Seconded. I could spend more than an hour just on the multi-story spiral slide and in the grotto surrounding it.
Not to mention the stuff they host -- a children's circus, corner shoelace maker/store, papermaking and glassblowing exhibits. And at night, live music, or the outdoor firepits w/ marshmallows provided. One of the upper floors has been converted into condos. I still dream about living on top of that festival.
My only bad experience there was checking out their petting zoo / aquatic exhibit. Some of those animals seemed just this side of mis-treated.
I wonder if you're not in the US, because here we don't have the luxury of deciding not to pay our school taxes. They're (generally) bundled into the real estate tax & not paying results in liens on your house. The only option is to move to a different school district.
Check out the Shangri-La Diet, at sethroberts.net. Trick yourself into being less hungry.
Easy to try, and it's worked for me, as well as a heck of a lot of people on their forums.
You don't need the book, it's more an explanation of why it works. Just get some extra-light olive oil and start by taking a tablespoon in the middle of a 2-hour taste-free window (no gum, no toothpaste, no cigs, no food, no soda).
I personally was offended when my son joined a guild and they dropped him once they had enough guild members, only using him for the 10 signature requirement. In real life, I would hunt down that guild and grief them for eternity. Luckily, he never told me their names.
Sheesh... this happens all the time. Half the time people offer payment in general chat specifically for people to sign guild charters. The other half the time, some dork runs around a capital city asking every unguilded toon they see to sign.
Point being, your son probably wasn't asked to join a guild in any meaningful sense. Shame that he and/or you thought so.
I called Charter back as promised. Another hour-long call, quite frustrating that they don't seem to be keep sufficient call logs and made me repeat myself instead.
After the same initial confusion as last night, and then having to explain again why their ``opt-out'' option is not worthy of the name, I was given the IP addresses of what the supervisor called their ``master'' DNS servers and told to configure my computer to use those for DNS.
Maybe I shouldn't list them here, but what the hey:
209.225.8.42 209.225.8.43
As of now both of these work in the exepected way. It's a pain in the rear that I'm going to have to override the settings their DHCP service provides, but it's not as much of a pain as switching ISPs.
Hope this helps a few others.
P.S.: I actually had to throw the ``I'm going to update my post on slashdot'' card to get to a supervisor. They were initially willing to just transfer me to account services for my cancellation. So/. was actually useful for something. Wow.
I noticed this last night, called to complain about it, and spent over an hour on the phone with their tech support. First I had to convince them it was really happening and it was a change to their DNS, it wasn't some browser setting I had ``accidentally'' changed. So they apparently made this change without letting their 1st and 2nd level support know about it.
Then once I got high enough, they tried to weasel out of it with their lame opt-out solution, which even if it worked wouldn't help when I'm making non-browser-based connections. So I guess they want all of my typo'd telnet, ssh, ftp and ping commands to hit their search server instead?
At the end, I asked to be transferred to account services to cancel (gosh I hope Bell doesn't pull the same shit in a month), and the admittedly very understanding engineer begged for a day to look into a way to completely remove the feature from my account. So I'll be calling back tonight.
just fyi, OpenBSD's install fits on one floppy, and they've put a lot of effort into keeping it that small. Thus you won't see online help anytime soon.
JoeBlow needs to realize that the competent developers are already busy spending time working on SMP, better buffer caching, new architectures, entirely new network tools, testing IPv6 interoperability, solving real-world performance issues etc, etc, in addition to trying to stay ahead of the exploit race.
If JoeBlow is capable of fixing the printer system with a clean, well-implemented design that makes the pain of changing over worthwhile, I'm sure he'd be welcomed. But no one is unaware that the current printer system sucks. It's just not the kind of problem that motivates the volunteer developers.
It's not developer laziness, it's the simple fact that developer time is a scarce resource.
LKMs in OpenBSD aren't intended to cut the size of the kernel down, as with Linux.
From LKM(4):
Loadable kernel modules allow the system administrator to dynamically add
and remove functionality from a running system. This ability also helps
software developers to develop new parts of the kernel without constantly
rebooting to test their changes.
