Hi Chris, First off, thank you for the work you guys do. I appreciate it. I recently set up a free DynDNS account for a friend who wanted to learn linux by running a linux webserver from home with a cable modem & a dynamic IP address. The service works, it does what it is supposed to, and it is the right price for people who want to learn. Thanks.
Second, I do have a minor gripe about the way the update regulations are set up. We're using one of the update clients. You don't want your servers overloaded, so you tell clients not to update (with the same IP address) more than once every 30 days. You don't want dead accounts hanging around, so you require an update at least once every 30 days. Both of these goals are reasonable, but the the deadlines put them in a little bit of tension. In order to violate neither of your policies, and assuming that the ISP has not changed the ip address, we need to send an update exactly once every 30 days, no more, no less.
I've got the client running on a crontab to send an update on the first of every month. But if its a short month (like Feb) I'm bothering you with a ping that is too frequent. If it's a long month (like Dec) I'm bothering you with a ping that is too infrequent (and your servers send out a warning email). It would be nicer if your 2 deadlines allowed a window of opportunity of a few days for the 'I'm still alive' ping. Could you guys change the deadlines to 25 days & 35 days or something to leave us a 10 day window?
Minor griping aside, thanks for what you're doing.
The people who are saying that this is just the same as Windows are wrong. There is a world of difference between this and a drive-by infection. The user has to explicitly elevate their privileges to those of root before they are allowed to blast their foot off.
That said, the people that are saying that Linux is invincible are wrong too. Every system of sufficient complexity has vulnerabilities and Linux is no exception.
But thinking about this incident makes me think that maybe the Linux permissions model could use some improvement here. The attack vector is a plausible one: a screensaver in.deb file that you need to use sudo to install. But it's just a screensaver! You shouldn't have to become root to install a screensaver.
What if we had a tiered model of privilege escalation? Maybe Root - User Install - User run. If the user elevated their access level to User Install, they could install smaller less demanding programs without going through sudo - a screensaver would be a good candidate for this kind of a lightweight program. I'm guessing that this access level would not be allowed to touch/bin/sbin or/etc, but maybe they could install in/usr/bin/local or the user's home directory.
Essentially, you would be giving the user a program sandbox to play around with. Yes, you would get mailicious programs installed & running in the sandbox. But it would be a lot easier to sterilize the sandbox & start fresh if you knew that the base system was still secure.
I picked up a 500GB Worldbook off of e-bay for $70 USD. I installed Debian on it, and yes, it's a pain. I had to disassemble the device, remove the hard drive & plug it in to another computer.
But your requirements are pretty modest. You could get what you want without doing a full OS reinstall.There is a small hacking community centered around this device http://mybookworld.wikidot.com/ssh-enable
Getting an ssh server up and running is pretty easy. Getting nfs up and running is marked as 'difficult' but I didn't find it that hard. You can get a webserver up and running pretty easy (but it's lighthttpd instead of apache). imap isn't a stock install, but you can get it after enabling some repositories for gumstix (which are compatible) http://www.nslu2-linux.org/wiki/Optware/Gumstix
You could do all of this without overwriting any of the stock western digital software. No disassembly. No soldering. No repartitioning. No messing around with the bootloader. All software hacking. Everything over the ethernet port. This is the approach I'd recommend.
It's nice and compact and it runs at about 15W.
ps. Note that there is a performance boost to be had in wiping the disk and installing Debian. The software that western digital puts in there is pretty crappy. There are some MioNet java and perl processes that usually eat up about 30% of your system resources. A clean Debian install runs much faster. But hey, it's only got 32MB of Ram, so it's never going to run that fast anyway
I don't know much about the Kindle system. What kind of bootloader do they use? Is it possible to modify the bootloader to boot to Jaunty by default? Or are you stuck using the native Kindle bootloader & kernel?
I don't think Google contributes that much to the kernel specifically, but if you look at the larger open source ecosystem, their level of contribution is much larger.
Google contributes to python in a big way, for which I am very grateful. I use python pretty much every day . . . on a linux machine.
. . . X-Com . . . Master of Orion/Magic . . . System Shock
I'm intrigued by your ideas and would like to subscribe to your newsletter.
