WoW has _plenty_ of encounters that require quite a bit of intelligence and brainpower to overcome. No, they're not all like that, and I wouldn't want them to be.
The bots just exploit the simple mindless things, the things that no sane person would do over and over again for months on end. There's plenty else out there, the bots just don't touch it.
Odd. I've been running XP for five years or so now, and done numerous hardware upgrades, and the ONLY time I've ever had to re-activate my copy is when I replaced a motherboard (which ended up giving new ethernet controller, disk controllers, etc).
Beyond that I've added and removed memory, changed video cards, changed drives, added drives, and pretty much made the types of changes you'd expect a power user to make, and I've never had to reactivate. Ever. And that one time I did, it took me about ten seconds.
Thus, I'm afraid I'm going to have to call "bullshit" here.
And it's slow in more than one way, to boot. The machines themselves -- even for basic functions like withdrawing cash -- are slllloooooowwwwwww.
We have one at the local 7-11, I've used it a few times. There's several places during the transaction that you'll press an on-screen button, the button will briefly invert to indicate that it's been pressed, and then... nothing, for 5 or 6 seconds. Just sits there on the same screen, no longer responding to user input. Not even a "please wait" message -- just nothing at all... and they moved the 'ok' button from the lower right of the keypad (where it seems to be on every other ATM on the planet) to the upper right. Heh.
SSH doesn't do the same thing Kerberos does. Kerberos provides for centralized authentication (ssh doesn't)... just having an authorized_keys file set up on every system you access is NOT the same as centralized authentication. It also provides for a number of other useful features that ssh just can't provide.
The difference, I suppose, is that they're equivilent in a small/home environment, but much different in an enterprise environment with many users and many hosts. On an enterprise scale, ssh alone just doesn't cut it.
1. Download first ~1k of file (which should contain at least the start of the id3v2 tag)
2. Check to make sure you have the whole tag. If it's bigger than what you downloaded, download the rest of the tag.
3. Write to a temporary file
4. Run existing libraries and/or tools against temporary file
... you don't need any of the actual mp3 to get the id3v2 info, and the above will work on most files. The exception will be the few files that have the id3v2 data at the end and just a reference to it at the front of the file -- but those are pretty rare.
Solaris has actually supported the RENDER extension since the first or second maintenance release of Solaris 9... give yourself an upgrade and give it a try...
One thing to remember -- When you get right down to it, a camera is a light-proof box that holds some film, and that's it. When you press the shutter button, the camera doesn't matter anymore. Lens, film, and that's it.
With film cameras, as long as the camera has the features you really need (light meter, etc), your pictures aren't going to be made any better by getting a 'better' camera. 'Better' cameras have better autofocus, better film drive, more shots per second, and the like, but nothing that materially affects the actual pictures you take.
If your NFS server rebooting, shutting down, or crashing causes any problem but temporarilly 'hung' clients, you have something wrong.
NFS is explicitly designed to be stateless, precisely to allow it to function across server reboots, crashes, and other fun. If your clients are crashing, or getting back corrupted data, something is screwed up somewhere.
And, by the way, if you're getting corrupted data on a server crash, and the server is linux, you just had an object lesson on why it's bad that linux NFS defaults to async writes.:)
What I want to know is... why doesn't ssh allow you to do protected logins (encrypted passwords, public-key authenticated logsin, whatever), but then do actual data transfer without encryption? When I'm at work, I want to be able to ssh everywhere (out of convenience: ssh-agent + X11 forwarding + autentication forwarding rock), but I sure as hell don't need my gigabyte-size files encrypted to go 50 feet across the LAN!
I seem to remember that (very) old ssh versions actually had this feature, but best I can tell, it's gone in newer (e.g. openssh) versions. Anyone have a clue why this is?
There's a lot of information about medications being tossed around here, so here's my $0.02, hopefully a bit better informed than some of the posts...
Disclaimer: I'm not a doctor, but I've been fighting this ADHD thing for my entire adult life, and have spent a lot of time on a lot of medications and talking to a lot of doctors. My current doctor is a 20+ year ADHD specialist (who I think rocks) from whom a lot of these opinions derive -- but they are opinions and only reflect my own research and experiences, so take with a large grain of salt.
So, in the drug world, there's basically two ways to combat ADHD: Stimulants, and antidepressants.
The most 'traditional' tratment for ADHD is stimulants.. Ritalin (and derivatives, e.g. Concerta) and Adderal are popular for this. The stimulants don't really FIX the core cause (see below), but do help with a lot of the symptoms. There's nothing special about these particular stimulants, just about any will do (e.g. caffine), and indeed, a lot of ADHD sufferers self-medicate with caffine and the like. Prescription meds tend to be better, though, because they are available in sustained-release form, which means you don't have a lot of the up-and-down you'd get from trying to self-medicate with a quick-acting stimulant.
The other major (and, alas, not-well-known) treatment for ADHD is antidepressants. These address the core cause of ADHD -- a chemical imbalance in the brain. Desipramine, Welbutrin, Celexa, Strattera, and about a billion other medications fall into this category. Ultimately, they all do their job by adjusting the levels of various neurochemicals and getting them back in line with what your brain needs to actually function correctly. The biggest problems with the antidepressants are that they aren't very widely understood in the medical community, and that they aren't as instant-gratification as the stimulants. With a stimulant, you'll feel better the same day you take them (and only the same day you take them). With the antidepressants, changes are slower, and you have to take the meds every day (unless you enjoy withdrawal)... and you may need to try several antidepressants before you find the right one for your chemistry. There's really no way to tell which antidepressant is right for you, so it's mostly trial and error. Fortunately, it's not hard to tell if an antidepressant is right for you -- They're typically either right for you, or make you rapidly miserable. It's REAL obvious when you're not on the right medication.
