I can't find any indication that this is supported by DRI drivers.
Only in Linux as I understand it. There has been a few questions in the xorg@ mailing list about these chipsets and the general consensus is that the 3D portion is not likely to be implemented in BSD in the immediate future.
FYI, here is the DRI Wiki page dealing with Unichromes and such. You'd have to read it in conjunction with man 4x via to know it isn't just the CLE266 chipset it's referring to.
There's also the OpenChrome project here for more information about this chipset's 3D support, particularly this page which suggests a certain version of the Mesa source is required.
3D graphics and accelerometer input support? One word: Gaming. If you thought texting whilst driving was dangerous, you haven't seen anything until you've witnessed some idiot playing MotoGP whilst trying to aim their half a tonne of steel!
The "OMFG print cartridges can't be refilled" community is like any other tightly knit, very tightly WOUND group of nerds....pretty much nobody outside the group really cares.
The issue isn't just "OMFG print cartridges can't be refilled." What about those of us who work in retail, having to become the front for this greed and attempting to justify to consumers what we KNOW to be immoral? What about the consumers themselves who, being lusers, aren't aware of the actual production costs at all and are, to my mind, being taken for a ride? Granted, this issue is not black-and-white (pun unintended), but there's more fallout than you make out.
Whilst we're at it, most consumers DO give a crap. A $1 rise in the price of even remanufactured carts turns some of them blue immediately. These are CONSUMERS, your typical "my cupholder is broke" lusers giving a shit here, bread and butter for some "tightly wound nerds."
It's times like this I'm grateful that I sidestepped retail.
Of course it has! You don't think Shuttleworth (should we be spelling that $huttleworth to prevent the karma wave from liberal doses of Micro$oft?) missed the opportunity to leave a pocketful of those awful orange and brown Ubuntu disks cluttering up the ISS, do you? Not only has it taken off, it's probably still in orbit.
I personally think Canonical and, to a lesser extent, Sun are trying to steal AOL's monopoly on sending out free coasters.
For those post-humour-bypass: There's nothing wrong with [Ku|U]buntu. I use it at work to set luserstations up. From blank HDD to productive in ten minutes.
Corona discharge is the underlying principle behind ionisers. As far as I know, Jared Bouck came up with ionic cooling for a PC first, as reported on here a while ago. Perhaps the fact that it's the processor being cooled rather than the case that makes the difference, but Jared deserves a bit of credit if KAT, Intel and UW are claiming a "new type of cooling," because it looks more like natural evolution of an existing idea to me.
Sorry for the subject, but you really need to understand this: You cannot buy a right. A right is something innate that you have already. It's yours, and woe betide any bastard that tries to pry it from you. It doesn't need managing, digitally or otherwise.
An all-too familiar example: I have the right to take free software code and do whatever I like with it for my own use. That's a right because I don't have to pay anyone, ask anyone or even let anyone know I'm doing it. It is a pre-established fact that people can do this, so it is a right. Thank whatever deity is in vogue this week that I don't exercise it very often, because my coding skills are unique: They both suck and blow all at the same time.
When you have to give up something (in the case of recorded art, money) to allow you to do certain things, it's called a licence (license, for the Leftpondians). That's where the GPL kicks in. I don't have the right to distribute free software unless I agree to the GPL, which places certain restrictions upon me. That then becomes a licence, as I have agreed to supply full source under the same licence in return for the ability to distribute derivative code. What I have given up is the ability to licence my own bits of code under any other licence if I wish to use the GPL code as a base. A licence simply gives you the ability to do something you have no innate right to do.
Over in Leftpondia, you have the right to format-shift (but again, like the GPL, not to distribute the results of that format shift) recorded arts for personal use. It's a statutory right, in fact, assumed to apply regardless of licence covering the recording. DRM *removes* that right from you, which is why it's viewed as a heinous application of technology. We have few enough rights as it is, without the corporations eroding them even further. DRM might even be illegal, although I admit to not understanding US law at all. Over here in the UK, things are a little different and we have no right to format-shift whatsoever. Even making a bit-by-bit backup of a CD is technically illegal.
Disclaimer: Dastardly Rights Modification, not Direct Rendering Manager, which is the nice version of the acronym.
...but I question the motives of these assorted authorities. Where do the fines go? Did DRAM get cheaper? Nope. All that happens, all that will ever happen, is that the fines levied get passed on downstream. As anyone who has ever worked for a PHB knows, shit collects on the way down and, folks, we're at the bottom. It's a stealth tax that appears, on the surface, to be for the public good but ends up reaming us anyway.
Thanks, assorted.govs, but until you change your penalties from fines to oversight of corporate policy for offending firms, all you're doing is making our lot less happy.
Can't you see the logic? Novell *waives* IBM's transgression rather than letting the court prove there wasn't one in the first place. Now, coming as it does after the MS deal and the spectre of patent issues, does something not smell a little like a rotten herring?