Seriously though, I can't believe it took this long to mention X-Com. I replayed the original last year and it still shines. Of course, the graphics are dated now & the DOS based game timing is frustrating, but all of those things could be fixed by a reboot.
I was pleasantly surprised to see you mention Master of Magic. That one gets far less acclaim than I think it deserves, but it's right up there on my 'best games of all time' list. I don't know if 'rebooting' is the right term for that one, since it was not really part of a series, but I always wanted to see a sequel. Unfortunately, I think a sequel is unlikely at this point. The 'magic the gathering' elements in there would probably cause a lot of difficulties with protection of intellectual property now that Hasbro owns Wizards of the Coast. But there are no such obstacles standing in the way of another Master of Orion.
I'd love to see another Shadowrun too. There was a pretty good one released for the SNES. Role playing, hacking, artificial intelligence, shamanic magic -- what's not to like! It was an awesome game for it's time, but the battle mechanics are a bit clunky by today's standards.
I mean, who is the target audience for the article??
I guess it's for people like me.
Let me explain. I had an old friend visiting over the weekend. He's a professional filmmaker and photographer. We got to talking about making movies and data handling. He said he would like to be able to upload footage directly from a film shoot to a server. He just wants to know that it's always on & that space is always available. So how much space does he need? He said original files for a movie before editing could be around 4TB. We started talking about system requirements for a machine that would suit his needs. At least 6TB - with data preservation & redundancy more important than throughput & fast IO time.
Of course, he spends most of his time shooting movies & doesn't have the inclination to learn how to build a machine like this.
. . . But I do.
ps. I'm guessing that the follow on questions are '4TB for one movie? What about the rest of them? And what about backups?'. I believe he's got a shelf full of 1TB external drives, detached & powered down. I think a lot of A / V people end up with a setup like this. Not exactly disaster proof, but it provides a whole lot of storage for a relatively low price. I wouldn't expect that a storage server would replace this setup either; I think it would supplement it. It would serve as an interim, medium term storage before the data went into cold storage offline.
(This works on XP -- I haven't tried it on other versions of windows)
An OEM could stick this in a batch file on the desktop of a new machine. You know - make it easy for a user so they don't have to learn FTP syntax. Perhaps there could be several such batch files, so a user could choose which browser they wanted to download and install.
(does anybody other than the banks get any benefit from it? Really?)
Yes. The credit card companies benefit. Visa & Mastercard, not citigroup or another issuing bank that puts the visa logo on a credit line held by the bank. PCI DSS is a big proactive shield that the credit card companies can hold up before congress and say:
"See? We are increasing the level of security. We are a self regulating industry. There is no need for you to get involved & legislate security and in fact it would be hurtful because one size does not fit all".
At the same time, the credit card companies move all of the cost of PCI DSS to merchants, service providers & banks. They get to take the lion's share of the money and do none of the work.
Of course I could be wrong and all of this is just my opinion. But it is an informed opinion; I was the chief security officer of a small company working through the process of becoming PCI compliant as a level 1 service provider (a designation that the company received).
But for congress to not get involved, PCI has to be perceived to be effective. (PCI compliance is not the same as security; one can be compliant and still be insecure). So whenever a 'compliant' company gets hacked, the blame game starts. The credit card companies, the security assesors, and the third party scanning providers all need to maintain the illusion that PCI is effective - that a truly PCI compliant company is invulnerable. So they shift the blame back to the victim (in this case, the bank). 'Our post-breach forensic analysis revealed that you were not truly PCI compliant even though we said you were earlier'.
The trick is interpretation. Anyone who has attempted to implement the PCI DSS requirements knows that the devil is in the details and that there is a lot of grey area when a theoretical standard meets practical implementation. The questions arising from that grey area are resolved by an interpretation by the auditor of the requirements. But the interpretation can be fickle.
Need to change the compliance status of a compliant company post-breach? Simple. Change the interpretation. A compliant company is suddenly non-compliant with no physical changes whatsoever. PCI gets to maintain its 100% success rate.
It's illusion. 3 parts out of 5 of the whole PCI compliance process is security theatre.
The fundamental problem is that payment by credit card is insecure. Always has been. Always will be.
