Actually, no.:) I'm just telling the truth. I don't get into the Linux v BSD argument at all, as I run an Open Source company ( http://www.oss-solutions.com/ ), and Linux has a few things I really, really like - such as the md raid driver and LVM (which blow away vinum/gvinum...no contest!), but overall structure I just prefer FreeBSD.
I'm growing a bit impatient with Apple as of late. They do some things in the background that I just don't appreciate. Just to name a couple - if you go to set up Kerberos on the server version, you never get prompted to set up the master password, and when it comes time to set up non-apple replicas, you're left holding the bags. Took me a week to figure out a way around it and document it! Ugh.
Another is the fact that they hide the password hashes from root. In linux, you have/etc/passwd+shadow, and on FreeBSD you have/etc/passwd and/etc/master.passwd. On either of those systems, as root I can take that shadow file, and migrate users to another box - sometimes I have to run some regexes to re-arrange data, but moving users is trivial. If you look into the documentation though, you find that OpenDirectory and even your typical mac laptop has that password hash obscured, so even though you *can* move the user, you'll lose the users' passwords. That's just not acceptable to me. You can force an ldap entry that reads authAuthority -;basic;, but to be honest I'm not sure how it reacts to this if you're using authAuthority Kerberosv5 or authAuthority ApplePasswordServer.:\
The reason is that by exporting directly into Windows, you lose the #1 biggest advantage of this setup, with is LVM. In the install docs, it says to create your initial LV's to be only slightly larger than you need them, so I have actually only used about 200GB of my 7.5TB array right now. The reason is that you can always easily grow an LV, but shrinking, though may work, runs the risk of data loss. Under windows, you would have to format to the size you're going to use and that's that. I guess you *could* try using Partition Magic or similar, but...um...no.:P If you use Gigabit Ethernet, it's going to be plenty fast either way.
What amazes me is all the talk of iSCSI, but almost no mention of AoE (ATA over Ethernet).
What you have is a box that exports block devices out over layer 2. Another devices loads it as a block device, and can now treat it in whatever fashion it could deal with any other block device, so for example I have 2 "shelves" of Serial ATA drives going. I have a third box that I could either load linux on, using md to create raid sets, or what I've actually done is used the hardware on each of the two shelves, created a raid5 set on each, then used md to create a raid1 set out of the two raid5's. I then take my spankin' new md0 device which is huge for my needs (7.5TB), use LVM to create a volume group (called 'office' for me) and that creates/dev/office. Then I create several lv's (logical volumes) of arbitrary size beneath *that*. So I have/dev/office/home,/dev/office/mp3,/dev/office/blah, etc.
Now you can format those lv's like any other partition/slice. I've used xfs on all of mine, but you could use ext2/3 if you really wanted.
Funny. I thought being a model student was about going to school to learn. I don't care about the GPA. They haven't been into any kind of (serious) trouble prior, they go to school, behave (more or less) and then go home. IMHO, a model student does NOT mean straight A's, although the two tend to go hand-in-hand, that is no guarantee.
As the posters say: "Not everyone gets to be an astronaut.", and it's true. Regardless of effort, some people simply aren't as smart as others. No reason to rake them over the coals over it though. If poor grades aren't due to a lack of effort, I have no issue with them.
More to the point - when dealing with storage media, you really shouldn't have to be thinking encryption. What we see right now is idiocy. With exception of niche applications (DOD type stuff), encryption will be a software thing. I shouldn't have to worry when buying a hard drive whether my mainboard supports DRM type a, b, or c. Floppies, CDR's that were DRM'ed would have tanked. Now DVD's....well, but the time most of us were in a position to care, it had been cracked. Right out of the gate however, here we are with the Hi-Def formats.
I don't blame the suits on the DRM issue here. What's apple going to do, not support ANY hi-def optical formats? They have to pick at least one. The option of not speaking a preference would indeed be best, but for Disney...they had to cowtow to their partners. Anyone who's in business knows that's how it works. This isn't a "we hate DRM", "we love DRM" about-face. This is Apple having a vested interest in a hardware platform and "asking" their partners for support. That's not so unusual.