There's also a lot of stigmatism against antidepressants ("happy pills") in the world, even though most is unfounded. They don't make you artificially happy, they don't stop you from being able to be sad or unhappy, they just correct the chemical balance in the brain so that things like happiness and depression behave more normally.
Antidepressants are prescribed much less than stimulants, though I don't really know why. Part of the reason is probably because ADHD is always seen as a childrens' problem, and antidepressants aren't normally prescribed to children. Another part of the reason is probably that antidepressants are poorly understood in the medical community, and often require more ongoing care than just tossing someone some insta-gratifying ritalin.
The difference between stimulants and antidepressants is... very black and white. The stimulants will help you wake up, help your focus and jitteryness, and give you instant gratification. On the flip side of the coin, with the right antidepressant, you'll get up early in the morning, wide awake, and be awake for the entire day (without caffine or anything else), you'll think better (rather than just focussing better), fall asleep faster, sleep better, and generally feel much more human than just the stimulants will get you.
The biggest challenge with the antidepressants is finding someone that will actually treat you with them (and treat you correctly).. and they're hard to find. If you're in the SF bay, you can email me for a reference to my (ADHD specialist) doctor, but beyond that... good luck! You'll need it!
I've been trying to post this "review" to Amazon for a couple of days, but there seems to be something wrong with their comment posting code. So here's MY experience with TurboTax 2002
[amazon posting starts here] I won't reiterate many of the points made by other reviewers on amazon -- I'll just summarize the reviews as "good software, but the copy protection sucks".
I had the copy protection suck more than most. I dual boot WindowsXP and Linux, using the "GRUB" bootloader (which is currently used now by, among others, RedHat linux), and installing TurboTax 2002 made my entire computer unbootable! The activation code writes some information to the front of the harddrive (before the first partition), which overwrote my bootloader, which was already living there! (This may happen with other bootloaders as well... I've only tested with the one).
And fixing my system so it would boot again (by reinstalling the bootloader) produced a copy of TurboTax that a) thought it wasn't activated, and b) Thought that my productid had already been used "by another computer", so couldn't be re-activated.
Intuit did eventually give me another product ID that worked, after I spent several hours trying to explain the problem to tech support, and rebooting time and time again as the reps had me uninstall, reinstall, install in safe mode, install while standing on my head...
The software itself is OK (Though I still wish it could import from Quicken based on the "class" of the transactions), but I have the strong opinion that installing tax software should not render my computer unbootable!
The only way that the Audiotron requires "special windows based software" to set up ANYTHING on it, is if you consider a "web browser" to be "special windows based software". Matter of fact, not only is it not required, but there is none. The only thing windowsish the Audiotron comes with is AudioStation, for ripping and organizing mp3s...
You have to use Turtle Radio (http://www.turtleradio.com/) to configure which shoutcast/icecast streams the Audiotron knows about, but you can add in all your own stations. The Audiotron just downloads its station list when you power it on (or tell it to update). Turtle Radio is free, you just have to register to get the ID code that your Audiotron will use to talk to it.
Incidentally, the Audiotron is a great piece of hardware. The interface is well designed (as of 2.0, anyhow), it works really well, and the support is phenomenal. Voyetra/Turtle Beach pays a lot of attention to its user mailing list, and has implemented basically every feature that folks on the Audiotron mailing list have asked for. I bought mine a year ago, and haven't regretted it for a second.
A T1 is essentially 24 voice channels at (I think) 64k/sec, but you *must* lose at least one channel for data control per set of T1s
This isn't really true. When you do a voice T1, this is true, but when doing data, you'll normally only lose 8kbit/sec to overhead (using ESF/B8ZS)... So rather than 1.544Mbit/s, you get 1.536Mbit/s.
Among others, Intel's server boards support this -- It requires a special client on the system you're doing the administration from, but you -can- do anything over the serial port.
I use a (I think) 440GX+ board. Damned nice board. Does this remote management, amongst its other nice features. Of course, you PAY for those features (~$600 for the board).
This definately isn't a big deal... a few companies have these already. The one I ended up with is a Turtle Beach Audiotron ($300), also sold by Gateway as the Gateway Connected Music Player ($200). Features?
Standard A/V component size -- Looks good with your VCR, receiver, etc.
Rackmountable.
Ethernet or home-phone-line networking (I forget the acronym)
Reads files via SMB [From any windows box, or linux with samba. Means normal folks can use it, too. I just can't see my mom installing perl on windows...]
Linux+Samba officially supported by Turtle Beach.
Vacuum display (40x2)
Web browser interface for configuration and playing [in current 2.0 beta software]
Random play, repeat play
Supports icecast/shoutcast streaming [in current 2.0 beta software]
Analog (RCA) and digital (TOSlink) outputs
Good front-panel interface (or small remote)
GREAT support -- Turtle beach has implemented almost every feature requested on their audiotron mailing list.
I really suggest these to anyone that needs an mp3 player in their stereo system. The sound quality is good, the interface is good, the support is stellar, the price is right... Since the new beta software has started coming out, I've had _no_ complaints of any type (in some 6 months of use).
Anyone who gets one of these should definately keep up with the mailing list (maillist.voyetra.com) and download the 1.9.xx beta software. A -lot- of user interface changes (for the (much) better) have gone into this newer software, along with a bunch of other nifty features.
Definately run right out and get one. They're great, they're cheap, and, well, they're great.
