I decided to take a swipe at compiling this on x86_64, but the compiler is choking rather regularly with complaints about pointer to int casts of different size. The code seems to do a lot casts from pointers to int. For instance:
Emit4( (int )vm->dataBase );
but dataBase here is a pointer to a byte. It seems like he's probably trying to do something like this:
Emit4( *(int *)vm->dataBase );
Is the former line some sort of casting shortcut with the compiler that makes it do the right thing on x86 architecture, or am I missing something?
Can someone with more C-fu than I comment on this?
I've been sort of looking for a place to host online backups for some of my home machines. Anyone have recommendations of a cheap place that does this sort of thing? Preferably a place that can handle rsync...
I remember seeing a job posting a while back from Blizzard looking for Oracle DBA's, so I believe your speculation of them using Oracle on the backend is probably correct.
Most of the article seems to talk about changing the GPL to help defend free software against patent attacks.
I'm not sure if this will be possible. Defending against someone infringing on your copyright is easily done with a license (as the GPL currently does), but someone with a patent need not agree to anything before trying to sue to pants off of you.
Perhaps they plan to put a stipulation in the GPL that prevents you from suing others for software patent infringement if you use GPL software? If they do this, then it might give large companies a reason not to use GPL'ed software (not that I really care if they do. I'm just pointing out that they might rather keep their lawsuit possibilities open than use free software).
You can make it so that certain attributes are only visible when the SSF (security strength factor) is above a certain value (indicating an encrypted channel of relative strength).
See the slapd.conf documentation at the OpenLDAP site (esp. the section on access controls).
Wrong again! I'm not sure if you understand what kerberos does. Repeat after me:
kerberos is only for authentication
All it does is verify (securely) whether you are who you say you are. Everything else must be done with other mechanisms.
So you want to make sure that certain attributes are only visible over encrypted links? See the section on using the SSF parameter in your access controls in the
slapd.conf documentation
OpenLDAP is a very capable LDAP server. I've found very little that it can't do (with some research).
Is OpenLdap kerberized? (in other words, can you tie Kerberos security to permissions on the retrieval and setting of LDAP attributes?)
(hint: the answer is NO)
Sorry, but this is just plain wrong...
OpenLDAP fully supports kerberos authentication (and many other types) via Cyrus (and maybe GNU) SASL libraries.
They make money in my country (Canada) even with our price controls, otherwise they wouldn't bother shipping drugs here in the first place.
Certainly -- the parent poster already said that the money for most drugs is spent in R&D, and that later manufacturing costs are tiny in comparison.
But there is another factor here too. If they refused to sell to Canada, then the Canadian govt. might declare open season on their drug patent (which has to be openly viewable in order for doctors to understand and the US-FDA to certify the drug), citing a societal need for the lifesaving drug.
At least this way they get something for their investment rather than handing it over to the generics maufacturers.
The bottom line is -- the drug companies are often out for a large chunk of cash before a drug is ever brought to market, and they have to make that up somehow. If they can't spread the costs around evenly, then they'll make it up by gouging those that don't have price caps.
One post above was complaining that the Canadians don't want us (US'ians) buying their drugs since it drives up their prices, but we could just as easily make the counter argument that they should lift their price controls since we end up subsidizing their low drug prices.
Ahhh! Many thanks for pointing this out. I've had this problem for some time with my Debian box as well. The fix for Debian is to change the line in/etc/modprobe.d/aliases that reads:
alias net-pf-10 ipv6...to...
alias net-pf-10 off
and rebooting. Mozilla is back to being speedy again!
This does no good if someone builds the program on another machine and then copies it to your host. Limiting compiler access really doesn't help secure anything unless you also prevent anyone from transferring any files to the machine (which is quite impractical).
As an experienced SysAdmin, I'm kinda on the side of your prof. Packages give ease of installation of over many machines and (perhaps most importantly) proper tracking of files that are installed to prevent files from being overwritten, and to allow for uninstalls too. OTOH, building from sources gives you fine tuned control over what gets installed and where, and specific build options.
So, why not have the best of both worlds? Build your own packages! I use EPM to do it and it's a breeze. You can get EPM at:
I'm not religious about building everything from scratch, but I like being able to include my own default config files, as well as have control over what gets installed where (I mostly manage Solaris machines, but often build Linux packages too).
