Read his comment again. Does it contain any content? No, it does not. It makes a few obtuse, generic, meaningless comments with no specifics. He gets a +5 for claiming to have a PhD?
Well, I have an IQ of 156, a PhD, a JD, an MD, a CCIE, and I've been using Linux since before kernel 0.01.
I like dselect. Moderate away.
I think it's probably more informative to look at the "negative" responses (those that didn't add to my score). I'd say I'm average at "reading" other people: I can usually "read between the lines" when they're talking, but I sometimes have difficulties telling when others are bored of hearing me go on and on about some technical matter. I also can't remember other people's birthdays or phone numbers:)
I think this "test" is bullshit. I have zero difficulties communicating: I'm good enough at writing that I usually don't need anyone to proof what I write, and I'm fairly good at proofing and correcting what others have written. I really hate social situations, but I can fake it if needed (examples: some friends tried to take me out to a "club" - absolutely hated it and could not stand one second of it; but if there's a point to a social situation (like a meeting) I do fairly well).
My objections to this test is that it does not try to measure aptitude, but rather preferences. I'm excellent at communication when there's a purpose to it, but I cannot stand pointless social chit-chat. I can, however, "fake it" when needed, such as at a job interview.
Do I have a disorder? Absolutely not. I may be a bit introverted, but that does not in any way deter from communicating succintly and clearly. How is it in any way a "disorder" if I'm very adept at important communication, but I prefer avoiding pointless social situations?
Sometimes I really have to question these psychologists. The human mind is far too complex to facilitate analysis by simply grouping together people based on similar answers to questionnaires.
I realize IQ tests work in the exact same way, but I don't have any problems with IQ tests since my IQ test showed me in a very favorable light:)
The way it is currently implemented, the systrace program reads a policy file associated with particular programs and makes decisions that way.
Stupid question: how does this work? How do you figure out what program is running?
Are you checking device + inode? Simple string comparison on filenames may not work correctly with chroot. Device + inode may not work correctly with hard links.
Port 135 is not messenger. Messenger is an RPC service and port 135 is the RPC port locator on Windows (like portmap on unix). Messenger can use any port at all - blocking port 135 works because client machines connect to port 135 to locate the port that the messenger rpc service is running on. Blocking port 135 may stop a bunch of other things from working, but net stop messenger stops just messenger.
Not that I really care - I would just cut off the port and then worry about only if someone complains.
As I was researching this idea, I just realized that this would not play nice with XSHM (which is quite unfortunate, since XSHM is so prevalent).
I just looked into how xmove works, and it does it by using a pseudo-server, just like VNC. This makes sense since the things it must do would touch all parts of the server if it were built-in. However, VNC still works with XSHM - there must some voodoo going on here, requires investigation.
The problem is that the X client stores almost nothing about its state, the X server stores all that information.
I don't see how this could in any way be considered a problem. It's the reason why this could work. You cannot control client applications or how client applications "keep state", but you can control how the server keeps this state (bunch of pointers and structs) and encode that in some way. This should be transparent at the Xlib level, or it simply won't work with "legacy" applications (eg, all existing X client software).
He has a very good idea and I believe this is workable. There is no problem with buffering or network latency: just have "xmove" (or whatever you call the application) tell xlib to XFlush() for client Y; stop marshalling events for client Y; tell the X server that client Y is attached to (server 1) to encode the information; transfer that information from server 1 to server 2; tell Xlib that client Y is now connected to server 2; Xlib starts processing events again.
The problem would be some way to tell Xlib to flush and stop/start on the client side. Xlib is not re-entrant, so you can't make Xlib calls from a signal handler. If the application is still responding to X events, you could simply integrate a check for this in Xlib's event loop (XNextEvent()). If the client isn't responding to X events, you probably don't want to transfer it to another machine anyway:)
Other problems: the client application may keep some state, such as screen number, or it may peek into the Display pointer (very naughty), or it might have colormap indeces. I believe this could be solved by some indirection: Xlib translates colormap entry X into colormap entry Y before sending it to server 2 which has a different colormap setup from server 1. Things may get nasty if the servers are running at different depths or support different extensions.
This is very interesting and I believe it is indeed possible. I may look into implementing this, but right now I'm stealing ideas from ratpoison to add to my own window manager:)
there are two major advantages to this design: menus are always in the same place, and one menu bar takes up less screen space than multiple menu bars
These advantages are nearly irrelevant compared in importance to the real reason why the menu is at the top in MacOS. The reason the Mac has a menu bar at the top of the screen is because this permits an infinitely large target area for clicking. There is no point to the menu bar at the top if the very top pixel of the screen is not clickable. Observe an experienced Mac user for a bit and you'll see that they never "aim" for the menu bar but rather "throw" their cursor toward the top of the screen.
This is not an intuitve concept and lots of people get it wrong. Examples include many of Microsoft's products that allow a full-screen view but do not make the top pixel of the menu or toolbar clickable, and how the very bottom pixel of taskbar buttons and the start menu in Windows is not clickable. KDE has been offering a menu-at-the-top feature for quite a while now, but it is only recently that the top pixel has been made clickable (they did this by moving the entire menu up three pixels - apparently, it was not possible to specify that the widget should not have any unclickable border, which indicates an underlying problem with the toolkit design).
This has to do with Fitts Law. Click here for the google search and read the first two links. Both links show experimental data reinforcing the theory.