This is certainly an interesting idea, but it does not really solve any of the fundamental problems with cryptography. Modern cryptography itself is essentially unbreakable -- Grab one of the variable-key-length symmetric ciphers with a big key (256+ bits) and you have crypto that is, in and of itself, essentially unbreakable. The problem isn't the cryptography, really, it's the stuff around it -- The users, the software, and the key-exchange mechanism. In modern times, if you want to steal someone's secrets, a full frontal assault on the actual cryptography is almost certainly the worst possible way to attack.
This solution doesn't address any of those issues -- and, to some degree, it complexifies them. Key management, for example, becomes even more complex.
For this to work, you have to have a secure way to transmit the "keys" that tell you what parts of the random bitstream to use. Presumably, this would still make use of traditional cryptography and traditional key exchange mechanisms. This means, that if someone can break your key exchange, they can break the rest of your message.
There is one thing that makes this more complicated: Once you crack the key exchange, you still need to have the random bitstream for the relevant period of time on disk somewhere to decrypt the actual message. In a poorly designed system, this might be easy -- As soon as an attacker sees a message (presumably the key exchange) cross the wire, record the message and start recording the random bit stream. Record for an hour or so, and then crack the key exchange at your leisure -- You'll have the random bitstream on file for the propper period of time when you're done.
This can be avoided by temporally seperating the key exchange from the actual random data being used -- Exchange keys today, get your random data for encrypting tomorrow. This complexifies key management, though -- You can build up a 'cache' of keys to use (since you have to exchange the keys well ahead of time), but what happens if you run out of ready-to-go keys?
There's also nothing that would keep a well-funded attacker from recording the entire random bitstream for as long as they desire -- At a gigabyte a second (how do you even GENERATE that much truly random data?), that's only 600TB a week -- Split that between 600 recording systems, and you have 1Tb/system/week, which is not too far beyond the real of feasability. (This can scale as large as you like, limited only by real estate and money).
Basically what this proposal would do is make it more expensive to perform a direct attack on the cryptography guarding a communication... Which, when you think about it, is prettymuch the point of cryptography. To gain this, though, you must deploy a very expensive infrastructure and software that is potentially more complex than current cryptosystems. The benefit you get from this is negligable -- Modern cryptography is essentially unbreakable, so going from "essentially unbreakable" to "more essentially unbreakable" doesn't really help you. ("You're stupid to infinity"... "You're stupid to infinity times two!").
The real problems (people, software, key exchange), the ones that are the security problems in the real world, aren't addressed at all. This proposal is solving a problem that has already been solved and doesn't (currently, at least) need re-solving.
All that being said, I think this whole thing is a really nifty idea. I don't think it has a practical use, but it did make me stop and think. As an academic exercise, it's pretty durned neat.
The Siemens Gigasets are, as far as I'm concerned, the shit when it comes to cordless phones. I've had mine (two-line version w/o answering machine, and two handsets) for more than a year, and absolutely love it.
Hint: Replace the batteries that come with it with NiMH batteries from Radio Shack. I did this, and now I get some six hours of talk time on my phone, and several days of standby.
They're small, have belt clips, and have headphone jacks, meaning that I can just toss on a headset and wander around my house doing whatever, without having to worry about the phone at all. This feature should not be overlooked! I don't know if any of the other 'fancy' systems out there have headset jacks, but I couldn't live without mine.
I haven't had any problems with voice quality or interference, except when I run my microwave -- But this seems to be a problem with all 2.4GHz phones. The interference isn't so bad that I can't talk, but is definately noticable.
I also can't vouch for the quality of anything involving the models that include an answering machine. I'm a voicemail kind of person myself, so can't comment there.
This issue isn't quite as simple as the author of this article gives it credit for, I don't think. While I do agree that there's a problem here, I don't think the problem is quite what the author suggests.
I am a subscriber to bugtraq (isn't everyone?), and typically, when a vulnerability is found, one of three things happens:
Someone posts a working exploit, having not notified the vendor, or having not notified them about the problem at all, or in not enough time to actually fix the problem.
Someone posts a working exploit, having notified the vendor 6 months ago, and never having gotten a fix.
Someone posts a working exploit well after a vendor has posted a fix to the problem.
Unfortunately, #3 is the rarest of them all. Very seldomly do I see "SUN/RedHat/whoever released a fix for this last month, here's the actual bug.." More often I see "I found this bug" or "I notified them yesterday and haven't gotten a response back yet." Half the exploit-producers seem to be in the game so that they can be, as someone else here mentioned, "first to market" with their clever security exploit.
You'll notice a common element in my list: All of them contain the phrase "working exploit". Many, many of the "I found this bug" postings to bugtraq contain a fully functional script to demonstrate the problem -- A remote root exploit includes a script to (yes, that's right!) give you root on a box, remotely. All a cracker really needs to do is subscribe to bugtraq and wait, and the tools he needs to do his job show up in his lap. Sometimes, these are tools and exploits already found "in the wild," but just as often, they are not.
This, in particular, I have a problem with. In the vast majority of cases, it is possible to explain and demonstrate a security bug without having to ever make an exploit that actually works. One author, recently, posted a "proof of concept" exploit that required, among other things, a good working knowledge of PPC assembly to actually turn into an exploit. He demonstrated the security problem quite well, without giving "script kiddies" a tool they could use to break systems.
Now, granted, there are plenty of people who can take information about a vulnerability, and turn it into working code, and distribute it. These are the real hackers amongst the cracker crowd. But I don't think we need to be making the script kiddies' jobs easier by handing them working exploits on a silver platter.
Then again, these same "real hackers" are perfectly capable of finding these bugs on their own, so hiding an exploit from them (working or non) doesn't really gain you all that much.