I get the idea that they're used much more in the second capacity than in the first; the default kernel (which users are strongly advised not to stray from) doesn't even enable Loadable Kernel Modules.
With programs that call other programs, and programs that wont work unless called from scripts, and so on, ldd rarely works.
Any program that doesn't work unless called from a script is fundamentally broken, sorry. Admittedly, ldd won't always show one everything necessary, but why not find out all the first-level dependencies at once rather than iteratively?
Your next statement is great... You say that developers keep their documentation up to date and fill with all need information, but now we have to go to mailing lists to get answers.
Developers keep their information up-to-date, but that information is only delivered to typical users at release dates, twice a year. It's not uncommon in mailing lists for people to speak up with problems that were previously unknown; when you don't have the infinite userbase of linux, those exotic problems aren't all going to get covered in the pre-release stage.
And if this how-to wasn't written, the beginners would have nowhere to go in the first place.
man -k linux. It returns exactly one hit: the compat_linux manpage. Not knowing "man -k" is no excuse when the first piece of mail delivered to root directs the user to read and understand the man manual page. Or if you miss that,/usr/bin/help displays an introductory manpage which also explains the importance of the man command.
How would you think they are going to come upon it in the first place and do you think it's the only document they'd find when looking for help?
I don't know, but since the other types of documentation are only available on the web as the results of cgi queries (archived mailings, man pages), a web search might just return only howto's such as this one.
First, on further study, I will grant that there is one new thing not mentioned in the man page: suggesting the iterative process of library hunting. However, the superior method (if you have access to a linux machine) of using a linux machine's 'ldd' command to divine all the libraries required is mentioned in the man page but not in the HOWTO.
On the other hand, there was recently a question (and answer, make that answers) on the mailing list about a linux emulation error, but no mention of the possible trip-up (which novices might well encounter) in the HOWTO.
The OpenBSD developers spend a lot of effort making sure their documentation is clear, up to date, and accurate; it's an extension of their security focus in the sense of: "code should always do exactly and only what the documentation says it does".
What bothers me most, honestly, is having a secondary source that doesn't make it clear that 1) it is a secondary source, 2) where to find primary sources.
The beginning user who reads this and finds it inadequate has no guidance of where to go for further, possibly updated, help.
One thing to add about the which-distribution question is that the linux_lib port is based on RedHat. Strictly speaking, that port isn't part of the "emulation layer", but it's biases matter to anyone who doesn't want to spend time gathering their own libraries.
UNIX:
The Open Group's specification isn't something they bless you with for free. It's like ISO-9001; you can follow the standard like a nazi, but it won't get your "certified" unless you pay to get the tests done and approved.
Better Source:
See the (Net|Free|Open)BSD port systems. Lots of smallish singular apps do compile cleanly on most any unix. But complex ones (do you realize how many dependencies Gnome has??) are just a pain in the ass. Don't get me started on GNU ``portability tools'' like libtool. The ports tree allows all BSD users to benefit from just a few people's porting efforts. And it doesn't depend on the goodwill of the software authors to incorporate patches, although that's always preferred.
Which Distro?:
The usual barrier to cross-distribution binaries, afaik, is library versions and/or config file placement. The emulation layer is distro-agnostic in that respect.
The emulation layer itself doesn't do much but support syscalls and convert kernel structures to what linux binaries expect. But in addition, every linux binary running sees an alternate version of the filesystem -- one in which the contents of "/emul/linux" override the rest. If "/emul/linux/foo" exists, linux binaries will access it rather than "/foo". That's how the linux_lib port works.
Gripe:
This is actually quite a disappointing document if you ask me. It doesn't say anything that's not easily available elsewhere. I know you linux types love having your hand held, but this question has been answered many times on OpenBSD's mailing lists, which are archived and searchable. And a more detailed explanation is available at my fingertips with the command man compat_linux. Or to the rest of you at OpenBSD's online manual pages.
There's an issue or three here that I think you might be missing.
