That's the same kind of problem I ran into. You can have svgalib and X active at the same time, but only one has control of the console and only one video card gets output.
I considered running two X instances (like what you want to do) but most TV out cards are less than friendly to X because of Macrovision "trade secrets." For my application, svgalib at 320x200 would be more than adequate and it will still work with TV out.
I was considering hacking svgalib so that I can run it from within an xterm (currently it complains that it can't open the VGA console and dies), so that it issues the int10 calls to the video BIOS on the first card while the Xserver video card is unaffected. But I strongly suspect that this will cause a big problem if X dies or I otherwise need to switch virtual consoles, because the kernel will have no idea what state the video cards are in.
The Microsoft antitrust case was never about protecting consumers' right to choose. It was never about curbing an illegal, unethical monopoly that tries to extend its control over consumers in every possible way. It was about money.
The Justice Department used the Microsoft case to increase their own budgets. Republicans and others who supported Microsoft had no problem with increasing funding to the DoJ because more money for the DoJ means more money to enforce laws against drugs, pornography, civil liberties, and other things that conservatives hate. The DoJ was thrilled when David Boies took their case, because they would get to dole out more funding to a very expensive lawyer and take a cut from the middle. Better funding helps everyone in an organization.
The states had no interest in protecting consumers, either. The states all saw a large antitrust settlement as a gigantic handout - more money from God to drop into the state coffers and spend on pork barrel projects. And since Microsoft has customers in all 50 states, why would any state pass up the opportunity to take part in the windfall? Especially because attorneys general are not elected, so who are they really responsible to?
The antitrust trial has always been about money, and the interests who participated in the whole circus have made billions of dollars off the taxpaying public from it. It is time for a quick and decisive settlement so that the bleeding of wasted dollars can stop. The government has shown time and again that consumers are defenseless against corporations who break the law and defraud them. This time is no different.
One of my co-workers has been following 802.11g through the standards approval process and he said that 802.11g is designed to "fall back" to using a part of the spectrum reserved specifically for this protocol if the rest of the available frequencies are congested. Although this will help little if there are several wireless networks in a dense area (cf. downtown Chicago), it will help a lot for networks like my home 802.11b setup, which starts dropping packets when somebody fires up the microwave, cordless phone, or X-10 video transmitter. These devices should not interfere with the reserved area of spectrum and thus a moderate level of network performance will be maintained.
It just goes to show that sometimes when the FCC serves the interests of their large corporate customers (who undoubtedly begged for the reserved 802.11g frequencies for obvious business reasons), consumers benefit. Not usually, but sometimes.
I post what I believe in. And I happen to believe in socialized internet access (as well as socialized health care, utilities, and software development funding).
If you would like to discuss my comment, please post a sensible reply instead of a baseless accusation.
In this day and age, when so much business work, interpersonal communication, and research is done on the Internet, it is hard to imagine what it is like to not have Internet access. Often politicians talk the talk about the "digital divide," spewing rhetoric about how the lower classes have little exposure to technology; but when it comes time to vote, they hand out checks to the Baby Bells with no strings attached - business as usual. It seems like letting large private companies (who all have a vested interest in controlling consumers in every way possible) control Internet access is just asking for trouble.
The time has come for the population to stand up and demand universal, unrestricted Internet access from our government. I would no longer balk at paying 1/3 of my salary in taxes if it meant that this country could start moving into the 21st century. (Observe the higher quality of life in Canada and the proliferation of subsidized Internet access over there. The two are related.) Freedom of speech means nothing if the government is not willing to provide its citizens with access to the predominant form of expression in the so-called "Information Age."
Besides a more educated, more globally competitive populace, what else would this achieve? It would reduce transaction costs in general and put many parasites out of business. Many distributors and other undesirable middlemen would be out of business because people will learn to buy direct. If your neighborhood is devoid of useful businesses, you can order everything online - problem solved. Payday loans will become a thing of the past as consumers find decent rates from online bankers who actually need to compete with each other.
Universal, unrestricted Internet access would work wonders for our society, promote competition and more efficient markets, and put some of that wasted money we pay in taxes to good use.
One of my co-workers was telling me that NASA is also actively researching the possible drilling for petroleum on other planets (Mercury comes to mind, IIRC). He said that there are a lot of ways that "fossil" fuels could have been generated on other planets through chemical reactions between the soil and the atmosphere and the responsible research group would like send a few probes out in the coming years to investigate the possibility.
Although an incentive for continued reliance on petroleum is a Bad Thing(tm) for the environment, alternative energy research, and noise, it is nice to see that there may be a breakthrough that helps ease our pain when we run out of oil on Earth.
