It's a hoax, I think, but I'd like to know the backstory / any corroborating information anyway.
From the screenshots elsewhere on the site (in Cyrillic), plus his bashrc file, and the site's hostname, it would seem to be a young Ukranian guy (handle "[Virus]" on irc.tsua.net, real name possibly Andrey A. Belashkov).
Particularly given that he's possibly an admistrator for a rather largish regional ISP, it's slightly embarassing that he hasn't disabled directory browsing...unless the whole thing is a slightly-more-elaborate hoax.
A neighbor of mine was always using one of my computers to check his email -- to the point where I put a kiosk-type machine up for him to use when he came over -- because his was "broken."
I figured it was a power supply issue or something at first, but one day he admitted that it was just so loaded down with viruses and spyware that it was unusuable, and he didn't have any restore CDs, and as a result basically was treating the whole thing as a brick. Eventually he just got a new one.
It's hard to estimate exactly how many upgrades are driven by stuff like this, but I think it's very significant. There is a widely-held perception in the non-geek world that computers just "wear out" over time; or that they have a fixed lifespan of about 2-3 years, after which the 'magic smoke' is just gone and they cease to do anything useful. I've seen people who should really know better repeating this over and over: "my computer is, like, two years old... it's sooo slow. It takes, like, 10 minutes to start up. I need to get a new one."
Couple this with the fact that manufacturers rarely give consumers plain-old OS install discs, opting instead for crappy 'restore partitions,' and you have a recipe for a constant stream of upgrades -- and a constant stream of perfectly good machines either to recyclers, the used market, or the trash.
Yeah but the problem is, in most residential areas in the U.S., very few people have connections sufficently fast that their computer can't render the incoming data as fast as it can come in. (Some exceptions -- loading a Java VM for the first time can be really painful on old hardware, and some heavy Javascript probably is as well.)
But most residential broadband connections are, what, between 1 and 3 Mb/s? I'm pretty sure even a crappy $500 "Blue Light Special" from K-Mart, before it gets bogged down with spyware, can probably work fast enough to make a 3Mb pipe the bottleneck if it has enough RAM that it's not constantly swapping.
So while I definitely see your point and accept its validity, I think for most people, their internet connection is definitely the bottleneck. If you live somewhere you can get a connection that's fast enough so that your computer is the slowest link, kudos -- but I know that's definitely not the case for most of us.
I used a 400MHz computer up until about six months ago, when I upgraded because I started doing some heavy compressed-DV stuff, and my browsing hasn't noticably changed. The browser launches a heck of a lot faster, but actually browsing web pages is about the same as always on most sites.
I think you've either been reading the wrong books, or perhaps your mind just isn't suited to that particular medium.
I have personally found the opposite. I have read books that I have found just so fundamentally emotionally disturbing that I'll never read them again, and probably couldn't be convinced to for even a large wad of cash. Predominantly fiction, but some very well-written non-fiction and memoirs as well; things that have just totally shaken me for days or weeks afterwards.
The more or less anonymous death of a car crash, even when you know it's a video of the real thing, seems mild by comparison. I've worked as an EMT and later as a Paramedic and I've seen the aftermath of some very violent death in person (although I've never personally witnessed a traumatic fatality) and on the whole felt it far easier to deal with than some fiction I've read. Seeing someone who bought the farm by hitting the pavement off of a motorcycle at high speed is bad, don't get me wrong, but I've found that it's bad in sort of a stomach-clenching, nausea-inducing way. It's different from the sheer emotional drain induced by some fiction I've read. Frankly, the first time I responded to a DOA, I was prepared for it to be much worse than it actually was; probably the worst part was how I had psyched myself out about it ahead of time.
Everyone has their 'things,' so I'm not saying that how I react is universal, or even close to it. But I'll take the visceral "disturbingness" of real life, in all its brutality, over some of the things that the human mind can come up with and put down on paper, and the emotional impact a skilled (and sufficiently motivated) writer can have if you let them in your head.
Microsoft 'should' also be keeping proper dialog with people that report these exploits, but that does not give one individual the 'button' to nuke MS when they don't jump on a fix as fast as the person wants, he is only screwing the consumers, not MS other than giving them bad press.
Huh? It sure does. He found the vulnerability, it's his to disclose. (Unless of course Congress has made that illegal this week...)
I think the software vendors are forgetting something: giving them an advance warning of the pending release of a vulnerability is a professional courtesy.
If they don't do anything, particularly if they don't ask politely that the release of the vulnerability be delayed, then they really have no business bitching when they see it over their coffee while reading the Wall Street Journal some morning.
I think reporting vulnerabilities to vendors is the right thing to do, but if the vendors piss all over people who are trying to do them a favor, then the hell with them. It's unfortunate that their customers end up getting hurt because of their lack of any sort of humility or willingness to communicate, but that's what you get when you do business with people like that.
If I was advising Microsoft, or any other large vendor -- or if I was a major customer of theirs, large enough that I could give input on their internal policy -- I'd tell them that every time a serious vulnerability was reported, they should assign an analyst to it personally; not only to verify the possible implications of the threat, but also to act as a one-to-one point of contact with the discoverer, to build a relationship with them and hopefully get them to agree to hold off on disclosure until the problem can be fixed. (I'd also expect them to throw wads of cash at anyone with a possible 0-day, and troll the black-hat IRC channels just like the mafia does, buying them up.)
It's ridiculous to expect people who are inherently doing the vendors and their customers a favor to simply sit on their hands when there's no active dialogue between them and the vendor on what progress is being made -- particularly when being the first to report a vulnerability can be a career-making move for some people.