OpenBSD, like all the BSDs, is maintained as a coherent system. They want to replace strncat with an less error-prone function, and change everything in the system to use it? Done. The ports tree is considered explicitly separate from this ``system''.
Second, nothing that is not essential will ever be included in that base system unless it's BSD-licensed.
The ports are considered untrusted by nature, so there's no issue of Theo or anyone else trusting your code audit.
GNUstep is an application, and I don't know its licensing terms but I think I could probably hazard a guess. If you want it to be part of the base system, then you're just SOL. If you want it to be a port, then there's almost nothing stopping you. Read the documentation on creating a port. Be aware that the port system is a bit of a moving target, so join the ports mailing list. Don't forget to search the archives before posting any questions.
Theo himself very rarely gets his hands dirty with the ports system; you'll learn who his generals are if you stay on the mailing list.
Re: the note about adding an old, insecure version of Apache.
These days, an audited version of Apache is included in the OpenBSD base. When you run httpd, that's Apache-1.12 (IIRC).
Same case with your MTA -- sendmail is included in the base install.
And, passwords -- OpenBSD has no default password policy. I don't even think that, at present, it has a mechanism for expiring passwords at all. They're not into preventing user/admin stupidity -- just code correctness/robustness.
But, of course, security is a process, and the worst thing you can do with an OpenBSD box is get overconfident. Audits aren't magic fairy dust.
It's time to realise who's got the power. It's not the governement, it's not the administration, it's the large multinational corporations. This poor guy being arrested is a good illustration of this.
This is exactly why we all need limited, principled government. When government whores itself out to (the people, money, other gov'ts, interest groups), we all suffer.
Firstly, no one has a right to speak using other people's resources. Usenet is based on mutually beneficial exchanges of articles. If some group abuses those exchanges, then the other parties have every right to halt it. It doesn't matter whether the accused are actually harming anyone; the only issue is whether they're acting in a manner that causes the other parties to cease to value the relationship.
Would you challenge my right to stop associating with a person whose company I no longer desired? For whatever reason?
And, to inject some reality into this discussion, if the AryanISP's posts were always on-topic, I would venture to say that any call for a UDP would be met with derision as politically motivated.
If, on the other hand, AryanISP's clients crossposted diatribes that did not fit into current discussions across a wide variety of groups whose topics of discussion do not relate to the issues of the diatribe, that would be legitimate spam. And if AryanISP did nothing about its spammers, then they just might face a UDP.
What is this awesome responsibility to which you refer? I guess it's the possibility of having Aryan's "civil rights" violated, but I think I've explained above why that is a non-issue. For me, at least.
IIRC, Browne has stated that one of his first steps would be the pardoning of all people in jail for victimless crimes.
There are also many, many executive orders he would be able to immediately suspend. The current stance on encryption? That's implemented by an executive order. A lot of "law" these days is created on a whim by the President. Exec. Orders are supposed to be for Mr Prez to issue directions on how to carry out congressional law. Problem is, when the laws are as vague and complex as they are, those EOs become powerful weap^H^H^H^Htools in the hands of the supreme executive.
I, personally, would sleep easier with a Lib president -- I think libertarian ideas on foreign policy are worth implementing. There was a paper at Cato a while back on how our tendency to intervene raises our risk of terrorist attacks (found it here).
And, I don't think anyone would expect real change with just a third-party Prez. It would be interesting to see the results of a mid-term congressional election though.
There are forms of denial-of-service attacks that result from generating many log events and creating huge logfiles. These can be averted if the logging (at least) is on a separate partition. Sendmail, for example, reacts badly to full filesystems. Also for security's sake, you may wish to mount/etc &/usr read-only after initial configuration is performed.
What I was trying to get across without becoming flamebait was: the GPL is strongly connected to the FSF and their gnu utilities. The BSD people tend to dislike the creeping featurism and code bloat in GNU utils.
Second, people who write code under BSD licenses do so because they believe that writing useful code is a higher goal than worrying about tit-for-tat. Yes, companies can rip their code off. But this happens much more often in the small case than the large.