Having worked with Trusted Solaris before, I can tell you that their security model is not optimal and borders on security by obscurity. Again I bring you my observations:
MAC is a huge kludge. It is used to enforce read/write restrictions on/etc and such in TOS. Why not just use ACLs and be done with it?
I can tell you that it is 99% likely that a root user at any MAC label can most likely compromise the system. It is just too hard to lock down root.
Privileges are a joke. Most setuid root programs need both setuid root plus a load of privileges in Trusted Solaris, in order to function properly. How do you make/usr/bin/passwd work without giving the executable write access to/etc/passwd? Well, that just means that if you can exploit/usr/bin/passwd (as you could do with several linker, libc/locale, and other exploits) you can 0wn the system. Just like under Solaris.
Most of the features in a B1 TOS like TSol are designed just to get the B1 rating. But in order to make the system usable, many "features" (like telnetd,/usr/bin/passwd, and such) are added which effectively compromise the security of the system and defeat the purpose.
The vast majority of Internet sites would not benefit from information flow control. It is bloat at best.
Looking at TSol, I at first got a false sense of security. But then I realized that there were a lot of failure modes to think about. They're just different vulnerabilities, not necessarily fewer. All they've got going for them is security through obscurity, and that won't stand if a lot of people start using the system.
I have long been an advocate of replacing commercial UNIces with Linux and security is my number one reason. Consider:
Sun has a horrendous response time on vulnerabilities in Solaris. One study I read said that the average "exposure time" between an exploit release and a corresponding patch release was about 40-50 days. It's no wonder so many Solaris boxes get cracked, given their relative obscurity.
Linux has such advanced features as POSIX capabilities, a working chroot() syscall that actually isolates processes, and safe privilege bridging mechanisms. Commercial UNIces have none of these. They allow Linux admins to use a much more fine-grained security model to control potentially rogue processes like BIND.
Linux (except for SuSE) has far fewer setuid programs. On most UNIX systems, ps, whodo, netstat, xlock, and several other ridiculous programs are either setuid root or setgid kmem. Yes, even on OpenBSD. No wonder they have local root exploits so often.
Linux has proper restrictions on signal passing. Other UNIces can be tricked into delivering malicious signals through several ioctl calls. (I have a Solaris source code license and I have seen several areas where more checking needs to be done. Sun ignores my complaints.)
Commercial UNIX operating systems do have some scalability advantages over Linux when run on big iron (64+ processor) machines. But when the integrity of the DNS system is at stake, there is no choice other than Linux.
My employer likes to stay on the leading edge in the operating systems field, and makes it a point to try to integrate up-and-coming technologies into our server farms. It should come as no surprise, then, that our team does use a HURD machine as a file/web/application server.
The HURD machine has been surprisingly stable since we set it up last year. We may have had a few instances where it would get into an undesirable state and need rebooting, but by and large its downtime has been attributable to hardware upgrades and power interruptions. Its integrated userspace/kernel space has provoked us to write some very interesting programs on that box that we would not have been able to create with an ordinary UNIX or clone.
What's interesting about the HURD is that, despite its departures from many UNIX conventions, its developers are striving to form a clean upgrade path from Linux to HURD. Likewise, many HURD features (like POSIX b.1 capabilities) have made it into Linux in recent years. It's too early to tell, but perhaps the future holds a merging of Linux with HURD in a couple of years.
As a former Worldcom employee (now working for NASA) I have a few observations to share:
Private industry gives you more work and usually more challenging work than the government. Conversely, private industry pays better in general. I took a pay cut when I left Worldcom for NASA but I haven't worked a single weekend or evening so far (and it's been over a year now).
I was a network engineer and they worked me to death. They use salaries to avoid paying you overtime when you get paged in the middle of the night and have to come in at 2am to babysit a router (it happened to me several dozen times). I don't mean to imply that I am p-whipped but my wife forced me to quit that job.
Worldcom is in a competitive industry and they treat their employees like dirt. You'd be better off working for AT&T, who is the market leader (so they have more cash to throw around).
Worldcom laid off 1/3 of my office (not including me). How did they do it? They deactivated the employees' access cards so they couldn't get back in after lunch. People got their belongings shipped back to them after several weeks. You be the judge.
Worldcom consistently screws with payroll to save money. One of my former co-workers noticed one day that the company was taking out a few extra percentage points for Federal income tax, but that extra money didn't show up on his W2. He believes that the company adds a few dollars here and there to payroll deductions as a source of profit.
I could go on, but I won't. It's a Bad Place to Work(tm) and I'd never work there again. Even if I was desperate.
