Late comer, but in case someone is looking for this bit of information.
Just got latest updates. Before the updates I tested with this tool and result was vulnerable. After the updates it reports "not vulnerable".
There was some messup with libc dev packages. I had to force uninstall some dev packages and do "apt-get -f install" a couple of times, until the problem cleared. This is most likely just my machine...
I should still reboot to make sure the old libc is not loaded in some processes...
JavaScript: The Good Parts by Douglas Crockford shows a way to write clean, conscise and predictable code in JavaScript. (It is also very short book, which I find hilarious. Even then the most important points in the book are in the first half or so.)
The most powerful idea IMHO is the use of function scopes as the main data structure instead of dictionaries. Another idea is avoiding or skipping completely some language features that behave in unusual ways and using simpler more fundamental constructs instead. I think the new-operator is the classic example of these.
I recommend this book wholeheartedly for anyone learning JavaScript and having some prior programming experience.
If you solve the dual NAT problem separately then Duplicity is one good complete solution. It adds backup schedules, strong client-side encryption and is still able to do incremental backups. Setting it up requires one line of cron on the client side and some kind of remote account for storing the backup archives (SSH, SFTP, FTP). Choosing the correct command line options and handling the passwords requires some care though.
Duplicity uses the same base tech as rsync (librsync) and it's written in Python. It tries hard not to reinvent the wheel using tar for archive files and gpg for encrypting them. This means that extracting files from backups can even be done with standard tools if things get bad. It's available out of the box at least on Ubuntu and Debian. Also installing on CentOS went pretty smoothly with RPM available from project site.
If Windows and Windows programs insist on controlling the boot sector (and stuff that comes after it), you can still boot Linux. At least starting with Vista, Windows has completely extensible boot loader of its own (the configuration data is called BCD).
The idea is that the Grub (or whatever) is installed on the same Linux *partition* where all the system files are installed (not on the MBR). (At least Ubuntu installer has the option to install Grub on a partition instead of MBR out of the box.)
Windows boot loader is then used to load Grub from the beginning of that partition. No matter what windows updates, programs etc. do this does not break.
Too bad that the default Linux installers don't support this option, since it has been very hassle free for me at least. The initial setup could just as well be automatic.
At the beginning of my CS education in Helsinki, the hardest lesson was that I actually need to do some hard work to improve my skills and thinking.
Luckily the Math Department was happy to trash my overconfidence:) The CS department took quite a bit longer to reach the same level of complexity and depth that forced me to actually work hard instead of just relying on my intuition.
From what I gather, the global trend is to lower the bar and remove anything that might overwhelm people. In my view, being given challenges that seem too much at first is just the thing that is educational.
I probably learned much more from the first courses that I just barely passed than from the courses that I just breezed through, although sadly it took years for the lesson to really sink in.
I have 2nd. hard drives as backup drives on the desktop machines I use most. Backups are about 50% capacity of the main drive.
A script rsyncs almost everything to the backup drive starting from/.
The script also unmounts the backup and spins down the drive when it's done. This should reduce the probability of accidentally hosing the backup file system with the main system (which is easy to do with RAID-1). Noise and power consumption go down too.
I think spinning down also reduces the probability of a major mishap or hardware failure destroying both drives at the same time.
- Have something akin to the Browse feature in Paint Shop Pro. This feature analyzes all graphics in a directory, produces thumbnails of all of them, and displays them in a window where you can pick and choose which ones to open. It's like a pictoral file selector.
Could an external program fill this gap? (At least nautilus and gqview seem to fit the bill). Gnome people try to avoid duplication and all and would probably hate to have yet another file selector.
While debian is agonizing about leaving i386 behind. For me the biggest plus of Libranet over Debian would be that binaries are optimized for current generation of pc:s.
49$ seems pretty steep for one version. While the software is the latest crop today it may not be so after a few months.
Somebody mentions that he goes to church and instant flamefest (mostly about evolution) ignites?
I hope most of you know that freedom of religion is right there among other basic human rights.
Would you eg. not hire somebody, because you assume that he is stupid since he believes in Jesus? What if he is from different culture or perhaps physically different, but still fit for the job?
Would you be friendly and polite to him? How about trying to feel what he feels like, or even helping him if he is abused somehow?