No, my blame goes to those who are responsible for pushing DRM out there so hard and heavy. I think you can come up with a pair of 4 letters that do the trick nicely here.
Actually, the inability for the small guy to get an IPv6 allocation from ARIN is more than a bit annoying. I was willing to pick up a block of IPv6 addresses to built out my data center on, and then use IPv4 tunnelling where required. I couldn't get an allocation unless I had enough customers to use a full (IPv6)/32, which of course I don't. We're just starting out, so they basically force the little guy to use IPv4, and then do a migration later. This is LAME. They don't even charge for IPv6 allocations, so far as I can tell there's a monetary sub-motive here to squeeze as much money out of IPv4 as they can, and if you're big enough, they'll let you have IPv6 for free. If you're too small, either buy an IPv4 block, or go buy an IPv6 block from one of the big guys that got it for free.:\
There are vulnerabilities out there, but to anyone who bothers to take the time to learn a variant of Unix, yes, there is some measure of security because no one bothers to hack, but far more is it possible that a properly done distro is going to be better than a Windows pre-install any day of the week. If I am forced to do a Windows install, I do a clean install on the box (if at all possible, sometimes not because there's no CD key to match a full installer disk, and if that's the case, spend an hour or so uninstalling crap), install clamwin, install ad-aware, install spybot, install Hijack-This, lock down each, revoke admin privs from default user (HP, I'm looking at you...), install Firefox, install Adblock (and element-hiding helper), Flashblock, NoScript. Hide or remove any or all references to IE.
Even then I wind up getting calls about spyware. It drives me batty. I won't install Windows unless forced, and in my data center I make people sign a labor-waiver if they insist on using a Windows dedicated server instead of FreeBSD (our OS of choice there). I usually get some dirty looks, and politely explain that people who want Windows on their server tend to not *really* know how to manage a Windows server, and as a result we get more support calls, and inevitably we have break-ins (anon FTP for example, with locked directories...one of my "favorites"), spyware or virus.
I have managed to keep this type of stuff to a minimum by telling customers that all public ports to their gear is off by default. They can vpn in to get to everything, but if they want a port to be publicly accessible, they need to submit a trouble ticket, and we'll open it, IF it's a reasonable request. SQL ports are off limits. Use VPN. If that's not possible, specify the IP that will be connecting, etc. Still...ugh.
No. Things would not be different in the monopolistic arena more than likely. There would likely STILL be a dominant OS vendor, but I think the security landscape would be far different, perhaps far more advanced would the hacks be, and you would have to be more savvy to execute them. Just MHO...
On desktops, I run myself and have administered studios of Macs 24/7 (at least 50 machine years or more) and I've seen no malware of any description since the 1980s. How's your Windows experience compare with that, numbskull?
Now, just for further clarity - if your character gets sent to virtual prison, for virtual rape, once in prison your character will be....getting a dose of it's own medicine from Bubba and the gang.:P
Well, in an attempt to NOT be cynical...at least Visa would have plenty of experience on the topic. Just because they are a huge, near-monopolistic entity doesn't mean they would be inept at choosing security. Granted, it's a pretty lame way to choose, but you have to admit, if anyone has experience on the subject...
I googled a bit on what you said. I went looking a while back for a solution that would allow me to put either RFID or biometric data into LDAP and then have biometric scanners at each door (fingerprint probably).
I'm finding it difficult to find a solution. Once upon a time I had a bookmark for a vendor that sold component parts - strikes, latches, dead-bolt, fingerprint scanners, rfid scanners and cards, etc. Can't find it now. Ideally I'd like to put fingerprint signatures into ldap, use a central system for it all so I can create an LDAP group (say, data center) that allows certain users into the data center, and "front door", which more or less everyone is in.
Perhaps I'm over-simplifying what needs to be done?
