds like someone with less than half a clue got hold of a certain Slashdot article and is blowing it way out of proportion. Also from that same article:
A coordinated online strike against Internet servers by terrorists, dubbed "electronic jihad," may or may not strike this week...
I can imagine a few guys with AK-47s, sitting either in bombed out buildings or caves in the middle of a desert hacking away at encryption algorithms and figuring out ways to trounce "Internet servers". Sheesh, what do we need all of our mathematicians and security researchers for if these guys can just brush these mechanisms out of the way like theyre nothing?
Can someone seriously tell me what a "cyber terrorist" is? Is it someone who makes threats using electronic media? Is it someone who defaces web sites? Is it someone who shuts down the Internet? Are the latter two here really forms of terrorism? I don't really know of anyone who is "terrorized" by defaced web sites and high lag times, but I could be wrong.
Is there a way to mount the loopback device as a non-root user under linux (and for that matter any of the bsds)
Although I do use GBDE on FreeBSD 5, I cannot say if you can grant users the rights to create encrypted block devices. It is possible under Linux, but only to a limited extent.
Users cannot safely create loopback devices using losetup without circumventing security measures (not desirable) but mount can. In/etc/fstab, create an entry (example:/dev/devicemount pointfilesystemuser,noauto,rw,loop,encryption=cypher,keybits=keys ize 0 0) which specifies all the relevant parameters, but also make sure that it is user mountable. The loopback device in this case is assigned automatically. (This, by the way, assumes you have the latest util-linux package. Pretty much any distro these days will suffice.) If that doesn't work, I may be missing a few details. I'm a little rusty on that, so you'll have to fill in the blanks (tomorrow I can look into this a little more closely and give a better answer if this doesn't lead you anywhere). As for doing this in a slightly more precise manner, I am not sure. Again, I'll do some research and see what I can come up with. In the meantime, this should be enough to get you started.
The down-side of this is there's a lot of debate over the architecture of loopback encryption. In particular how the keybits parameter is passed to the cypher. I do not quite understand the particulars of this debate (and nor can I, unfortunantly, supply you with links to the mailing list archives where I read about this in the first place) but it appears that things will be changing (for the better) once some politics are worked out. In the meantime, this solution seems pretty good.
It should be noted that the device to image should not have any filesystems mounted in a writable or otherwise modifiable state when reading the image. This, of course, would apply to Ghost too if it could run within an multi-user operating system, but that's not the point. If the operating system is performing write operations on the device being imaged, those writes can be reflected in an incomplete state within the disk image, meaning that the disk image is either corrupt or does not fully represent the state of the device at the time of the imaging. If you are booting the system with something like Knoppix to do the imaging, chances are no filesystems on the device will be mounted (which is good). If you do mount them, be sure to specify the ro option (example: mount/dev/hda1/mnt -o ro).
When you image a device, you're not imaging data selectively, you're just getting whatever is there. In otherwords, you don't care what's on the disk, just that you are reading bits off of it sequentially.
Real world example: if I run dd if=/dev/hda it will (in addition to spewing bytes to stdout) start at the very first bit on the disk and continue reading the next after the next until the disk reports (specifically, the disk driver) that there are no more bits to be read. Whether or not that disk happens to be formatted with reiserfs or NTFS is irrelevant.
It is in this way that tools like dd or Ghost back-up and restore a disk exactly how you see it at the time of imaging.
(Cool tip: you don't need Ghost to take a disk image and store it across a network. All you need is dd, ssh and a target machine running the SSH daemon. Run: dd if=<the device to image> | ssh <user>@<target host> "cat > backup.img". There are tweaks you can do to improve the performance of that (such as setting a larger block size on dd), but that is an exercise left to the reader.)
Flesystems do not typically care about what the underlying device is (of course I'm not talking about "filesystems" devoting to the task of distributing the storage mechanism, such as NFS, AFS, CODA, and friends). Device access is handled at a "lower level" by drivers, I/O, etc. In otherwords, with Unix at least, a device capable of storing bits (including metadata about how to store that information, AKA a filesystem) is presented to the user and what's actually behind it is unimportant. It could be a hard disk, a chunk of physical RAM, a RAID array, a floppy disk, or a even another file sitting on an existing file system. To get a better idea for how all this works, read up on losetup which is available on pretty much any Linux system (assuming support for the loopback device is present in the kernel... which it should be).
Finally, we have a way of having an encrypted FS in Linux that's not an ugly kludge like loopback.
I think you misunderstand, that's the beauty of it. Basically, Linux (and FreeBSD with GBDE) allows you to encrypt a device at the block level. Everything is written to the disk encrypted, including the file system itself and not just the data. This also allows you to abstract the device. It could be a big file sitting on an existing device or the device itself. It's very flexible.