For example, I have a friend whose job for several months was adapting OpenBSD's ftp server for his company's specific requirements. In the process he found several obscure bugs in the ftp code. Those bugs have been submitted to Open's developers. Things like that happen often enough that sticking to the GPL looks unwise and petty.
Slashdot Mirror
per se -- in itself
prima facie -- on it's face
Seconded. I could spend more than an hour just on the multi-story spiral slide and in the grotto surrounding it.
Not to mention the stuff they host -- a children's circus, corner shoelace maker/store, papermaking and glassblowing exhibits. And at night, live music, or the outdoor firepits w/ marshmallows provided. One of the upper floors has been converted into condos. I still dream about living on top of that festival.
My only bad experience there was checking out their petting zoo / aquatic exhibit. Some of those animals seemed just this side of mis-treated.
I wonder if you're not in the US, because here we don't have the luxury of deciding not to pay our school taxes. They're (generally) bundled into the real estate tax & not paying results in liens on your house. The only option is to move to a different school district.
Check out the Shangri-La Diet, at sethroberts.net. Trick yourself into being less hungry.
Easy to try, and it's worked for me, as well as a heck of a lot of people on their forums.
You don't need the book, it's more an explanation of why it works. Just get some extra-light olive oil and start by taking a tablespoon in the middle of a 2-hour taste-free window (no gum, no toothpaste, no cigs, no food, no soda).
FAQ post at forums: http://boards.sethroberts.net/index.php?topic=3398.0
You've been wrong, go to bed.
Sheesh... this happens all the time. Half the time people offer payment in general chat specifically for people to sign guild charters. The other half the time, some dork runs around a capital city asking every unguilded toon they see to sign.
Point being, your son probably wasn't asked to join a guild in any meaningful sense. Shame that he and/or you thought so.
I called Charter back as promised. Another hour-long call, quite frustrating that they don't seem to be keep sufficient call logs and made me repeat myself instead.
/. was actually useful for something. Wow.
After the same initial confusion as last night, and then having to explain again why their ``opt-out'' option is not worthy of the name, I was given the IP addresses of what the supervisor called their ``master'' DNS servers and told to configure my computer to use those for DNS.
Maybe I shouldn't list them here, but what the hey:
209.225.8.42
209.225.8.43
As of now both of these work in the exepected way. It's a pain in the rear that I'm going to have to override the settings their DHCP service provides, but it's not as much of a pain as switching ISPs.
Hope this helps a few others.
P.S.: I actually had to throw the ``I'm going to update my post on slashdot'' card to get to a supervisor. They were initially willing to just transfer me to account services for my cancellation. So
I noticed this last night, called to complain about it, and spent over an hour on the phone with their tech support. First I had to convince them it was really happening and it was a change to their DNS, it wasn't some browser setting I had ``accidentally'' changed. So they apparently made this change without letting their 1st and 2nd level support know about it.
Then once I got high enough, they tried to weasel out of it with their lame opt-out solution, which even if it worked wouldn't help when I'm making non-browser-based connections. So I guess they want all of my typo'd telnet, ssh, ftp and ping commands to hit their search server instead?
At the end, I asked to be transferred to account services to cancel (gosh I hope Bell doesn't pull the same shit in a month), and the admittedly very understanding engineer begged for a day to look into a way to completely remove the feature from my account. So I'll be calling back tonight.
I guess today is the day to finally listen to these...
http://www.teach12.com/ttc/EinsteinLectures.asp?a
just fyi, OpenBSD's install fits on one floppy, and they've put a lot of effort into keeping it that small. Thus you won't see online help anytime soon.
JoeBlow needs to realize that the competent developers are already busy spending time working on SMP, better buffer caching, new architectures, entirely new network tools, testing IPv6 interoperability, solving real-world performance issues etc, etc, in addition to trying to stay ahead of the exploit race.