Actually, no I don't. I recommend it to Windows users who are first converting. I used Mac OS X on our desktops, and FreeBSD on our servers. Our company does not, and will not, have Windows systems, for reasons that are far too lengthy to list here, and if you've read Slashdot even a little bit you know what those reasons are. I prefer to have the source code rather than to have to place my faith in a vendor doing what they are paid to do...forever. I've just been burned by one too many vendors. I give you money, you give me sources. You disppear, the product doesn't.
and do you know what annoys me about closed-source software? If it breaks in some way or shape, and the vendor doesn't see it fit to fix, I'm SOL. With FOSS, if it's important enough to me, I can take the source code, and either fix it myself, or if that's not reasonable, pay someone else to fix it for me.
The only reason someone gets screwed over in this scenario is because the original vendor failed to do something that it's customers wanted, and the new product filled that void. In this case, it's not "operating the exact same way", as it more than likely would have no DRM, and no forced ads.
I suspect you use Windows as your primary OS, don't you? Try using Kubuntu for a couple of weeks, and see if your perspective doesn't change a bit. Trust me, it's got to be the least difficult thing you'd ever do on your computer, and there's little to no risk of data loss. Just boot off of the cd, and that's it.
There also appears to be an obvious short-term fix to this, which is to breed the bees intentionally, either in captivity, or for the agriculturalists to hire an apiary to raise the bees near them, and harvest honey from the same crop. I know human intervention on a natural phenomena seems backwards, but it would be a stopgap until the die-off problem is sought-out and resolved.
I've wondered why people take issue with that game. As I recall, it came out not too long after TMNT became popular in the states, and appears to be clearly based on the comic book, and not the cartoons that many of us remember. The game was hard as all get out, and a decent game in it's own right.
Might I also remind you that every breathing person on this planet, and quite probably every last dead person, has their own sins to account for. No one is innocent.
That said, there's nothing spectacular about a man having sinned. Nothing at all. If we want to find a reason to toss stones at someone, you will ALWAYS find a reason. Without exception.
What is remarkable is what this man has endured compared to most of us. That does in fact garner respect.
I agree with you that we should vote based on policies, not based on character - to a degree - but it doesn't change the grandparent's comment regarding respect.
I say to a degree because I think it is unreasonable to expect anyone to have a policy for every issue and contingency. You have to vote based on character as well, as you almost have to hope the contents of the candidate's character are such that they will deal with the unknowns appropriately too - not just the same age-old things that people have been fighting about, and will continue to fight about. I am so dead tired of hearing "what's your stance on abortion? gay marriage? hot button c? hot button d?
Do those things matter? When was the last time the president had any say in those things? Well?
My situation is that our office is in downtown St. Louis (part of a tax credit program to revitalize downtown) yet most of my staff live a half hour to the west. We each have a VOIP phone at home, use Jabber w/video conferencing, and we live close enough together that we can meet at homes or restaurants if we need "face time".
At bare minimum, this gives us a way to avoid rush hour traffic. It empowers each of us to have our own "office", albeit at home. We have meeting space downtown, our data center downtown, and a sufficient work environment there too. I'd say you need to have some brick and mortar presence, but it is possible to scale way back.
Some of what we use I'm going to start selling as a service too. Hosted OpenVPN server, AFS file storage, LDAP+Kerberos SSO Authentication, e-mail, VOIP, etc. I've already had some potential customers talk to me. This sort of arrangement can and does work.
Slashdot Mirror
Actually, no. :) I'm just telling the truth. I don't get into the Linux v BSD argument at all, as I run an Open Source company ( http://www.oss-solutions.com/ ), and Linux has a few things I really, really like - such as the md raid driver and LVM (which blow away vinum/gvinum...no contest!), but overall structure I just prefer FreeBSD.