As a shameless self-plug here, I recently wrote an article for SysAdmin magazine on packaging with EPM. It's especially handy in multi-platform environments. If you want to see my article check out the Dec. 2003 issue of sysadmin mag:
What they hey, I'll give up my moderator access to reply to this one. I'd like to see more books that don't try to replace manpages, but put the technologies they are trying to describe into better context. Here's a short list of books I'd like to see:
* Replacing NIS with LDAP/Kerberos
* Implementing DHCP/DDNS with ISC DHCP and BIND
* Integrating Unix and Win2k with LDAP and Kerberos
Thats all I can think of for the moment, but you get the idea. I generally prefer reference books in electronic format, and more prose-oriented material in dead tree.
I just got home from work and saw the little light on my cable modem going nuts. I did tcpdump from my firewall box and I'm seeing MASSIVE amounts of arp traffic.
Perhaps I'll call roadrunner and see about a refund for the crappy bandwidth I'm getting tonight;-).
Who needs hammers? I was told that there are rocks to make you happy!
Seriously, I use awk and sed in shell scripts, but they can be a pain for complex tasks. Also, Perl's RE set is much more robust than that of awk and sed. Learn perl -- then complain about it.
I think the GUI admin tools such as this one are a great idea for the newbie, but why not take the opportunity to educate the user about what it is doing. Tools like linuxconf and SMIT tell the user exactly what they're going to do at the file level when a configuration change is made. IMHO, this is the best of both worlds -- newbies can get in and make changes, and if they want to learn whats being done under the hood, the info is available to them.
While rolling out 2500 workstations will be a task on its own, managing them day-to-day will take some intense planning.
I've seen people above advocating centralizing your user data, and making the boxes all cookie-cutter installs. Excellent advice.
Once you have them up and running, however the question becomes. "How do I make changes to the environment en-masse?".
Thats where GNU cfEngine comes in. It's a great tool for maintaining heterogeneous networks. You should consider implementing this on the rollout, as it will allow you some means to "push out" changes to all of the hosts.
Its a very powerful tool, so much forethought and planning is in order with it, but it pays off in the long run in being able to make changes to the machines in large chunks.
Slashdot Mirror
'Learn to change the oil or a tire on a car'
But what about the negative health effects of getting oil in my eyes, breathing exhaust fumes, or dropping the tire on my foot!?!?!
Emit4( (int )vm->dataBase );
but dataBase here is a pointer to a byte. It seems like he's probably trying to do something like this:
Emit4( *(int *)vm->dataBase );
Is the former line some sort of casting shortcut with the compiler that makes it do the right thing on x86 architecture, or am I missing something?
Can someone with more C-fu than I comment on this?
I've been sort of looking for a place to host online backups for some of my home machines. Anyone have recommendations of a cheap place that does this sort of thing? Preferably a place that can handle rsync...
I remember seeing a job posting a while back from Blizzard looking for Oracle DBA's, so I believe your speculation of them using Oracle on the backend is probably correct.
Ok, so what do we call people who break copy protection on computer software. Traditionally, (in the 80's) those were called crackers.
Most of the article seems to talk about changing the GPL to help defend free software against patent attacks.
I'm not sure if this will be possible. Defending against someone infringing on your copyright is easily done with a license (as the GPL currently does), but someone with a patent need not agree to anything before trying to sue to pants off of you.
Perhaps they plan to put a stipulation in the GPL that prevents you from suing others for software patent infringement if you use GPL software? If they do this, then it might give large companies a reason not to use GPL'ed software (not that I really care if they do. I'm just pointing out that they might rather keep their lawsuit possibilities open than use free software).
I'll be interested to see this draft...
Again, false...
You can make it so that certain attributes are only visible when the SSF (security strength factor) is above a certain value (indicating an encrypted channel of relative strength).
See the slapd.conf documentation at the OpenLDAP site (esp. the section on access controls).
kerberos is only for authentication
All it does is verify (securely) whether you are who you say you are. Everything else must be done with other mechanisms.
So you want to make sure that certain attributes are only visible over encrypted links? See the section on using the SSF parameter in your access controls in the slapd.conf documentation
OpenLDAP is a very capable LDAP server. I've found very little that it can't do (with some research).
OpenLDAP fully supports kerberos authentication (and many other types) via Cyrus (and maybe GNU) SASL libraries.
See the OpenLDAP SASL Instructions that document how to do it.
Never thought someone so anti-Bush would call him a genius...
Certainly -- the parent poster already said that the money for most drugs is spent in R&D, and that later manufacturing costs are tiny in comparison.
But there is another factor here too. If they refused to sell to Canada, then the Canadian govt. might declare open season on their drug patent (which has to be openly viewable in order for doctors to understand and the US-FDA to certify the drug), citing a societal need for the lifesaving drug.