Why? Because of the tradeoff between security and convenience. The credit card companies are in the business of selling convenience & it is not in their interest to sell security instead because there is not much of a market for it (although there is plenty of a market for the illusion of security). I don't believe that they will adopt a secure payment method until legislation forces their hand. If market forces were going to do it, they would have done it already. Hundreds of millions of cardholder accounts have been compromised within the space of a few years and the ecosystem is still insecure, nor is it looking to become more secure any time soon.
I'm not commenting here on the layout of images (which is pretty slick), just the relevance of the images returned from a search term. I deliberately chose a 'sparse' search, one that even google has problems returning relevant images. Google returns a few relevant images; bing returns none - nothing but noise.
The quality of the standard search seemed pretty good, but the quality of the image search has a ways to go.
If you are working for a corporation that supplies you apps for you, then you don't have to worry about this. But if you are building your own rig, money may very well be a factor.
Here's a quick list of a few apps in Ubuntu that I use compared to their windows equivalents. (Prices were obtained by a search on Amazon for new copies of software).
Ubuntu - $0 : Vista home premium (assuming you don't have it preinstalled) - $95 OpenOffice - $0 : Microsoft Office 2007 - $311 Gimp - $0 : Photoshop CS4 - $671 Gparted - $0 : Partition Magic - $63
Totals -- $0 to $1140
I use a few more open source tools for image editing, audio editing, video editing, web hosting and running a file server that would bump the app list price up further, but those are bit further off the beaten path. And let's not kid ourselves. Some of the proprietary tools are more fully featured than their open source equivalents. But at $0, the price is right.
Of course, if you know the bad neighborhoods of the internet & don't have any qualms about pirating software, you can get the windows equivalents for free too. But for some people that is just not an option. If you were setting up a bunch of computers for a small business or a school, you would be pretty foolish to deck them all out in pirated software.
I'm just saying, money talks. $0 is enough of an argument to convince a lot of people to use a tool that is good enough.
I'm not an expert on windows vista+ RAM usage, so I could be wrong about this, but . . .
If the OS is constantly prefetching into RAM, eventually the OS guesses wrong and prefetches the wrong thing. How often this happens depends on how smart the prefetching algorithm is. When it guesses wrong and you run a program that hasn't been cached, it pages out to disk. No big deal on a desktop
But a netbook could very well be using an SSD, and extra writes to disk will shorten it's lifespan. Seems like a bad idea, no?
I had this conversation yesterday with a buddy of mine.
Linux's area of greatest dominance is on the server right now. And you're right, boot times are largely irrelevant on the server, assuming that servers should be always up.
But what about moving linux into new areas where it has traditionally been weaker?
There are a number of areas for potential expansion where rebooting is much more common. It seems to me that fast boot times are a definite advantage for embedded devices, dual boot systems and laptops.
Just yesterday, I brought my laptop into class do do an openoffice presentation on an overhead projector. While I was standing in front of the class, waiting for the laptop to boot, feeling stupid, I found myself thinking 'man I wish this thing booted twice as fast'.
Fast boot time is worthless if all it means is that you can quickly boot into a system that is crap. But if the system is already good, fast boot times are icing on the cake. If you can have the cake and have the icing too, why not?
Dell mini 9 Offered right now with Ubuntu 8.04. Windows XP is too big to fit onto a 4GB flash drive, so Ubuntu is still exclusive on the most low spec offering.
OK, so they are not a brick and mortar store, but still, a whole lot of people get their computers from Dell.
Dell spokesmen say these things are selling well, that about 1/3 of them that are sold run Ubuntu & that they have very low rates of return.
There are a number of suggestions on this forum for getting blazing fast boot speed (tinycore from ssd, puppy linux, fvwm + recompiled kernel) but they are not for newbies.
6.06 is a tradeoff - it will be a bit slower than the expert solutions to boot, but it will be a LOT easier for a newbie to install, use and maintain.
Why 6.06 rather than a recent version of Ubuntu? 6.06 was a lot leaner - less features, less services enabled by default (both in the OS and the browser) = faster booting. The resource footprint is lower, and it will run a bit better on older hardware. Also, 6.06 is a long term support release. Although it is old it is still supported now. Note that support for the desktop version (that you will probably use) will end in a few months (June of 2009). This shouldn't be a problem for something that is set up to be just a web browsing platform.