I think that, overall, full disclosure is a very important thing -- That's "full disclosure" as in "give everyone the information they need to identify, demonstrate (if feasable), and fix security problems", not full disclosure as in "give away the farm by posting perfectly functional exploit code before you even tell the vendor". Disclosure of their dirty laundry to the world has goaded a number of vendors into fixing long-standing problems with their software. Without forums like Bugtraq, these problems would persist, with only the bad guys knowing anything about them.
The other advantage that full disclosure gives is the ability to discuss and learn from the mistakes of others. For example, there is currently a discussion happening on Bugtraq reguarding user-supplied (or otherwise variable) format strings for *printf-style commands and how they can be abused to give visibility into a (privileged or otherwise) process. Though a true solution may never be reached, I've seen more discussion on the topic in the past few days than I've seen on that topic in the entirety of the rest of my life, and that can't be bad. Discussions of this type pop up from time-to-time on bugtraq, and I'd dare say that anyone who cares to listen to them can find themselves writing more secure code very quickly.
Of course, there's also the downer: Most of the issues I see discussed on bugtraq nowadays are the same types of problems... that I saw discussed on bugtraq 5 years ago... Which are the same issues as those brought up by the Morris worm more than 10 years ago. Pity that we'll never learn. *sigh*
Re:Do you really mean WAP?
on
WAP Under Fire
·
· Score: 2
WAP is the protocol equivalent to HTTP. WML and HDML are the equivalent of HTML. When most people say their Web sites are "WAP compatible", what they mean to say is that they serve up "WML or HDML formatted content."
... except, unlike the HTTP spec, the WAP spec actually specifies WML and WMLScript as part of the specification. You can actually say that you are "WAP 1.1 compatable" and it means a fairly specific thing with reguards to overall capabilities -- Not just the communication protocol involved.
As for which thing people are complaining about, it looks like the main complaint right now is WML, though I can certainly see some other issues popping up in some of the protocols.
Damnit. Yet another needlessly inflamatory article on slashdot. It looks like someone's afraid of losing their ability to Napster on someone else's dollar, so they wrote this article in the most negative light possible.
The article, if you actually read it, is about technologies that are currently being developed, designed to allow those who pay for connectivity to control what that connectivity is used for.
I don't think anyone here can say that they don't feel that a company that pays thousands of dollars a month for a network connection has the right to control how it is used. Or a school. Or a shared business office.
It would be different if this article was saying that major ISPs (like Earthlink) were going to be using these technologies to stop their customer bases from using these "undesirable" tools, but the article didn't say anything of the sort.
End of the internet? I think not.
Say, I wonder if those tools can be configured block my access to slashdot anytime something this inflamatory was posted. Problem is, nowadays, that would mean that I would never be able to access slashdot.
much-maligned Pascal is a good language for learning structured programming, which makes it a good step towards C and then C++.
You imply here that knowing C is a good step towards knowing C++, and with this, I completely disagree. Though some of the basic syntax is the same, I don't believe that a functional programming language is a good introduction to an object-oriented programming language.
As a matter of fact, I think that learning Pascal or C before learning C++ (or another OO language) is more likely to hinder someone, than to help them! Using C++ well means using it in a totally and completely different manner than one uses C.
I know that I sure wish I learned C++ first -- I'd be a much better C++ programmer if I had!
Re:x86 is popular to hate, but not that bad really
on
Is The x86 Obsolete?
·
· Score: 1
Yes, it only takes a cycle or two to make the call, but then there's no hardware stack, so the return address has to be saved manually (usually two instructions to save it and two to restore) except for leaf functions. And then you may have to save 15 or more registers, at one instruction per, and restore them at the end of the routine. This all comes down to 20-40 instructions of overhead per subroutine. Is that progress?
Well, it wouldn't be progress, if your assertions were accurate. I'm not sure about any other RISC architecture, but I can sure as heck say that the Sparc architecture does not have this particular limitation. On a sparc, you almost never need to save your registers, and you almost never need to save your stack pointer.
The Sparc CPU is basically set up as a series of 'contexts' -- In reality, you have hundreds of registers, out of which you can see 24 (I think -- It's been a while since I've done sparc stuff) at once. You get 8 "in" registers, 8 "out" registers, and 8 "global" registers. The global registers stick around permenantly, but the others are all transient -- When you call a subroutine, all your "in" registers become "out" registers, all your "out" registers become inaccessable, and you get a brand new set of unused "in" registers. (I might have those backwards, but you get the idea). Since the stack pointer is in a register, it gets automagically saved when that set of registers gets shifted out of the way.
Returning from a subroutine is easy -- You just do the process in reverse, and your registers are all back the way they started. The whole thing takes just a couple of cycles.
The only time you need to actually save your registers are when either you run out of them (and there's a LOT of them), or when you need to context switch to a new process (which is expensive on ANY architecture).
[I apologize for the handwaving -- It's been years since I've done any sparc stuff -- But the jist of everything should be there.]
But Mattel _asks_ if you want it!
on
Mattel Spyware
·
· Score: 1
I recently installed another Mattel product -- Quicken Family Lawyer (no, I don't know why Mattel is making a Quicken product, but hey, go figure). During the install, I was told almost exactly what "Brodcast" did, and was given a choice whether or not to enable it. I said "no" and that was the end of it.
I can't say for certain that the children's software that this guy installed gave the user this choice, but I'm betting that it did, and he just flew right past it without reading what was in front of him.
This is really no worse than various other programs that ask "do you want to send information about your system configuration to us?" during the registration process. Still requires consent, still tells you what it's doing. Granted, having this type of thing on children's software may not be all that wise, but is it "spying" any worse than anything else that's prettymuch standard nowadays? I don't think so.
