> What you need is a ulibc distribution that is designed for virtualization > utilizing a KVM kernel and a uclibc user land based on debian.
I don't know if this is what you're looking for, but Alpine Linux http://alpinelinux.org/ is a strong candidate. It's uclibc-based, and runs on busybox's utilities, which is yet another simplification. It'll even run using busybox's mdev instead of udev. That's assuming you don't run some braindead "desktop environment" which depends directly on udev, or evdev, which in turn depends on udev. That rules out GNOME and XFCE
Gentoo http://www.gentoo.org/ can be coerced to a minimal, text-only glibc build, via judicious use of the USE flags. This includes replacing udev with mdev. Again, avoid the flashy "desktop environments". If you want to really go barebones, it has an "embedded", uclibc-based option. For experts only.
1) In North America the internet robber-barons have imposed monthly usage caps (i.e. max amount of gigbytes of internet usage). Uploading+downloading stuff to run the "Cloud Computer" model will go through your monthly usage quota in no time flat.
ANI is more robust http://en.wikipedia.org/wiki/Automatic_number_identification It was originally designed to automate billing, so it was designed not to be easily spoofed. Problem is that ANI is a lot more expensive than CID, and is not normally offered on residential lines.
They call it "ecosystem", but "Walled Garden" or "Prison" is a more apt term. They're not selling hardware; they're selling a gift-that-keeps-on-giving... to the seller. An Iphone (that isn't jailbroken) can only buy apps from Apple's approved store, with Apple getting its 30% cut. MS and Google and FB etc, etc want in on that scheme.
> Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some > of us DO, and we'd like to be able to use these sorts of services without proprietary > plugins like Silverlight dictating what operating systems we can use it on.
WRONG WRONG WRONG. So much fail... the EME standard hooks will enable *BINARY BLOBS* to hook into your OS. That makes the binary blob OS-specific. As I said in another post, this is basically adding Active-X to every browser. We all know how well that worked on IE... NOT!
EME is proposed as an API, allowing "binary blobs" to execute. That's ***EXACTLY*** what Active-X does in Internet Explorer. Just like Active-X, the binary blobs won't be a complete stand-alone OS. Instead, they'll hook into your operating system, with high privileges. That means that the binary blobs will be OS-specific.
I can see compromised websites popping up with requests to load codec-XXX to "See Sexy Suzy Stripping". And there'll be a lot of idiots who'll fall for it.
> Most Facebook users have embarrassing comments or status updates > hidden in the depths of their social network profile --- long forgotten > but not gone. So why not tidy up a little with the new FaceWash Web app?
> The service, which is geared primarily toward recent college graduates, aims > to delete your seedy Facebook history before you enter the professional world.
The reason people want to get away from what we have now is because it's not what we had 30 years ago. When I first won a promotion to a technical job in our HQ in 1985 we actually had offices. I retired a couple of years ago (get off my lawn kid). By that time only mid-level and higher managers had offices. Us peons were crammed into cube farms. And, oh yeah, there were reviews under way trying to figure out how to cram more cubes into the same space. Obligatory Dilbert http://dilbert.com/strips/comic/1996-09-15/ Give people real offices, and they might not mind.
Let's say someone has a website http//www.good.example.com, and want http//ads.doubleclick.net to get past this filter. Assuming they control their own DNS, they simply need to set up a CNAME www.bad.example.com that points to ads.doubleclick.net. Voila, the ads.doubleclick.net server shows up on the same domain as www.good.example.com.
> In the 1990's, radio stations used to play sounds like dogs barking > or wolves howling over whatever music track was being played. Just to > deter anyone using a boombox radio with combined cassette tape recorder.
Earlier in the 60's and 70's they had "Boss Jocks". The DJ's basically had verbal diahrea, and kept yakking almost nonstop, including over the beginning+end of a record.
"HEY THERE EVERYBODY, THIS HERE IS YOUR FRIENDLY NEIGHBOURHOOD F***HEAD JACK, COMIN AT YA WITH MUCH MORE YAK".
> First the undead rise from their graves. Then the establishment covers it > up. And it's not a coincidence that there are shortages and limits on ammo.