Before somebody jumps in and responds to this line: "Four-by-four? It doesn't have four of anything in it, certainly not four of anything by four of anything else." and says 'but it has four cores total in it!', yes, I realize that.
What I should have said was that it doesn't have any single part with four of anything in it, so it's not as though they're doing a "four-way" something times four of them, which is what "4x4" logically suggests, IMO.
I would have been a whole lot more impressed if they had actually made a "four by four" machine, instead of just making up a nonsense term for what's nothing but a regular dual-socket, dual-core setup. At most, I'd call that a "2x2." Four-by-four? It doesn't have four of anything in it, certainly not four of anything by four of anything else. That's just misleading.
Two cores per processor times two processors ought to be called a 2x2, and a 4x4 ought to mean a four-socket mobo with four quad-core processors, for a total of 16 cores. Similarly, what they're calling an "8x8" ought to be called a 2x4, or maybe a 4x2, since it's four processors times two processors per core.
For an 'enthusiast' product -- which they're apparently hoping to sell to people who have a clue -- that's a stupid way to name it. Plus, as multi-processor, multi-core systems become more prevalent in the future, it would be nice to have some clear nomenclature to describe them. AMD is just starting everyone off on the wrong foot by calling their dual-core/two-way systems "4-by-anythings".
In this situation since we're talking about the security of physical internet ports, that an intruder can access them in person is sort of assumed.
If you have really good physical security (an intruder can't get to the Ethernet ports) then it sort of obviates this entire discussion -- why bother doing all the obnoxious port security if you can guarantee not letting anyone un-approved get access to an Ethernet port? You wouldn't. Except that you almost certainly can't guarantee that, hence why people are interested in such things.
So if you're even thinking about securing a wired network, it makes sense to assume that the theoretical attacker would have physical access at least to the endpoints of the infrastructure (the ports themselves, other client PCs) and could read the MAC address off of another client.
To be honest that's never a feature I've played with at all, but you might find this Adium bug thread an interesting read, since it discusses it.
Short answer: apparently libgaim has support for receiving/viewing custom emoticons, but not sending them. Adium (being based on libgaim) does the same thing -- receive but not send -- although the receiving seems to be broken in some releases. When it's broken they just appear as questionmarks.
That bug (#506) is for sending, and it's on hold pending support in libgaim.
I think this is the SourceForge bug tracking page for the feature in Gaim. This is for "support" generally, which assumedly includes send and receive, and the status is open.
Same here. The error message is "We're Sorry: You have requested a page that is not currently available due to data transfer restrictions. If the page you requested is yours, click here for more information.".Mac pages are limited to a terabyte of transfer per month, IIRC. There was discussion of bumping that to 10TB, but I'm not sure it ever happened. It's too bad in this case that Apple doesn't just let it slide, because he's basically advertising one of their products for free (and I'm sure.Mac has the B/W to burn).
How do they deal with the issue of duplicate names on the MSN and Yahoo networks, as well? There must be some commonly-used names that exist on both systems, and if you have one in your buddy list and want to add the other one (on the other network), you'll have to add something that identifies it as being foreign.
What's interesting to me is that this could lead to people who have abandoning one or the other, in favor of whichever client is perceived as best. Right now if you were using MSN because all your friends were on it, and you for whatever reason didn't want to use a multiprotocol client, then you were SOL.
Now, you can switch to Yahoo (admittedly, probably having to get a new name in the process -- I doubt they'll let you login to MSN with your Yahoo ID) and still talk to all the same people that you used to. Basically it lets you pick which client you'd like to use: MSN's or Yahoo's. The "advantage" that either of them held over the other within particular groups of people (namely, whichever one your friends were all using) is gone.
I think by the time people arrive at college most of them already have accounts on one IM system or another; people aren't going to switch to the school's one if it means it becomes harder to talk to other people from home.
When I was in school most recently, the de facto standard was AIM. I think there were some people around who used MSN, but they were thought to be fairly odd. ("What's that? It looks funny...")
Although I really like the concept of Jabber and of lots of servers networked together and interoperating, I'm not sure I would have used such a service if any school I went to had offered it, unless it came with a guarantee that I'd be able to use the account forever; it's too much of a pain in the ass to tell everyone you talk to that you're changing to a new address every 2, 3 or 4 years. It was obnoxious enough with email, and in retrospect if GMail had existed when I was in school, I would have just set up an auto-forward from my assigned email to GMail and never used the school's for anything serious. Even non-geeks realize that changing a major piece of your contact information is a pain in the ass (if anything, they find it to be more of a pain than most geeks do, since most geeks know how to update their addressbook and send out new contact info, and/or have friends that do).
I don't think there's any fundamental reason to have more than one personal instant messaging name, and there's really no benefit in tying your name to your presence at a university unless it's business-related (where it does make sense to tie it to your job role at the organization and make it go away when you're done).
The fact that you have to change your email address when you enter and leave school is a crappy leftover from the early days of the Internet, and it's unfortunate that there isn't some DNS-like way to "re-point" email addresses at different destination mailboxes, so that your personal email address could follow you throughout your life. (Like you can now do with cell-phone numbers.) The rise of decent free email services have started to effectively provide that, and making IM names organization-specific would be a step backwards for that medium.
I thought the same thing -- "neato, but why bother when I'll never have anyone to talk to" -- until I started to see people pop up as Available on my GTalk contact list.
Since they've built the chat features into GMail, I know a lot of people who use it, particularly from work. Quite a few people I know just leave their GMail open at work in the background in a browser window, and this means that they're signed on to GTalk.