Note: I don't like Macs very much (hardcore unix guy, wrote my own window manager, my desktop looks like the Freshmeat ratpoison story from earlier today), but this research actually makes sense.
Does anyone know of a console-land type of setup, a "getty"-ish app, perhaps, that would let me log in, start a task (say a big compile), detach, and then reattach later to 'check up on it'?
This is precisely what GNU screen allows you to do. You start some long task, detach from it, and re-attach later. Greatest thing is that you don't need to re-attach from the same machine - start that big compile at work and check on it from home (without having to run "script", or redirecting output, etc).
GNU screen has nothing to do with X11: you can start the compile on the console and check on it from an xterm (it takes care of differences between xterm and Linux/BSD consoles all by itself).
Wonderful little program. Learn it by starting screen and then typing control-A, question mark.
You again. Excellent troll, but you need to choose a different motif for your nicks.
For the uninitiated: that is not perl. It is line noise with some perl operators, bundled into a cleverly-masked troll. This guy is an old sport at this, previously using the name "PhysicsGenius". Check his (short) user history, and
this guy's posting history. I simply cannot believe that moderators would be so idiotic as to mod this stuff up, so my conjecture is that he has two accounts: one to troll, and another serious account with mod points. It may be interesting to correlate average time between mod points to his posting history.
Relevant anecdote: the original OpenSSH sources had an "RSA in six lines of perl" in a comment of one of the source files. Theo removed that in some version. A little too much angst there, if you ask me - this stuff is supposed to be fun.
You're probably the first person to respond to my OS X rants with a reasonable and thought-out response and a suggestion as to how to proceed.
This is somewhat ironic, as I was in the middle of composing a reply to your first comment when I read your second comment. I'm including my reply below (although it's vitriol, sometimes it's fun to read vitriol).
OS X isn't as bad as I make it out to be. The nicest thing is that a number of the bullet points I've used for rants in the past have subsequently been fixed by Apple's newer releases. The Objective C Cocoa APIs are also quite amazing, even though it took me some time to figure out how to get a vi/zsh/make development environment working rather than relying completely on the GUI stuff (which is very nice for dialog design type stuff but will never replace my beloved vi). Comparing the Cocoa APIs to something like GTK really shows how advanced some of their stuff is.
Although it probably won't replace my Solaris and FreeBSD workstations, OS X might find a place alongside them. I'll try to be more understanding. After all, almost anything's better than win32 programming:)
Original rant:
I've read the man page for ditto. I make a point of scanning through all the man pages whenever I encounter a new system. (A bit off-topic, but OS X's man pages are ridiculously outdated, and, in many cases, misleading: OS X 10.2 has man pages for XFree86 commands that don't appear, and have nothing to do with OS X, the man page for 'passwd' does not mention that the command does not do anything after the system has booted and does not contain a pointer to netinfo, and so on.)
Ditto does not work with pipes - it only works for copying from one local filesystem to another local filesystem (does not even work reliably over AFP). There is no flag that says "output to standard out" because it does not any internal encoding of data, but rather just uses Mac APIs. It's also pretty obvious that these tools weren't written for unix users: ditto is completely useless unless you specify the flag to preserve HFS forks (by default, it's exactly equivalent to the tar command line I demonstrated above, so it's quite pointless). The flag to preserve HFS forks is something like "-rsrcFork". Am I expected to type that? Name one other Unix command that uses StudlyCaps for flags.
More importantly, how am I supposed to remember that? How is this "friendly" in any sense of the word? If they thought that it would be "friendlier" to make the flag longer, they could have spelt it out in its entirety: "-resourceFork" or "-resource-fork". What's wrong with the convention that critical flags use only one character: "-r".
It also does not comply with SUSv2 recommendations for command-line flags.
CpMac is no better. These commands make me feel like I'm using Java, not zsh.
How difficult would it be to provide, with the OS, a simple command that would encode forked files into some flat format? Not very difficult at all.
So if you don't have any legacy apps, you can run an entire OS X system on UFS.
WRONG.
Try using Apple's Remote Desktop or Mozilla on UFS. Lots of applications break on UFS, and not "legacy" applications, but native, new applications. If even Apple's Remote Desktop software won't work with UFS, how much luck do you think you'll have with large commercial applications like Adobe's stuff?
I won't even mention the performance problems with UFS on OS X.
Why would you care? Because you cannot access forks when using standard unix programs on HFS systems. Do this: install some largish application, such as Office on a UFS machine. Create a tarball of the.app directory. Now untar this tarball on a HFS system. Works fine. However: try creating a tarball on an HFS system. You can't.
So, what am I supposed to do? Am I supposed to use your pretty little tools like Stuffit Expander? Go ahead and try using stuffit using an ssh session logged in from a Windows box across the city. Am I supposed to download some inane perl script to do this? And am I expected to download this perl script whenever I want to distribute that archive to another machine?
OS X does not give you any ability to do the most basic filesysem manipulation in any meaningful fashion without ridiculous third-party tools, most of which were designed for a specific purpose unlike the standard unix tools which I can use to make backups, "image" machines, distribute archives, duplicate directory hierarchies, and a host of other things.
If you've never typed
tar -cf - . | (cd/mnt; tar -xf -)
then you won't understand that OS X is deficient as a Unix operating system.
Re:Music Notation vs Intuative
on
Blender Is GPL
·
· Score: 2, Insightful
Music notiation is an anachronism.