Here's something that requires a bit more work & knowhow but can get you faster performance. Install 6.06 server edition, then install just the bare minimum extra you need for a gui desktop. If memory serves, the command you would use to do the 2nd step is:
I'm not positive that computerworld got their numbers right on that. About a month or so back, there was an interview with a Dell guy who said that a third of their netbook sales (mini 9) were ubuntu and that they were experiencing very low rates of returns on the hardware.
As an aside, I'm not positive about the 1/3 number either. The statements 'windows is killing linux on the netbook' and 'linux is killing windows on the netbook' serve different crowds. Everybody wants to spin the numbers to their own ends. It's kind of hard to get good solid data on this.
nuclear weapons are no longer necessary nor considered as an indicator of power.
I would like to believe that we have passed this point in our history, but I simply don't believe that it is true.
Nuclear weapons not considered as an indicator of power? Tell that to North Korea, Pakistan and India. If you believe the government line (and who doesn't these days, ha ha ha) tell it to Iran too.
As to 'necessary', perhaps not, but certainly effective. I don't think that any country that has acquired nuclear weapons has ever been successfully invaded afterward.
Yes, Linux supports NTFS. You've referenced the right module NTFS-3G. Ubuntu has had this module included by default since version 7.10: gutsy gibbon. Prior to that, it had to be manually installed.
I run a windows XP / Ubuntu 7.10 dual boot setup at home & the NTFS support is great. Ubuntu can read and write to both windows & linux partitions flawlessly. All of your windows files are accessible in the linux mode. I think that there is a slight performance hit (10% or so) for using linux rather than windows to write to the ntfs partition.
'It's our goal to help readers find all of them, from the smallest local weekly paper up to the largest national daily.'
Some papers have had the gumption and the funding to digitize all of their archives but many have not. If the archives have not been digitized, you pretty much need to be physically present to research through them.
For example, I'm currently working on a research project covering the events in Corwin Springs Montana USA in 1989 - 1990. The best coverage is contained within a small local paper called the Livingston Enterprise. The only complete archive that I am aware of is on microfiche at the Livingston Public Library. If you want information contained in that film, you need to physically go to that 1 library and start digging. That's fine if you are local. But what if you live on the other side of the world? If you don't have the money to fly to Bozeman and drive to Livingston, you are SOL. There is no way to get that data online period. I am sure that there are tens of thousands of local papers whose archives are in the same state. It is not that the information is totally unavailable, it is that it is siloed away from the rest of the world.
So Google wants to put up the funding to digitize every article in every paper ever written and destroy spacial restrictions by making them all available online?
Perhaps it would be a good idea to speak to the Indians about building solar power plants on their land.
We pushed them off of all the best land and consigned them to places that were arid and infertile. We consoled our consciences by telling ourselves by saying 'hey, we left them with a shitpile of land'. Of course the land wasn't good for anything . . . at least not then.
Additionally, the Indian reservations are a perennial backwater, mired in poverty and desperately in need of external investment. An enterprising company may be able to get access to large amounts of sundrenched land it needs while the Indians get the external investment they need - a mutually beneficial commercial relationship.
Also, the moratorium will tend to press potential investors away from public land and could give reservation based solar farms the chance to leapfrog development in other areas.
Slashdot Mirror
I agree wholeheartedly. Furthermore, this is the most succinct and correct form in which I have ever heard anyone describe this problem.
Bravo sir.
Hi Chris,
First off, thank you for the work you guys do. I appreciate it. I recently set up a free DynDNS account for a friend who wanted to learn linux by running a linux webserver from home with a cable modem & a dynamic IP address. The service works, it does what it is supposed to, and it is the right price for people who want to learn. Thanks.
Second, I do have a minor gripe about the way the update regulations are set up. We're using one of the update clients. You don't want your servers overloaded, so you tell clients not to update (with the same IP address) more than once every 30 days. You don't want dead accounts hanging around, so you require an update at least once every 30 days. Both of these goals are reasonable, but the the deadlines put them in a little bit of tension. In order to violate neither of your policies, and assuming that the ISP has not changed the ip address, we need to send an update exactly once every 30 days, no more, no less.
