Directing them away will make them think your discriminating against them, and they won't come back because they think their browser is fine and it works on other sites. Also you will turn away people who for whatever reason spoof their user agent. Instead, let them see the site but display a big disclaimer indicating your site hasn't been tested with a browser as old as theirs and you offer no guarantee it will work correctly or look as it should, and provide a link to a page that explains the situation. On that site, provide screenshots of how your site *should* look in several different modern browsers, an explanation of the benefits of upgrading to a modern browser and links to several possible browsers they could choose from.
There are a LOT of sites that do the same thing, only in reverse...The site demands you use IE (or netscape 4 etc) but works just fine after you fake the user agent. One particular site (http://www.raveshack.com - but it appears to be down) used to assume that anything that wasn't ie was netscape 4.x and displayed an insulting and rather disgusting picture of an overflowing toilet full of diarrhea with an insulting message saying how crap netscape 4.x is and what an idiot you are to be running it.
A lot of sites will also exclude browsers and versions they don't explicitly "support"... For instance, a banking site i use was rejecting firefox 3.6 when i tried yesterday, but today it works. I doubt they had to make any changes other than to add 3.6 to the list of versions since it's rendering will be almost identical to 3.5. And any version of firefox which is branded differently (eg iceweasel or minefield etc) will be rejected.
Supporting links isn't really a problem, supporting IE and NS4 is the problem... Links will simply ignore features it doesn't support, so if you write your page conforming to HTML specifications it will degrade gracefully when browsers like links or lynx don't support various features. The problems occur when you have browsers which claim to support features, when in reality that support is extremely broken. IE and NS4 fall into this category, and make it very difficult to produce a standards compliant page. So you end up with a standard page for mozilla/webkit/opera based browsers, and then a separate effort made to support various versions of ie. For any sites i make, i don't make any effort to support ie or other similarly antiquated/broken browsers, but i don't explicitly exclude them either. Some things work, some don't, and some look slightly broken. The content on all of the sites is perfectly readable in lynx however.
No downtime, or simply less downtime? A quick service restart causes far less downtime than a full reboot, and some services will restart gracefully... SSH for example, will leave existing connections alone but use the new version to handle new connections. And then there's services which are started on demand (inetd style) where your users will be hitting the new versions as soon as its installed.
I'm sure #1 is possible, at least to some level... I have a system running selinux, and files my user doesn't have any access to show up as question marks (ie it knows a file is there, but cannot even read its filename)...
Give them dumb terminals where all the state is held on a server... Dumb terminals are simple devices which shouldn't need patching and so can run non stop. Also, the human operator will require some downtime, what's to stop you updating the terminal when the operator is sleeping? If another operator needs to take over they can do so on another terminal anyway.
What's evil is "technical" staff who started out on windows and think that a reboot is the perfect way to solve any problems. Rebooting CAUSES problems, it takes ALL your services offline when there might have only been one that had a problem. I used to have machines at home which had been up so long, i never bothered to configure most of the services to start at boot, and i changed the network config at some point but never configured it to use the new config at boot. When that box had a power failure at around 600 days, it didn't come back online properly due to my oversight.
Windows is and always has been predominantly for desktops (the entire system being named after the gui is a big clue), and yet it's being heavily pushed into the server space... And it isn't exactly suited to being a desktop these days either...
At least linux is fairly modular, and can be made more suitable, if not ideal, for various different functions.
You may not use it, but it is still installed... There are ways to invoke it through other applications, and it's rendering engine is often embedded in other applications too. Just because you don't actively use it from it's desktop icon doesn't mean it can't be exploited in other ways...
The diffs themselves only exist in binary form, they are directly derived from the source code already made available by the distributor.
There is absolutely nothing stopping you from using the already available open source ksplice tools to create the exact same binary diffs. The service these guys are offering provides some value-add to this process, namely:
External support - that imaginary finger of blame that companies like to be able to point, even tho it means nothing... Especially important if you value uptime enough to use a system like ksplice in the first place. Testing - loading untested stuff into your kernel is generally a bad idea, with this service i would know someone else has tried this and made sure it worked. Time - how much will it cost to have your in house engineers compile and test these patches? Not free - some people think that anything free is worthless, so they won't even consider this unless it has a price tag.