So, you're advocating something akin to guitar tab which displays the lengths of notes. (Disclaimer: I play classical guitar as a hobby and have zero tolerance for tab.)
Tell me this: with tab, how can you tell, just by looking at the score, in which key the piece is played? If your primary purpose in reading music is to reproduce the sounds a composer wrote down, then tab (or your variation of tab) may suffice, but it does not suffice for conveying music. It certainly won't help if you want to try to improvise off the score. It won't help if you want to try to analyze the music, to find patterns, to figure out a composer's "style", etc. How can you tell, by looking at tab, that a composer has moved from one key to another but is still developing the same motif in the new key?
Tab (and variations of it) have been around may years (perhaps even longer than standard notation - this would require some research, but I recall that music for the first string instruments was written using some sort of tab). The reason it's been supplanted by standard musical notation is because standard score is better. It's taken a long time to develop standard notation and it may be difficult for beginners because it's meant to convey a lot of other things which aren't too important when you're trying to figure out how to tap out greensleeves on a keyboard.
Learning to read score does, unfortunately, take time, but so does learning music.
I also use vi and would leave any job that required me to code in that hyped-up notepad variant which is called Visual Studio (leave the home row to use the ARROW KEYS!?). I have no idea about any of this 3-D stuff (I understand the math, but that's about it), but I trust that the professionals in the domain have quite different needs than the amateurs.
Last time I said this it started a huuuge flamewar.
I've done this. Basically, set up public email/web kiosks.
Password-protect the BIOS. People will mess with this.
Be careful with the boot manager. Make sure people can't pass kernel arguments (eg "linux init=/bin/sh"). Grub allows you more options than lilo in this direction.
Modify all boot scripts to ensure there is no way to get an interactive shell at boot.
Use some filesystem that's resilient to reboots. People will reboot the machines (unplug them) all the time, so use ReiserFS or ext3.
You'll probably have more than one person managing these machines. Try looking into pam_ldap, or pam_krb5 (whatever is appropriate for your organization) along with pam_listfile, so that only two or three people know the root password.
Browsers aren't meant to do this. For instance, you can type in a URL like "file:///" and use the browser as a file manager. Prevent this by running the web browser in a chrooted environment.
Disk space may be low on older machines, so don't copy files to the chrooted environment - hard link them instead (hard links work across chrooted environments). Basically, what you do is "ldd browser" and hard link all those libraries into the chrooted environment. Then run the browser, see what files it requires (eg,/etc/resolv.conf, any shared libraries it loads itself using dlopen(3), and so on), hard link those files and continue until you have a working environment.
Also on the browser end, you may have difficulties finding a browser that will run quickly enough on older hardware. Mozilla and Konqueror are sluggish on my Athlon XP 1800+, so they are quite out of the question. I also had little success with Opera, and I'll tell you now that Netscape 4.x may be your only viable choice.
I wrote my own window manager custom to the task. I would recommend that you run a window manager that you KNOW won't launch any other programs unless you specifically make it do so. Look into wm2, and then modify it (it's very clean code) so that it will never start up xterm and so the root menu shows a list of allowed programs (browser, ssh to read mail, etc).
You may also want to allow people to read mail using SSH. Remember to disable the "escape" character for ssh so people can't drop into a shell. I wrote a small front-end to ssh that pops up a GUI asking for username and password (and I modified SSH to take the username and password from the GUI using unix domain sockets). People really appreciated the little GUI, but there are some issues involved in this and you need to be experienced in Unix/C (openssh nowadays comes with its own program that pops a GUI asking for password, but it behaves in such an unfamiliar way (eg, not like Windows or MacOS where you two text boxes asking for username and password at once and the password field shows you how many characters you've typed) that it's completely useless for this situation).
I used tar to image the machines. I couldn't use a dedicated IDE drive duplicator since the drives were different sizes and I NEEDED all the space I could get on the drives. It basically goes like this: put src and target drives in machine, boot off src, fdisk/format target, mount target on/mnt, and then do cd/; tar -cf - bin usr var lib etc | (cd/mnt ; tar -xvf -). Make sure you don't specify proc or any other directories you don't need and then remember to create/mnt,/tmp, and so on the target drive. This doesn't take long and you can train a plentiful non-unix person to help you do it.
Don't expect great success. Most of your users (especially those that don't have computers) will have never seen anything that's not MacOS or Windows and they won't like the systems simply because they look unfamiliar.
Anyway, I'm a coder, not admin, at heart, so I ended up doing a lot of custom code (custom window manager, SSH front-end, stuff to get netscape to start up chrooted, etc) and it was a big time sink for the little benefit that it provided (people didn't like using the kiosks). Have fun.
My main workstation uses an IBM Model M keyboard, It says "Copyright (C) IBM 1984" on the back.
This keyboard is the opposite of the keyboard in the article. It has buckling metal springs, and makes a very loud CLICK (more appropriately, BANG) whenever you hit a key. If you put enough pressure on a key, it goes down all the way to the bottom, but the key won't move at all until you've put enough pressure on it. This means you always know whether or not you've hit a key, whereas this is not possible with plastic-type keyboards.
Do this: type a paragraph into a text editor, without looking at the screen and without looking at your keyboard (you can backspace, ^W, etc. if you make a mistake, but you can look at neither the monitor nor the keyboard). See how many mistakes you make. I make ZERO mistakes on my Model M, since I know exactly which keys I've hit (eg, proper feedback). I often have great fun by staring blankly at people when I'm firing off an email (using vi, which is perfect for terrifying the non-unix types).