I've got the client running on a crontab to send an update on the first of every month. But if its a short month (like Feb) I'm bothering you with a ping that is too frequent. If it's a long month (like Dec) I'm bothering you with a ping that is too infrequent (and your servers send out a warning email). It would be nicer if your 2 deadlines allowed a window of opportunity of a few days for the 'I'm still alive' ping. Could you guys change the deadlines to 25 days & 35 days or something to leave us a 10 day window?
Minor griping aside, thanks for what you're doing.
The people who are saying that this is just the same as Windows are wrong. There is a world of difference between this and a drive-by infection. The user has to explicitly elevate their privileges to those of root before they are allowed to blast their foot off.
That said, the people that are saying that Linux is invincible are wrong too. Every system of sufficient complexity has vulnerabilities and Linux is no exception.
But thinking about this incident makes me think that maybe the Linux permissions model could use some improvement here. The attack vector is a plausible one: a screensaver in .deb file that you need to use sudo to install. But it's just a screensaver! You shouldn't have to become root to install a screensaver.
What if we had a tiered model of privilege escalation? Maybe Root - User Install - User run. /bin /sbin or /etc, but maybe they could install in /usr/bin/local or the user's home directory.
If the user elevated their access level to User Install, they could install smaller less demanding programs without going through sudo - a screensaver would be a good candidate for this kind of a lightweight program. I'm guessing that this access level would not be allowed to touch
Essentially, you would be giving the user a program sandbox to play around with. Yes, you would get mailicious programs installed & running in the sandbox. But it would be a lot easier to sterilize the sandbox & start fresh if you knew that the base system was still secure.
Second this.
I picked up a 500GB Worldbook off of e-bay for $70 USD. I installed Debian on it, and yes, it's a pain. I had to disassemble the device, remove the hard drive & plug it in to another computer.
But your requirements are pretty modest. You could get what you want without doing a full OS reinstall.There is a small hacking community centered around this device
http://mybookworld.wikidot.com/ssh-enable
Getting an ssh server up and running is pretty easy. Getting nfs up and running is marked as 'difficult' but I didn't find it that hard. You can get a webserver up and running pretty easy (but it's lighthttpd instead of apache). imap isn't a stock install, but you can get it after enabling some repositories for gumstix (which are compatible)
http://www.nslu2-linux.org/wiki/Optware/Gumstix
You could do all of this without overwriting any of the stock western digital software. No disassembly. No soldering. No repartitioning. No messing around with the bootloader. All software hacking. Everything over the ethernet port. This is the approach I'd recommend.
It's nice and compact and it runs at about 15W.
ps. Note that there is a performance boost to be had in wiping the disk and installing Debian. The software that western digital puts in there is pretty crappy. There are some MioNet java and perl processes that usually eat up about 30% of your system resources. A clean Debian install runs much faster. But hey, it's only got 32MB of Ram, so it's never going to run that fast anyway
I don't know much about the Kindle system. What kind of bootloader do they use? Is it possible to modify the bootloader to boot to Jaunty by default? Or are you stuck using the native Kindle bootloader & kernel?
"Men grow tired of sleep, love, singing and dancing sooner than war"
-Homer
I don't think Google contributes that much to the kernel specifically, but if you look at the larger open source ecosystem, their level of contribution is much larger.
Google contributes to python in a big way, for which I am very grateful. I use python pretty much every day . . . on a linux machine.
. . . X-Com . . . Master of Orion/Magic . . . System Shock
I'm intrigued by your ideas and would like to subscribe to your newsletter.
Seriously though, I can't believe it took this long to mention X-Com. I replayed the original last year and it still shines. Of course, the graphics are dated now & the DOS based game timing is frustrating, but all of those things could be fixed by a reboot.