As a christian I would like to add that christians are mostly just like everybody else. They come from every possible background etc.
Naturally they have different explanations for things and different ways to structure the world.
(If you ask me, I would say that Genesis happening exactly the way it was written is nowhere near the center of Christianity. I think many would agree. What exactly is in the center is too seldom discussed openly.)
Any finns here? Have you ever wondered why eg. perl has so many strange characters that are hard to type.
Well ques what. This is only problem with finnish key layout (and I guess with many other national layouts). It's not good for coding. The common syntactic characters in eg. C are just those that are easy to access on US type keyboard.
(In finnish layout (and in other european layouts?) the designers wanted badly to put the native (öäå etc.) characters close to more common alphanumerics. (Even while those characters are not the most common in finnish anyway.)
Hence they reorganized away;:{}/ keys added one key to right of left shift and grabbed right alt for extra mode key. *sigh* They must've thunk: "Why are there so many dedicated keys for special symbols? They are barely used while writing prose. We can just hide them and nobody will notice."
Typing paths in unix is sooo much easier when you can just quickly hit the '/' key with your little finger instead of scrambling for shift-7. And just try to imagine pressing right-alt-7 to get '{'. )
If you are doing a lot of coding, consider getting an US layout keyboard. I personally use Happy Hacking keyboard and I'm indeed very happy with it.
Getting used to different layout (for non-alphanumerics) is surprisingly easy. Now I don't have to switch back and forth from touch typist position while coding. I finally learned to use emacs movement keys (control is in right place and no redundant page-up etc. keys to scramble for). Simply, I hack Perl faster now:)
*feeling hypocrite* (Just speculated about mechanics of cyberspace;)
The amount of useful brain cycles I put to speculating about details of some stories (also movies, etc.) I read long ago is terrifying.
All those seconds could have been used to some fun, creative or real work. (Or even helping the fellow man) *sigh*
Somehow I feel that many of those stories, while (no denying it) very entertaining and interesting are now some kind of bagage of clutter I can't shake off.
They have very little connection to the actual world I'm living in and now contribute very little to anything...
This is common thematic in many cyberspace stories.
ie. the physical body dies when the mental projection experiences something nasty.
This used to bug me sometimes while reading fiction:)
Best "explanation" I came up with is that advanced cyberspaces actually replicate part of the persons mind with some hardware somewhere. (This would kind of eliminate lag as we know it;)
Then the function of the cranial plug or whatever is to keep the natural counterpart in sync with the simulation. (Inaccurate or partial simulation also requires information the other way.)
Now we can explain those "body can't live without the mind" statements. The mind is actually away in some sense and the "natural" mind is not functioning normally. When the connection to the simulation is terminated without proper protocol, the natural mind is unable to resume where the simulation left off.
Amazing what you can come up with when your imagination hit's a snag. I'm slightly proud of my self for getting this improbable idea:)
(disclaimer: I'm not sure about any of this... Just some random soft arguments... Feel free to blast them away;)
I tend to think my self as visually oriented person. I have a somewhat working pictographic memory (far from photographic:) and I also find it helpful to sketch pictures and diagrams while I'm thinking about something.
The fact is that plain alphabetic symbols tend to look alike (in some stylistic sense)... I guess that's one of the things font designers are after...
For me it is really helpful to have punctuation in code that jumps out and is easy to asssociate with different things. I guess that's the whole point of any punctuation... to stand out from the wovels and consonants.
Do try to read english without punctuation (you could find it here on slashdot:)
I also don't think there is any inherent "limit of acceptable punctuation". I find it easy to ignore most punctuation when reading code. Well written perl code often makes sense that way.
Sometimes it is useful and easy to scan for some specific characters.
You also said that abreviations like "sub" and "def" are silly?
I think they serve a purpose for me at least... I can fit more code in a screenful if the keywords are short. This seems to help a lot somehow. (Same goes for syntax, indentation and identifiers. (One of the reasons I don't like Java))
Maybe it helps to utilize all those parallel processing visual neurons at the back of my brain.
Perl way is also faster to type... Now that I have a real (US layout) keyboard, I can also type most of those special characters much faster:D
-----
I hope all this helps you to understand why perl is at least worthy of existence and why it might be useful for some people.