Chinese infiltrators in the US government want zombies to survive, so that they can be enslaved into preparing food at Chinese restaurants... the project codename is "Dead Men Wokking".
> Having support for both is not hard. OSX does it, Windows > does it, Linux should do it natively without any tinkering.
lilo and GRUB both support booting on UEFI. The problem is that MS is using its monopoly power to force manufacturers of ARM-based PCs to lock down UEFI to only boot with a bootloader signed by MS.
> If we're lucky, it'll force the rock stupid ISP's to roll out IPv6 world wide. That > would fix the god damn problem the fastest and solve the problem if address > exhaustion we're already facing. Get all of us home users off IPv4 and onto > IPv6 with the damn modems actually supporting multiple IPv6 addresses.
How does that address the problem? What makes you think that brand new barely-tested IPV6 firmware would be any more secure than older patched IPV4 firmware?
Why?!? UPNP should only be necessary for running servers. If you want to host a game server or ftp server or web server, port-forward the appropriate port(s) on your NATing router. Hopefully, you have some basic understanding of the security implications.
What I don't understand is how UPNP got accepted as a protocol. Why are some apps so braindead that clients need UPNP? TFA mentions "smart TVs, IP cameras, printers, media servers and routers to name a few". An ordinary PC can subscribe to Netflix without UPNP. Why does a "smart TV" need to be "discoverable" from outside? Why The F*** would I (or 99% of users) want to have my router/TV/printer/etc "discoverable" from the outside?
Bittorrent is both client and server. A user who doesn't have a clue about securely running a server has no business running bittorrent.
>You can block Facebook at the firewall if you > use the ASN to look up all the nets involved. > >/usr/bin/whois -h whois.radb.net '!gAS32934' | tr ' ' '\n'
> From there you can munge the list of nets into a list of firewall rules > and add them to your firewall. No more tracking by Facebook.
The output is scary, but only because of duplications, and subnets being listed separately. The IPV4 output can be summarized into 9 CIDR address ranges for use in iptables...
> The Ribbon has been my UI experience from Hell, and now I see what so many > long-time users hate about UI change: if any particular UI (I suppose I should > qualify that as "adequately functional") has been assimilated into their work > habits, do NOT mess with that, and waste their productive time with change, > unless a Hell of a case can be made for quantum leaps in productivity, > and only with reasonable effort in a reasonable amount of time - however the > vict... er, user defines those. And it better not change again for a long time > - we have work to do, so get off my desktop, kids!
BINGO! I use ICEWM on my linux machines. It does its job and then gets out of the way. Yes, there was a bit of a learning curve the first couple of months, but that was it. I've been productive for years. With Windows, it's every new release. And in the case of KDE/GNOME, it's more often than they change their underwear.
> Let's say you have three PCs in your little link-local LAN: > fatfreddy, phineas, and franklin. You can use these fine > hostnames over IPv6 as easy as pie. You'll make identical > entries in the/etc/hosts file of each PC, like this: > > fe80::20b:6aff:feef:7e8d fatfreddy > fe80::221:97ff:feed:ef01 phineas > fe80::3f1:4baf:a7dd:ba4f franklin > > Now you can ping6 by hostname: > > $ ping6 -I eth0 phineas > PING phineas(phineas) from fe80::221:97ff:feed:ef01 eth0: 56 data bytes > 64 bytes from phineas: icmp_seq=1 ttl=64 time=17.3 ms
A few years ago, kids assumed that "what happens on Facebook stays on Facebook". This emboldened kids to post stuff they wouldn't normally say in public. That's no longer true. Moms and dads and grandparents and employers are on FB and demanding to be friended. Hiring managers not only scan public profiles, they demand paswords to see the private stuff. The response is to fake up public profiles http://yro.slashdot.org/story/08/02/01/1618215/online-reputation-management-to-keep-your-nose-clean
Facebook stupidity will filter out the bottom of the barrel out of the job market. But expect to see more and more bland conformist "employment-friendly" profiles that don't really reflect the person. Smart kids will go back to texting/phoning/email for real communications.