I was pleasantly surprised to see you mention Master of Magic. That one gets far less acclaim than I think it deserves, but it's right up there on my 'best games of all time' list. I don't know if 'rebooting' is the right term for that one, since it was not really part of a series, but I always wanted to see a sequel. Unfortunately, I think a sequel is unlikely at this point. The 'magic the gathering' elements in there would probably cause a lot of difficulties with protection of intellectual property now that Hasbro owns Wizards of the Coast. But there are no such obstacles standing in the way of another Master of Orion.
I'd love to see another Shadowrun too. There was a pretty good one released for the SNES. Role playing, hacking, artificial intelligence, shamanic magic -- what's not to like! It was an awesome game for it's time, but the battle mechanics are a bit clunky by today's standards.
I mean, who is the target audience for the article??
I guess it's for people like me.
Let me explain. I had an old friend visiting over the weekend. He's a professional filmmaker and photographer. We got to talking about making movies and data handling. He said he would like to be able to upload footage directly from a film shoot to a server. He just wants to know that it's always on & that space is always available. So how much space does he need? He said original files for a movie before editing could be around 4TB. We started talking about system requirements for a machine that would suit his needs. At least 6TB - with data preservation & redundancy more important than throughput & fast IO time.
Of course, he spends most of his time shooting movies & doesn't have the inclination to learn how to build a machine like this.
. . . But I do.
ps. I'm guessing that the follow on questions are '4TB for one movie? What about the rest of them? And what about backups?'. I believe he's got a shelf full of 1TB external drives, detached & powered down. I think a lot of A / V people end up with a setup like this. Not exactly disaster proof, but it provides a whole lot of storage for a relatively low price. I wouldn't expect that a storage server would replace this setup either; I think it would supplement it. It would serve as an interim, medium term storage before the data went into cold storage offline.
It can be done. Run this command.
explorer ftp://ftp.mozilla.org/pub/firefox/releases/3.5b99/win32/en-US/Firefox Setup 3.5 Beta 99.exe
(This works on XP -- I haven't tried it on other versions of windows)
An OEM could stick this in a batch file on the desktop of a new machine. You know - make it easy for a user so they don't have to learn FTP syntax. Perhaps there could be several such batch files, so a user could choose which browser they wanted to download and install.
(does anybody other than the banks get any benefit from it? Really?)
Yes. The credit card companies benefit. Visa & Mastercard, not citigroup or another issuing bank that puts the visa logo on a credit line held by the bank. PCI DSS is a big proactive shield that the credit card companies can hold up before congress and say:
"See? We are increasing the level of security. We are a self regulating industry. There is no need for you to get involved & legislate security and in fact it would be hurtful because one size does not fit all".
At the same time, the credit card companies move all of the cost of PCI DSS to merchants, service providers & banks. They get to take the lion's share of the money and do none of the work.
Of course I could be wrong and all of this is just my opinion. But it is an informed opinion; I was the chief security officer of a small company working through the process of becoming PCI compliant as a level 1 service provider (a designation that the company received).
But for congress to not get involved, PCI has to be perceived to be effective. (PCI compliance is not the same as security; one can be compliant and still be insecure). So whenever a 'compliant' company gets hacked, the blame game starts. The credit card companies, the security assesors, and the third party scanning providers all need to maintain the illusion that PCI is effective - that a truly PCI compliant company is invulnerable. So they shift the blame back to the victim (in this case, the bank). 'Our post-breach forensic analysis revealed that you were not truly PCI compliant even though we said you were earlier'.
The trick is interpretation. Anyone who has attempted to implement the PCI DSS requirements knows that the devil is in the details and that there is a lot of grey area when a theoretical standard meets practical implementation. The questions arising from that grey area are resolved by an interpretation by the auditor of the requirements. But the interpretation can be fickle.
Need to change the compliance status of a compliant company post-breach? Simple. Change the interpretation. A compliant company is suddenly non-compliant with no physical changes whatsoever. PCI gets to maintain its 100% success rate.
It's illusion. 3 parts out of 5 of the whole PCI compliance process is security theatre.
The fundamental problem is that payment by credit card is insecure. Always has been. Always will be.
Why? Because of the tradeoff between security and convenience. The credit card companies are in the business of selling convenience & it is not in their interest to sell security instead because there is not much of a market for it (although there is plenty of a market for the illusion of security). I don't believe that they will adopt a secure payment method until legislation forces their hand. If market forces were going to do it, they would have done it already. Hundreds of millions of cardholder accounts have been compromised within the space of a few years and the ecosystem is still insecure, nor is it looking to become more secure any time soon.