The Model M improves my typing speed substantially. People cower in fear when I'm typing in the same room as they are, as it sounds like an assault rifle (I type very fast).
Never had carpal tunnel, and I've been doing this most of my life (8 or more hours a day of C coding and unix administration for the past few years). Don't know what my secret is, other than that I move my arms around (keyboard in lap, under desk on keyboard tray, on top of desk, behind my head like Jimi Hendrix, etc.).
I love my Model M. Only keyboard which gives it any competition is the Sun Type 5, but I no longer work with Suns very often.
Actually, I just tested this, and we're both wrong. I haven't found a browser that does that string manipulation, and I also haven't found a server that does a redirect.
Type in http://server.com/somedir/../ into a Netscape and the browser sends a request for exactly that, and apache and thttpd respond with exactly that directory (eg, equivalent to the web root, assuming "somedir" exists). Test it with a sniffer if you don't believe me (I'm using Netscape 4.x for Unix (please, no comments) - perhaps other browsers actually do the string manipulation, but if Netscape 4.x sends that out, I'm sure all servers deal with it). I'm certain apache must be doing some sort of string manipulation internally since it has to figure out whether or not you're requesting something in its web space (eg, to prevent fetching/../../../etc/passwd). I'm not sure how well this works, because such string manipulation would become more difficult with UTF-8 and URI-encoding (where there's more than one representation for a character).
Actually, now that I think of it, this is probably what these things are trying to exploit:
GET/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir HTTP/0.9
Looking through one page of a server's logs, I see three different variants of the above request, from three different IPs, all within an hour:)
And probably doesn't have good security against imposters or man-in-the-middle attacks
Nice of you to assume that.
It uses public-key crypto. The public key is indeed built into the bytecode, but it would be much easier to simply download the.java file that I provide for the user to peruse. In order to use any kind of symmetric block cipher, that would entail finding a way to securely transmit the key, which would probably mean bidirectional communication, which means more work - so don't use symmetric crypto. I explained the parameters of the problem: only two transactions need to be encrypted from the client to the server (eg, user types in their password), so taking the performance hit of public-key crypto is not an issue.
It uses a very simple protocol (see if you can recognize this): along with the plaintext, client also encrypts their world-visible IP and a timestamp. Server decrypts ciphertext and makes sure IP matches up to the client that sent it and that timestamp is within a few minutes of the actual time. If Eve intercepts the communication, and is able to masquerade as client, she can only send duplicate transactions for a few minutes (due to the timestamp).
Can you recogize this protocol? If you can't, perhaps you should think twice about immediately criticizing someone you don't know. (Hint: Kerberos v4).
I actually added another bit to this: server also sends to the client an integer, which client sends back encrypted. Each time server sends the integer, it increments it, and when client sends that integer back, server compares that to a list of recently sent-back integers,
so that prevents the above passive attack (which Kerberos v4 is susceptible to) - eg, in order to duplicate a transaction, Eve must prevent the transaction from reaching the destination in the first place, and even then she can only send that transaction once within a few minute window (after she has set up IP spoofing - which is not trivial). After all that work, all Eve managed to do is relay the transaction as if it reached the intended destination in the first place.
Of course I'm simplifying here since I've already typed enough (it gets a bit more complex because it correctly deals with NAT). Basic point is that you shouldn't make assumptions.
I'm not certain about that. I thought it was actually the other way around. Quoting RFC 2616:
10.3.2 301 Moved Permanently
The requested resource has been assigned a new permanent URI and any
future references to this resource SHOULD use one of the returned
URIs. Clients with link editing capabilities ought to automatically
re-link references to the Request-URI to one or more of the new
references returned by the server, where possible. This response is
cacheable unless indicated otherwise.
(301 is the permanent redirect I was talking about and is what apache generates on "redirect permanent" statements.)
I recall doing some tests with a few browsers a couple years ago, and I actually noted that none of them update their bookmarks no matter what you do. Situation may have improved in the meantime.
When you do this:
<
META HTTP-EQUIV="refresh" CONTENT="N;URL=http://www.foo.com/foo.html">
(which is what I mean by "client-side redirect") I would say it's a very bad idea for a user agent to update a bookmark since that is used for a number of other things (eg, auto-refreshing pages like a webcam, etc.).
send everyone your CA certificate and have them all import it into their browsers (all browsers support this, I believe).
No, IE for Mac Classic does not support this.
I tried the self-signed thing, but it's a HUGE PITA. Then I found that about a quarter of our users (those with Macs) could not import the cert.
I ended up writing a home-grown java-applet-based encryption thing. Works on all major browsers, doesn't require any support time (which was a huge deal, we were large and very decentralized), doesn't require computer-savvy user to import cert themselves, doesn't require dealing with a CA (which was also a big deal since we had 15 web servers that needed to run the exact same thing (long story)).
We only needed encryption for a couple very specific transactions (not the entire session) and it worked very well.
Apropos of the ugly-URL story: this applet would take user input, encrypt it, encode it into base-36 and then redirect the browser where the encrypted string was passed via GET. URLs ended up being about 300 characters long and looked like this:
http://site.com/x.php?c=897aasdf698sad897b789l2345 jkh3lk45h345
and so on. Worked beautifully:)
I take this even one step further: I make every page into a directory. Thus, you would never see "/foo.html" or "/foo/index.html", but just simply "/foo/". The final slash is optional, but what happens when a user doesn't include a final slash is that the browser asks for "/foo" and the server responds with a redirect to "/foo/" and the browser then proceeds to ask for and download "/foo/" (so always specifying a final slash never hurts).