You'd be surprised... This is how MS got in to start with. Years ago, windows machines were only used for lowend desktops (hence why its called windows - named after its gui) but they gradually got pushed out to servers because users built up a familiarity with it.
As i said, to avoid having to buy additional devices... That $200 PC is unlikely to be very good for gaming, and few (if any) of the games will be designed for a wii style control method. Some of us might want both wii games *and* a media player without having to buy multiple devices.
And just because you can...
And most importantly, for the principle of it - you buy the device, you don't rent it, you should be able to use it for any purpose you see fit
People who modchip their machines to pirate games will either pirate or do without. If you make piracy impossible, your game sales will be largely unaffected but sales of the hardware and associated physical accessories will go down (pirates can't pirate the hardware so they have to buy it).
People who play legitimate out of region games or homebrew are typically not interested in piracy, and want to do legitimate things such as playing cheaper (but still legit) games from abroad, play games which aren't released in their region or even just play games they already had before they moved countries... These people are more likely to buy new copies of the out of region games they cannot play, or buy additional devices to perform the functions that homebrew would achieve on a console...
The ability to run windows (either under a vm or natively) helps sell quite a few apple machines these days, it gives people a fallback if they don't like osx or an option if they have a few windows apps they require. Also, Apple sell a lot of laptops, a POWER7 would not really be suitable.
Because performance per watt is also important, if you have twice as many physical processors and twice as many cores you will also need all the supporting infrastructure (ie sockets for those processors to go in) etc... Not to mention the extra space required.
And more power consumption also equals more cost.
Otherwise, why use powerful machines at all, why not a cluster of the cheapest machines you can find?
Incidentally, something which performs half as well needs to be considerably cheaper or it just won't sell at all.
Had Intel bet the company on it, AMD would likely be the dominant processor vendor today...
It doesn't matter how good the IA64 architecture is, customers want to run their existing applications, most of which are compiled for x86 and don't come with source code. That leaves you with emulation, which i doubt Intel could make faster than native... Intel can't move to a new architecture because they are held back by all the millions of closed source applications out there.
I guess it's to do with percentages... What percentage of windows users still use XP? Probably quite high, and there isn't much difference between 2000 and XP. On the other hand, the percentage of Mac users still running 10.4 is quite low, at least all the mac users i know are running something more recent these days even if they might also own an older machine still running 10.4.
Also to do with how recently each version was available, XP is still on sale and you can buy machines even today with it preinstalled. OSX 10.4 on the other hand does not ship on any current macs and hasn't for over 2 years, and isn't available separately either.
Depends what you were running inside your screen session... The attack you mentioned would be defeated on a shared box simply by turning of messaging (mesg n)... If the user is running an irc client, telnet client, or something else that interacts with externally generated data they may still be attacked... Even if the user is just doing a tail -f on some logfiles, there may be ways to inject the appropriate code into the log.
Apparently they are genetically engineered to be dominant, and thus cause the naturally occurring bacteria to die off.
I would love being able to brush less, i haven't found any toothpaste without a strong minty taste... A taste that wakes you up when you try to brush your teeth at night, and when you do it in the morning it leaves a strong taste in your mouth for hours that ruins any food/drink you try to consume.
But by having a console which depends on a single service, you effectively have an expiry date on the usefulness of the console. Lots of people like to play old games, and many poorer people will buy old consoles very cheaply with a stack of games for their kids.
I still play quake online sometimes, it runs very fast on almost any modern system and is still great fun to play against other people.
OpenVZ is certainly not your own personal box, you are running under someone else's kernel and subject to their kernel choices... You can't load arbitrary modules which you might want to use (i found myself unable to load the tap module on an openvz image where i wanted to install openvpn), you cannot upgrade/modify the kernel yourself, so if whoever hosts the image doesn't upgrade their kernel to fix a security hole your stuck with it. And ofcourse, as with any virtual server setup, if someone compromises the host system then they have full access to all your data anyway.
Directing them away will make them think your discriminating against them, and they won't come back because they think their browser is fine and it works on other sites. Also you will turn away people who for whatever reason spoof their user agent.