There's enough conspiracy theory to go around, by the way. Just grab a chunk and go make your own post. This one's mine...
We're geeks. That means the next thing we build will be the coolest thing ever. Everything that we've built before is working boringly well. It's the debugging, swearing, kicking things around and getting your wife/GF started on the "calm down, you'll do yourself an injury" that is guaranteed to make you worse that is the adventure.
Next exciting project: An NMEA multiplexer - already have the schematic designed and the sample ICs from the good folks at Maxim, just waiting on a trip to the local emporium for a packet of ferric chloride. Last boring, working, finished project: A charge regulator for my outboard's silly AC output.
As an aside, I wonder how Linus would answer this? Would it be "that kernel thingy that Andy Tanenbaum said was a flawed design" or "my homemade electronic arse-kicker that reacts to people trying to commit half-tested crap"? I think we have a right to know...
It's nothing to do with weasel-speak. You made a good point with the firewall in a reply further up the thread. Now extend that idea to the TCP/IP stack that ships with the OS. Not only that, but some consumers will not activate a WAN connection immediately. In those, admittedly exceptional, circumstances, you need a way to jail off the update process from the already flawed software running in the kernel to safely update.
Then there's the USB modems that need proprietary firmware uploads like the Speedtouch (I specified the Speedtouch in my OP because there are issues not covered by "if you can't do more than load a CD you shouldn't be touching someone else's machine," along with the fact that the entire advisory session was conducted over the 'phone with a couple of hundred miles between me and my friend and the infection occurred whilst performing a Windows Update. The machine was an SP1 box. Obviously some people understand less than they try to pretend) which will never ship in the default install of Windows unless they're slipstreamed into the install image by a suitably authorised OEM. In these cases, the machine doesn't have a chance to get a WAN connection until the OS is installed and manual installation of the hardware has occurred.
Windows setup already has a method of donwloading updates, but the only time I ever see it working is behind a NAPT router using a NIC that Windows recognises (Intel EE pro or 3Com are prime examples of cards Windows picks up without faffing about) or a Hayes AT compatible modem (Arkvoodle forbid we should try to download ~100MB of updates on one of those). It's feeble, broken from the start and adds little to the eventual security of the OS. Also, do you trust MS enough to say, hand-on-heart, that fetching updates is *all* that session does? I don't.
As I said above, my rationale for suggesting a VM is layered security, which seems to be the only method that truly works these days.
Yes, Mike. Not rocket science *for us*, but we seem to continue making the same mistakes most IT pros make when dealing with technology: That because it's simple for us, it's simple for everyone. It's not. Firewalls aren't understood by everyone. Heck, a lot of post-September users think fairies [1] deliver web pages.
The reason I suggest a VM is to jail the security update network stack from the main kernel. If you have, for example, a buffer overflow that allows arbitrary code execution in kernel space TCP/IP, you really don't want that running in your main kernel with a public connection; you want it jailed and only when the data is verified and checked against its hash do you want to apply the update image. If the jailed or virtual kernel becomes corrupt, it can be killed without harming the host OS. Detecting the jail doing something nasty should be simple; it should simply talk to one IP and download an image and hash file. If it starts opening other ports, kill it immediately. In fact, simply make the jailed process capable of only talking to the one host on one port. Useless for users and crackers, but just enough to update the OS safely.
I know it's heretic of me in the extreme to suggest the OS takes away a choice, that of diving into the big electronic blue without care or conscience, but a lot of Windows users (and maybe a few others) need these safety nets, if for no other reason than to keep the rest of us safe and our mail servers from fending off spam floods from botnets.
Doing this retroactively isn't an option; users of Windows up to and including Vista gold are now SOL for this idea, which is sad, especially given that Vista has a working out-of-the-box IPv6 stack. You think it's bad now? Just wait until every new machine has it's own publicly routable IP.
The idea, or any such protection mechanism, *must* be implemented in the first RTM version of the OS to work effectively, or at the very least a service pack or point release that OEMs will pre-install. That means in the future, but it is imperative now that IT pros start thinking long-term rather than trying to tidy up their mistakes of the past. These problems cannot be solved by dwelling on mistakes made, just mitigated by exploiting obsolescence and helping time heal.
I know what you're thinking, mods. But it isn't just another "don't use Windows" post. TFA seems to concentrate on the dominant OS, so i will do the same.
I remember talking someone through setting up Tiscali broadband a few years ago using a Speedtouch and the Tiscali CD. His brand new, shiny Windows XP machine became infected over the connection in under 4 minutes. It's a classic catch-22 situation: You can't update your OS without a connection and you can't go online safely until you've updated your OS.