Anyway you can probably redefine perl syntax with simple macros to please the people who like to think the pascal way:) (With no runtime overhead of course)
Would you really put your (or your mom's) credit card nuber on the line encrypted with just some public key you got over TCP? You know, there could be a Man In The Middle...
Of course as somebody said in some earlier discussion executing thousands of Man In The Middle attacks (and possibly routing spoofs) is not an easy task. However, I still wouldn't wan't to be the guy whose data gets stolen.
OpenPGP has a mechanism for specifying regular expression to match against the names you are authorized to certify. AFAIK there is no such mechanism in browser certificates (x.509).
Entities with their root certificates in browsers giving away certificates that are able to sign anyone's key would of course defeat the whole system.
I noticed this few weeks ago with then latest 2.5 kernel. Some important parts of the window fail to appear completely e.g. the mail reading part (if I remember correctly) .
I browsed around for clues and found that this is related to communication between Evo components. This wasn't Evo 1.2 of course.
Evo developers seemed to be aware of this, but also seemed to think kernel was to blame. Every other prog seemed to work fine though. New kernel seemed very nice and soon it will be 2.6/3.0... I hope this is resolved by then
As many have noted, NVIDIA drivers have a clever trick that separates their interesting parts from the kernel headers, functions, etc. This can be done with neglible or zero performance penalty.
If for some reason their current approach is inadequate and gets challenged, there are always ways to get around.
It's just a question of getting few bytes of obfuscated machine code into the kernel space and using those bytes to massage other bytes around. Extreme case would be to provide a GPL "driver" that reads bunch of bytes from anywhere and jumps to correct spots in that to get things done.
The GPL part can do all the necessary calls to other parts of the kernel if required.
How would that be linking or derivate work? (Provided that the bunch of bytes is constructed independently from other involved things.)
Extreme ways of separating the propritetary bytes from the main kernel just create some overhead, but the above approach would still be quite efficient.
The most touching thing in the movie for me was the loyal and self sacrificing fight of the clones near the end.
The clones are the perfect soldiers military trainers have aimed for since the Preussians. Loyal to the death, extremely capable, perfectly synchronized in action and never question their commanders.
Over the clones valiant fight for the Jedi was cast the shadow of their next commander. All the courage, capability and simple mindedness of the clones would be used to build a hideous tyranny that would kill and torture billions. All this simply by change in the commanding power.
This has been more or less the case in world history of tyrannies. Loyal, trained individuals are being used as tools of terror and opression by something controlling them.
In this paradox of committing self to danger and action without being fully aware of the consequences, lies the bitter sweet sense that moves in the little boy inside me, when I'm exposed to war depictions like this.
This spawned the thought in me, that nothing human should be allowed to absolutely control such hierarchies of loyalty and obedience. What used to be the wise and good superiors can always be replaced with something terrible, thus transforming the whole hierarchy into a tool of opression, terror, torture...
Not to be completely offtopic: Since we are not told the exact laws behind the force in Lucas' fantasy universe, it could well be that Yoda's use of the force in fighting was the most effective and wise possibility. The fact that Yoda looked very exhausted after his heavy use of force kept his normal appearance credible.
He can enhance his physical abilities by using the force, but of course he would only do such a thing under extreme circumstances.
The scene after the fight where the clones quickly run in and past the small hunched character fatigued by his duel was wery touching and metaphorical for me.
The following has the potential to outlaw current
feedback system that keeps vendors providing patches for glaring holes in their products.
See Bruce Schneiers CryptoGram.
If the interpretation of device is as wide as it was in the DeCSS/DMCA case, also discussion about vulnerabilities could be prosecuted. Not to mention the actual exploits that seem to be the only things
that push some vendors to take action.
I live in Europe/Finland. Until now it has been mostly safe to distribute & possess things like DeCSS here, but that seems to be changing.
Quotes from the
convention:
Article 6 - Misuse of devices
1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:
a. the production, sale, procurement for use, import, distribution or otherwise making available of:
i. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 ? 5;
Slashdot Mirror
I'm not sure. The locked instructions, compare and exchange and mfence ensure cache coherency so in my experience the flushes are not necessary.