The advantage is that this makes it easier to move between content management systems without breaking links or maintaining loads of redirects. Eg, if my site goes from php to zope, I don't need to change any links or create any redirects for outside people that linked to us or users that bookmarked a page. This also means that if you adopt this scheme for your 100% static html pages and then decide to go to php (or whatever) you don't need to make page redirects, symlinks, permanent redirects, etc.
I also only specify absolute URLs that don't include the server name (not sure of the correct terminology, but I mean "/foo/bar/" instead of "../bar/" or "http://server/foo/bar/"). This makes it easy to mirror a set of pages on a different server (for instance, if you have a database app that you MUST run on a specific server but you want to make it look like it's running on your main front-end server). I've tried working with non-absolute URLs ("../foo/"), and this made it very easy to move entire sets of pages to different directory hierarchies or different servers, but it's quite a PITA to actually write pages like that (and it also creates a redirect, like not including the final slash). Anyway, the point is that you should always be aware of the issue when writing pages as consistency saves time in the long run.
Anyway, these two things have come in quite handy in a number of situations.
Final pet peeve: never use client-side redirects, always use server-side permanent redirects. Client-side redirects break the "back" button. Client-side redirects are a sure sign of someone who can't grok.htaccess.
My University experience was quite different (I was also a full-time employee for the Uni after I graduated, doing programming and unix system administration). This was a private Ivy-caliber institution (you could probably find out which one if you looked hard enough).
When a server which housed our primary username/password database was comprimised, they went through a huge rigamarole, having all 20000+ students, staff, faculty, etc change passwords. They said they were "obliged by federal law" to protect student records, and they took it seriously (IANAL).
Of course, they ripped off students in various ways.
I'm fairly certain my information was never sold, and I would be enraged if they did such a thing. I never received any credit card offers after I opted out with the credit reporting agencies. I didn't get any advertisements for any graduation stuff (only official university stuff - even the offers for graduation pics and videos came through the University, not the company that did the photos). The only junk mail (postal) that I got was from people who got my address through other means (Dr. Dobbs subscription, ordering electronics equipment online, etc). I also received zero spam (electronic) as I took various precautions to ensure my primary email address was not available off-campus. The online student directory (which I had a part in writing) had various features to prevent spambot harvesting. Our telephone system blocked caller ID (PITA for those with "privacy manager").
If you believe, even for a moment, that your university would sell your data, you should look into transferring. Any place that would do that cannot be considered an academic institution on ethical grounds. I'm serious: if you think your university is capable of such a thing, look into transferring.
Secondly, your university is most likely a non-profit organization, which grants it certain tax benefits. I believe selling student data to marketing droids would challenge the university's non-profit status, which means big bucks. You should look into this because the university's non-profit status determines a lot of policy decisions.
Also, fuck speed. Never buy 7200 RPM drives - get 5400 RPM drives instead. They last longer. If you're worried about the speed, get more memory (for disk caching). My time is far more precious than a 0.1% performance increase on some random server (and the time it takes to restore a backup for some random server at 04:00 Saturday night/Sunday morning is very precious time).
Slashdot Mirror
Oh. My. God. Moderators on crack.
This guy is a troll. Look at his previous posts. Look at this one and this one. Now, look at this guy's posting history.
Read his comment again. Does it contain any content? No, it does not. It makes a few obtuse, generic, meaningless comments with no specifics. He gets a +5 for claiming to have a PhD?
Well, I have an IQ of 156, a PhD, a JD, an MD, a CCIE, and I've been using Linux since before kernel 0.01. I like dselect. Moderate away.
I think it's probably more informative to look at the "negative" responses (those that didn't add to my score). I'd say I'm average at "reading" other people: I can usually "read between the lines" when they're talking, but I sometimes have difficulties telling when others are bored of hearing me go on and on about some technical matter. I also can't remember other people's birthdays or phone numbers :)
I think this "test" is bullshit. I have zero difficulties communicating: I'm good enough at writing that I usually don't need anyone to proof what I write, and I'm fairly good at proofing and correcting what others have written. I really hate social situations, but I can fake it if needed (examples: some friends tried to take me out to a "club" - absolutely hated it and could not stand one second of it; but if there's a point to a social situation (like a meeting) I do fairly well).
My objections to this test is that it does not try to measure aptitude, but rather preferences. I'm excellent at communication when there's a purpose to it, but I cannot stand pointless social chit-chat. I can, however, "fake it" when needed, such as at a job interview.
Do I have a disorder? Absolutely not. I may be a bit introverted, but that does not in any way deter from communicating succintly and clearly. How is it in any way a "disorder" if I'm very adept at important communication, but I prefer avoiding pointless social situations?
Sometimes I really have to question these psychologists. The human mind is far too complex to facilitate analysis by simply grouping together people based on similar answers to questionnaires.
I realize IQ tests work in the exact same way, but I don't have any problems with IQ tests since my IQ test showed me in a very favorable light :)
Stupid question: how does this work? How do you figure out what program is running? Are you checking device + inode? Simple string comparison on filenames may not work correctly with chroot. Device + inode may not work correctly with hard links.
Just curious.