On a side note, I'm getting really tired of seeing these alarmist attitudes on slashdot. It seems that any article about something that is outside the rules set by the "slashdot community" (or linux community, *bsd community, or open source community) is always splattered across the slashdot homepage, spun in a heavilly unfavorable light.
I dare say if Debian has an optional package that every now and then sent them usage information, that the slashdot headline probably wouldn't read "Debian spyware." Call it a hunch.
Linux is not a known word at my school. I think one of the big reasons is, it's free.
... So why don't they do Linux when it's free? Star Office, when it's free?
I think there's a bigger reason that you're missing here: The purpose of school (theoretically) is to prepare students for "the real world." An ever-increasing part of "the real world" involves knowing how to use computers and accomplish many mundane tasks using them -- The kind of tasks that normal people do every day.
And, like it or not, the real world doesn't use Linux, and it doesn't use Star Office. The real world uses Windows 95 or 98, and Microsoft Office. Knowing how to use Linux and Star Office doesn't really help your average person know anything about the tools that they're going to be asked to use every day, when they get out into the world and work for one of the 99.9% or so of all companies that use Windows as their primary operating system. And no, an argument of "a word processor is a word processor, they're all the same" doesn't work for people in the real world!
I admit that it would be nice if Linux ruled the world, and perhaps some day it will. Until that time, though, I think any school that uses non-Windows boxes as their primary "general user" workstations is doing a poor job of preparing students for the real world.
Actually I'm lying, the real reason ActiveX is a bad idea is that it gives waaaay too much power to in-browser apps. Why would I want a plug in I download from a website (not an application or.exe mind you) have the ability to modify system files on my machine? At least Java browser apps work in a security sandbox and cannot affect system files.
But the power that ActiveX has is really no different than the power that any other plugin for any other browser has. Anyone that's ever downloaded a plugin for Netscape has put themselves in exactly the same danger that someone downloading an ActiveX control has put themselves in.
That's the thing that I don't get about people who complain about ActiveX -- In reality, downloading an ActiveX control is basically exactly the same as downloading a plugin, but incredibly more convenient.
I suppose the main problem will be people just clicking 'OK' when the 'Install ActiveX control?' dialog box pops up, no matter what site they're on -- But if that same site popped up a window saying "You need a plugin to view this site, click here to download," don't you think the exact same thing would happen? Is there a real difference?
Slashdot Mirror
WoW has _plenty_ of encounters that require quite a bit of intelligence and brainpower to overcome. No, they're not all like that, and I wouldn't want them to be.
The bots just exploit the simple mindless things, the things that no sane person would do over and over again for months on end. There's plenty else out there, the bots just don't touch it.
Odd. I've been running XP for five years or so now, and done numerous hardware upgrades, and the ONLY time I've ever had to re-activate my copy is when I replaced a motherboard (which ended up giving new ethernet controller, disk controllers, etc).
Beyond that I've added and removed memory, changed video cards, changed drives, added drives, and pretty much made the types of changes you'd expect a power user to make, and I've never had to reactivate. Ever. And that one time I did, it took me about ten seconds.
Thus, I'm afraid I'm going to have to call "bullshit" here.
And it's slow in more than one way, to boot. The machines themselves -- even for basic functions like withdrawing cash -- are slllloooooowwwwwww.
.. and they moved the 'ok' button from the lower right of the keypad (where it seems to be on every other ATM on the planet) to the upper right. Heh.
We have one at the local 7-11, I've used it a few times. There's several places during the transaction that you'll press an on-screen button, the button will briefly invert to indicate that it's been pressed, and then... nothing, for 5 or 6 seconds. Just sits there on the same screen, no longer responding to user input. Not even a "please wait" message -- just nothing at all.
SSH doesn't do the same thing Kerberos does. Kerberos provides for centralized authentication (ssh doesn't)... just having an authorized_keys file set up on every system you access is NOT the same as centralized authentication. It also provides for a number of other useful features that ssh just can't provide.
The difference, I suppose, is that they're equivilent in a small/home environment, but much different in an enterprise environment with many users and many hosts. On an enterprise scale, ssh alone just doesn't cut it.
2. Check to make sure you have the whole tag. If it's bigger than what you downloaded, download the rest of the tag.
3. Write to a temporary file
4. Run existing libraries and/or tools against temporary file
Solaris has actually supported the RENDER extension since the first or second maintenance release of Solaris 9... give yourself an upgrade and give it a try...
One thing to remember -- When you get right down to it, a camera is a light-proof box that holds some film, and that's it. When you press the shutter button, the camera doesn't matter anymore. Lens, film, and that's it.
With film cameras, as long as the camera has the features you really need (light meter, etc), your pictures aren't going to be made any better by getting a 'better' camera. 'Better' cameras have better autofocus, better film drive, more shots per second, and the like, but nothing that materially affects the actual pictures you take.
Lenses, on the other hand, make a big difference.
And artistic talent, the most difference.
If your NFS server rebooting, shutting down, or crashing causes any problem but temporarilly 'hung' clients, you have something wrong.
:)
NFS is explicitly designed to be stateless, precisely to allow it to function across server reboots, crashes, and other fun. If your clients are crashing, or getting back corrupted data, something is screwed up somewhere.
And, by the way, if you're getting corrupted data on a server crash, and the server is linux, you just had an object lesson on why it's bad that linux NFS defaults to async writes.
I seem to remember that (very) old ssh versions actually had this feature, but best I can tell, it's gone in newer (e.g. openssh) versions. Anyone have a clue why this is?