Maybe driver code needs the flushes. Driver needs to know data is really in the RAM before hardware with DMA can get it.
Cache flush instructions seem to be a late addition with SSE2.
Here is the link to the earlier slashdot discussion on this prevalent hardware bug. The original paper suggested the possibility of exploit.
Late comer, but in case someone is looking for this bit of information.
Just got latest updates. Before the updates I tested with this tool and result was vulnerable.
After the updates it reports "not vulnerable".
There was some messup with libc dev packages. I had to force uninstall some dev packages and do "apt-get -f install" a couple of times, until the problem cleared. This is most likely just my machine...
I should still reboot to make sure the old libc is not loaded in some processes...
XD
JavaScript: The Good Parts by Douglas Crockford shows a way to write clean, conscise and predictable code in JavaScript. (It is also very short book, which I find hilarious. Even then the most important points in the book are in the first half or so.)
The most powerful idea IMHO is the use of function scopes as the main data structure instead of dictionaries. Another idea is avoiding or skipping completely some language features that behave in unusual ways and using simpler more fundamental constructs instead. I think the new-operator is the classic example of these.
I recommend this book wholeheartedly for anyone learning JavaScript and having some prior programming experience.
If you solve the dual NAT problem separately then Duplicity is one good complete solution. It adds backup schedules, strong client-side encryption and is still able to do incremental backups. Setting it up requires one line of cron on the client side and some kind of remote account for storing the backup archives (SSH, SFTP, FTP). Choosing the correct command line options and handling the passwords requires some care though.
Duplicity uses the same base tech as rsync (librsync) and it's written in Python. It tries hard not to reinvent the wheel using tar for archive files and gpg for encrypting them. This means that extracting files from backups can even be done with standard tools if things get bad. It's available out of the box at least on Ubuntu and Debian. Also installing on CentOS went pretty smoothly with RPM available from project site.
If Windows and Windows programs insist on controlling the boot sector (and stuff that comes after it), you can still boot Linux.
At least starting with Vista, Windows has completely extensible boot loader of its own (the configuration data is called BCD).
The idea is that the Grub (or whatever) is installed on the same Linux *partition* where all the system files are installed (not on the MBR).
(At least Ubuntu installer has the option to install Grub on a partition instead of MBR out of the box.)
Windows boot loader is then used to load Grub from the beginning of that partition. No matter what
windows updates, programs etc. do this does not break.
Too bad that the default Linux installers don't support this option, since it
has been very hassle free for me at least. The initial setup could just as well be automatic.
Instructions for doing this manually here:
http://port25.technet.com/archive/2006/10/13/Using-Vista_2700_s-Boot-Manager-to-Boot-Linux-and-Dual-Booting-with-BitLocker-Protection-with-TPM-Support.aspx
At the beginning of my CS education in Helsinki, the hardest lesson was that I actually need to do some hard work to improve my skills and thinking.
:) The CS department took quite a bit longer to reach the same level of complexity and depth that forced me to actually work hard instead of just relying on my intuition.
Luckily the Math Department was happy to trash my overconfidence
From what I gather, the global trend is to lower the bar and remove anything that might overwhelm people. In my view, being given challenges that seem too much at first is just the thing that is educational.
I probably learned much more from the first courses that I just barely passed than from the courses that I just breezed through, although sadly it took years for the lesson to really sink in.
I have 2nd. hard drives as backup drives on the desktop machines I use most. Backups are about 50% capacity of the main drive.
/.
A script rsyncs almost everything to the backup drive starting from
The script also unmounts the backup and spins down the drive when it's done. This should reduce the probability of accidentally hosing the backup file system with the main system (which is easy to do with RAID-1). Noise and power consumption go down too.
I think spinning down also reduces the probability of a major mishap or hardware failure destroying both drives at the same time.
But... what if... THEY are using it to coordinate
operations of infiltrated terrorist cells?
What are you trying to do here? Get spam kings shipped to Quantanamo Camp?
Combining two evils (erosion of human rights and spam) does not yield goodness.
While debian is agonizing about leaving i386 behind.
For me the biggest plus of Libranet over Debian would be that binaries are optimized for current generation of pc:s.
49$ seems pretty steep for one version.
While the software is the latest crop today it may not be so after a few months.