Port 135 is not messenger. Messenger is an RPC service and port 135 is the RPC port locator on Windows (like portmap on unix). Messenger can use any port at all - blocking port 135 works because client machines connect to port 135 to locate the port that the messenger rpc service is running on. Blocking port 135 may stop a bunch of other things from working, but net stop messenger stops just messenger.
Not that I really care - I would just cut off the port and then worry about only if someone complains.
I just looked into how xmove works, and it does it by using a pseudo-server, just like VNC. This makes sense since the things it must do would touch all parts of the server if it were built-in. However, VNC still works with XSHM - there must some voodoo going on here, requires investigation.
I don't see how this could in any way be considered a problem. It's the reason why this could work. You cannot control client applications or how client applications "keep state", but you can control how the server keeps this state (bunch of pointers and structs) and encode that in some way. This should be transparent at the Xlib level, or it simply won't work with "legacy" applications (eg, all existing X client software).
He has a very good idea and I believe this is workable. There is no problem with buffering or network latency: just have "xmove" (or whatever you call the application) tell xlib to XFlush() for client Y; stop marshalling events for client Y; tell the X server that client Y is attached to (server 1) to encode the information; transfer that information from server 1 to server 2; tell Xlib that client Y is now connected to server 2; Xlib starts processing events again.
The problem would be some way to tell Xlib to flush and stop/start on the client side. Xlib is not re-entrant, so you can't make Xlib calls from a signal handler. If the application is still responding to X events, you could simply integrate a check for this in Xlib's event loop (XNextEvent()). If the client isn't responding to X events, you probably don't want to transfer it to another machine anyway :)
Other problems: the client application may keep some state, such as screen number, or it may peek into the Display pointer (very naughty), or it might have colormap indeces. I believe this could be solved by some indirection: Xlib translates colormap entry X into colormap entry Y before sending it to server 2 which has a different colormap setup from server 1. Things may get nasty if the servers are running at different depths or support different extensions.
This is very interesting and I believe it is indeed possible. I may look into implementing this, but right now I'm stealing ideas from ratpoison to add to my own window manager :)
These advantages are nearly irrelevant compared in importance to the real reason why the menu is at the top in MacOS. The reason the Mac has a menu bar at the top of the screen is because this permits an infinitely large target area for clicking. There is no point to the menu bar at the top if the very top pixel of the screen is not clickable. Observe an experienced Mac user for a bit and you'll see that they never "aim" for the menu bar but rather "throw" their cursor toward the top of the screen.
This is not an intuitve concept and lots of people get it wrong. Examples include many of Microsoft's products that allow a full-screen view but do not make the top pixel of the menu or toolbar clickable, and how the very bottom pixel of taskbar buttons and the start menu in Windows is not clickable. KDE has been offering a menu-at-the-top feature for quite a while now, but it is only recently that the top pixel has been made clickable (they did this by moving the entire menu up three pixels - apparently, it was not possible to specify that the widget should not have any unclickable border, which indicates an underlying problem with the toolkit design).
This has to do with Fitts Law. Click here for the google search and read the first two links. Both links show experimental data reinforcing the theory.
Note: I don't like Macs very much (hardcore unix guy, wrote my own window manager, my desktop looks like the Freshmeat ratpoison story from earlier today), but this research actually makes sense.
This is precisely what GNU screen allows you to do. You start some long task, detach from it, and re-attach later. Greatest thing is that you don't need to re-attach from the same machine - start that big compile at work and check on it from home (without having to run "script", or redirecting output, etc).
GNU screen has nothing to do with X11: you can start the compile on the console and check on it from an xterm (it takes care of differences between xterm and Linux/BSD consoles all by itself).
Wonderful little program. Learn it by starting screen and then typing control-A, question mark.
Agree must I will. Your thinking changes learning languages by, and is this a thing good. My improved communication nouns I declining by.
You again. Excellent troll, but you need to choose a different motif for your nicks.
For the uninitiated: that is not perl. It is line noise with some perl operators, bundled into a cleverly-masked troll. This guy is an old sport at this, previously using the name "PhysicsGenius". Check his (short) user history, and this guy's posting history. I simply cannot believe that moderators would be so idiotic as to mod this stuff up, so my conjecture is that he has two accounts: one to troll, and another serious account with mod points. It may be interesting to correlate average time between mod points to his posting history.
Relevant anecdote: the original OpenSSH sources had an "RSA in six lines of perl" in a comment of one of the source files. Theo removed that in some version. A little too much angst there, if you ask me - this stuff is supposed to be fun.
This is somewhat ironic, as I was in the middle of composing a reply to your first comment when I read your second comment. I'm including my reply below (although it's vitriol, sometimes it's fun to read vitriol).
OS X isn't as bad as I make it out to be. The nicest thing is that a number of the bullet points I've used for rants in the past have subsequently been fixed by Apple's newer releases. The Objective C Cocoa APIs are also quite amazing, even though it took me some time to figure out how to get a vi/zsh/make development environment working rather than relying completely on the GUI stuff (which is very nice for dialog design type stuff but will never replace my beloved vi). Comparing the Cocoa APIs to something like GTK really shows how advanced some of their stuff is.
Although it probably won't replace my Solaris and FreeBSD workstations, OS X might find a place alongside them. I'll try to be more understanding. After all, almost anything's better than win32 programming :)
Original rant:
WRONG.