I guess this may not apply if your friends all don't use GMail for their personal email, but a lot of mine do. The person that uses Hotmail or Yahoo Mail is the exception rather than the rule, and I think this is only going to grow since I've seen a lot of recent college grads signing up for GMail (even non-techie ones), while previously they might have gone for Hotmail or Yahoo. (I think the major selling point of Gmail is actually that the namespace for email addresses isn't as exhausted as Hotmail's or Yahoo's are, meaning you have a shot of getting your real name, plus it doesn't have quite the "Internet ghetto" reputation that a Hotmail address does. Even my mother knows that a Hotmail address is the shitty basement apartment of the virtual world.)
Since you didn't say when you were playing with Gaim last, I can't tell you how much improvement has gone on since then.
Last summer they had a Summer of Code person working on improving file transfer. I'm not sure if that was just for AIM or for MSN as well.
I use Adium daily, which is a Gaim derivative for OS X, and I don't have any problems when using MSN file transfer with people using the stock client on the other end. AIM file transfer seems to be hit or miss; I think there is an issue with firewalls -- if both people are sitting on publicly routable IPs then it works no problem, but it's not as good at punching through layers of NAT as the stock client. (I've heard that there are multiple ways that AIM uses for file transfer, ranging from direct-connect to using the AOL server to pass packets if the recipient can't accept the incoming connection. Some work with Gaim, some don't.) It wouldn't surprise me if MSN transfer worked similarly.
I would give it a shot, and make sure that you've opened the required ports on your firewall if you can (and gotten the other person to do it if possible), since the more direct the connection path, the higher probability you'll be able to do it.
Conceptually I like IRC, but it's way overkill for anything that I do. I've used it from time to time, but I'm not a big regular user.
I'd say my major use of IM systems isn't to actually communicate to people via messages but to communicate status: the ability to run my eyes down my buddy list and see exactly who's available and who's not and who's at lunch/in a meeting/whatever has changed how I work. IRC is less about having a fixed list of people and knowing their status all the time, then having a particular "place" (channel) and letting people come and go. Although you could probably emulate an IM buddy list by telling everyone to go sit in the same IRC channel (and IM networks sometimes try to emulate chat rooms), they're fundamentally different approaches to communication.
But anyway, the IRC network model is a pretty neat one (lots of local servers linked together to form networks, very few centralized points of failure, direct connections for file transfer rather than pushing them through the network) and I think it's too bad in some ways that IM arose from centralized models that lend themselves to corporate fiefdoms. I find Jabber pretty neat because of the ways you can link servers, and communicate from one server to another -- perhaps less like IRC than email -- but I think it'll be a long time before we see the demise of the big AIM/MSN/Yahoo/ICQ networks, even if at some point in the far future they're seen as nothing but a quirk of the early development of the Internet.
This is true -- it's tough to make the USG give the code changes back upstream if they don't want to, but historically, the DoD has a pretty good history of contributing to the collective pool of IT knowledge for free (or rather, with a lot of US tax dollars) if there's not some reason why they can't do it.
At least when the government develops something, you don't have the automatic copyright problem that you do if it's developed privately. This is why the Ada standard manual is freely available and in the public domain, while you'd have to give an arm and a leg and your first several children to the ISO if you wanted to get the standard for C. Admittedly, not very many people probably want the manual for Ada...but it's there, if you wanted to read it.
When the NSA developed SELinux, they made it public, including the code changes -- quite a few people use that. They didn't have to release that, but they did anyway, and in fact still maintain a site where you can download their changes. (And the new modules that they actually wrote from scratch are public domain, not even GPL.)
If you wanted to sum up the USG as an entity, particularly the military/defense parts of it, they have a pretty respectable track record in terms of being good citizens with regards to sharing information and collaborating, when there's not any reason for them not to.
They'll obviously never share information when there's any kind of disincentive -- when it would compromise security to do so, for example (and if it really would compromise security, I wouldn't want them to and I don't think many people would) -- but I think their history ought to give them a little more respect than we give to many corporations, who seem to only release anything when they have no other choice.
The DoD probably has a reference compiler somewhere that would qualify as "trusted" if they wanted to go that route.
If not for C, then they probably have one for Ada, since they developed that back in the day. Then you could write a C compiler in Ada, compile it using the DoD reference Ada compiler (or whatever it is that they've determined is 'trusted'...PowerAda?), and then use that to either compile your C code directly, or to bootstrap your trusted C compiler, after code review.
I think this whole question is a bit of a moot point, because the DoD trusts COTS software all the time. There really is no shortage of "trusted" compilers (although we can argue about whether that trust is misplaced, the point is it's already there) that you could use to compile GCC after you reviewed its code for malfeatures. Then it would just be a matter of keeping up to date on changes to the GCC codebase, and compiling each one with the last "trusted" version.
I would actually be pretty surprised if there aren't already GCC-based products being used on DoD software projects.
You know, some of us don't care for all the bells and whistles that make your precious chat clients unstable and buggy. Voice & Video support? That's a sure fire way to leave a memory footprint the size of Alaska on 350 million user's computers.
It's unfortunate that you got modded Troll, because I agree with you completely.
If I want to do voice or video chat, I'll open a separate application. I don't want to have my voice/video program running constantly on my PC, at least not given the propensity of those programs to balloon to huge memory/processor footprints.
All I want is text chat, with the possibility of file transfer on demand (just because some of the people I have to talk with are not capable of figuring out SFTP or any of the other myriad ways of transferring files), preferably with strong end-to-end encryption.
I think Gaim and its OS X derivative, Adium, are the best things going. Pretty much every IM network you've ever heard of and then some, customizable interfaces, encryption support (using OTR, which is excellent), and decent file transfer under most circumstances.