Do I need to pay again then?
This whole thread makes me sad.
Somebody mentions that he goes to church and
instant flamefest (mostly about evolution)
ignites?
I hope most of you know that freedom of
religion is right there among other basic human
rights.
Would you eg. not hire somebody, because
you assume that he is stupid since he believes
in Jesus? What if he is from different culture
or perhaps physically different, but still fit
for the job?
Would you be friendly and polite to him?
How about trying to feel what he feels like,
or even helping him if he is abused somehow?
As a christian I would like to add that christians
are mostly just like everybody else. They come
from every possible background etc.
Naturally they have different explanations for
things and different ways to structure the world.
(If you ask me, I would say that Genesis happening
exactly the way it was written is nowhere near
the center of Christianity. I think many would
agree. What exactly is in the center is too
seldom discussed openly.)
Any finns here? Have you ever wondered why eg. perl has so many strange characters that are hard to type.
;:{}/ keys added one key to right of left shift and grabbed right alt for extra mode key. *sigh*
:)
Well ques what. This is only problem with finnish key layout (and I guess with many other national layouts). It's not good for coding. The common syntactic characters in eg. C are just those that are easy to access on US type keyboard.
(In finnish layout (and in other european layouts?) the designers wanted badly to put the native (öäå etc.) characters close to more common alphanumerics. (Even while those characters are not the most common in finnish anyway.)
Hence they reorganized away
They must've thunk: "Why are there so many dedicated keys for special symbols? They are barely used while writing prose. We can just hide them and nobody will notice."
Typing paths in unix is sooo much easier when you can just quickly hit the '/' key with your little finger instead of scrambling for shift-7. And just try to imagine pressing right-alt-7 to get '{'.
)
If you are doing a lot of coding, consider getting an US layout keyboard. I personally use Happy Hacking keyboard and I'm indeed very happy with it.
Getting used to different layout (for non-alphanumerics) is surprisingly easy. Now I don't have to switch back and forth from touch typist position while coding. I finally learned to use emacs movement keys (control is in right place and no redundant page-up etc. keys to scramble for). Simply, I hack Perl faster now
*feeling hypocrite* (Just speculated about mechanics of cyberspace ;)
The amount of useful brain cycles I put to speculating about details of some stories (also movies, etc.)
I read long ago is terrifying.
All those seconds could have been used to
some fun, creative or real work.
(Or even helping the fellow man)
*sigh*
Somehow I feel that many of those stories, while (no denying it) very entertaining and interesting
are now some kind of bagage of clutter I can't shake off.
They have very little connection to the
actual world I'm living in and now contribute very
little to anything...
This is common thematic in many cyberspace stories.
:)
;)
:)
ie. the physical body dies when the mental projection experiences something nasty.
This used to bug me sometimes while reading fiction
Best "explanation" I came up with is that advanced cyberspaces actually replicate part of the persons mind with some hardware somewhere. (This would kind of eliminate lag as we know it
Then the function of the cranial plug or whatever
is to keep the natural counterpart in sync with the simulation.
(Inaccurate or partial simulation also requires information the other way.)
Now we can explain those "body can't live without the mind" statements. The mind is actually away in some sense and the "natural" mind is not functioning normally. When the connection to the simulation is terminated without proper protocol, the natural mind is unable to resume where the simulation left off.
Amazing what you can come up with when your imagination hit's a snag. I'm slightly proud
of my self for getting this improbable idea
(disclaimer: I'm not sure about any of this... Just some random soft arguments... ;)
:)
:D
:)
Feel free to blast them away
I tend to think my self as visually oriented person.
I have a somewhat working pictographic memory (far from photographic:)
and I also find it helpful to sketch pictures and diagrams
while I'm thinking about something.
The fact is that plain alphabetic symbols tend to
look alike (in some stylistic sense)... I guess that's one of the things font designers are after...
For me it is really helpful to have punctuation in
code that jumps out and is easy to asssociate with
different things.
I guess that's the whole point of any punctuation...
to stand out from the wovels and consonants.
Do try to read english without punctuation (you could find it here on slashdot
I also don't think there is any inherent "limit of acceptable punctuation".
I find it easy to ignore most punctuation when reading code.
Well written perl code often makes sense that way.
