I thought the borg started when V'ger merged with Commander Decker.
Either way the analogy is a good one. There is nothing governments would love more than reducing the entire population to drones. Actually most of the population are already there.
The possibilities for government or corporate abuse are enormous. Governments would love some way of remotely deactivating people as soon as they step out of line.
The evidence disproving evolution is so strong and conclusive, it is pretty much a proven fact that it is incorrect.
Where did you get that belief?
And would you believe it if your parents and schools didn't keep repeating creationism dogma to you when you were a confused child trying to understand the world?
As an adult you now have the ability to question things you were taught, I suggest you start with everything you were made to believe as a child.
As a Creationist, I have to agree with you: Creationism --the assertion that God, who has always existed and who designed and created all things and all lifeforms, cannot be declared "science" because Creationism cannot be studied. No testing can be performed, and we can only guess how and when the creation event occurred. It is not repeatable as we are not gods
Translation: I'm a creationist, I believe an unprovable god created the world. I know this belief is irrational and wrong but my parents and school kept repeating it over and over so it just sunk in. I wish i had the strength to be rational like you guys but I'm scared my god will punish me if I don't believe in him.
I'm a creationist, a Christian, and I just ask that we teach both in schools since it is an ongoing scientific debate. Let the children decide for themselves through providing pro's/con's of both sides.
What you really mean is your ideas won't wash with adults so you want to try warping the minds of children in the hope they will believe anything.
There is no debate, creationism is an irrational belief propagated by brainwashing and nothing more.
Please remember, KVM has not shipped in *any* RHEL release (major or minor) yet. Only Red Hat internally knows the release agenda.
Apparently they will release their KVM based vitalization before the management tools run on anything other than Windows 2003. That's what they got from Qumranet and that's why I won't be using it.
KVM is going to be slower than XEN unless you have a super-duper-mega-new CPU with Intel EPT or AMD RVI support.
To get a feel for what IT is like try the following:
Write a useful program for some open source project. Redesign and rewrite it until you are happy it's as good as can be.
Do the above in the chimpanzee enclosure at the zoo. With the chimpanzees throwing their turds at you whilst you type. Do it in half the time it takes to do it right. Spend half of your remaining time explaining how the software works to the dumbest chimpanzee, call him the PHB. Have the second dumbest chimpanzee write every third line of code for you. Once you have finished give the chimpanzees your phone number and expect them to call you every time the software they didn't let you write correctly fails.
Seriously, working in IT for a multinational isn't in any way fun. At least stick to small sane companies.
To put this into perspective, if you are running some big iron hardware with a dozen virtualized servers. With a local privilege escalation exploit on one VM, an attacker could use this attack to take over the whole system, even the secured VMs.
Are you sure that's what it means? It looks like it needs ring 0 not kernel. Kernel mode would be less than ring 0 where a hypervisor was used. Or does KVM run all kernels at ring 0?
Not that I've read the article or anything but it appears you need to insert Ring 0 code, that's kernel level code to exploit this. If you are in a position to insert kernel code you either are root or are capable of becoming root.
This is just another way to insert a blue pill to hide your presence but it's not really that much better than a well thought out root kit.
Step 1) Run a simple web spider that checks availability but never actually pulls content, from within Australia.
Step 2) Run the same spider in any non-censoring country.
Step 3) Compare the two lists.
That would be a fascinating project.
One spider in each country would give us some nice comparative lists. Once implemented it would draw attention to whatever the governments are trying to hide and hopefully remove their desire to filter at all.
The thing is some of this stuff, maybe most of it really will be child porn and deserves to be filtered.
At least in Denmark, you can drive a little ways and get your Internet uncensored.
For those unlucky souls in Australia who can't access their favorite aberrent websites don't really have any good recourse.
Tunnel with SSH, OpenVPN, or IPsec to a proxy outside the country. They may be able to break direct connectivity but there is no way to break indirect connectivity.