If I want to talk to someone, I'll use my cellphone, or if I'm dead-set on using my PC, I'll fire up Skype. I'd much rather have a solid text-chat program than some halfassed, poorly designed, ugly, ad-ridden piece of software that does voice and video but only talks to one IM network.
Also, VMWare's support -- I'm told -- for FireWire is limited and/or not present, and USB 2.0 also is pretty poor. I don't know if that means you can't run a VM off of a mounted volume that originates on a Firewire/USB 2.0 device, or that the guest OS just can't "see" the FireWire bus, but you might want to be careful before designing something around VMWare and FireWire or USB 2.0.
I think the rental market is big enough that the Blockbusters of the world would figure out ways around the restriction. If they couldn't pay Sony to create special "rental" discs for them that would work anywhere (unlikely, since they'd be a huge piracy target), then maybe what they would do is just rent you the system and the game at once. It would make rentals far more expensive (because you'd have to keep one copy of each game for each rental system at a particular location), but on the other hand, rental systems would be in far more demand than they are now -- because people would be desperate to try games before buying them, since they couldn't buy used or lend them.
Maybe instead of renting a particular game, instead you'd rent a system with a large binder of games for some significant amount of money for a weekend. The games would be linked to the console, so there wouldn't be a huge theft risk; you'd just have to put down a big deposit and the stores would have to maintain tight inventory control. (Not impossible to do, with very thin RFID tags or something.)
I also expect that the game companies would start to put more of an emphasis on playable demos, once impulse buys started to slow. It might also cause the price of games to gradually go down, because people just wouldn't be willing to pay as much for a game that wouldn't have any resale value. When you buy a game today, you buy it (if you're an intelligent person) with the knowledge that if you hate it, it has some resale value. If you can't sell it, then you need to subtract this value from the price you're willing to pay without knowing you like it.
While I agree with your sentiments surrounding the use of desktop/workstation OSes and hardware as servers, particularly ones that are being used for mission-critical applications, the fact that a machine can be rebooted from a serial console doesn't necessarily make it as easy to manage as a virtual machine.
Unless you have another machine which is serving the serial consoles up onto the net and which you can connect to remotely, you're not going to be able to access those consoles from outside the datacenter. So rebooting your server still requires a call to your operations people (and if it's a colo, probably a fee), just for them to switch to that machine's serial console and reboot it.
A virtual machine, on the other hand, can be rebooted and managed from anyone, provided you can SSH into the host OS. (And provided the host OS is stable and doesn't need to be rebooted.) Rebooting a virtual server is as easy as issuing a command to the virtualization software. This means you can go ahead and run software that you'd never want to run on your non-virtualized production system -- if it crashes, only that service goes down.
Anyway, while I agree that no 'real' server should be without serial console support, there are still reasons why a big server running a bunch of VMs can be easier to manage than a rack of even well-designed 1Us.
Actually if you go to the "Virtual Appliances" page, there are some pretty neat things you can do with VMWare.
Basically, they have virtual machine images that are set up in various configurations for particular purposes (e.g.: firewall, web server, SQL server, etc.) that you can download and run, so instead of actually setting up software packages and worrying about it being correctly configured and secure, you can just download the virtual machine of your choice, load it up, and go.
At least that's the theory -- I haven't played with them very much, admittedly. I was struck by how interesting a way it is to distribute software, though. Rather than delivering an executable file, you deliver an image of a whole machine, running that software, and then your host computer "executes" it by giving it access to some abstracted hardware resources, running it in a sandbox.
I'm not sure it's practical for everything, but I could definitely see the possibilites for distributing some pieces of software this way, if virtualization becomes a mainstream OS feature (or a popular free addition).
It reminds me a little of the way that software used to be distributed before computers had hard drives -- if you wanted to run sa program on your Apple IIc, you put the disk in the drive and rebooted the computer. Each "program" (what the user thought of as a program -- the disk they shoved in the drive) contained a minimal OS, just enough to go between the metal and the software. These virtual appliances are basically an update on the same idea; only except letting them run as the only program, directly on the metal, you run them in a virtual environment.
I could see some interesting "home network appliance" applications of virtualization. Imagine that you have a network appliance, which consists of a reasonably fast PC in an expandable chassis (one with some empty hot-swap bays). It has a very minimal host OS, running off of some read-only media. Whatever functions you want the appliance to perform are all handed by adding drives to it which contain a VM image. Want a firewall? Get the 'firewall component', which could be some form of removable storage that has a Smoothwall VM image, and stick it into the appliance. The host starts running it, and you're away. Same if you wanted to add a web server component, file server component, etc. The various components could run on whatever guest OS they were most suited to, all transparent to the user. It might require more computer power than is currently practical to put into an appliance cheaply, but it could be neat.
I guess what I was thinking about was never actually giving the guest OS low-level access to the storage hardware itself; instead give it a "simulated USB drive" that was actually just a virtual device created by Parallels, but which had a 1:1 association with an actual device attached to the host computer. Then have Parallels call the host computer's OS and get it to do the actual disk I/O.
So you'd be going:
Guest OS -> (Virtual Hardware) = Parallels -> Host OS -> Actual Hardware
Instead of:
Guest OS -> Actual Hardware
I suppose this has the potential to become really complex and really slow, though. Plus, you'd have to create a different "virtual hardware" interface for each type of device you wanted to abstract in this way. It would really only be practical for widely-standardized devices, like USB Mass Storage or Floppy Disks.
"Urban" means "urban culture". I don't know where you're getting the whole race thing. That's your thing. Last I checked, "urban culture" doesn't have anything to do with race... it has to do with social and economic class.
Right -- because there aren't a disproportionate number of ethnic minorities living in urban areas, leading to a strong correlation between "urban" culture and their ethnic culture.