Sometimes it is useful and easy to scan for some specific characters.
You also said that abreviations like "sub" and "def" are silly?
I think they serve a purpose for me at least...
I can fit more code in a screenful if the keywords are short.
This seems to help a lot somehow.
(Same goes for syntax, indentation and identifiers. (One of the reasons I don't like Java))
Maybe it helps to utilize all those
parallel processing visual neurons at the back of my brain.
Perl way is also faster to type...
Now that I have a real (US layout) keyboard,
I can also type most of those special characters much faster
-----
I hope all this helps you to understand why perl
is at least worthy of existence and why it might
be useful for some people.
Anyway you can probably redefine perl syntax
with simple macros to please the people who like to think the pascal way
(With no runtime overhead of course)
Since I attended the 1st BB Awards Gala of EFFI, I have decided to join EFFI, but never got around to really doing it...
Of course as somebody said in some earlier discussion executing thousands of Man In The Middle attacks (and possibly routing spoofs) is not an easy task. However, I still wouldn't wan't to be the guy whose data gets stolen.
Entities with their root certificates in browsers giving away certificates that are able to sign anyone's key would of course defeat the whole system.
I browsed around for clues and found that this is related to communication between Evo components. This wasn't Evo 1.2 of course.
Evo developers seemed to be aware of this, but also seemed to think kernel was to blame. Every other prog seemed to work fine though. New kernel seemed very nice and soon it will be 2.6/3.0... I hope this is resolved by then
Do you have any specific info on this?
It's just a question of getting few bytes of obfuscated machine code into the kernel space and using those bytes to massage other bytes around. Extreme case would be to provide a GPL "driver" that reads bunch of bytes from anywhere and jumps to correct spots in that to get things done. The GPL part can do all the necessary calls to other parts of the kernel if required.
How would that be linking or derivate work? (Provided that the bunch of bytes is constructed independently from other involved things.) Extreme ways of separating the propritetary bytes from the main kernel just create some overhead, but the above approach would still be quite efficient.
They just wan't to show who's the boss to those pesky
teenagers with huge subwoofers and extra-amps in their cars.
Is bad for other mammals though.
The most touching thing in the movie for me was the loyal and self sacrificing fight of the clones near the end.
The clones are the perfect soldiers military trainers have aimed for since the Preussians. Loyal to the death, extremely capable, perfectly synchronized in action and never question their commanders.
Over the clones valiant fight for the Jedi was cast the shadow of their next commander. All the courage, capability and simple mindedness of the clones would be used to build a hideous tyranny that would kill and torture billions. All this simply by change in the commanding power.
This has been more or less the case in world history of tyrannies. Loyal, trained individuals are being used as tools of terror and opression by something controlling them.
In this paradox of committing self to danger and action without being fully aware of the consequences, lies the bitter sweet sense that moves in the little boy inside me, when I'm exposed to war depictions like this.
This spawned the thought in me, that nothing human should be allowed to absolutely control such hierarchies of loyalty and obedience. What used to be the wise and good superiors can always be replaced with something terrible, thus transforming the whole hierarchy into a tool of opression, terror, torture...
Not to be completely offtopic:
Since we are not told the exact laws behind the force in Lucas' fantasy universe, it could well be that Yoda's use of the force in fighting was the most effective and wise possibility. The fact that Yoda looked very exhausted after his heavy use of force kept his normal appearance credible.
He can enhance his physical abilities by using the force, but of course he would only do such a thing under extreme circumstances.
The scene after the fight where the clones quickly run in and past the small hunched character fatigued by his duel was wery touching and metaphorical for me.
Pete
The following has the potential to outlaw current feedback system that keeps vendors providing patches for glaring holes in their products. See Bruce Schneiers CryptoGram.
If the interpretation of device is as wide as it was in the DeCSS/DMCA case, also discussion about vulnerabilities could be prosecuted. Not to mention the actual exploits that seem to be the only things that push some vendors to take action.
I live in Europe/Finland. Until now it has been mostly safe to distribute & possess things like DeCSS here, but that seems to be changing.
Quotes from the convention:
Article 6 - Misuse of devices
1. Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:
a. the production, sale, procurement for use, import, distribution or otherwise making available of:
i. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 ? 5;