Anger is always the last response from someone who has run out of arguments. You don't understand what you are talking about. Sorry to upset you, but that's the truth.
Instead of getting all pissed off why don't you try your chmods on a linux machine and see how it breaks.
"Of course you would have to do the same with python, bash, tcsh, awk, etc as well. That somewhat breaks the utility of the system."
It somewhat breaks the utility of the system *if you're a geek*. (like me).
If you're deploying these to people that need to use OO.o and a couple of other GUI apps, as general office workers do, then it doesn't break anything.
So your plan is to chmod all shells unexecutable then? This will break all the rc scripts, break posix compliance, break X, break openoffice, and likely a thousand other things. I guess you are right about one thing, a machine that won't boot is fairly secure.
Nursie, You are not a geek. You are a really long way away from being a geek. More of a luser in fact. Actually so much of a luser that you should not be allowed a root or administrator password on anything, ever. Or a normal user account for that matter. Go back to your etch-a-sketch for a few more years.
Let me try and predict this one: "[Problem they've randomly had in the last two years and didn't bother to research or bugfix] is the biggest issue in desktop Linux. The developers have lost touch because, for example, [anecdote that offers no valuable bug-ridding information, or even enough to replicate it], showing that [Problem] is still a big of a problem as it was four years ago. I've seen [however instances they've seen it, plus four] instances of this issue in my computer but also in other's, and it refuses to be fixed because Linux is simply put, not user-friendly or stable in the least bit. It's things like these that make me draw the conclusion that Linux is simply not ready for the desktop."
Did you get that template right off microsoft's website? You even forgot to fill in the square bracket bits.
Adn how long would it take me to SSH into 40,000 desktops to update Adobe Reader 8 to Adobe Reader 9, because there is some new feature that someone decided we just have to implement?
How long to copy the browser link to 40,000 desktops to comply with a mandatory ethics reporting plan we had to put in place? How long to patch 40,000 kernels for a security hole that must be resolved within 72 hours due to Corporate Information Security policy?
I totally agree that ssh alone is the wrong tool for the examples given. Cfengine or RHSS are two tools I've used that do scale that far. As the submitter mentioned Ubuntu RHSS is pretty much ruled out.
It's really not clear what restrictions you want to enforce. If whatever you are trying to do can be expressed by pam, groups, users, permissions and the normal unix ways of doing things then you are already most of the way there. You only need something like LDAP, NIS, or a flat file distribution system to tie it all together.
If you are trying to enforce arbitrary security rules your requirements are unpredictable so I can't give you specific advice.
Most of slashdot will likely not get the fact that corporate security rules are often written in a closed room by people who don't really understand unix. They exist for compliance not true security.
This isn't new. Windows NT used to run on HP superdomes. The project was scrapped as there wasn't any customer demand for it. Google for 'NT on superdome'.
NT in this environment wasn't any faster or any more stable but it was WAY more expensive.
Dude, you totally didn't get what the parent was trying to say. He wasn't against research. He was against big companies buying researchers to prevent what they would have been working on getting into the hands of competitors.
I'm sure all three of us agree on the value of good research.
Far too many companies are content to focus on the next quarter while leaving the research to academia.
Academia is where research belongs. Few companies are capable of doing quality research, Microsoft isn't one of them. Companies apply research, they don't create research.
Microsoft are a big money company, not a knowledge organization. Big money companies can't do research, it's against their nature and a huge waste of cash.
If they care about research they should just give university scholarships to bright researchers and leave them to get on with it.
Slashdot Mirror
I thought the borg started when V'ger merged with Commander Decker.
Either way the analogy is a good one. There is nothing governments would love more than reducing the entire population to drones. Actually most of the population are already there.
The possibilities are enormous.
The possibilities for government or corporate abuse are enormous. Governments would love some way of remotely deactivating people as soon as they step out of line.
The evidence disproving evolution is so strong and conclusive, it is pretty much a proven fact that it is incorrect.
Where did you get that belief?