There's a lot of information about medications being tossed around here, so here's my $0.02, hopefully a bit better informed than some of the posts...
.. Ritalin (and derivatives, e.g. Concerta) and Adderal are popular for this. The stimulants don't really FIX the core cause (see below), but do help with a lot of the symptoms. There's nothing special about these particular stimulants, just about any will do (e.g. caffine), and indeed, a lot of ADHD sufferers self-medicate with caffine and the like. Prescription meds tend to be better, though, because they are available in sustained-release form, which means you don't have a lot of the up-and-down you'd get from trying to self-medicate with a quick-acting stimulant.
... and you may need to try several antidepressants before you find the right one for your chemistry. There's really no way to tell which antidepressant is right for you, so it's mostly trial and error. Fortunately, it's not hard to tell if an antidepressant is right for you -- They're typically either right for you, or make you rapidly miserable. It's REAL obvious when you're not on the right medication.
... very black and white. The stimulants will help you wake up, help your focus and jitteryness, and give you instant gratification. On the flip side of the coin, with the right antidepressant, you'll get up early in the morning, wide awake, and be awake for the entire day (without caffine or anything else), you'll think better (rather than just focussing better), fall asleep faster, sleep better, and generally feel much more human than just the stimulants will get you.
Disclaimer: I'm not a doctor, but I've been fighting this ADHD thing for my entire adult life, and have spent a lot of time on a lot of medications and talking to a lot of doctors. My current doctor is a 20+ year ADHD specialist (who I think rocks) from whom a lot of these opinions derive -- but they are opinions and only reflect my own research and experiences, so take with a large grain of salt.
So, in the drug world, there's basically two ways to combat ADHD: Stimulants, and antidepressants.
The most 'traditional' tratment for ADHD is stimulants
The other major (and, alas, not-well-known) treatment for ADHD is antidepressants. These address the core cause of ADHD -- a chemical imbalance in the brain. Desipramine, Welbutrin, Celexa, Strattera, and about a billion other medications fall into this category. Ultimately, they all do their job by adjusting the levels of various neurochemicals and getting them back in line with what your brain needs to actually function correctly. The biggest problems with the antidepressants are that they aren't very widely understood in the medical community, and that they aren't as instant-gratification as the stimulants. With a stimulant, you'll feel better the same day you take them (and only the same day you take them). With the antidepressants, changes are slower, and you have to take the meds every day (unless you enjoy withdrawal)
There's also a lot of stigmatism against antidepressants ("happy pills") in the world, even though most is unfounded. They don't make you artificially happy, they don't stop you from being able to be sad or unhappy, they just correct the chemical balance in the brain so that things like happiness and depression behave more normally.
Antidepressants are prescribed much less than stimulants, though I don't really know why. Part of the reason is probably because ADHD is always seen as a childrens' problem, and antidepressants aren't normally prescribed to children. Another part of the reason is probably that antidepressants are poorly understood in the medical community, and often require more ongoing care than just tossing someone some insta-gratifying ritalin.
The difference between stimulants and antidepressants is
The biggest challenge with the antidepressants is finding someone that will actually treat you with them (and treat you correctly).. and they're hard to find. If you're in the SF bay, you can email me for a reference to my (ADHD specialist) doctor, but beyond that... good luck! You'll need it!
I've been trying to post this "review" to Amazon for a couple of days, but there seems to be something wrong with their comment posting code. So here's MY experience with TurboTax 2002
[amazon posting starts here]
I won't reiterate many of the points made by other reviewers on amazon -- I'll just summarize the reviews as "good software, but the copy protection sucks".
I had the copy protection suck more than most. I dual boot WindowsXP and Linux, using the "GRUB" bootloader (which is currently used now by, among others, RedHat linux), and installing TurboTax 2002 made my entire computer unbootable! The activation code writes some information to the front of the harddrive (before the first partition), which overwrote my bootloader, which was already living there! (This may happen with other bootloaders as well... I've only tested with the one).
And fixing my system so it would boot again (by reinstalling the bootloader) produced a copy of TurboTax that a) thought it wasn't activated, and b) Thought that my productid had already been used "by another computer", so couldn't be re-activated.
Intuit did eventually give me another product ID that worked, after I spent several hours trying to explain the problem to tech support, and rebooting time and time again as the reps had me uninstall, reinstall, install in safe mode, install while standing on my head...
The software itself is OK (Though I still wish it could import from Quicken based on the "class" of the transactions), but I have the strong opinion that installing tax software should not render my computer unbootable!
You have to use Turtle Radio (http://www.turtleradio.com/) to configure which shoutcast/icecast streams the Audiotron knows about, but you can add in all your own stations. The Audiotron just downloads its station list when you power it on (or tell it to update). Turtle Radio is free, you just have to register to get the ID code that your Audiotron will use to talk to it.
Incidentally, the Audiotron is a great piece of hardware. The interface is well designed (as of 2.0, anyhow), it works really well, and the support is phenomenal. Voyetra/Turtle Beach pays a lot of attention to its user mailing list, and has implemented basically every feature that folks on the Audiotron mailing list have asked for. I bought mine a year ago, and haven't regretted it for a second.
This isn't really true. When you do a voice T1, this is true, but when doing data, you'll normally only lose 8kbit/sec to overhead (using ESF/B8ZS)... So rather than 1.544Mbit/s, you get 1.536Mbit/s.
Among others, Intel's server boards support this -- It requires a special client on the system you're doing the administration from, but you -can- do anything over the serial port.
I use a (I think) 440GX+ board. Damned nice board. Does this remote management, amongst its other nice features. Of course, you PAY for those features (~$600 for the board).