Does anyone have any information on that site?
It's a hoax, I think, but I'd like to know the backstory / any corroborating information anyway.
From the screenshots elsewhere on the site (in Cyrillic), plus his bashrc file, and the site's hostname, it would seem to be a young Ukranian guy (handle "[Virus]" on irc.tsua.net, real name possibly Andrey A. Belashkov).
Particularly given that he's possibly an admistrator for a rather largish regional ISP, it's slightly embarassing that he hasn't disabled directory browsing...unless the whole thing is a slightly-more-elaborate hoax.
Agreed.
... it's sooo slow. It takes, like, 10 minutes to start up. I need to get a new one."
A neighbor of mine was always using one of my computers to check his email -- to the point where I put a kiosk-type machine up for him to use when he came over -- because his was "broken."
I figured it was a power supply issue or something at first, but one day he admitted that it was just so loaded down with viruses and spyware that it was unusuable, and he didn't have any restore CDs, and as a result basically was treating the whole thing as a brick. Eventually he just got a new one.
It's hard to estimate exactly how many upgrades are driven by stuff like this, but I think it's very significant. There is a widely-held perception in the non-geek world that computers just "wear out" over time; or that they have a fixed lifespan of about 2-3 years, after which the 'magic smoke' is just gone and they cease to do anything useful. I've seen people who should really know better repeating this over and over: "my computer is, like, two years old
Couple this with the fact that manufacturers rarely give consumers plain-old OS install discs, opting instead for crappy 'restore partitions,' and you have a recipe for a constant stream of upgrades -- and a constant stream of perfectly good machines either to recyclers, the used market, or the trash.
Yeah but the problem is, in most residential areas in the U.S., very few people have connections sufficently fast that their computer can't render the incoming data as fast as it can come in. (Some exceptions -- loading a Java VM for the first time can be really painful on old hardware, and some heavy Javascript probably is as well.)
But most residential broadband connections are, what, between 1 and 3 Mb/s? I'm pretty sure even a crappy $500 "Blue Light Special" from K-Mart, before it gets bogged down with spyware, can probably work fast enough to make a 3Mb pipe the bottleneck if it has enough RAM that it's not constantly swapping.
So while I definitely see your point and accept its validity, I think for most people, their internet connection is definitely the bottleneck. If you live somewhere you can get a connection that's fast enough so that your computer is the slowest link, kudos -- but I know that's definitely not the case for most of us.
I used a 400MHz computer up until about six months ago, when I upgraded because I started doing some heavy compressed-DV stuff, and my browsing hasn't noticably changed. The browser launches a heck of a lot faster, but actually browsing web pages is about the same as always on most sites.
I think you've either been reading the wrong books, or perhaps your mind just isn't suited to that particular medium.
I have personally found the opposite. I have read books that I have found just so fundamentally emotionally disturbing that I'll never read them again, and probably couldn't be convinced to for even a large wad of cash. Predominantly fiction, but some very well-written non-fiction and memoirs as well; things that have just totally shaken me for days or weeks afterwards.
The more or less anonymous death of a car crash, even when you know it's a video of the real thing, seems mild by comparison. I've worked as an EMT and later as a Paramedic and I've seen the aftermath of some very violent death in person (although I've never personally witnessed a traumatic fatality) and on the whole felt it far easier to deal with than some fiction I've read. Seeing someone who bought the farm by hitting the pavement off of a motorcycle at high speed is bad, don't get me wrong, but I've found that it's bad in sort of a stomach-clenching, nausea-inducing way. It's different from the sheer emotional drain induced by some fiction I've read. Frankly, the first time I responded to a DOA, I was prepared for it to be much worse than it actually was; probably the worst part was how I had psyched myself out about it ahead of time.
Everyone has their 'things,' so I'm not saying that how I react is universal, or even close to it. But I'll take the visceral "disturbingness" of real life, in all its brutality, over some of the things that the human mind can come up with and put down on paper, and the emotional impact a skilled (and sufficiently motivated) writer can have if you let them in your head.
Microsoft 'should' also be keeping proper dialog with people that report these exploits, but that does not give one individual the 'button' to nuke MS when they don't jump on a fix as fast as the person wants, he is only screwing the consumers, not MS other than giving them bad press.
Huh? It sure does. He found the vulnerability, it's his to disclose. (Unless of course Congress has made that illegal this week...)
I think the software vendors are forgetting something: giving them an advance warning of the pending release of a vulnerability is a professional courtesy.
If they don't do anything, particularly if they don't ask politely that the release of the vulnerability be delayed, then they really have no business bitching when they see it over their coffee while reading the Wall Street Journal some morning.
I think reporting vulnerabilities to vendors is the right thing to do, but if the vendors piss all over people who are trying to do them a favor, then the hell with them. It's unfortunate that their customers end up getting hurt because of their lack of any sort of humility or willingness to communicate, but that's what you get when you do business with people like that.
If I was advising Microsoft, or any other large vendor -- or if I was a major customer of theirs, large enough that I could give input on their internal policy -- I'd tell them that every time a serious vulnerability was reported, they should assign an analyst to it personally; not only to verify the possible implications of the threat, but also to act as a one-to-one point of contact with the discoverer, to build a relationship with them and hopefully get them to agree to hold off on disclosure until the problem can be fixed. (I'd also expect them to throw wads of cash at anyone with a possible 0-day, and troll the black-hat IRC channels just like the mafia does, buying them up.)
It's ridiculous to expect people who are inherently doing the vendors and their customers a favor to simply sit on their hands when there's no active dialogue between them and the vendor on what progress is being made -- particularly when being the first to report a vulnerability can be a career-making move for some people.