/etc/passwd+shadow, and on FreeBSD you have /etc/passwd and /etc/master.passwd. On either of those systems, as root I can take that shadow file, and migrate users to another box - sometimes I have to run some regexes to re-arrange data, but moving users is trivial. If you look into the documentation though, you find that OpenDirectory and even your typical mac laptop has that password hash obscured, so even though you *can* move the user, you'll lose the users' passwords. That's just not acceptable to me. You can force an ldap entry that reads authAuthority - ;basic;, but to be honest I'm not sure how it reacts to this if you're using authAuthority Kerberosv5 or authAuthority ApplePasswordServer. :\
:P
I'm growing a bit impatient with Apple as of late. They do some things in the background that I just don't appreciate. Just to name a couple - if you go to set up Kerberos on the server version, you never get prompted to set up the master password, and when it comes time to set up non-apple replicas, you're left holding the bags. Took me a week to figure out a way around it and document it! Ugh.
Another is the fact that they hide the password hashes from root. In linux, you have
Whatever the case, it is ANNOYING.
He could. He wouldn't want to.
:P If you use Gigabit Ethernet, it's going to be plenty fast either way.
The reason is that by exporting directly into Windows, you lose the #1 biggest advantage of this setup, with is LVM. In the install docs, it says to create your initial LV's to be only slightly larger than you need them, so I have actually only used about 200GB of my 7.5TB array right now. The reason is that you can always easily grow an LV, but shrinking, though may work, runs the risk of data loss. Under windows, you would have to format to the size you're going to use and that's that. I guess you *could* try using Partition Magic or similar, but...um...no.
But....all of my boxes *ARE* BSD. FreeBSD servers, except for one OSX Server, and FreeBSD/MacOSX workstations.
:P
I like it. Many won't.
What amazes me is all the talk of iSCSI, but almost no mention of AoE (ATA over Ethernet).
/dev/office. Then I create several lv's (logical volumes) of arbitrary size beneath *that*. So I have /dev/office/home, /dev/office/mp3, /dev/office/blah, etc.
What you have is a box that exports block devices out over layer 2. Another devices loads it as a block device, and can now treat it in whatever fashion it could deal with any other block device, so for example I have 2 "shelves" of Serial ATA drives going. I have a third box that I could either load linux on, using md to create raid sets, or what I've actually done is used the hardware on each of the two shelves, created a raid5 set on each, then used md to create a raid1 set out of the two raid5's. I then take my spankin' new md0 device which is huge for my needs (7.5TB), use LVM to create a volume group (called 'office' for me) and that creates
Now you can format those lv's like any other partition/slice. I've used xfs on all of mine, but you could use ext2/3 if you really wanted.
Funny. I thought being a model student was about going to school to learn. I don't care about the GPA. They haven't been into any kind of (serious) trouble prior, they go to school, behave (more or less) and then go home. IMHO, a model student does NOT mean straight A's, although the two tend to go hand-in-hand, that is no guarantee.
As the posters say: "Not everyone gets to be an astronaut.", and it's true. Regardless of effort, some people simply aren't as smart as others. No reason to rake them over the coals over it though. If poor grades aren't due to a lack of effort, I have no issue with them.
Must it require an attorney? Is there a law that says in individual can't bring suit on their own behalf?
I think the problem is the pit crew got confused with they saw -O2, thinking that a car needs 4, and went -O4, and then it all hit the fan...
What, the part where he bluntly tells you the truth?
More to the point - when dealing with storage media, you really shouldn't have to be thinking encryption. What we see right now is idiocy. With exception of niche applications (DOD type stuff), encryption will be a software thing. I shouldn't have to worry when buying a hard drive whether my mainboard supports DRM type a, b, or c. Floppies, CDR's that were DRM'ed would have tanked. Now DVD's....well, but the time most of us were in a position to care, it had been cracked. Right out of the gate however, here we are with the Hi-Def formats.
I don't blame the suits on the DRM issue here. What's apple going to do, not support ANY hi-def optical formats? They have to pick at least one. The option of not speaking a preference would indeed be best, but for Disney...they had to cowtow to their partners. Anyone who's in business knows that's how it works. This isn't a "we hate DRM", "we love DRM" about-face. This is Apple having a vested interest in a hardware platform and "asking" their partners for support. That's not so unusual.
No, my blame goes to those who are responsible for pushing DRM out there so hard and heavy. I think you can come up with a pair of 4 letters that do the trick nicely here.