Some of the other advantages of this are fairly important. Here's a few off the top of my head.
It is easier to build a more secure and more reliable encryption system that works with all means of storing to a device rather than an encryption system for every one of those means. (1 versus an arbitrary number.) To simplify to more practical terms, it is better to write one encryption mechanism that can work with 10 file systems rather than 10 encryption mechanisms to work with each of those.
If you want to encrypt data, you might not always be writing a filesystem to a device. If I have a database that makes raw access to a device for its storage, but I want encryption, I need it at the block device level.
You do not want to make the file system any more complicated than it needs to be. Adding encryption would produce a disaster. Aside from making it easier to corrupt data, you lose a great deal of performance and security. How? Let's say you encrypted your data and sorted or indexed it by the plaintext. You are giving lots of clues to a potential attacker regarding the contents. If you do not follow this convention, you have to decrypt every byte to figure out whether or not its what you want. Horrible! (This may be an over-simplification. Anyone care to check me on this? Still, the basic principle should apply.)
Keeping encryption outside the filesystem makes it easy, even trivial to arbitrarily choose the cypher, the key size, and even the block size. The filesystem would undoubtably impose limitations on all these choices if the encryption were built in.
On the plus-side, filesystem level encryption lets you choose to encrypt on an as-needed basis (such as with NTFS), but the uses of this are minimal and questionable at best (what about swap, temporary files, and data that you forget to encrypt?)
all kinds of things without having to go through the trouble of writing an FS from scratch.
I think you may have learned from my previous comments how you accomplish this. Hint: you don't encrypt at the filesystem layer.
It's very disappointing that it took Linux all these years to get something as basic as a secure, encrypted way to store files. Even Windows has had FS encryption for a while.
Using the loopback device to encrypt data has been available for longer than NTFS has had encryption.
His work on the last couple movies has been outstanding. I hope he keeps directing them himself. May the force be with him!
On Slashdot, it's hard to distinguish if you're a bitter, sarcastic viewer and a die-hard, intensely loyal George Lucas fanboy when you talk like that.
I didn't mean to come off as condescending. My apologies.
You have my apologies as well. There's definitely something to be said for posting comments when you are A) not stressed, B) not extremely stressed, and C) not really fucking stressed.:) Sorry for jumping down your throat like that.
In your case, it seems like you got a somewhat bunk battery, or there's something wrong with your box.
Well, I guess one of the things I'm looking to learn here is whether or not I am expecting too much. First, the PowerBook is definitely a power hog. Huge display, fast disk, two fans, wireless, et cetera. This kind of machine definitely puts a heavy load on the power source. I complain because my crappy old Dell got much better life, of course, then again it had a tiny display and a huge brick of a battery. So, am I really being too picky?
Slashdot Mirror
Can anyone imagine a Beowulf Cluster...?
As a cyclist, I can tell you that the waste products from biking everywhere are far greater than the water vapor produced by a hydrogen vehicle. In addition to producing much larger volumes of urine from massive water intake, my feces production is also increased dramatically as I eat more to compensate for a huge loss of calories. On top of that, the human body is terribly inefficient at extracting energy from the food it consumes. 99% of it passes through unprocessed only to be flushed down the toilet and out into the river. Sheesh!
You just don't get it, man! Why can't you be on our side for once, huh? Why do you always have to pick on the little guy? This isn't about "citations" or "backing up your statements", it's about fighting The Man.
So does this mean SuSE is going to be one of the first "user-friendly" distros to offer OSX-esque eye-candy like drop-shadows and transparency?
Destroying your car is preferrable to maming and/or killing others and yourself (let's not even talk about law suits). You hardly did the wrong thing.
Interesting mention. This is exactly what gasoline-electric hybrids like the Civic Hybrid and the Prius rely on when they shut off their engines. I've personally found that this reserve braking power can do quite a bit for stopping your car. (Basically, the Civic Hybrid will restart the engine if it detects this reserve running low. So, after coasting down a hill and reaching high speeds with the engine off, I can easily bring the car to a stop without the engine kicking back in.)
In Soviet Russia, history entwines YOU
Wouldn't the success of DRM be a bomb or would bombs be necessary in the advent of successful DRM?
The article does a great job of making Linux seem like a steaming pile of shit whereas Windows is the shining knight. You are expected to just accept this despite the fact that the applications they are using, not the operating system were to blame.