Before somebody jumps in and responds to this line: "Four-by-four? It doesn't have four of anything in it, certainly not four of anything by four of anything else." and says 'but it has four cores total in it!', yes, I realize that.
What I should have said was that it doesn't have any single part with four of anything in it, so it's not as though they're doing a "four-way" something times four of them, which is what "4x4" logically suggests, IMO.
I would have been a whole lot more impressed if they had actually made a "four by four" machine, instead of just making up a nonsense term for what's nothing but a regular dual-socket, dual-core setup. At most, I'd call that a "2x2." Four-by-four? It doesn't have four of anything in it, certainly not four of anything by four of anything else. That's just misleading.
Two cores per processor times two processors ought to be called a 2x2, and a 4x4 ought to mean a four-socket mobo with four quad-core processors, for a total of 16 cores. Similarly, what they're calling an "8x8" ought to be called a 2x4, or maybe a 4x2, since it's four processors times two processors per core.
For an 'enthusiast' product -- which they're apparently hoping to sell to people who have a clue -- that's a stupid way to name it. Plus, as multi-processor, multi-core systems become more prevalent in the future, it would be nice to have some clear nomenclature to describe them. AMD is just starting everyone off on the wrong foot by calling their dual-core/two-way systems "4-by-anythings".
In this situation since we're talking about the security of physical internet ports, that an intruder can access them in person is sort of assumed.
If you have really good physical security (an intruder can't get to the Ethernet ports) then it sort of obviates this entire discussion -- why bother doing all the obnoxious port security if you can guarantee not letting anyone un-approved get access to an Ethernet port? You wouldn't. Except that you almost certainly can't guarantee that, hence why people are interested in such things.
So if you're even thinking about securing a wired network, it makes sense to assume that the theoretical attacker would have physical access at least to the endpoints of the infrastructure (the ports themselves, other client PCs) and could read the MAC address off of another client.
To be honest that's never a feature I've played with at all, but you might find this Adium bug thread an interesting read, since it discusses it.
Short answer: apparently libgaim has support for receiving/viewing custom emoticons, but not sending them. Adium (being based on libgaim) does the same thing -- receive but not send -- although the receiving seems to be broken in some releases. When it's broken they just appear as questionmarks.
That bug (#506) is for sending, and it's on hold pending support in libgaim.
I think this is the SourceForge bug tracking page for the feature in Gaim. This is for "support" generally, which assumedly includes send and receive, and the status is open.
Same here. The error message is "We're Sorry: You have requested a page that is not currently available due to data transfer restrictions. If the page you requested is yours, click here for more information." .Mac pages are limited to a terabyte of transfer per month, IIRC. There was discussion of bumping that to 10TB, but I'm not sure it ever happened. It's too bad in this case that Apple doesn't just let it slide, because he's basically advertising one of their products for free (and I'm sure .Mac has the B/W to burn).
The Flickr page is still up and running, though.
Yeah I'd like to know this as well.
How do they deal with the issue of duplicate names on the MSN and Yahoo networks, as well? There must be some commonly-used names that exist on both systems, and if you have one in your buddy list and want to add the other one (on the other network), you'll have to add something that identifies it as being foreign.
What's interesting to me is that this could lead to people who have abandoning one or the other, in favor of whichever client is perceived as best. Right now if you were using MSN because all your friends were on it, and you for whatever reason didn't want to use a multiprotocol client, then you were SOL.
Now, you can switch to Yahoo (admittedly, probably having to get a new name in the process -- I doubt they'll let you login to MSN with your Yahoo ID) and still talk to all the same people that you used to. Basically it lets you pick which client you'd like to use: MSN's or Yahoo's. The "advantage" that either of them held over the other within particular groups of people (namely, whichever one your friends were all using) is gone.
Hopefully, this will lead to better clients...
I think by the time people arrive at college most of them already have accounts on one IM system or another; people aren't going to switch to the school's one if it means it becomes harder to talk to other people from home.
When I was in school most recently, the de facto standard was AIM. I think there were some people around who used MSN, but they were thought to be fairly odd. ("What's that? It looks funny...")
Although I really like the concept of Jabber and of lots of servers networked together and interoperating, I'm not sure I would have used such a service if any school I went to had offered it, unless it came with a guarantee that I'd be able to use the account forever; it's too much of a pain in the ass to tell everyone you talk to that you're changing to a new address every 2, 3 or 4 years. It was obnoxious enough with email, and in retrospect if GMail had existed when I was in school, I would have just set up an auto-forward from my assigned email to GMail and never used the school's for anything serious. Even non-geeks realize that changing a major piece of your contact information is a pain in the ass (if anything, they find it to be more of a pain than most geeks do, since most geeks know how to update their addressbook and send out new contact info, and/or have friends that do).
I don't think there's any fundamental reason to have more than one personal instant messaging name, and there's really no benefit in tying your name to your presence at a university unless it's business-related (where it does make sense to tie it to your job role at the organization and make it go away when you're done).
The fact that you have to change your email address when you enter and leave school is a crappy leftover from the early days of the Internet, and it's unfortunate that there isn't some DNS-like way to "re-point" email addresses at different destination mailboxes, so that your personal email address could follow you throughout your life. (Like you can now do with cell-phone numbers.) The rise of decent free email services have started to effectively provide that, and making IM names organization-specific would be a step backwards for that medium.
I thought the same thing -- "neato, but why bother when I'll never have anyone to talk to" -- until I started to see people pop up as Available on my GTalk contact list.
Since they've built the chat features into GMail, I know a lot of people who use it, particularly from work. Quite a few people I know just leave their GMail open at work in the background in a browser window, and this means that they're signed on to GTalk.