For any but the most trivial apps it's write once and run anywhere that you have Java 1.2.3.4.5. Not Java 1.2.3.4.4 or Java 1.2.3.4.6, but only Java 1.2.3.4.5. That's why you see so many machines with Java versions with known exploits. Because so many apps won't run with with newer versions of Java.
Can you imagine the howls of outrage if every 2nd "Microsoft Patch Tuesday", Access or Word or Excel stopped working? And you had to keep the security patch off your machine if you wanted all your expensive software to keep working? That's what's effectively happening in Java.
On the other hand, write code in C/C++ and it'll run on a dozen years worth of Windows machines from Win2K through WinXP through Vista through Win7. Throw in some #ifdef statements, and you can build your C/C++ app for Mac and Linux as well.
Slashdot Mirror
> What you need is a ulibc distribution that is designed for virtualization
> utilizing a KVM kernel and a uclibc user land based on debian.
I don't know if this is what you're looking for, but Alpine Linux http://alpinelinux.org/ is a strong candidate. It's uclibc-based, and runs on busybox's utilities, which is yet another simplification. It'll even run using busybox's mdev instead of udev. That's assuming you don't run some braindead "desktop environment" which depends directly on udev, or evdev, which in turn depends on udev. That rules out GNOME and XFCE
Gentoo http://www.gentoo.org/ can be coerced to a minimal, text-only glibc build, via judicious use of the USE flags. This includes replacing udev with mdev. Again, avoid the flashy "desktop environments". If you want to really go barebones, it has an "embedded", uclibc-based option. For experts only.
> Please describe the abuse of monopoly power that you accuse Apple of doing.
Ask and ye shall receive.
> Now in the MS days, MS persuaded, threatened, and outright bribed OEMs not to install Netscape.
Apple bans non-webkit browsers in their app-store... period... end of story. That's why there's no Firefox for non-jailbroken Ipads... http://forums.appleinsider.com/t/156392/mozilla-firefox-not-coming-to-iphone-ipad-until-apple-relaxes-ios-browser-rules
1) In North America the internet robber-barons have imposed monthly usage caps (i.e. max amount of gigbytes of internet usage). Uploading+downloading stuff to run the "Cloud Computer" model will go through your monthly usage quota in no time flat.
2) With all your data on a PC (and backups on USB drives), identity theft won't steal or wipe your data. However, if your data is in the cloud, identity theft can destroy your data http://apple.slashdot.org/story/12/08/07/0250248/how-apple-and-amazon-security-flaws-led-to-mat-honans-identity-theft The moral of the story is to back up your data locally. Offsite backup doesn't hurt either.
> Still, sorry to hear CID is only an option instead of a standard, included
> feature in the UK. That's a pretty shitty rip-off. A bit amusing too.
CID (aka CLID) is a joke. It can easily be forged/faked by even a basic PBX. http://en.wikipedia.org/wiki/Caller_ID_spoofing
ANI is more robust http://en.wikipedia.org/wiki/Automatic_number_identification It was originally designed to automate billing, so it was designed not to be easily spoofed. Problem is that ANI is a lot more expensive than CID, and is not normally offered on residential lines.
They call it "ecosystem", but "Walled Garden" or "Prison" is a more apt term. They're not selling hardware; they're selling a gift-that-keeps-on-giving... to the seller. An Iphone (that isn't jailbroken) can only buy apps from Apple's approved store, with Apple getting its 30% cut. MS and Google and FB etc, etc want in on that scheme.
> Or Kim Jong-Il
That's an old article from 2009. Back then Kim Jong was ill. Today he's dead.
> Look, I don't care if YOU don't want to use DRM'd services like Netflix, but some
> of us DO, and we'd like to be able to use these sorts of services without proprietary
> plugins like Silverlight dictating what operating systems we can use it on.
WRONG WRONG WRONG. So much fail... the EME standard hooks will enable *BINARY BLOBS* to hook into your OS. That makes the binary blob OS-specific. As I said in another post, this is basically adding Active-X to every browser. We all know how well that worked on IE... NOT!