In the second case they complain about how their ecommerce system crashed because of a built-in limit. How does switching to Windows fix this? That's a flaw in the application code and nowhere else. The first case is a little weaker in this regard, but still subtly close. Using Windows doesn't give you more enterprise class database vendor options than Linux does. So again, somehow the availability of applications and their quality is the fault of open source. (Plus, if we take the idiot factor into account, I wonder how much upgrading took place on their 9 year-old deployment.) Right.
I am not, of course, trying to discount their complaints. Open source support is a niche that requires some serious progress. However, that article is so loaded with spin it makes my head hurt.
Actually, the grandparent post is correct. My statement was sarcasm, and in that, meant to be humorous. It's pretty pathetic how all the other reply posts seem to miss this (as do the moderators). You think this fact would be evident in the first paragraph of my original post. Standing behind the "President", on a battle field... yuck-yuck.
You know what? I agree entirely. Let's put Bush out on the front lines of his war and we'll stand behind him!
(By the way, do the moderators not like free speech? This guy has a perfectly valid viewpoint. He's not a troll or flamebait just because you disagree with him.)
I think it needs to be made clear (no pun) yet again, that all this work is not just about drop shadows (they are just one thing you can do with it) or "useless" eye-candy (sometimes beautification is critical to the user). This work is about new options in enhancing usability and improving performance. These new extentions do far more than just add shadows and transparency (no, not translucency, that is something else).
Off-screen compositing allows new effects that can add emphasis to certain user interface elements. They allow for windows with arbitrary shapes that do not appear "jagged" and "rough". Better performance means we can create more fluid effects in windowing systems. For instance, users are much more comfortable with things that slide around or fade smoothly rather than just snapping into position. It allows the eye to keep track of what's changing. Tools like Exposé are now possible. Overall, there are more possibilities for open source user interface developers to add significantly more polish to the desktop without resorting to cheap hacks (such as the static transparency found in KDE, Eterm, and Aterm).
And just to reinforce the classic uses of this: drop shadows really do add emphasis to the current focused window (I write this on an OSX box). Also, it can be really convenient to have window transparency in many cases (for example, when I have multiple Terminals open I can read a man page behind the console I'm currently typing in). Again, keep in mind that these features are not the goal but simply benefits of the new extentions.
The future of the F/OSS desktop is really looking up thanks to new technology like this. Eventually these things will be hardware accelerated (like Quartz Extreme) and then some really cool things will be possible.
So, in conclusion, don't knock or belittle the work that's going into X.org these days. In the future, most of you will appreciate them the same way you appreciate the flexibility you have now with choosing how to configure your window managers to your liking. No doubt a lot of people will take this stuff and produce a lot of crap, but we'll definitely see a lot of excellent work that will use it to improve the user experience.
I have managed to convince some at my company that we should use Debian in favor of other Linux distros. The secret, I think, is to focus on Debian's excellent packaging system. Focus on the fact that software installations, updates, and roll-backs are all done through a simple tool and are done over the Internet. (No dependencies, no hassle, and so on.) Once I demonstrated how straight-forward and convenient all of this was, I got the go-ahead to set up a web server and start using Debian on my workstation with future expansions planned. Many (good) system administrators will appreciate Debian's key features, so be sure to emphasize them. Quite often (unfortunately) in a corporate environment, factors such as security, stability, free(dom) and so on, are secondary to being quick to install and easy to maintain.
So "growing up" somehow has something to do with not questioning what people say, going along with being mislead or deceived, or having a knee-jerk reaction to everything that falls outside your myopic world view? (These are personal observations I've made of Fox "news".) Right. No thanks; I'll stick to liberalism. Sure, all the thinking takes a lot more effort, but it's worth it in the long run.
Get it right, will ya!
Uhm, that was really meant to be funny. It isnt insightful or interesting... it's humorous. Sheesh moderators.
From the eWeek article:
Sounds like someone with less than half a clue got hold of a certain Slashdot article and is blowing it way out of proportion. Also from that same article:
I can imagine a few guys with AK-47s, sitting either in bombed out buildings or caves in the middle of a desert hacking away at encryption algorithms and figuring out ways to trounce "Internet servers". Sheesh, what do we need all of our mathematicians and security researchers for if these guys can just brush these mechanisms out of the way like theyre nothing?
Can someone seriously tell me what a "cyber terrorist" is? Is it someone who makes threats using electronic media? Is it someone who defaces web sites? Is it someone who shuts down the Internet? Are the latter two here really forms of terrorism? I don't really know of anyone who is "terrorized" by defaced web sites and high lag times, but I could be wrong.
Although I do use GBDE on FreeBSD 5, I cannot say if you can grant users the rights to create encrypted block devices. It is possible under Linux, but only to a limited extent.