I found the image search to be pretty lousy.
I'm not commenting here on the layout of images (which is pretty slick), just the relevance of the images returned from a search term.
I deliberately chose a 'sparse' search, one that even google has problems returning relevant images.
Google returns a few relevant images; bing returns none - nothing but noise.
The quality of the standard search seemed pretty good, but the quality of the image search has a ways to go.
Why? Apps & money.
If you are working for a corporation that supplies you apps for you, then you don't have to worry about this. But if you are building your own rig, money may very well be a factor.
Here's a quick list of a few apps in Ubuntu that I use compared to their windows equivalents. (Prices were obtained by a search on Amazon for new copies of software).
Ubuntu - $0 : Vista home premium (assuming you don't have it preinstalled) - $95
OpenOffice - $0 : Microsoft Office 2007 - $311
Gimp - $0 : Photoshop CS4 - $671
Gparted - $0 : Partition Magic - $63
Totals -- $0 to $1140
I use a few more open source tools for image editing, audio editing, video editing, web hosting and running a file server that would bump the app list price up further, but those are bit further off the beaten path. And let's not kid ourselves. Some of the proprietary tools are more fully featured than their open source equivalents. But at $0, the price is right.
Of course, if you know the bad neighborhoods of the internet & don't have any qualms about pirating software, you can get the windows equivalents for free too. But for some people that is just not an option. If you were setting up a bunch of computers for a small business or a school, you would be pretty foolish to deck them all out in pirated software.
I'm just saying, money talks. $0 is enough of an argument to convince a lot of people to use a tool that is good enough.
I'm not an expert on windows vista+ RAM usage, so I could be wrong about this, but . . .
If the OS is constantly prefetching into RAM, eventually the OS guesses wrong and prefetches the wrong thing. How often this happens depends on how smart the prefetching algorithm is. When it guesses wrong and you run a program that hasn't been cached, it pages out to disk. No big deal on a desktop
But a netbook could very well be using an SSD, and extra writes to disk will shorten it's lifespan. Seems like a bad idea, no?
I had this conversation yesterday with a buddy of mine.
Linux's area of greatest dominance is on the server right now. And you're right, boot times are largely irrelevant on the server, assuming that servers should be always up.
But what about moving linux into new areas where it has traditionally been weaker?
There are a number of areas for potential expansion where rebooting is much more common. It seems to me that fast boot times are a definite advantage for embedded devices, dual boot systems and laptops.
Just yesterday, I brought my laptop into class do do an openoffice presentation on an overhead projector. While I was standing in front of the class, waiting for the laptop to boot, feeling stupid, I found myself thinking 'man I wish this thing booted twice as fast'.
Fast boot time is worthless if all it means is that you can quickly boot into a system that is crap. But if the system is already good, fast boot times are icing on the cake. If you can have the cake and have the icing too, why not?
Yes, I had a Jaunty system rendered unbootable after an upgrade, but this was back when the software was in the alpha stage.
It's pretty stable for me since it went beta.
Your mileage may vary, of course.
http://www.dell.com/content/products/productdetails.aspx/laptop-inspiron-9?c=us&cs=19&l=en&s=dhs
Dell mini 9
Offered right now with Ubuntu 8.04. Windows XP is too big to fit onto a 4GB flash drive, so Ubuntu is still exclusive on the most low spec offering.
OK, so they are not a brick and mortar store, but still, a whole lot of people get their computers from Dell.
Dell spokesmen say these things are selling well, that about 1/3 of them that are sold run Ubuntu & that they have very low rates of return.
Ubuntu 6.06 dapper drake is a good choice.
There are a number of suggestions on this forum for getting blazing fast boot speed (tinycore from ssd, puppy linux, fvwm + recompiled kernel) but they are not for newbies.
6.06 is a tradeoff - it will be a bit slower than the expert solutions to boot, but it will be a LOT easier for a newbie to install, use and maintain.