Few companies who develop free software have proven themselves on Wall Street. The problem is not so much the profitability of free software itself, but rather the profitability of their misguided approach. Free software should be used to supplement a traditional, profitable strategy, rather than as the core strategy of a business.
This made a lot of sense to me. My sister worked at one of the failed Linux dot-coms and from what she described, it seemed like her company (to remain nameless) took the "Free Software first, business strategy second" approach. The only thing left of that company is a bunch of homeless guys and a couple Aeron chairs for sale on ebay. Ouch.
By contrast, one of the companies who had used Linux to their advantage in a profitable way is IBM. They started with a very profitable consulting division, and expanded it through judicious contributions to Linux. Their move to Linux saved them a lot of money in training costs, kept things standardized, and helped provide a united front against the competition (Microsoft, Sun, etc.).
These new chips coming from AMD are nothing short of amazing. While Intel struggles with their attempts to force a slower, proprietary memory architecture on PC users and push a weaker processing architecture, AMD is leading the market and producing technology that is faster, more reliable, and cheaper.
Unfortunately for AMD, better technology often loses to superior marketing forces. Several of my friends went to work for Dell after graduation, and they told me that their employer is not going to be supporting these new AMD offerings out of allegiance to Intel. Dell (and many other manufacturers, such as Gateway) are afraid of Intel cutting them out of the loop when supplies are tight so they give AMD second-rate status or drop support altogether. The problem also exists that many customers buy Intel exclusively, despite its low performance/price ratio.
The future isn't nearly as bright for AMD and TMTA as it should be. If our government actually punished companies for anticompetitive practices, things would be different. Maybe in 2004 it will be a priority for the new administration. But I am not holding my breath.
The Linux results were interesting, but rather flat: everything benefited from it on my system. However I rebooted into NetBSD and gave the compiler a shot at 'make sys' and 'make world'. Because the NetBSD kernel does not use any nonstandard gcc extensions, it compiled just fine with the new compiler. What I found was:
The kernel showed a marked performance benefit on the TM5600. On my TM5400 the results were not noticable.
Most userspace utilities appeared to be quite a bit faster on both CPUs. However, some (one notable example being/usr/local/bin/perl) were much slower with the new compiler. I verified that this was not the case on Linux, so it is unclear to me as to why this happens under NetBSD. Further investigation is needed.
I'm not sure what the solution should be, but SOMEthing needs to be done. Since I first started using Red Hat Linux last year, I've had to rebuild the box three times because it was exploited. I've had to rebuild my Win2K box twice because I got trojans on it. I keep up with patches most of the time but the crackers don't need a big window of opportunity, especially on an @home network.
Cmdr, since you seem to oppose stricter rules on full disclosure, what do you think could be done to make things more secure for us here in the trenches (who don't want to become security experts just so they can run a PC)?
Slashdot Mirror
That's the same kind of problem I ran into. You can have svgalib and X active at the same time, but only one has control of the console and only one video card gets output.
I considered running two X instances (like what you want to do) but most TV out cards are less than friendly to X because of Macrovision "trade secrets." For my application, svgalib at 320x200 would be more than adequate and it will still work with TV out.
I was considering hacking svgalib so that I can run it from within an xterm (currently it complains that it can't open the VGA console and dies), so that it issues the int10 calls to the video BIOS on the first card while the Xserver video card is unaffected. But I strongly suspect that this will cause a big problem if X dies or I otherwise need to switch virtual consoles, because the kernel will have no idea what state the video cards are in.
Any ideas....? It *should* be doable.
~wally
The Microsoft antitrust case was never about protecting consumers' right to choose. It was never about curbing an illegal, unethical monopoly that tries to extend its control over consumers in every possible way. It was about money.
The Justice Department used the Microsoft case to increase their own budgets. Republicans and others who supported Microsoft had no problem with increasing funding to the DoJ because more money for the DoJ means more money to enforce laws against drugs, pornography, civil liberties, and other things that conservatives hate. The DoJ was thrilled when David Boies took their case, because they would get to dole out more funding to a very expensive lawyer and take a cut from the middle. Better funding helps everyone in an organization.
The states had no interest in protecting consumers, either. The states all saw a large antitrust settlement as a gigantic handout - more money from God to drop into the state coffers and spend on pork barrel projects. And since Microsoft has customers in all 50 states, why would any state pass up the opportunity to take part in the windfall? Especially because attorneys general are not elected, so who are they really responsible to?