I guess this may not apply if your friends all don't use GMail for their personal email, but a lot of mine do. The person that uses Hotmail or Yahoo Mail is the exception rather than the rule, and I think this is only going to grow since I've seen a lot of recent college grads signing up for GMail (even non-techie ones), while previously they might have gone for Hotmail or Yahoo. (I think the major selling point of Gmail is actually that the namespace for email addresses isn't as exhausted as Hotmail's or Yahoo's are, meaning you have a shot of getting your real name, plus it doesn't have quite the "Internet ghetto" reputation that a Hotmail address does. Even my mother knows that a Hotmail address is the shitty basement apartment of the virtual world.)
Since you didn't say when you were playing with Gaim last, I can't tell you how much improvement has gone on since then.
Last summer they had a Summer of Code person working on improving file transfer. I'm not sure if that was just for AIM or for MSN as well.
I use Adium daily, which is a Gaim derivative for OS X, and I don't have any problems when using MSN file transfer with people using the stock client on the other end. AIM file transfer seems to be hit or miss; I think there is an issue with firewalls -- if both people are sitting on publicly routable IPs then it works no problem, but it's not as good at punching through layers of NAT as the stock client. (I've heard that there are multiple ways that AIM uses for file transfer, ranging from direct-connect to using the AOL server to pass packets if the recipient can't accept the incoming connection. Some work with Gaim, some don't.) It wouldn't surprise me if MSN transfer worked similarly.
I would give it a shot, and make sure that you've opened the required ports on your firewall if you can (and gotten the other person to do it if possible), since the more direct the connection path, the higher probability you'll be able to do it.
Conceptually I like IRC, but it's way overkill for anything that I do. I've used it from time to time, but I'm not a big regular user.
I'd say my major use of IM systems isn't to actually communicate to people via messages but to communicate status: the ability to run my eyes down my buddy list and see exactly who's available and who's not and who's at lunch/in a meeting/whatever has changed how I work. IRC is less about having a fixed list of people and knowing their status all the time, then having a particular "place" (channel) and letting people come and go. Although you could probably emulate an IM buddy list by telling everyone to go sit in the same IRC channel (and IM networks sometimes try to emulate chat rooms), they're fundamentally different approaches to communication.
But anyway, the IRC network model is a pretty neat one (lots of local servers linked together to form networks, very few centralized points of failure, direct connections for file transfer rather than pushing them through the network) and I think it's too bad in some ways that IM arose from centralized models that lend themselves to corporate fiefdoms. I find Jabber pretty neat because of the ways you can link servers, and communicate from one server to another -- perhaps less like IRC than email -- but I think it'll be a long time before we see the demise of the big AIM/MSN/Yahoo/ICQ networks, even if at some point in the far future they're seen as nothing but a quirk of the early development of the Internet.
This is true -- it's tough to make the USG give the code changes back upstream if they don't want to, but historically, the DoD has a pretty good history of contributing to the collective pool of IT knowledge for free (or rather, with a lot of US tax dollars) if there's not some reason why they can't do it.
At least when the government develops something, you don't have the automatic copyright problem that you do if it's developed privately. This is why the Ada standard manual is freely available and in the public domain, while you'd have to give an arm and a leg and your first several children to the ISO if you wanted to get the standard for C. Admittedly, not very many people probably want the manual for Ada...but it's there, if you wanted to read it.
When the NSA developed SELinux, they made it public, including the code changes -- quite a few people use that. They didn't have to release that, but they did anyway, and in fact still maintain a site where you can download their changes. (And the new modules that they actually wrote from scratch are public domain, not even GPL.)
If you wanted to sum up the USG as an entity, particularly the military/defense parts of it, they have a pretty respectable track record in terms of being good citizens with regards to sharing information and collaborating, when there's not any reason for them not to.
They'll obviously never share information when there's any kind of disincentive -- when it would compromise security to do so, for example (and if it really would compromise security, I wouldn't want them to and I don't think many people would) -- but I think their history ought to give them a little more respect than we give to many corporations, who seem to only release anything when they have no other choice.
The DoD probably has a reference compiler somewhere that would qualify as "trusted" if they wanted to go that route.
If not for C, then they probably have one for Ada, since they developed that back in the day. Then you could write a C compiler in Ada, compile it using the DoD reference Ada compiler (or whatever it is that they've determined is 'trusted'...PowerAda?), and then use that to either compile your C code directly, or to bootstrap your trusted C compiler, after code review.
I think this whole question is a bit of a moot point, because the DoD trusts COTS software all the time. There really is no shortage of "trusted" compilers (although we can argue about whether that trust is misplaced, the point is it's already there) that you could use to compile GCC after you reviewed its code for malfeatures. Then it would just be a matter of keeping up to date on changes to the GCC codebase, and compiling each one with the last "trusted" version.
I would actually be pretty surprised if there aren't already GCC-based products being used on DoD software projects.
If I want to do voice or video chat, I'll open a separate application. I don't want to have my voice/video program running constantly on my PC, at least not given the propensity of those programs to balloon to huge memory/processor footprints.
All I want is text chat, with the possibility of file transfer on demand (just because some of the people I have to talk with are not capable of figuring out SFTP or any of the other myriad ways of transferring files), preferably with strong end-to-end encryption.
I think Gaim and its OS X derivative, Adium, are the best things going. Pretty much every IM network you've ever heard of and then some, customizable interfaces, encryption support (using OTR, which is excellent), and decent file transfer under most circumstances.
If I want to talk to someone, I'll use my cellphone, or if I'm dead-set on using my PC, I'll fire up Skype. I'd much rather have a solid text-chat program than some halfassed, poorly designed, ugly, ad-ridden piece of software that does voice and video but only talks to one IM network.