EME is proposed as an API, allowing "binary blobs" to execute. That's ***EXACTLY*** what Active-X does in Internet Explorer. Just like Active-X, the binary blobs won't be a complete stand-alone OS. Instead, they'll hook into your operating system, with high privileges. That means that the binary blobs will be OS-specific.
I can see compromised websites popping up with requests to load codec-XXX to "See Sexy Suzy Stripping". And there'll be a lot of idiots who'll fall for it.
Maybe great minds think alike http://www.pcmag.com/article2/0,2817,2414591,00.asp
> Most Facebook users have embarrassing comments or status updates
> hidden in the depths of their social network profile --- long forgotten
> but not gone. So why not tidy up a little with the new FaceWash Web app?
> The service, which is geared primarily toward recent college graduates, aims
> to delete your seedy Facebook history before you enter the professional world.
Actually, I use /var/lib/iptables with the following ranges blocked...
31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22
The reason people want to get away from what we have now is because it's not what we had 30 years ago. When I first won a promotion to a technical job in our HQ in 1985 we actually had offices. I retired a couple of years ago (get off my lawn kid). By that time only mid-level and higher managers had offices. Us peons were crammed into cube farms. And, oh yeah, there were reviews under way trying to figure out how to cram more cubes into the same space. Obligatory Dilbert http://dilbert.com/strips/comic/1996-09-15/ Give people real offices, and they might not mind.
I hate to rain on your parade, but...
Let's say someone has a website http //www.good.example.com, and want http //ads.doubleclick.net to get past this filter. Assuming they control their own DNS, they simply need to set up a CNAME www.bad.example.com that points to ads.doubleclick.net. Voila, the ads.doubleclick.net server shows up on the same domain as www.good.example.com.
> One would think we might as well just load them all
> on a ship and send them off to another planet then.
While were at it, put all middle-managers and cellphone anti-virus publishers on that spaceship, too.
> In the 1990's, radio stations used to play sounds like dogs barking
> or wolves howling over whatever music track was being played. Just to
> deter anyone using a boombox radio with combined cassette tape recorder.
Earlier in the 60's and 70's they had "Boss Jocks". The DJ's basically had verbal diahrea, and kept yakking almost nonstop, including over the beginning+end of a record.
"HEY THERE EVERYBODY, THIS HERE IS YOUR FRIENDLY NEIGHBOURHOOD F***HEAD JACK, COMIN AT YA WITH MUCH MORE YAK".
> But if you plug your tablet to a keyboard / mouse, the
> apps switch to desktop mode. That seems really nice.
You're assuming that Unity is a functional "desktop mode". A lot of people disagree with you.
> First the undead rise from their graves. Then the establishment covers it
> up. And it's not a coincidence that there are shortages and limits on ammo.
Chinese infiltrators in the US government want zombies to survive, so that they can be enslaved into preparing food at Chinese restaurants... the project codename is "Dead Men Wokking".
A more complete list (but not guaranteed 100% complete) follows...
31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22
> Having support for both is not hard. OSX does it, Windows
> does it, Linux should do it natively without any tinkering.
lilo and GRUB both support booting on UEFI. The problem is that MS is using its monopoly power to force manufacturers of ARM-based PCs to lock down UEFI to only boot with a bootloader signed by MS.
> If we're lucky, it'll force the rock stupid ISP's to roll out IPv6 world wide. That
> would fix the god damn problem the fastest and solve the problem if address
> exhaustion we're already facing. Get all of us home users off IPv4 and onto
> IPv6 with the damn modems actually supporting multiple IPv6 addresses.
How does that address the problem? What makes you think that brand new barely-tested IPV6 firmware would be any more secure than older patched IPV4 firmware?
Why?!? UPNP should only be necessary for running servers. If you want to host a game server or ftp server or web server, port-forward the appropriate port(s) on your NATing router. Hopefully, you have some basic understanding of the security implications.