Try using Apple's Remote Desktop or Mozilla on UFS. Lots of applications break on UFS, and not "legacy" applications, but native, new applications. If even Apple's Remote Desktop software won't work with UFS, how much luck do you think you'll have with large commercial applications like Adobe's stuff? I won't even mention the performance problems with UFS on OS X.
Why would you care? Because you cannot access forks when using standard unix programs on HFS systems. Do this: install some largish application, such as Office on a UFS machine. Create a tarball of the .app directory. Now untar this tarball on a HFS system. Works fine. However: try creating a tarball on an HFS system. You can't.
So, what am I supposed to do? Am I supposed to use your pretty little tools like Stuffit Expander? Go ahead and try using stuffit using an ssh session logged in from a Windows box across the city. Am I supposed to download some inane perl script to do this? And am I expected to download this perl script whenever I want to distribute that archive to another machine?
OS X does not give you any ability to do the most basic filesysem manipulation in any meaningful fashion without ridiculous third-party tools, most of which were designed for a specific purpose unlike the standard unix tools which I can use to make backups, "image" machines, distribute archives, duplicate directory hierarchies, and a host of other things.
If you've never typed
then you won't understand that OS X is deficient as a Unix operating system.So, you're advocating something akin to guitar tab which displays the lengths of notes. (Disclaimer: I play classical guitar as a hobby and have zero tolerance for tab.)
Tell me this: with tab, how can you tell, just by looking at the score, in which key the piece is played? If your primary purpose in reading music is to reproduce the sounds a composer wrote down, then tab (or your variation of tab) may suffice, but it does not suffice for conveying music. It certainly won't help if you want to try to improvise off the score. It won't help if you want to try to analyze the music, to find patterns, to figure out a composer's "style", etc. How can you tell, by looking at tab, that a composer has moved from one key to another but is still developing the same motif in the new key?
Tab (and variations of it) have been around may years (perhaps even longer than standard notation - this would require some research, but I recall that music for the first string instruments was written using some sort of tab). The reason it's been supplanted by standard musical notation is because standard score is better. It's taken a long time to develop standard notation and it may be difficult for beginners because it's meant to convey a lot of other things which aren't too important when you're trying to figure out how to tap out greensleeves on a keyboard. Learning to read score does, unfortunately, take time, but so does learning music.
I also use vi and would leave any job that required me to code in that hyped-up notepad variant which is called Visual Studio (leave the home row to use the ARROW KEYS!?). I have no idea about any of this 3-D stuff (I understand the math, but that's about it), but I trust that the professionals in the domain have quite different needs than the amateurs.
Last time I said this it started a huuuge flamewar.
As well it should :)
Also, memtest86.
Anyway, I'm a coder, not admin, at heart, so I ended up doing a lot of custom code (custom window manager, SSH front-end, stuff to get netscape to start up chrooted, etc) and it was a big time sink for the little benefit that it provided (people didn't like using the kiosks). Have fun.
This keyboard is the opposite of the keyboard in the article. It has buckling metal springs, and makes a very loud CLICK (more appropriately, BANG) whenever you hit a key. If you put enough pressure on a key, it goes down all the way to the bottom, but the key won't move at all until you've put enough pressure on it. This means you always know whether or not you've hit a key, whereas this is not possible with plastic-type keyboards.
Do this: type a paragraph into a text editor, without looking at the screen and without looking at your keyboard (you can backspace, ^W, etc. if you make a mistake, but you can look at neither the monitor nor the keyboard). See how many mistakes you make. I make ZERO mistakes on my Model M, since I know exactly which keys I've hit (eg, proper feedback). I often have great fun by staring blankly at people when I'm firing off an email (using vi, which is perfect for terrifying the non-unix types).
The Model M improves my typing speed substantially. People cower in fear when I'm typing in the same room as they are, as it sounds like an assault rifle (I type very fast).
Never had carpal tunnel, and I've been doing this most of my life (8 or more hours a day of C coding and unix administration for the past few years). Don't know what my secret is, other than that I move my arms around (keyboard in lap, under desk on keyboard tray, on top of desk, behind my head like Jimi Hendrix, etc.).
I love my Model M. Only keyboard which gives it any competition is the Sun Type 5, but I no longer work with Suns very often.
Type in http://server.com/somedir/../ into a Netscape and the browser sends a request for exactly that, and apache and thttpd respond with exactly that directory (eg, equivalent to the web root, assuming "somedir" exists). Test it with a sniffer if you don't believe me (I'm using Netscape 4.x for Unix (please, no comments) - perhaps other browsers actually do the string manipulation, but if Netscape 4.x sends that out, I'm sure all servers deal with it). I'm certain apache must be doing some sort of string manipulation internally since it has to figure out whether or not you're requesting something in its web space (eg, to prevent fetching /../../../etc/passwd). I'm not sure how well this works, because such string manipulation would become more difficult with UTF-8 and URI-encoding (where there's more than one representation for a character).
Actually, now that I think of it, this is probably what these things are trying to exploit:
GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir HTTP/0.9
Looking through one page of a server's logs, I see three different variants of the above request, from three different IPs, all within an hour :)
Nice of you to assume that.
- It uses public-key crypto. The public key is indeed built into the bytecode, but it would be much easier to simply download the
.java file that I provide for the user to peruse. In order to use any kind of symmetric block cipher, that would entail finding a way to securely transmit the key, which would probably mean bidirectional communication, which means more work - so don't use symmetric crypto. I explained the parameters of the problem: only two transactions need to be encrypted from the client to the server (eg, user types in their password), so taking the performance hit of public-key crypto is not an issue.