Instead, let them see the site but display a big disclaimer indicating your site hasn't been tested with a browser as old as theirs and you offer no guarantee it will work correctly or look as it should, and provide a link to a page that explains the situation. On that site, provide screenshots of how your site *should* look in several different modern browsers, an explanation of the benefits of upgrading to a modern browser and links to several possible browsers they could choose from.
There are a LOT of sites that do the same thing, only in reverse...The site demands you use IE (or netscape 4 etc) but works just fine after you fake the user agent. One particular site (http://www.raveshack.com - but it appears to be down) used to assume that anything that wasn't ie was netscape 4.x and displayed an insulting and rather disgusting picture of an overflowing toilet full of diarrhea with an insulting message saying how crap netscape 4.x is and what an idiot you are to be running it.
A lot of sites will also exclude browsers and versions they don't explicitly "support"... For instance, a banking site i use was rejecting firefox 3.6 when i tried yesterday, but today it works. I doubt they had to make any changes other than to add 3.6 to the list of versions since it's rendering will be almost identical to 3.5. And any version of firefox which is branded differently (eg iceweasel or minefield etc) will be rejected.
Supporting links isn't really a problem, supporting IE and NS4 is the problem...
Links will simply ignore features it doesn't support, so if you write your page conforming to HTML specifications it will degrade gracefully when browsers like links or lynx don't support various features.
The problems occur when you have browsers which claim to support features, when in reality that support is extremely broken. IE and NS4 fall into this category, and make it very difficult to produce a standards compliant page. So you end up with a standard page for mozilla/webkit/opera based browsers, and then a separate effort made to support various versions of ie.
For any sites i make, i don't make any effort to support ie or other similarly antiquated/broken browsers, but i don't explicitly exclude them either. Some things work, some don't, and some look slightly broken. The content on all of the sites is perfectly readable in lynx however.
No downtime, or simply less downtime?
A quick service restart causes far less downtime than a full reboot, and some services will restart gracefully... SSH for example, will leave existing connections alone but use the new version to handle new connections.
And then there's services which are started on demand (inetd style) where your users will be hitting the new versions as soon as its installed.
I'm sure #1 is possible, at least to some level...
I have a system running selinux, and files my user doesn't have any access to show up as question marks (ie it knows a file is there, but cannot even read its filename)...
Give them dumb terminals where all the state is held on a server...
Dumb terminals are simple devices which shouldn't need patching and so can run non stop.
Also, the human operator will require some downtime, what's to stop you updating the terminal when the operator is sleeping? If another operator needs to take over they can do so on another terminal anyway.
Kinda like the way older versions of linux would roll around at 497 days...
What's evil is "technical" staff who started out on windows and think that a reboot is the perfect way to solve any problems. Rebooting CAUSES problems, it takes ALL your services offline when there might have only been one that had a problem.
I used to have machines at home which had been up so long, i never bothered to configure most of the services to start at boot, and i changed the network config at some point but never configured it to use the new config at boot. When that box had a power failure at around 600 days, it didn't come back online properly due to my oversight.
Windows is and always has been predominantly for desktops (the entire system being named after the gui is a big clue), and yet it's being heavily pushed into the server space...
And it isn't exactly suited to being a desktop these days either...
At least linux is fairly modular, and can be made more suitable, if not ideal, for various different functions.
You may not use it, but it is still installed...
There are ways to invoke it through other applications, and it's rendering engine is often embedded in other applications too. Just because you don't actively use it from it's desktop icon doesn't mean it can't be exploited in other ways...
You can try to sue them, but it will go nowhere...
This software, like any other, will come with no warranty of any kind.
The diffs themselves only exist in binary form, they are directly derived from the source code already made available by the distributor.
There is absolutely nothing stopping you from using the already available open source ksplice tools to create the exact same binary diffs. The service these guys are offering provides some value-add to this process, namely:
External support - that imaginary finger of blame that companies like to be able to point, even tho it means nothing... Especially important if you value uptime enough to use a system like ksplice in the first place.
Testing - loading untested stuff into your kernel is generally a bad idea, with this service i would know someone else has tried this and made sure it worked.
Time - how much will it cost to have your in house engineers compile and test these patches?