Why 6.06 rather than a recent version of Ubuntu? 6.06 was a lot leaner - less features, less services enabled by default (both in the OS and the browser) = faster booting. The resource footprint is lower, and it will run a bit better on older hardware. Also, 6.06 is a long term support release. Although it is old it is still supported now. Note that support for the desktop version (that you will probably use) will end in a few months (June of 2009). This shouldn't be a problem for something that is set up to be just a web browsing platform.
Here's something that requires a bit more work & knowhow but can get you faster performance. Install 6.06 server edition, then install just the bare minimum extra you need for a gui desktop. If memory serves, the command you would use to do the 2nd step is:
sudo apt-get install x-window-server gdm gnome nautilus metacity synaptic firefox
It will take a while to download & install all of those packages because they have a lot of dependencies.
I'm not positive that computerworld got their numbers right on that. About a month or so back, there was an interview with a Dell guy who said that a third of their netbook sales (mini 9) were ubuntu and that they were experiencing very low rates of returns on the hardware.
Here's a link.
http://blog.laptopmag.com/one-third-of-dell-inspiron-mini-9s-sold-run-linux
I originally read the interview from a more reputable source, but I'm unable to dig up the original.
As an aside, I'm not positive about the 1/3 number either. The statements 'windows is killing linux on the netbook' and 'linux is killing windows on the netbook' serve different crowds. Everybody wants to spin the numbers to their own ends. It's kind of hard to get good solid data on this.
nuclear weapons are no longer necessary nor considered as an indicator of power.
I would like to believe that we have passed this point in our history, but I simply don't believe that it is true.
Nuclear weapons not considered as an indicator of power? Tell that to North Korea, Pakistan and India. If you believe the government line (and who doesn't these days, ha ha ha) tell it to Iran too.
As to 'necessary', perhaps not, but certainly effective. I don't think that any country that has acquired nuclear weapons has ever been successfully invaded afterward.
Yes, Linux supports NTFS. You've referenced the right module NTFS-3G.
Ubuntu has had this module included by default since version 7.10: gutsy gibbon. Prior to that, it had to be manually installed.
I run a windows XP / Ubuntu 7.10 dual boot setup at home & the NTFS support is great. Ubuntu can read and write to both windows & linux partitions flawlessly. All of your windows files are accessible in the linux mode. I think that there is a slight performance hit (10% or so) for using linux rather than windows to write to the ntfs partition.
Well, that is pretty cool, but from the article:
'It's our goal to help readers find all of them, from the smallest local weekly paper up to the largest national daily.'
Some papers have had the gumption and the funding to digitize all of their archives but many have not. If the archives have not been digitized, you pretty much need to be physically present to research through them.
For example, I'm currently working on a research project covering the events in Corwin Springs Montana USA in 1989 - 1990. The best coverage is contained within a small local paper called the Livingston Enterprise. The only complete archive that I am aware of is on microfiche at the Livingston Public Library. If you want information contained in that film, you need to physically go to that 1 library and start digging. That's fine if you are local. But what if you live on the other side of the world? If you don't have the money to fly to Bozeman and drive to Livingston, you are SOL. There is no way to get that data online period. I am sure that there are tens of thousands of local papers whose archives are in the same state. It is not that the information is totally unavailable, it is that it is siloed away from the rest of the world.
So Google wants to put up the funding to digitize every article in every paper ever written and destroy spacial restrictions by making them all available online?
Awesome. Totally fucking awesome.
Ubuntu is like one of those elven rings of power.
Debian is the One Ring to rule them all.
I don't know why this popped into my head.
Perhaps it would be a good idea to speak to the Indians about building solar power plants on their land.
We pushed them off of all the best land and consigned them to places that were arid and infertile. We consoled our consciences by telling ourselves by saying 'hey, we left them with a shitpile of land'. Of course the land wasn't good for anything . . . at least not then.
Additionally, the Indian reservations are a perennial backwater, mired in poverty and desperately in need of external investment. An enterprising company may be able to get access to large amounts of sundrenched land it needs while the Indians get the external investment they need - a mutually beneficial commercial relationship.
Also, the moratorium will tend to press potential investors away from public land and could give reservation based solar farms the chance to leapfrog development in other areas.