I really suggest these to anyone that needs an mp3 player in their stereo system. The sound quality is good, the interface is good, the support is stellar, the price is right... Since the new beta software has started coming out, I've had _no_ complaints of any type (in some 6 months of use).
Anyone who gets one of these should definately keep up with the mailing list (maillist.voyetra.com) and download the 1.9.xx beta software. A -lot- of user interface changes (for the (much) better) have gone into this newer software, along with a bunch of other nifty features.
Definately run right out and get one. They're great, they're cheap, and, well, they're great.
This solution doesn't address any of those issues -- and, to some degree, it complexifies them. Key management, for example, becomes even more complex.
For this to work, you have to have a secure way to transmit the "keys" that tell you what parts of the random bitstream to use. Presumably, this would still make use of traditional cryptography and traditional key exchange mechanisms. This means, that if someone can break your key exchange, they can break the rest of your message.
There is one thing that makes this more complicated: Once you crack the key exchange, you still need to have the random bitstream for the relevant period of time on disk somewhere to decrypt the actual message. In a poorly designed system, this might be easy -- As soon as an attacker sees a message (presumably the key exchange) cross the wire, record the message and start recording the random bit stream. Record for an hour or so, and then crack the key exchange at your leisure -- You'll have the random bitstream on file for the propper period of time when you're done.
This can be avoided by temporally seperating the key exchange from the actual random data being used -- Exchange keys today, get your random data for encrypting tomorrow. This complexifies key management, though -- You can build up a 'cache' of keys to use (since you have to exchange the keys well ahead of time), but what happens if you run out of ready-to-go keys?
There's also nothing that would keep a well-funded attacker from recording the entire random bitstream for as long as they desire -- At a gigabyte a second (how do you even GENERATE that much truly random data?), that's only 600TB a week -- Split that between 600 recording systems, and you have 1Tb/system/week, which is not too far beyond the real of feasability. (This can scale as large as you like, limited only by real estate and money).
Basically what this proposal would do is make it more expensive to perform a direct attack on the cryptography guarding a communication ... Which, when you think about it, is prettymuch the point of cryptography. To gain this, though, you must deploy a very expensive infrastructure and software that is potentially more complex than current cryptosystems. The benefit you get from this is negligable -- Modern cryptography is essentially unbreakable, so going from "essentially unbreakable" to "more essentially unbreakable" doesn't really help you. ("You're stupid to infinity" ... "You're stupid to infinity times two!").
The real problems (people, software, key exchange), the ones that are the security problems in the real world, aren't addressed at all. This proposal is solving a problem that has already been solved and doesn't (currently, at least) need re-solving.
All that being said, I think this whole thing is a really nifty idea. I don't think it has a practical use, but it did make me stop and think. As an academic exercise, it's pretty durned neat.
Hint: Replace the batteries that come with it with NiMH batteries from Radio Shack. I did this, and now I get some six hours of talk time on my phone, and several days of standby.
They're small, have belt clips, and have headphone jacks, meaning that I can just toss on a headset and wander around my house doing whatever, without having to worry about the phone at all. This feature should not be overlooked! I don't know if any of the other 'fancy' systems out there have headset jacks, but I couldn't live without mine.
I haven't had any problems with voice quality or interference, except when I run my microwave -- But this seems to be a problem with all 2.4GHz phones. The interference isn't so bad that I can't talk, but is definately noticable.
I also can't vouch for the quality of anything involving the models that include an answering machine. I'm a voicemail kind of person myself, so can't comment there.
Summary: They're great. Buy one. Buy several.
I am a subscriber to bugtraq (isn't everyone?), and typically, when a vulnerability is found, one of three things happens:
- Someone posts a working exploit, having not notified the vendor, or having not notified them about the problem at all, or in not enough time to actually fix the problem.
- Someone posts a working exploit, having notified the vendor 6 months ago, and never having gotten a fix.
- Someone posts a working exploit well after a vendor has posted a fix to the problem.
Unfortunately, #3 is the rarest of them all. Very seldomly do I see "SUN/RedHat/whoever released a fix for this last month, here's the actual bug.." More often I see "I found this bug" or "I notified them yesterday and haven't gotten a response back yet." Half the exploit-producers seem to be in the game so that they can be, as someone else here mentioned, "first to market" with their clever security exploit.You'll notice a common element in my list: All of them contain the phrase "working exploit". Many, many of the "I found this bug" postings to bugtraq contain a fully functional script to demonstrate the problem -- A remote root exploit includes a script to (yes, that's right!) give you root on a box, remotely. All a cracker really needs to do is subscribe to bugtraq and wait, and the tools he needs to do his job show up in his lap. Sometimes, these are tools and exploits already found "in the wild," but just as often, they are not.
This, in particular, I have a problem with. In the vast majority of cases, it is possible to explain and demonstrate a security bug without having to ever make an exploit that actually works. One author, recently, posted a "proof of concept" exploit that required, among other things, a good working knowledge of PPC assembly to actually turn into an exploit. He demonstrated the security problem quite well, without giving "script kiddies" a tool they could use to break systems.
Now, granted, there are plenty of people who can take information about a vulnerability, and turn it into working code, and distribute it. These are the real hackers amongst the cracker crowd. But I don't think we need to be making the script kiddies' jobs easier by handing them working exploits on a silver platter.
Then again, these same "real hackers" are perfectly capable of finding these bugs on their own, so hiding an exploit from them (working or non) doesn't really gain you all that much.