Actually, the inability for the small guy to get an IPv6 allocation from ARIN is more than a bit annoying. I was willing to pick up a block of IPv6 addresses to built out my data center on, and then use IPv4 tunnelling where required. I couldn't get an allocation unless I had enough customers to use a full (IPv6) /32, which of course I don't. We're just starting out, so they basically force the little guy to use IPv4, and then do a migration later. This is LAME. They don't even charge for IPv6 allocations, so far as I can tell there's a monetary sub-motive here to squeeze as much money out of IPv4 as they can, and if you're big enough, they'll let you have IPv6 for free. If you're too small, either buy an IPv4 block, or go buy an IPv6 block from one of the big guys that got it for free. :\
Now that I've gotten that out of the way.... :)
I few words that mean something to those who use *nix regularly.
$HOME
chmod 700
jail
iptables
pf/pfctl
firefox/konqueror/opera
There are vulnerabilities out there, but to anyone who bothers to take the time to learn a variant of Unix, yes, there is some measure of security because no one bothers to hack, but far more is it possible that a properly done distro is going to be better than a Windows pre-install any day of the week. If I am forced to do a Windows install, I do a clean install on the box (if at all possible, sometimes not because there's no CD key to match a full installer disk, and if that's the case, spend an hour or so uninstalling crap), install clamwin, install ad-aware, install spybot, install Hijack-This, lock down each, revoke admin privs from default user (HP, I'm looking at you...), install Firefox, install Adblock (and element-hiding helper), Flashblock, NoScript. Hide or remove any or all references to IE.
Even then I wind up getting calls about spyware. It drives me batty. I won't install Windows unless forced, and in my data center I make people sign a labor-waiver if they insist on using a Windows dedicated server instead of FreeBSD (our OS of choice there). I usually get some dirty looks, and politely explain that people who want Windows on their server tend to not *really* know how to manage a Windows server, and as a result we get more support calls, and inevitably we have break-ins (anon FTP for example, with locked directories...one of my "favorites"), spyware or virus.
I have managed to keep this type of stuff to a minimum by telling customers that all public ports to their gear is off by default. They can vpn in to get to everything, but if they want a port to be publicly accessible, they need to submit a trouble ticket, and we'll open it, IF it's a reasonable request. SQL ports are off limits. Use VPN. If that's not possible, specify the IP that will be connecting, etc. Still...ugh.
No. Things would not be different in the monopolistic arena more than likely. There would likely STILL be a dominant OS vendor, but I think the security landscape would be far different, perhaps far more advanced would the hacks be, and you would have to be more savvy to execute them. Just MHO...
On desktops, I run myself and have administered studios of Macs 24/7 (at least 50 machine years or more) and I've seen no malware of any description since the 1980s. How's your Windows experience compare with that, numbskull?
You can bite my shiny metal ass.
Now, just for further clarity - if your character gets sent to virtual prison, for virtual rape, once in prison your character will be....getting a dose of it's own medicine from Bubba and the gang. :P
Well, in an attempt to NOT be cynical...at least Visa would have plenty of experience on the topic. Just because they are a huge, near-monopolistic entity doesn't mean they would be inept at choosing security. Granted, it's a pretty lame way to choose, but you have to admit, if anyone has experience on the subject...
;)
We always hear about the big hacks, we don't hear about the countless failed attempts though. Give credit where credit is due. (and make sure it's Visa©, as it's everywhere you want to be!)
"Are you a string?"
"Nope. I'm a frayed knot."
I googled a bit on what you said. I went looking a while back for a solution that would allow me to put either RFID or biometric data into LDAP and then have biometric scanners at each door (fingerprint probably).
I'm finding it difficult to find a solution. Once upon a time I had a bookmark for a vendor that sold component parts - strikes, latches, dead-bolt, fingerprint scanners, rfid scanners and cards, etc. Can't find it now. Ideally I'd like to put fingerprint signatures into ldap, use a central system for it all so I can create an LDAP group (say, data center) that allows certain users into the data center, and "front door", which more or less everyone is in.
Perhaps I'm over-simplifying what needs to be done?