What I don't understand is how UPNP got accepted as a protocol. Why are some apps so braindead that clients need UPNP? TFA mentions "smart TVs, IP cameras, printers, media servers and routers to name a few". An ordinary PC can subscribe to Netflix without UPNP. Why does a "smart TV" need to be "discoverable" from outside? Why The F*** would I (or 99% of users) want to have my router/TV/printer/etc "discoverable" from the outside?
Bittorrent is both client and server. A user who doesn't have a clue about securely running a server has no business running bittorrent.
>You can block Facebook at the firewall if you /usr/bin/whois -h whois.radb.net '!gAS32934' | tr ' ' '\n'
> use the ASN to look up all the nets involved.
>
>
> From there you can munge the list of nets into a list of firewall rules
> and add them to your firewall. No more tracking by Facebook.
The output is scary, but only because of duplications, and subnets being listed separately. The IPV4 output can be summarized into 9 CIDR address ranges for use in iptables...
31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22
I wanted to list the summaries of whois output for each block. Unfortunately, that triggered Slashdot's "lame filter".
> The Ribbon has been my UI experience from Hell, and now I see what so many
> long-time users hate about UI change: if any particular UI (I suppose I should
> qualify that as "adequately functional") has been assimilated into their work
> habits, do NOT mess with that, and waste their productive time with change,
> unless a Hell of a case can be made for quantum leaps in productivity,
> and only with reasonable effort in a reasonable amount of time - however the
> vict... er, user defines those. And it better not change again for a long time
> - we have work to do, so get off my desktop, kids!
BINGO! I use ICEWM on my linux machines. It does its job and then gets out of the way. Yes, there was a bit of a learning curve the first couple of months, but that was it. I've been productive for years. With Windows, it's every new release. And in the case of KDE/GNOME, it's more often than they change their underwear.
> There is a pretty hard core attitude shift in ipv6 that thou shalt not
> static assign addresses. Dynamic / multicast DNS to the rescue, etc.
Idiot internet hippies... sigh. The way around that is to assign fixed IPV6 link-local addresses in your hosts file. See https://www.linux.com/learn/tutorials/428331-ipv6-crash-course-for-linux
> Let's say you have three PCs in your little link-local LAN: /etc/hosts file of each PC, like this:
> fatfreddy, phineas, and franklin. You can use these fine
> hostnames over IPv6 as easy as pie. You'll make identical
> entries in the
>
> fe80::20b:6aff:feef:7e8d fatfreddy
> fe80::221:97ff:feed:ef01 phineas
> fe80::3f1:4baf:a7dd:ba4f franklin
>
> Now you can ping6 by hostname:
>
> $ ping6 -I eth0 phineas
> PING phineas(phineas) from fe80::221:97ff:feed:ef01 eth0: 56 data bytes
> 64 bytes from phineas: icmp_seq=1 ttl=64 time=17.3 ms
A few years ago, kids assumed that "what happens on Facebook stays on Facebook". This emboldened kids to post stuff they wouldn't normally say in public. That's no longer true. Moms and dads and grandparents and employers are on FB and demanding to be friended. Hiring managers not only scan public profiles, they demand paswords to see the private stuff. The response is to fake up public profiles http://yro.slashdot.org/story/08/02/01/1618215/online-reputation-management-to-keep-your-nose-clean
Facebook stupidity will filter out the bottom of the barrel out of the job market. But expect to see more and more bland conformist "employment-friendly" profiles that don't really reflect the person. Smart kids will go back to texting/phoning/email for real communications.
For any but the most trivial apps it's write once and run anywhere that you have Java 1.2.3.4.5. Not Java 1.2.3.4.4 or Java 1.2.3.4.6, but only Java 1.2.3.4.5. That's why you see so many machines with Java versions with known exploits. Because so many apps won't run with with newer versions of Java.
Can you imagine the howls of outrage if every 2nd "Microsoft Patch Tuesday", Access or Word or Excel stopped working? And you had to keep the security patch off your machine if you wanted all your expensive software to keep working? That's what's effectively happening in Java.
On the other hand, write code in C/C++ and it'll run on a dozen years worth of Windows machines from Win2K through WinXP through Vista through Win7. Throw in some #ifdef statements, and you can build your C/C++ app for Mac and Linux as well.