If JoeBlow is capable of fixing the printer system with a clean, well-implemented design that makes the pain of changing over worthwhile, I'm sure he'd be welcomed. But no one is unaware that the current printer system sucks. It's just not the kind of problem that motivates the volunteer developers.
It's not developer laziness, it's the simple fact that developer time is a scarce resource.
From LKM(4):
I get the idea that they're used much more in the second capacity than in the first; the default kernel (which users are strongly advised not to stray from) doesn't even enable Loadable Kernel Modules.
Any program that doesn't work unless called from a script is fundamentally broken, sorry. Admittedly, ldd won't always show one everything necessary, but why not find out all the first-level dependencies at once rather than iteratively?
Your next statement is great... You say that developers keep their documentation up to date and fill with all need information, but now we have to go to mailing lists to get answers.
Developers keep their information up-to-date, but that information is only delivered to typical users at release dates, twice a year. It's not uncommon in mailing lists for people to speak up with problems that were previously unknown; when you don't have the infinite userbase of linux, those exotic problems aren't all going to get covered in the pre-release stage.
And if this how-to wasn't written, the beginners would have nowhere to go in the first place.
man -k linux. It returns exactly one hit: the compat_linux manpage. Not knowing "man -k" is no excuse when the first piece of mail delivered to root directs the user to read and understand the man manual page. Or if you miss that, /usr/bin/help displays an introductory manpage which also explains the importance of the man command.
How would you think they are going to come upon it in the first place and do you think it's the only document they'd find when looking for help?
I don't know, but since the other types of documentation are only available on the web as the results of cgi queries (archived mailings, man pages), a web search might just return only howto's such as this one.
On the other hand, there was recently a question (and answer, make that answers) on the mailing list about a linux emulation error, but no mention of the possible trip-up (which novices might well encounter) in the HOWTO.
The OpenBSD developers spend a lot of effort making sure their documentation is clear, up to date, and accurate; it's an extension of their security focus in the sense of: "code should always do exactly and only what the documentation says it does".
What bothers me most, honestly, is having a secondary source that doesn't make it clear that 1) it is a secondary source, 2) where to find primary sources.
The beginning user who reads this and finds it inadequate has no guidance of where to go for further, possibly updated, help.
One thing to add about the which-distribution question is that the linux_lib port is based on RedHat. Strictly speaking, that port isn't part of the "emulation layer", but it's biases matter to anyone who doesn't want to spend time gathering their own libraries.
The Open Group's specification isn't something they bless you with for free. It's like ISO-9001; you can follow the standard like a nazi, but it won't get your "certified" unless you pay to get the tests done and approved.
Better Source:
See the (Net|Free|Open)BSD port systems. Lots of smallish singular apps do compile cleanly on most any unix. But complex ones (do you realize how many dependencies Gnome has??) are just a pain in the ass. Don't get me started on GNU ``portability tools'' like libtool. The ports tree allows all BSD users to benefit from just a few people's porting efforts. And it doesn't depend on the goodwill of the software authors to incorporate patches, although that's always preferred.
Which Distro?:
The usual barrier to cross-distribution binaries, afaik, is library versions and/or config file placement. The emulation layer is distro-agnostic in that respect.
The emulation layer itself doesn't do much but support syscalls and convert kernel structures to what linux binaries expect. But in addition, every linux binary running sees an alternate version of the filesystem -- one in which the contents of "/emul/linux" override the rest. If "/emul/linux/foo" exists, linux binaries will access it rather than "/foo". That's how the linux_lib port works.
Gripe:
This is actually quite a disappointing document if you ask me. It doesn't say anything that's not easily available elsewhere. I know you linux types love having your hand held, but this question has been answered many times on OpenBSD's mailing lists, which are archived and searchable. And a more detailed explanation is available at my fingertips with the command man compat_linux. Or to the rest of you at OpenBSD's online manual pages.
Here's the main point, before we even get started: This project should be scrapped, there are easier and better ways to do what is being done here.
"And what have you done so far?"
If you have a better idea, then by all means, implement it.