I think that, overall, full disclosure is a very important thing -- That's "full disclosure" as in "give everyone the information they need to identify, demonstrate (if feasable), and fix security problems", not full disclosure as in "give away the farm by posting perfectly functional exploit code before you even tell the vendor". Disclosure of their dirty laundry to the world has goaded a number of vendors into fixing long-standing problems with their software. Without forums like Bugtraq, these problems would persist, with only the bad guys knowing anything about them.
The other advantage that full disclosure gives is the ability to discuss and learn from the mistakes of others. For example, there is currently a discussion happening on Bugtraq reguarding user-supplied (or otherwise variable) format strings for *printf-style commands and how they can be abused to give visibility into a (privileged or otherwise) process. Though a true solution may never be reached, I've seen more discussion on the topic in the past few days than I've seen on that topic in the entirety of the rest of my life, and that can't be bad. Discussions of this type pop up from time-to-time on bugtraq, and I'd dare say that anyone who cares to listen to them can find themselves writing more secure code very quickly.
Of course, there's also the downer: Most of the issues I see discussed on bugtraq nowadays are the same types of problems ... that I saw discussed on bugtraq 5 years ago ... Which are the same issues as those brought up by the Morris worm more than 10 years ago. Pity that we'll never learn. *sigh*
As for which thing people are complaining about, it looks like the main complaint right now is WML, though I can certainly see some other issues popping up in some of the protocols.
The article, if you actually read it, is about technologies that are currently being developed, designed to allow those who pay for connectivity to control what that connectivity is used for.
I don't think anyone here can say that they don't feel that a company that pays thousands of dollars a month for a network connection has the right to control how it is used. Or a school. Or a shared business office.
It would be different if this article was saying that major ISPs (like Earthlink) were going to be using these technologies to stop their customer bases from using these "undesirable" tools, but the article didn't say anything of the sort.
End of the internet? I think not.
Say, I wonder if those tools can be configured block my access to slashdot anytime something this inflamatory was posted. Problem is, nowadays, that would mean that I would never be able to access slashdot.
You imply here that knowing C is a good step towards knowing C++, and with this, I completely disagree. Though some of the basic syntax is the same, I don't believe that a functional programming language is a good introduction to an object-oriented programming language.
As a matter of fact, I think that learning Pascal or C before learning C++ (or another OO language) is more likely to hinder someone, than to help them! Using C++ well means using it in a totally and completely different manner than one uses C.
I know that I sure wish I learned C++ first -- I'd be a much better C++ programmer if I had!
The Sparc CPU is basically set up as a series of 'contexts' -- In reality, you have hundreds of registers, out of which you can see 24 (I think -- It's been a while since I've done sparc stuff) at once. You get 8 "in" registers, 8 "out" registers, and 8 "global" registers. The global registers stick around permenantly, but the others are all transient -- When you call a subroutine, all your "in" registers become "out" registers, all your "out" registers become inaccessable, and you get a brand new set of unused "in" registers. (I might have those backwards, but you get the idea). Since the stack pointer is in a register, it gets automagically saved when that set of registers gets shifted out of the way.
Returning from a subroutine is easy -- You just do the process in reverse, and your registers are all back the way they started. The whole thing takes just a couple of cycles.
The only time you need to actually save your registers are when either you run out of them (and there's a LOT of them), or when you need to context switch to a new process (which is expensive on ANY architecture).
[I apologize for the handwaving -- It's been years since I've done any sparc stuff -- But the jist of everything should be there.]
I can't say for certain that the children's software that this guy installed gave the user this choice, but I'm betting that it did, and he just flew right past it without reading what was in front of him.
This is really no worse than various other programs that ask "do you want to send information about your system configuration to us?" during the registration process. Still requires consent, still tells you what it's doing. Granted, having this type of thing on children's software may not be all that wise, but is it "spying" any worse than anything else that's prettymuch standard nowadays? I don't think so.
On a side note, I'm getting really tired of seeing these alarmist attitudes on slashdot. It seems that any article about something that is outside the rules set by the "slashdot community" (or linux community, *bsd community, or open source community) is always splattered across the slashdot homepage, spun in a heavilly unfavorable light.
I dare say if Debian has an optional package that every now and then sent them usage information, that the slashdot headline probably wouldn't read "Debian spyware." Call it a hunch.
I think there's a bigger reason that you're missing here: The purpose of school (theoretically) is to prepare students for "the real world." An ever-increasing part of "the real world" involves knowing how to use computers and accomplish many mundane tasks using them -- The kind of tasks that normal people do every day.
And, like it or not, the real world doesn't use Linux, and it doesn't use Star Office. The real world uses Windows 95 or 98, and Microsoft Office. Knowing how to use Linux and Star Office doesn't really help your average person know anything about the tools that they're going to be asked to use every day, when they get out into the world and work for one of the 99.9% or so of all companies that use Windows as their primary operating system. And no, an argument of "a word processor is a word processor, they're all the same" doesn't work for people in the real world!
I admit that it would be nice if Linux ruled the world, and perhaps some day it will. Until that time, though, I think any school that uses non-Windows boxes as their primary "general user" workstations is doing a poor job of preparing students for the real world.
But the power that ActiveX has is really no different than the power that any other plugin for any other browser has. Anyone that's ever downloaded a plugin for Netscape has put themselves in exactly the same danger that someone downloading an ActiveX control has put themselves in.
That's the thing that I don't get about people who complain about ActiveX -- In reality, downloading an ActiveX control is basically exactly the same as downloading a plugin, but incredibly more convenient.
I suppose the main problem will be people just clicking 'OK' when the 'Install ActiveX control?' dialog box pops up, no matter what site they're on -- But if that same site popped up a window saying "You need a plugin to view this site, click here to download," don't you think the exact same thing would happen? Is there a real difference?