Users cannot safely create loopback devices using losetup without circumventing security measures (not desirable) but mount can. In /etc/fstab, create an entry (example: /dev/device mount point filesystem user,noauto,rw,loop,encryption=cypher,keybits=keys ize 0 0 ) which specifies all the relevant parameters, but also make sure that it is user mountable. The loopback device in this case is assigned automatically. (This, by the way, assumes you have the latest util-linux package. Pretty much any distro these days will suffice.) If that doesn't work, I may be missing a few details. I'm a little rusty on that, so you'll have to fill in the blanks (tomorrow I can look into this a little more closely and give a better answer if this doesn't lead you anywhere). As for doing this in a slightly more precise manner, I am not sure. Again, I'll do some research and see what I can come up with. In the meantime, this should be enough to get you started.
The down-side of this is there's a lot of debate over the architecture of loopback encryption. In particular how the keybits parameter is passed to the cypher. I do not quite understand the particulars of this debate (and nor can I, unfortunantly, supply you with links to the mailing list archives where I read about this in the first place) but it appears that things will be changing (for the better) once some politics are worked out. In the meantime, this solution seems pretty good.
It should be noted that the device to image should not have any filesystems mounted in a writable or otherwise modifiable state when reading the image. This, of course, would apply to Ghost too if it could run within an multi-user operating system, but that's not the point. If the operating system is performing write operations on the device being imaged, those writes can be reflected in an incomplete state within the disk image, meaning that the disk image is either corrupt or does not fully represent the state of the device at the time of the imaging. If you are booting the system with something like Knoppix to do the imaging, chances are no filesystems on the device will be mounted (which is good). If you do mount them, be sure to specify the ro option (example: mount /dev/hda1 /mnt -o ro ).
When you image a device, you're not imaging data selectively, you're just getting whatever is there. In otherwords, you don't care what's on the disk, just that you are reading bits off of it sequentially.
Real world example: if I run dd if=/dev/hda it will (in addition to spewing bytes to stdout) start at the very first bit on the disk and continue reading the next after the next until the disk reports (specifically, the disk driver) that there are no more bits to be read. Whether or not that disk happens to be formatted with reiserfs or NTFS is irrelevant.
It is in this way that tools like dd or Ghost back-up and restore a disk exactly how you see it at the time of imaging.
(Cool tip: you don't need Ghost to take a disk image and store it across a network. All you need is dd, ssh and a target machine running the SSH daemon. Run: dd if=<the device to image> | ssh <user>@<target host> "cat > backup.img" . There are tweaks you can do to improve the performance of that (such as setting a larger block size on dd), but that is an exercise left to the reader.)
Flesystems do not typically care about what the underlying device is (of course I'm not talking about "filesystems" devoting to the task of distributing the storage mechanism, such as NFS, AFS, CODA, and friends). Device access is handled at a "lower level" by drivers, I/O, etc. In otherwords, with Unix at least, a device capable of storing bits (including metadata about how to store that information, AKA a filesystem) is presented to the user and what's actually behind it is unimportant. It could be a hard disk, a chunk of physical RAM, a RAID array, a floppy disk, or a even another file sitting on an existing file system. To get a better idea for how all this works, read up on losetup which is available on pretty much any Linux system (assuming support for the loopback device is present in the kernel... which it should be).
I think you misunderstand, that's the beauty of it. Basically, Linux (and FreeBSD with GBDE) allows you to encrypt a device at the block level. Everything is written to the disk encrypted, including the file system itself and not just the data. This also allows you to abstract the device. It could be a big file sitting on an existing device or the device itself. It's very flexible.
Some of the other advantages of this are fairly important. Here's a few off the top of my head.
On the plus-side, filesystem level encryption lets you choose to encrypt on an as-needed basis (such as with NTFS), but the uses of this are minimal and questionable at best (what about swap, temporary files, and data that you forget to encrypt?)
I think you may have learned from my previous comments how you accomplish this. Hint: you don't encrypt at the filesystem layer.
Using the loopback device to encrypt data has been available for longer than NTFS has had encryption.
On Slashdot, it's hard to distinguish if you're a bitter, sarcastic viewer and a die-hard, intensely loyal George Lucas fanboy when you talk like that.
You have my apologies as well. There's definitely something to be said for posting comments when you are A) not stressed, B) not extremely stressed, and C) not really fucking stressed. :) Sorry for jumping down your throat like that.
Well, I guess one of the things I'm looking to learn here is whether or not I am expecting too much. First, the PowerBook is definitely a power hog. Huge display, fast disk, two fans, wireless, et cetera. This kind of machine definitely puts a heavy load on the power source. I complain because my crappy old Dell got much better life, of course, then again it had a tiny display and a huge brick of a battery. So, am I really being too picky?