OpenBSD, like all the BSDs, is maintained as a coherent system. They want to replace strncat with an less error-prone function, and change everything in the system to use it? Done. The ports tree is considered explicitly separate from this ``system''.
Second, nothing that is not essential will ever be included in that base system unless it's BSD-licensed.
The ports are considered untrusted by nature, so there's no issue of Theo or anyone else trusting your code audit.
GNUstep is an application, and I don't know its licensing terms but I think I could probably hazard a guess. If you want it to be part of the base system, then you're just SOL. If you want it to be a port, then there's almost nothing stopping you. Read the documentation on creating a port. Be aware that the port system is a bit of a moving target, so join the ports mailing list. Don't forget to search the archives before posting any questions.
Theo himself very rarely gets his hands dirty with the ports system; you'll learn who his generals are if you stay on the mailing list.
Re: the note about adding an old, insecure version of Apache.
These days, an audited version of Apache is included in the OpenBSD base. When you run httpd, that's Apache-1.12 (IIRC).
Same case with your MTA -- sendmail is included in the base install.
And, passwords -- OpenBSD has no default password policy. I don't even think that, at present, it has a mechanism for expiring passwords at all. They're not into preventing user/admin stupidity -- just code correctness/robustness.
But, of course, security is a process, and the worst thing you can do with an OpenBSD box is get overconfident. Audits aren't magic fairy dust.
Hear, hear! I don't care if there's a boycott or not -- none of the money I earn is going to make it into the plaintiffs' hands.
I just couldn't enjoy a movie, or trust a CNN reporter, while this bullsh*t keeps happening.
This is exactly why we all need limited, principled government. When government whores itself out to (the people, money, other gov'ts, interest groups), we all suffer.
Would you challenge my right to stop associating with a person whose company I no longer desired? For whatever reason?
And, to inject some reality into this discussion, if the AryanISP's posts were always on-topic, I would venture to say that any call for a UDP would be met with derision as politically motivated.
If, on the other hand, AryanISP's clients crossposted diatribes that did not fit into current discussions across a wide variety of groups whose topics of discussion do not relate to the issues of the diatribe, that would be legitimate spam. And if AryanISP did nothing about its spammers, then they just might face a UDP.
What is this awesome responsibility to which you refer? I guess it's the possibility of having Aryan's "civil rights" violated, but I think I've explained above why that is a non-issue. For me, at least.
IIRC, Browne has stated that one of his first steps would be the pardoning of all people in jail for victimless crimes.
There are also many, many executive orders he would be able to immediately suspend. The current stance on encryption? That's implemented by an executive order. A lot of "law" these days is created on a whim by the President. Exec. Orders are supposed to be for Mr Prez to issue directions on how to carry out congressional law. Problem is, when the laws are as vague and complex as they are, those EOs become powerful weap^H^H^H^Htools in the hands of the supreme executive.
I, personally, would sleep easier with a Lib president -- I think libertarian ideas on foreign policy are worth implementing. There was a paper at Cato a while back on how our tendency to intervene raises our risk of terrorist attacks (found it here).
And, I don't think anyone would expect real change with just a third-party Prez. It would be interesting to see the results of a mid-term congressional election though.
There are forms of denial-of-service attacks that result from generating many log events and creating huge logfiles. These can be averted if the logging (at least) is on a separate partition. Sendmail, for example, reacts badly to full filesystems. /etc & /usr read-only after initial configuration is performed.
Also for security's sake, you may wish to mount
What I was trying to get across without becoming flamebait was: the GPL is strongly connected to the FSF and their gnu utilities. The BSD people tend to dislike the creeping featurism and code bloat in GNU utils.
Second, people who write code under BSD licenses do so because they believe that writing useful code is a higher goal than worrying about tit-for-tat. Yes, companies can rip their code off. But this happens much more often in the small case than the large.
For example, I have a friend whose job for several months was adapting OpenBSD's ftp server for his company's specific requirements. In the process he found several obscure bugs in the ftp code. Those bugs have been submitted to Open's developers. Things like that happen often enough that sticking to the GPL looks unwise and petty.