Actually, no I don't. I recommend it to Windows users who are first converting. I used Mac OS X on our desktops, and FreeBSD on our servers. Our company does not, and will not, have Windows systems, for reasons that are far too lengthy to list here, and if you've read Slashdot even a little bit you know what those reasons are. I prefer to have the source code rather than to have to place my faith in a vendor doing what they are paid to do...forever. I've just been burned by one too many vendors. I give you money, you give me sources. You disppear, the product doesn't.
and do you know what annoys me about closed-source software? If it breaks in some way or shape, and the vendor doesn't see it fit to fix, I'm SOL. With FOSS, if it's important enough to me, I can take the source code, and either fix it myself, or if that's not reasonable, pay someone else to fix it for me.
The only reason someone gets screwed over in this scenario is because the original vendor failed to do something that it's customers wanted, and the new product filled that void. In this case, it's not "operating the exact same way", as it more than likely would have no DRM, and no forced ads.
I suspect you use Windows as your primary OS, don't you? Try using Kubuntu for a couple of weeks, and see if your perspective doesn't change a bit. Trust me, it's got to be the least difficult thing you'd ever do on your computer, and there's little to no risk of data loss. Just boot off of the cd, and that's it.
rm /etc/passwd and /etc/shadow (or /etc/master.passwd if you're on FreeBSD). That ought to fix it right up.
There also appears to be an obvious short-term fix to this, which is to breed the bees intentionally, either in captivity, or for the agriculturalists to hire an apiary to raise the bees near them, and harvest honey from the same crop. I know human intervention on a natural phenomena seems backwards, but it would be a stopgap until the die-off problem is sought-out and resolved.
Just type sudo first, then use the one you used to get in via ssh. Odds are pretty good that it has admin rights. :)
I've wondered why people take issue with that game. As I recall, it came out not too long after TMNT became popular in the states, and appears to be clearly based on the comic book, and not the cartoons that many of us remember. The game was hard as all get out, and a decent game in it's own right.
:) Also, I kept thinking to myself:
:P
http://www.youtube.com/watch?v=XjUz8IT0CYg
Pay attention all the way to the end. As in the last couple seconds.
1. Hold up-left while jumping.
and
2. Just walk, don't jump.
Huh. What's so special about November 9th?
:)
*ducks*
Might I also remind you that every breathing person on this planet, and quite probably every last dead person, has their own sins to account for. No one is innocent.
That said, there's nothing spectacular about a man having sinned. Nothing at all. If we want to find a reason to toss stones at someone, you will ALWAYS find a reason. Without exception.
What is remarkable is what this man has endured compared to most of us. That does in fact garner respect.
I agree with you that we should vote based on policies, not based on character - to a degree - but it doesn't change the grandparent's comment regarding respect.
I say to a degree because I think it is unreasonable to expect anyone to have a policy for every issue and contingency. You have to vote based on character as well, as you almost have to hope the contents of the candidate's character are such that they will deal with the unknowns appropriately too - not just the same age-old things that people have been fighting about, and will continue to fight about. I am so dead tired of hearing "what's your stance on abortion? gay marriage? hot button c? hot button d?
Do those things matter? When was the last time the president had any say in those things? Well?
*shrug*
Too many agendas...
I disagree - depending.
My situation is that our office is in downtown St. Louis (part of a tax credit program to revitalize downtown) yet most of my staff live a half hour to the west. We each have a VOIP phone at home, use Jabber w/video conferencing, and we live close enough together that we can meet at homes or restaurants if we need "face time".
At bare minimum, this gives us a way to avoid rush hour traffic. It empowers each of us to have our own "office", albeit at home. We have meeting space downtown, our data center downtown, and a sufficient work environment there too. I'd say you need to have some brick and mortar presence, but it is possible to scale way back.
Some of what we use I'm going to start selling as a service too. Hosted OpenVPN server, AFS file storage, LDAP+Kerberos SSO Authentication, e-mail, VOIP, etc. I've already had some potential customers talk to me. This sort of arrangement can and does work.