Not free - some people think that anything free is worthless, so they won't even consider this unless it has a price tag.
Yes, but how much does it hurt the world to be squeezed out through someone's fingers...
You'd be surprised... This is how MS got in to start with.
Years ago, windows machines were only used for lowend desktops (hence why its called windows - named after its gui) but they gradually got pushed out to servers because users built up a familiarity with it.
As i said, to avoid having to buy additional devices...
That $200 PC is unlikely to be very good for gaming, and few (if any) of the games will be designed for a wii style control method.
Some of us might want both wii games *and* a media player without having to buy multiple devices.
And just because you can...
And most importantly, for the principle of it - you buy the device, you don't rent it, you should be able to use it for any purpose you see fit
Because it's all about money...
People who modchip their machines to pirate games will either pirate or do without. If you make piracy impossible, your game sales will be largely unaffected but sales of the hardware and associated physical accessories will go down (pirates can't pirate the hardware so they have to buy it).
People who play legitimate out of region games or homebrew are typically not interested in piracy, and want to do legitimate things such as playing cheaper (but still legit) games from abroad, play games which aren't released in their region or even just play games they already had before they moved countries...
These people are more likely to buy new copies of the out of region games they cannot play, or buy additional devices to perform the functions that homebrew would achieve on a console...
The ability to run windows (either under a vm or natively) helps sell quite a few apple machines these days, it gives people a fallback if they don't like osx or an option if they have a few windows apps they require.
Also, Apple sell a lot of laptops, a POWER7 would not really be suitable.
But is your information now 5 years old?
5 years ago, PPC machines were still being sold...
Because performance per watt is also important, if you have twice as many physical processors and twice as many cores you will also need all the supporting infrastructure (ie sockets for those processors to go in) etc... Not to mention the extra space required.
And more power consumption also equals more cost.
Otherwise, why use powerful machines at all, why not a cluster of the cheapest machines you can find?
Incidentally, something which performs half as well needs to be considerably cheaper or it just won't sell at all.
Had Intel bet the company on it, AMD would likely be the dominant processor vendor today...
It doesn't matter how good the IA64 architecture is, customers want to run their existing applications, most of which are compiled for x86 and don't come with source code. That leaves you with emulation, which i doubt Intel could make faster than native... Intel can't move to a new architecture because they are held back by all the millions of closed source applications out there.
I guess it's to do with percentages...
What percentage of windows users still use XP? Probably quite high, and there isn't much difference between 2000 and XP.
On the other hand, the percentage of Mac users still running 10.4 is quite low, at least all the mac users i know are running something more recent these days even if they might also own an older machine still running 10.4.
Also to do with how recently each version was available, XP is still on sale and you can buy machines even today with it preinstalled. OSX 10.4 on the other hand does not ship on any current macs and hasn't for over 2 years, and isn't available separately either.
Depends what you were running inside your screen session...
The attack you mentioned would be defeated on a shared box simply by turning of messaging (mesg n)...
If the user is running an irc client, telnet client, or something else that interacts with externally generated data they may still be attacked... Even if the user is just doing a tail -f on some logfiles, there may be ways to inject the appropriate code into the log.
Apparently they are genetically engineered to be dominant, and thus cause the naturally occurring bacteria to die off.
I would love being able to brush less, i haven't found any toothpaste without a strong minty taste... A taste that wakes you up when you try to brush your teeth at night, and when you do it in the morning it leaves a strong taste in your mouth for hours that ruins any food/drink you try to consume.
But by having a console which depends on a single service, you effectively have an expiry date on the usefulness of the console.
Lots of people like to play old games, and many poorer people will buy old consoles very cheaply with a stack of games for their kids.
I still play quake online sometimes, it runs very fast on almost any modern system and is still great fun to play against other people.
OpenVZ is certainly not your own personal box, you are running under someone else's kernel and subject to their kernel choices...
You can't load arbitrary modules which you might want to use (i found myself unable to load the tap module on an openvz image where i wanted to install openvpn), you cannot upgrade/modify the kernel yourself, so if whoever hosts the image doesn't upgrade their kernel to fix a security hole your stuck with it.
And ofcourse, as with any virtual server setup, if someone compromises the host system then they have full access to all your data anyway.