- It uses a very simple protocol (see if you can recognize this): along with the plaintext, client also encrypts their world-visible IP and a timestamp. Server decrypts ciphertext and makes sure IP matches up to the client that sent it and that timestamp is within a few minutes of the actual time. If Eve intercepts the communication, and is able to masquerade as client, she can only send duplicate transactions for a few minutes (due to the timestamp).
Of course I'm simplifying here since I've already typed enough (it gets a bit more complex because it correctly deals with NAT). Basic point is that you shouldn't make assumptions.Can you recogize this protocol? If you can't, perhaps you should think twice about immediately criticizing someone you don't know. (Hint: Kerberos v4).
I actually added another bit to this: server also sends to the client an integer, which client sends back encrypted. Each time server sends the integer, it increments it, and when client sends that integer back, server compares that to a list of recently sent-back integers, so that prevents the above passive attack (which Kerberos v4 is susceptible to) - eg, in order to duplicate a transaction, Eve must prevent the transaction from reaching the destination in the first place, and even then she can only send that transaction once within a few minute window (after she has set up IP spoofing - which is not trivial). After all that work, all Eve managed to do is relay the transaction as if it reached the intended destination in the first place.
I recall doing some tests with a few browsers a couple years ago, and I actually noted that none of them update their bookmarks no matter what you do. Situation may have improved in the meantime.
When you do this:
< META HTTP-EQUIV="refresh" CONTENT="N;URL=http://www.foo.com/foo.html">
(which is what I mean by "client-side redirect") I would say it's a very bad idea for a user agent to update a bookmark since that is used for a number of other things (eg, auto-refreshing pages like a webcam, etc.).
No, IE for Mac Classic does not support this.
I tried the self-signed thing, but it's a HUGE PITA. Then I found that about a quarter of our users (those with Macs) could not import the cert.
I ended up writing a home-grown java-applet-based encryption thing. Works on all major browsers, doesn't require any support time (which was a huge deal, we were large and very decentralized), doesn't require computer-savvy user to import cert themselves, doesn't require dealing with a CA (which was also a big deal since we had 15 web servers that needed to run the exact same thing (long story)). We only needed encryption for a couple very specific transactions (not the entire session) and it worked very well.
Apropos of the ugly-URL story: this applet would take user input, encrypt it, encode it into base-36 and then redirect the browser where the encrypted string was passed via GET. URLs ended up being about 300 characters long and looked like this: http://site.com/x.php?c=897aasdf698sad897b789l2345 jkh3lk45h345
and so on. Worked beautifully :)
The advantage is that this makes it easier to move between content management systems without breaking links or maintaining loads of redirects. Eg, if my site goes from php to zope, I don't need to change any links or create any redirects for outside people that linked to us or users that bookmarked a page. This also means that if you adopt this scheme for your 100% static html pages and then decide to go to php (or whatever) you don't need to make page redirects, symlinks, permanent redirects, etc.
I also only specify absolute URLs that don't include the server name (not sure of the correct terminology, but I mean "/foo/bar/" instead of "../bar/" or "http://server/foo/bar/"). This makes it easy to mirror a set of pages on a different server (for instance, if you have a database app that you MUST run on a specific server but you want to make it look like it's running on your main front-end server). I've tried working with non-absolute URLs ("../foo/"), and this made it very easy to move entire sets of pages to different directory hierarchies or different servers, but it's quite a PITA to actually write pages like that (and it also creates a redirect, like not including the final slash). Anyway, the point is that you should always be aware of the issue when writing pages as consistency saves time in the long run.
Anyway, these two things have come in quite handy in a number of situations.
Final pet peeve: never use client-side redirects, always use server-side permanent redirects. Client-side redirects break the "back" button. Client-side redirects are a sure sign of someone who can't grok .htaccess.
When a server which housed our primary username/password database was comprimised, they went through a huge rigamarole, having all 20000+ students, staff, faculty, etc change passwords. They said they were "obliged by federal law" to protect student records, and they took it seriously (IANAL).
Of course, they ripped off students in various ways.
I'm fairly certain my information was never sold, and I would be enraged if they did such a thing. I never received any credit card offers after I opted out with the credit reporting agencies. I didn't get any advertisements for any graduation stuff (only official university stuff - even the offers for graduation pics and videos came through the University, not the company that did the photos). The only junk mail (postal) that I got was from people who got my address through other means (Dr. Dobbs subscription, ordering electronics equipment online, etc). I also received zero spam (electronic) as I took various precautions to ensure my primary email address was not available off-campus. The online student directory (which I had a part in writing) had various features to prevent spambot harvesting. Our telephone system blocked caller ID (PITA for those with "privacy manager").
Secondly, your university is most likely a non-profit organization, which grants it certain tax benefits. I believe selling student data to marketing droids would challenge the university's non-profit status, which means big bucks. You should look into this because the university's non-profit status determines a lot of policy decisions.
Interesting read. Even more interesting is Simonyi's original article, which is linked in from the CUJ article.
Also, fuck speed. Never buy 7200 RPM drives - get 5400 RPM drives instead. They last longer. If you're worried about the speed, get more memory (for disk caching). My time is far more precious than a 0.1% performance increase on some random server (and the time it takes to restore a backup for some random server at 04:00 Saturday night/Sunday morning is very precious time).