Also, VMWare's support -- I'm told -- for FireWire is limited and/or not present, and USB 2.0 also is pretty poor. I don't know if that means you can't run a VM off of a mounted volume that originates on a Firewire/USB 2.0 device, or that the guest OS just can't "see" the FireWire bus, but you might want to be careful before designing something around VMWare and FireWire or USB 2.0.
I think the rental market is big enough that the Blockbusters of the world would figure out ways around the restriction. If they couldn't pay Sony to create special "rental" discs for them that would work anywhere (unlikely, since they'd be a huge piracy target), then maybe what they would do is just rent you the system and the game at once. It would make rentals far more expensive (because you'd have to keep one copy of each game for each rental system at a particular location), but on the other hand, rental systems would be in far more demand than they are now -- because people would be desperate to try games before buying them, since they couldn't buy used or lend them.
Maybe instead of renting a particular game, instead you'd rent a system with a large binder of games for some significant amount of money for a weekend. The games would be linked to the console, so there wouldn't be a huge theft risk; you'd just have to put down a big deposit and the stores would have to maintain tight inventory control. (Not impossible to do, with very thin RFID tags or something.)
I also expect that the game companies would start to put more of an emphasis on playable demos, once impulse buys started to slow. It might also cause the price of games to gradually go down, because people just wouldn't be willing to pay as much for a game that wouldn't have any resale value. When you buy a game today, you buy it (if you're an intelligent person) with the knowledge that if you hate it, it has some resale value. If you can't sell it, then you need to subtract this value from the price you're willing to pay without knowing you like it.
While I agree with your sentiments surrounding the use of desktop/workstation OSes and hardware as servers, particularly ones that are being used for mission-critical applications, the fact that a machine can be rebooted from a serial console doesn't necessarily make it as easy to manage as a virtual machine.
Unless you have another machine which is serving the serial consoles up onto the net and which you can connect to remotely, you're not going to be able to access those consoles from outside the datacenter. So rebooting your server still requires a call to your operations people (and if it's a colo, probably a fee), just for them to switch to that machine's serial console and reboot it.
A virtual machine, on the other hand, can be rebooted and managed from anyone, provided you can SSH into the host OS. (And provided the host OS is stable and doesn't need to be rebooted.) Rebooting a virtual server is as easy as issuing a command to the virtualization software. This means you can go ahead and run software that you'd never want to run on your non-virtualized production system -- if it crashes, only that service goes down.
Anyway, while I agree that no 'real' server should be without serial console support, there are still reasons why a big server running a bunch of VMs can be easier to manage than a rack of even well-designed 1Us.
Windows computers can be very stable. The trick?
Turn them on their sides.
Actually if you go to the "Virtual Appliances" page, there are some pretty neat things you can do with VMWare.
Basically, they have virtual machine images that are set up in various configurations for particular purposes (e.g.: firewall, web server, SQL server, etc.) that you can download and run, so instead of actually setting up software packages and worrying about it being correctly configured and secure, you can just download the virtual machine of your choice, load it up, and go.
At least that's the theory -- I haven't played with them very much, admittedly. I was struck by how interesting a way it is to distribute software, though. Rather than delivering an executable file, you deliver an image of a whole machine, running that software, and then your host computer "executes" it by giving it access to some abstracted hardware resources, running it in a sandbox.
I'm not sure it's practical for everything, but I could definitely see the possibilites for distributing some pieces of software this way, if virtualization becomes a mainstream OS feature (or a popular free addition).
It reminds me a little of the way that software used to be distributed before computers had hard drives -- if you wanted to run sa program on your Apple IIc, you put the disk in the drive and rebooted the computer. Each "program" (what the user thought of as a program -- the disk they shoved in the drive) contained a minimal OS, just enough to go between the metal and the software. These virtual appliances are basically an update on the same idea; only except letting them run as the only program, directly on the metal, you run them in a virtual environment.
I could see some interesting "home network appliance" applications of virtualization. Imagine that you have a network appliance, which consists of a reasonably fast PC in an expandable chassis (one with some empty hot-swap bays). It has a very minimal host OS, running off of some read-only media. Whatever functions you want the appliance to perform are all handed by adding drives to it which contain a VM image. Want a firewall? Get the 'firewall component', which could be some form of removable storage that has a Smoothwall VM image, and stick it into the appliance. The host starts running it, and you're away. Same if you wanted to add a web server component, file server component, etc. The various components could run on whatever guest OS they were most suited to, all transparent to the user. It might require more computer power than is currently practical to put into an appliance cheaply, but it could be neat.
Thanks for the info.
I guess what I was thinking about was never actually giving the guest OS low-level access to the storage hardware itself; instead give it a "simulated USB drive" that was actually just a virtual device created by Parallels, but which had a 1:1 association with an actual device attached to the host computer. Then have Parallels call the host computer's OS and get it to do the actual disk I/O.
So you'd be going:
Guest OS -> (Virtual Hardware) = Parallels -> Host OS -> Actual Hardware
Instead of:
Guest OS -> Actual Hardware
I suppose this has the potential to become really complex and really slow, though. Plus, you'd have to create a different "virtual hardware" interface for each type of device you wanted to abstract in this way. It would really only be practical for widely-standardized devices, like USB Mass Storage or Floppy Disks.
"Urban" means "urban culture". I don't know where you're getting the whole race thing. That's your thing. Last I checked, "urban culture" doesn't have anything to do with race... it has to do with social and economic class.
Right -- because there aren't a disproportionate number of ethnic minorities living in urban areas, leading to a strong correlation between "urban" culture and their ethnic culture.
The only thing worse than racism is denial.