And would you believe it if your parents and schools didn't keep repeating creationism dogma to you when you were a confused child trying to understand the world?
As an adult you now have the ability to question things you were taught, I suggest you start with everything you were made to believe as a child.
As a Creationist, I have to agree with you: Creationism --the assertion that God, who has always existed and who designed and created all things and all lifeforms, cannot be declared "science" because Creationism cannot be studied. No testing can be performed, and we can only guess how and when the creation event occurred. It is not repeatable as we are not gods
Translation: I'm a creationist, I believe an unprovable god created the world. I know this belief is irrational and wrong but my parents and school kept repeating it over and over so it just sunk in. I wish i had the strength to be rational like you guys but I'm scared my god will punish me if I don't believe in him.
I'm a creationist, a Christian, and I just ask that we teach both in schools since it is an ongoing scientific debate. Let the children decide for themselves through providing pro's/con's of both sides.
What you really mean is your ideas won't wash with adults so you want to try warping the minds of children in the hope they will believe anything.
There is no debate, creationism is an irrational belief propagated by brainwashing and nothing more.
Please remember, KVM has not shipped in *any* RHEL release (major or minor) yet. Only Red Hat internally knows the release agenda.
Apparently they will release their KVM based vitalization before the management tools run on anything other than Windows 2003. That's what they got from Qumranet and that's why I won't be using it.
KVM is going to be slower than XEN unless you have a super-duper-mega-new CPU with Intel EPT or AMD RVI support.
To get a feel for what IT is like try the following:
Write a useful program for some open source project. Redesign and rewrite it until you are happy it's as good as can be.
Do the above in the chimpanzee enclosure at the zoo. With the chimpanzees throwing their turds at you whilst you type. Do it in half the time it takes to do it right. Spend half of your remaining time explaining how the software works to the dumbest chimpanzee, call him the PHB. Have the second dumbest chimpanzee write every third line of code for you. Once you have finished give the chimpanzees your phone number and expect them to call you every time the software they didn't let you write correctly fails.
Seriously, working in IT for a multinational isn't in any way fun. At least stick to small sane companies.
To put this into perspective, if you are running some big iron hardware with a dozen virtualized servers. With a local privilege escalation exploit on one VM, an attacker could use this attack to take over the whole system, even the secured VMs.
Are you sure that's what it means? It looks like it needs ring 0 not kernel. Kernel mode would be less than ring 0 where a hypervisor was used. Or does KVM run all kernels at ring 0?
Not that I've read the article or anything but it appears you need to insert Ring 0 code, that's kernel level code to exploit this. If you are in a position to insert kernel code you either are root or are capable of becoming root.
This is just another way to insert a blue pill to hide your presence but it's not really that much better than a well thought out root kit.
Step 1) Run a simple web spider that checks availability but never actually pulls content, from within Australia.
Step 2) Run the same spider in any non-censoring country.
Step 3) Compare the two lists.
That would be a fascinating project.
One spider in each country would give us some nice comparative lists. Once implemented it would draw attention to whatever the governments are trying to hide and hopefully remove their desire to filter at all.
The thing is some of this stuff, maybe most of it really will be child porn and deserves to be filtered.
At least in Denmark, you can drive a little ways and get your Internet uncensored.
For those unlucky souls in Australia who can't access their favorite aberrent websites don't really have any good recourse.
Tunnel with SSH, OpenVPN, or IPsec to a proxy outside the country. They may be able to break direct connectivity but there is no way to break indirect connectivity.
FUCKING RETARD.
Anger is always the last response from someone who has run out of arguments. You don't understand what you are talking about. Sorry to upset you, but that's the truth.
Instead of getting all pissed off why don't you try your chmods on a linux machine and see how it breaks.
"Of course you would have to do the same with python, bash, tcsh, awk, etc as well. That somewhat breaks the utility of the system."
It somewhat breaks the utility of the system *if you're a geek*. (like me).
If you're deploying these to people that need to use OO.o and a couple of other GUI apps, as general office workers do, then it doesn't break anything.