The antitrust trial has always been about money, and the interests who participated in the whole circus have made billions of dollars off the taxpaying public from it. It is time for a quick and decisive settlement so that the bleeding of wasted dollars can stop. The government has shown time and again that consumers are defenseless against corporations who break the law and defraud them. This time is no different.
~wally
One of my co-workers has been following 802.11g through the standards approval process and he said that 802.11g is designed to "fall back" to using a part of the spectrum reserved specifically for this protocol if the rest of the available frequencies are congested. Although this will help little if there are several wireless networks in a dense area (cf. downtown Chicago), it will help a lot for networks like my home 802.11b setup, which starts dropping packets when somebody fires up the microwave, cordless phone, or X-10 video transmitter. These devices should not interfere with the reserved area of spectrum and thus a moderate level of network performance will be maintained.
It just goes to show that sometimes when the FCC serves the interests of their large corporate customers (who undoubtedly begged for the reserved 802.11g frequencies for obvious business reasons), consumers benefit. Not usually, but sometimes.
~wally
I post what I believe in. And I happen to believe in socialized internet access (as well as socialized health care, utilities, and software development funding).
If you would like to discuss my comment, please post a sensible reply instead of a baseless accusation.
Thanks.
~wally
The time has come for the population to stand up and demand universal, unrestricted Internet access from our government. I would no longer balk at paying 1/3 of my salary in taxes if it meant that this country could start moving into the 21st century. (Observe the higher quality of life in Canada and the proliferation of subsidized Internet access over there. The two are related.) Freedom of speech means nothing if the government is not willing to provide its citizens with access to the predominant form of expression in the so-called "Information Age."
Besides a more educated, more globally competitive populace, what else would this achieve? It would reduce transaction costs in general and put many parasites out of business. Many distributors and other undesirable middlemen would be out of business because people will learn to buy direct. If your neighborhood is devoid of useful businesses, you can order everything online - problem solved. Payday loans will become a thing of the past as consumers find decent rates from online bankers who actually need to compete with each other.
Universal, unrestricted Internet access would work wonders for our society, promote competition and more efficient markets, and put some of that wasted money we pay in taxes to good use.
~wally
One of my co-workers was telling me that NASA is also actively researching the possible drilling for petroleum on other planets (Mercury comes to mind, IIRC). He said that there are a lot of ways that "fossil" fuels could have been generated on other planets through chemical reactions between the soil and the atmosphere and the responsible research group would like send a few probes out in the coming years to investigate the possibility.
Although an incentive for continued reliance on petroleum is a Bad Thing(tm) for the environment, alternative energy research, and noise, it is nice to see that there may be a breakthrough that helps ease our pain when we run out of oil on Earth.
~wally
- MAC is a huge kludge. It is used to enforce read/write restrictions on
/etc and such in TOS. Why not just use ACLs and be done with it?
- I can tell you that it is 99% likely that a root user at any MAC label can most likely compromise the system. It is just too hard to lock down root.
- Privileges are a joke. Most setuid root programs need both setuid root plus a load of privileges in Trusted Solaris, in order to function properly. How do you make
/usr/bin/passwd work without giving the executable write access to /etc/passwd? Well, that just means that if you can exploit /usr/bin/passwd (as you could do with several linker, libc/locale, and other exploits) you can 0wn the system. Just like under Solaris.
- Most of the features in a B1 TOS like TSol are designed just to get the B1 rating. But in order to make the system usable, many "features" (like telnetd,
/usr/bin/passwd, and such) are added which effectively compromise the security of the system and defeat the purpose.
- The vast majority of Internet sites would not benefit from information flow control. It is bloat at best.
Looking at TSol, I at first got a false sense of security. But then I realized that there were a lot of failure modes to think about. They're just different vulnerabilities, not necessarily fewer. All they've got going for them is security through obscurity, and that won't stand if a lot of people start using the system.~wally
- Sun has a horrendous response time on vulnerabilities in Solaris. One study I read said that the average "exposure time" between an exploit release and a corresponding patch release was about 40-50 days. It's no wonder so many Solaris boxes get cracked, given their relative obscurity.
- Linux has such advanced features as POSIX capabilities, a working chroot() syscall that actually isolates processes, and safe privilege bridging mechanisms. Commercial UNIces have none of these. They allow Linux admins to use a much more fine-grained security model to control potentially rogue processes like BIND.
- Linux (except for SuSE) has far fewer setuid programs. On most UNIX systems, ps, whodo, netstat, xlock, and several other ridiculous programs are either setuid root or setgid kmem. Yes, even on OpenBSD. No wonder they have local root exploits so often.