At least this way they get something for their investment rather than handing it over to the generics maufacturers.
The bottom line is -- the drug companies are often out for a large chunk of cash before a drug is ever brought to market, and they have to make that up somehow. If they can't spread the costs around evenly, then they'll make it up by gouging those that don't have price caps.
One post above was complaining that the Canadians don't want us (US'ians) buying their drugs since it drives up their prices, but we could just as easily make the counter argument that they should lift their price controls since we end up subsidizing their low drug prices.
A poem attributed to my high-school environmental science teacher 15 years ago or so:
Every time I think about it,
it always makes me sadder,
to know that every drop of rain,
has been through someone's bladder.
Such legislation would likely be carefully crafted such that it would not help anyone else's.
Here are the (gruesome) details
Ahhh! Many thanks for pointing this out. I've had this problem for some time with my Debian box as well. The fix for Debian is to change the line in /etc/modprobe.d/aliases that reads:
...to...
alias net-pf-10 ipv6
alias net-pf-10 off
and rebooting. Mozilla is back to being speedy again!
This does no good if someone builds the program on another machine and then copies it to your host. Limiting compiler access really doesn't help secure anything unless you also prevent anyone from transferring any files to the machine (which is quite impractical).
As an experienced SysAdmin, I'm kinda on the side of your prof. Packages give ease of installation of over many machines and (perhaps most importantly) proper tracking of files that are installed to prevent files from being overwritten, and to allow for uninstalls too. OTOH, building from sources gives you fine tuned control over what gets installed and where, and specific build options.
So, why not have the best of both worlds? Build your own packages! I use EPM to do it and it's a breeze. You can get EPM at:
http://www.easysw.com/epm/
I'm not religious about building everything from scratch, but I like being able to include my own default config files, as well as have control over what gets installed where (I mostly manage Solaris machines, but often build Linux packages too).
As a shameless self-plug here, I recently wrote an article for SysAdmin magazine on packaging with EPM. It's especially handy in multi-platform environments. If you want to see my article check out the Dec. 2003 issue of sysadmin mag:
http://www.samag.com/articles/2003/0312/
It's standard business practice to countersue when someone sues your company. The merits of the case have very little to do with it.
Nothing to see here, move along...
Anyone know if Linux supports these devices? Does the USB variety just look like a regular old Communications Class USB device?
What they hey, I'll give up my moderator access to reply to this one. I'd like to see more books that don't try to replace manpages, but put the technologies they are trying to describe into better context. Here's a short list of books I'd like to see:
* Replacing NIS with LDAP/Kerberos
* Implementing DHCP/DDNS with ISC DHCP and BIND
* Integrating Unix and Win2k with LDAP and Kerberos
Thats all I can think of for the moment, but you get the idea. I generally prefer reference books in electronic format, and more prose-oriented material in dead tree.
Woot!
I just got home from work and saw the little light on my cable modem going nuts. I did tcpdump from my firewall box and I'm seeing MASSIVE amounts of arp traffic.
;-).
Perhaps I'll call roadrunner and see about a refund for the crappy bandwidth I'm getting tonight
Who needs hammers? I was told that there are rocks to make you happy!
Seriously, I use awk and sed in shell scripts, but they can be a pain for complex tasks. Also, Perl's RE set is much more robust than that of awk and sed. Learn perl -- then complain about it.
I think the GUI admin tools such as this one are a great idea for the newbie, but why not take the opportunity to educate the user about what it is doing. Tools like linuxconf and SMIT tell the user exactly what they're going to do at the file level when a configuration change is made. IMHO, this is the best of both worlds -- newbies can get in and make changes, and if they want to learn whats being done under the hood, the info is available to them.
I've seen people above advocating centralizing your user data, and making the boxes all cookie-cutter installs. Excellent advice.
Once you have them up and running, however the question becomes. "How do I make changes to the environment en-masse?".
Thats where GNU cfEngine comes in. It's a great tool for maintaining heterogeneous networks. You should consider implementing this on the rollout, as it will allow you some means to "push out" changes to all of the hosts.
Check out:
http://www.iu.hioslo.no/cfengine/
Its a very powerful tool, so much forethought and planning is in order with it, but it pays off in the long run in being able to make changes to the machines in large chunks.
-- PoochieReds
This is spiffy and all, but I'd like to get a hold of a G4 board that'll go in an ATX case. Does anyone make such a beast (besides Apple)?