So your plan is to chmod all shells unexecutable then? This will break all the rc scripts, break posix compliance, break X, break openoffice, and likely a thousand other things. I guess you are right about one thing, a machine that won't boot is fairly secure.
Nursie, You are not a geek. You are a really long way away from being a geek. More of a luser in fact. Actually so much of a luser that you should not be allowed a root or administrator password on anything, ever. Or a normal user account for that matter. Go back to your etch-a-sketch for a few more years.
It does if you don't give them exec priveleges on perl. Or anything under their home dir....
Of course you would have to do the same with python, bash, tcsh, awk, etc as well. That somewhat breaks the utility of the system.
There are ways.
There are many ways if you don't know what you are talking about.
Let me try and predict this one: "[Problem they've randomly had in the last two years and didn't bother to research or bugfix] is the biggest issue in desktop Linux. The developers have lost touch because, for example, [anecdote that offers no valuable bug-ridding information, or even enough to replicate it], showing that [Problem] is still a big of a problem as it was four years ago. I've seen [however instances they've seen it, plus four] instances of this issue in my computer but also in other's, and it refuses to be fixed because Linux is simply put, not user-friendly or stable in the least bit. It's things like these that make me draw the conclusion that Linux is simply not ready for the desktop."
Did you get that template right off microsoft's website? You even forgot to fill in the square bracket bits.
Adn how long would it take me to SSH into 40,000 desktops to update Adobe Reader 8 to Adobe Reader 9, because there is some new feature that someone decided we just have to implement?
How long to copy the browser link to 40,000 desktops to comply with a mandatory ethics reporting plan we had to put in place? How long to patch 40,000 kernels for a security hole that must be resolved within 72 hours due to Corporate Information Security policy?
I totally agree that ssh alone is the wrong tool for the examples given. Cfengine or RHSS are two tools I've used that do scale that far. As the submitter mentioned Ubuntu RHSS is pretty much ruled out.
You don't have to rely on everyone to act nice because you can lock it down just as tight as you want.
Rule 1: There is no security without physical security.
It's really not clear what restrictions you want to enforce. If whatever you are trying to do can be expressed by pam, groups, users, permissions and the normal unix ways of doing things then you are already most of the way there. You only need something like LDAP, NIS, or a flat file distribution system to tie it all together.
If you are trying to enforce arbitrary security rules your requirements are unpredictable so I can't give you specific advice.
Most of slashdot will likely not get the fact that corporate security rules are often written in a closed room by people who don't really understand unix. They exist for compliance not true security.
What a claim! Windows won't crash because it's on a mainframe!
The hardware won't crash. Mainframe OS's don't crash.
However if you run a buggy OS on good hardware you are throwing away your stability advantage.
What is it with trying to get everything back on a mainframe? It's dead already, just manage your desktops and stop trying to revive it.
Mainfames are not dead. Mainframes just work day after day, decade after decade without drawing any attention to themselves.
They are what computing should be, a utility like plumbing. Not what it has become, an upgrade treadmill.
This isn't new. Windows NT used to run on HP superdomes. The project was scrapped as there wasn't any customer demand for it. Google for 'NT on superdome'.
NT in this environment wasn't any faster or any more stable but it was WAY more expensive.
Dude, you totally didn't get what the parent was trying to say. He wasn't against research. He was against big companies buying researchers to prevent what they would have been working on getting into the hands of competitors.
I'm sure all three of us agree on the value of good research.
Far too many companies are content to focus on the next quarter while leaving the research to academia.
Academia is where research belongs. Few companies are capable of doing quality research, Microsoft isn't one of them. Companies apply research, they don't create research.
I've never experienced an automatic reboot as far as I can remember
In which case you are not applying critical patches and your machine is dangerously insecure.
Microsoft are a big money company, not a knowledge organization. Big money companies can't do research, it's against their nature and a huge waste of cash.
If they care about research they should just give university scholarships to bright researchers and leave them to get on with it.