- Linux has proper restrictions on signal passing. Other UNIces can be tricked into delivering malicious signals through several ioctl calls. (I have a Solaris source code license and I have seen several areas where more checking needs to be done. Sun ignores my complaints.)
Commercial UNIX operating systems do have some scalability advantages over Linux when run on big iron (64+ processor) machines. But when the integrity of the DNS system is at stake, there is no choice other than Linux.~wally
My employer likes to stay on the leading edge in the operating systems field, and makes it a point to try to integrate up-and-coming technologies into our server farms. It should come as no surprise, then, that our team does use a HURD machine as a file/web/application server.
The HURD machine has been surprisingly stable since we set it up last year. We may have had a few instances where it would get into an undesirable state and need rebooting, but by and large its downtime has been attributable to hardware upgrades and power interruptions. Its integrated userspace/kernel space has provoked us to write some very interesting programs on that box that we would not have been able to create with an ordinary UNIX or clone.
What's interesting about the HURD is that, despite its departures from many UNIX conventions, its developers are striving to form a clean upgrade path from Linux to HURD. Likewise, many HURD features (like POSIX b.1 capabilities) have made it into Linux in recent years. It's too early to tell, but perhaps the future holds a merging of Linux with HURD in a couple of years.
~wally
- Private industry gives you more work and usually more challenging work than the government. Conversely, private industry pays better in general. I took a pay cut when I left Worldcom for NASA but I haven't worked a single weekend or evening so far (and it's been over a year now).
- I was a network engineer and they worked me to death. They use salaries to avoid paying you overtime when you get paged in the middle of the night and have to come in at 2am to babysit a router (it happened to me several dozen times). I don't mean to imply that I am p-whipped but my wife forced me to quit that job.
- Worldcom is in a competitive industry and they treat their employees like dirt. You'd be better off working for AT&T, who is the market leader (so they have more cash to throw around).
- Worldcom laid off 1/3 of my office (not including me). How did they do it? They deactivated the employees' access cards so they couldn't get back in after lunch. People got their belongings shipped back to them after several weeks. You be the judge.
- Worldcom consistently screws with payroll to save money. One of my former co-workers noticed one day that the company was taking out a few extra percentage points for Federal income tax, but that extra money didn't show up on his W2. He believes that the company adds a few dollars here and there to payroll deductions as a source of profit.
I could go on, but I won't. It's a Bad Place to Work(tm) and I'd never work there again. Even if I was desperate.~wally
From the Goldman paper:
Few companies who develop free software have proven themselves on Wall Street. The problem is not so much the profitability of free software itself, but rather the profitability of their misguided approach. Free software should be used to supplement a traditional, profitable strategy, rather than as the core strategy of a business.
This made a lot of sense to me. My sister worked at one of the failed Linux dot-coms and from what she described, it seemed like her company (to remain nameless) took the "Free Software first, business strategy second" approach. The only thing left of that company is a bunch of homeless guys and a couple Aeron chairs for sale on ebay. Ouch.
By contrast, one of the companies who had used Linux to their advantage in a profitable way is IBM. They started with a very profitable consulting division, and expanded it through judicious contributions to Linux. Their move to Linux saved them a lot of money in training costs, kept things standardized, and helped provide a united front against the competition (Microsoft, Sun, etc.).
~wally
These new chips coming from AMD are nothing short of amazing. While Intel struggles with their attempts to force a slower, proprietary memory architecture on PC users and push a weaker processing architecture, AMD is leading the market and producing technology that is faster, more reliable, and cheaper.
Unfortunately for AMD, better technology often loses to superior marketing forces. Several of my friends went to work for Dell after graduation, and they told me that their employer is not going to be supporting these new AMD offerings out of allegiance to Intel. Dell (and many other manufacturers, such as Gateway) are afraid of Intel cutting them out of the loop when supplies are tight so they give AMD second-rate status or drop support altogether. The problem also exists that many customers buy Intel exclusively, despite its low performance/price ratio.
The future isn't nearly as bright for AMD and TMTA as it should be. If our government actually punished companies for anticompetitive practices, things would be different. Maybe in 2004 it will be a priority for the new administration. But I am not holding my breath.
~walter
~wally
I'm not sure what the solution should be, but SOMEthing needs to be done. Since I first started using Red Hat Linux last year, I've had to rebuild the box three times because it was exploited. I've had to rebuild my Win2K box twice because I got trojans on it. I keep up with patches most of the time but the crackers don't need a big window of opportunity, especially on an @home network.
Cmdr, since you seem to oppose stricter rules on full disclosure, what do you think could be done to make things more secure for us here in the trenches (who don't want to become security experts just so they can run a PC)?
~wally