The license is forever married to the box it came with.
Well, as i understand, the most important part of the computer is windows. Therefore i can upgrade any component of the system, i just have to keep this funny sticker...
> and if it were for something like a 20 hour 3d render, would it matter if the initial setup took a while?
Well, the context switch happens every time, another process needs to use this facility. If the use of this FPGA was limited to be used by just one process, it is IMHO better to have it as a custom extension board for the special application. Including it into the cpu would be of no use, because no standard application could expect to be able to use it. ( image xmms refuses to start, because your browser is using the fpga to do some ssl... )
>>"add a FPGA matrix of 4096x4096 transistors or >something on the side of the cpu for custom UBER fast routines"
> that idea has me intrigued, anyone who actually knows more about FPGA's than me (which isn't difficult) want to go into pluses/negs with that concept?
In the last few years the competition developed. It is called napster, kazaa, morpheus et. al. Maybe they will think about their prices and service survive.
I dont think, mysql will understand your mssql stored procs. You will have to redevelop them anyway.
There are a number of nice and feature rich free databases available.
Postgresql is one option. You might want to look at SAPDB too. It is open source and runs as backend database for SAP-ERP in some big installations.
I think it is important to know, how the compromised tarball got to ftp.openbsd.org. If that box was compromised the attacker could have changed the checksums too.
Without those checksums, the trojan might have done much more damage.
Has anyone else thought about ways to solve this problem?
I think there are types of solutions:
Technical: with ACLs and capabilities, it should be possible to restrict the damage that could be done by an installer. It might allow the installer to change the files belonging to the package and disallow any daemons running after the install and any network connections.
These technical measures will provide some protection from simple attacks, but the attacker will know these measures too. There will be ways to bypass them.
Social: Every package could be signed by some person. This signature could be checked on install. The problem is, that there are very few people trusted by everyone. These people probably couldn't check every update to every free package. If there are more, non-prominent "signers", it could be possible for some bad person to be considered trusted.
The trojan executes itself from the Makefile. It compiles a daemon that tries to contact 203.62.158.32 on port 6667 and offers a remote shell for the user compiling the package. After that all files involved are removed and the makefile changed to the original one. The compilied ssh should contain anything from ( this ??? ) trojan.
At first sight i read "Back Orifice"... Maybe thats the strategy: Change the architecture, get rid of all the malware, have the user pay for everything new...
That way, the browser tells you that your entry will be randomized...
Most people will not understand, what the browser does. ( probably with javascript ) Even those who could, would not bother reading the page source to make sure, the data isn't transmittet in clear. It will not make any difference whether the data is encrypted on the client or the server.
Notice their technology doesn't do anything to fix the underlying problem. The hope is that users will understand and trust the backend randomizer system, and that based on this trust they will answer more truthfully.
Well, they should leave the randomisation to the user: Please enter your age and add a random number using a normal distribution with u=30 o=10 :...
The difference between a spoiled vote and no vote at all is "i went to vote but made my vote invalid on purpose" versus "i just didnt feel like getting out of bed today"
What i dont like is the verification of the vote. In my opinion it is perfectly legal to give an invalid vote without having some machine telling everybody in the room about it.
( i think it is acceptable to give an invalid vote opposed to not going to vote at all )
No database please. The main thing i love about *n[iu]x is *everything* is in a file and there are thousands of nice tools to do everything you can imagine to files.
I know, a database sounds nice, but i have worked with a database based CASE tool at work. While the tools is ok, it is a real pain to do omething that is not supported within the tool. ( We are talking about a few thousand pages of documentation for QMF ( Query Management Facility ) Queries! )
Slashdot Mirror
Well, as i understand, the most important part of the computer is windows. Therefore i can upgrade any component of the system, i just have to keep this funny sticker...
> and if it were for something like a 20 hour 3d render, would it matter if the initial setup took a while?
Well, the context switch happens every time, another process needs to use this facility. If the use of this FPGA was limited to be used by just one process, it is IMHO better to have it as a custom extension board for the special application.
Including it into the cpu would be of no use, because no standard application could expect to be able to use it.
( image xmms refuses to start, because your browser is using the fpga to do some ssl... )
>>"add a FPGA matrix of 4096x4096 transistors or >something on the side of the cpu for custom UBER fast routines"
> that idea has me intrigued, anyone who actually knows more about FPGA's than me (which isn't difficult) want to go into pluses/negs with that concept?
I think a context switch would be painful slow!
In the last few years the competition developed. It is called napster, kazaa, morpheus et. al. Maybe they will think about their prices and service survive.
Kazaa runs fine within wine with its own user. If it still messes with me, the fresh installation is untarred in just a few seconds.
This way it would allow cool stuff like garanteed data consistency or rollback.
Imagine
/
$ begin_trans
$ rm -rf
$ rollback_trans
Gentoo Linux is the killer app the industry is waiting for. While emerging a new Mozilla i could use a 20GHZ CPU.
GCC could give some nice warnings when using these functions. This would not break things, but makes the point clear.
There are a number of nice and feature rich free databases available.
Postgresql is one option. You might want to look at SAPDB too. It is open source and runs as backend database for SAP-ERP in some big installations.
^Sarge^ is not talking about recompiling the system. AFAIK the RedHat install was replaced by FreeBDS.
Just imagine someone passes a bill making it illegal to change your license plate.
To be exact, it is in Makefile.in and bf-test.c
Without those checksums, the trojan might have done much more damage.
I read it first on gentoo-dev. The ebuild is not affected. The checksum in the ebuild will fail against the compromised tarball.
I think there are types of solutions:
These technical measures will provide some protection from simple attacks, but the attacker will know these measures too. There will be ways to bypass them.
Further reading
Galeon has "mozilla inside" and does tabs and gestures very nicely.
At first sight i read "Back Orifice"... Maybe thats the strategy: Change the architecture, get rid of all the malware, have the user pay for everything new...
If you want a more geeky book, read "Gödel, Escher, Bach" from Douglas R. Hofstadter.
Will they sue freshmeat.net for violation of their trademark?
Most people will not understand, what the browser does. ( probably with javascript ) Even those who could, would not bother reading the page source to make sure, the data isn't transmittet in clear.
It will not make any difference whether the data is encrypted on the client or the server.
Well, they should leave the randomisation to the user: ...
Please enter your age and add a random number using a normal distribution with u=30 o=10 :
Right.
The difference between a spoiled vote and no vote at all is "i went to vote but made my vote invalid on purpose" versus "i just didnt feel like getting out of bed today"
I like having cardbord as original backup.
What i dont like is the verification of the vote. In my opinion it is perfectly legal to give an invalid vote without having some machine telling everybody in the room about it.
( i think it is acceptable to give an invalid vote opposed to not going to vote at all )
No database please. The main thing i love about *n[iu]x is *everything* is in a file and there are thousands of nice tools to do everything you can imagine to files.
I know, a database sounds nice, but i have worked with a database based CASE tool at work. While the tools is ok, it is a real pain to do omething
that is not supported within the tool.
( We are talking about a few thousand pages
of documentation for QMF ( Query Management Facility ) Queries! )