How about this: Virtualisation is a reality on most machines nowadays. Why doesn't MS use this technology to set up a simple one-time VM to connect and download from a single SSL connection, the public key of which is compiled into the VM, ignoring all other traffic with the single focus of fetching the patches for the worst vulnerabilities, those which have remote exploits? If this were mandatory before enabling the general TCP/IP stack for WAN connections, Joe Sixpack wouldn't be participating in quite so many botnets. Hello! New connection not in my private address checklist. Disable TCP/IP and get the updates before releasing the user to the big, bad Internet. Please wait whilst I sort my ragged arse out and stop you from becoming another statistic...
Or have I simply made the problem too simplistic in my own mind? It seems to me that a single connection from a single port over SSL with no intermediate DNS or man-in-the-middle stages makes sense, even more so if part of the download is the MD5 hash of the update image and the VM rejects any image not matching that.
Bear in mind that the above idea works only for machines using a direct non-RFC1918 or draft-manning address for Internet connections. Those using routers should already be protected from the worst culprits, attack vectors which utilise services running by default, as these usually cannot traverse NAPT, but the feature should include the option to enable manual initialisation over such connections.
Correct. It's called cavitation and it is also the bane of motor cruiser propellors. Ram a fast boat into reverse and the sudden drop in pressure around the thrust side of the prop blades allows water to vaporize, causing a pocket of gas. Believe me, this can shatter a propeller like nothing else.
If you have a look at the installation instructions for transom mounted transducers for fishfinders, you'll find that mounting them for'ard of a prop is a bad idea for just the same reason; they create cavitation on their trailing edge and ruin your nice, expensive prop.
I see one possibility (actually a personal wishlist item more than anything): A GDAL based, cross-platform GPS application that can render geotiffs to a window and plot the current position for locally stored maps. Currently, the only application that does this and, even then, only just (no disrespect, I use it a lot, but maritime charts rarely fit into a 1280x1024 pixel raster) is GPSDrive. Yes, I've heard of mapd and had a few attempts to port it, but it doesn't play nice with FreeBSD. The Grass port, when it is updated, may make exporting them a bit easier than the current GIMP/cut/paste/save as/calibrate routine I currently have to put up with, but until then I'm SOL.
So, guys, since Google Earth uses GDAL (JFGI for the non believers) and gaia is already in the ports tree (with a little hackery to make it respect make.conf's CFLAGS), any chance? Or is it non-trivial?
Right away, Microsoft's revolutionary new revision of the Windows operating system was a hit with home and business users.
Aye, that it was. Why? Because MS had deals with OEMs to keep their OS outlay to a minimum as long as said OEMs didn't use any other operating system. In other words, every fscking new computer sold had, and still has, a copy of this rot on it and people found they had to use it. After all, Joe Sixpack can hardly install any operating system from scratch without help.
Windows is the de-facto standard because MS's marketing department is the best there is. There's nothing technical about it, nor is it the vote of the end users. It's the fact that MS has the manufacturers right where it wants them: With their bollocks in its twenty tonne press and the salesmen, watching they don't break the agreements, ready to pump the handle by making them pay the "going rate" for the OS if they sell so much as one PC with another OS on it.
Dell was bloody lucky the n series with FreeDOS didn't bring the wrath of Redmond upon it. Of course, FreeDOS isn't much use to anyone these days unless you're flashing the odd firmware or two, so they probably weren't worried about Joe Sixpack discovering that Linux et al are just as simple as Windows XP when someone else installs it for him.
Because big business hasn't even got the thin veil of legitimacy "the mandate of the people" gives goverments. IIRC, a company or PLC has the same rights and obligations under the law as any other individual/legal entity.
Let the companies get away with it and it becomes a free-for-all privacy nightmare.
"We're gonna build this thing called HURD, and it's gonna be just like Unix, only it'll be GNU, and it's gonna run great and there will be developers and users and all that other stuff that real operating systems have." - Richard Stallman
Regarding KHTML, I just had to fire up Konq to test it. The only thing that doesn't appear to work in Konq is the little widget on the left that shows the status of comments/threads. Everything else, including moderation (I had mod points) works nicely. I can't test Safari, but I'm sure some kind Mac geek will do so.
Now a suggestion: Can you (/., not hackstraw) extend this to the metamoderation pages and allow context, parents and such to be opened whilst metamodding without losing your place? That would be a useful addition.
Really? So Gary Starkweather employed a dwarf with very fast drawing skills and very neat handwriting to cram into that very first laser photolithography box, then? You learn something new every day. No wonder the darned things were so expensive at first.
LaserJet is a trademark. Laser printers were invented by Xerox as a natural progression of their Xerographic photolithography process. In fact, Xerox and IBM beat HP to market. There's an MIT page here that confirms this, and you can check out the Wikipedia page here for a more in-depth discussion.
Oh, wait, I see nothing about Xerox's machine fornicating. Perhaps you are right...
I'm setting up an agnostic community. Then the reporters will be able to disambiguate us from the other religions and we can join in this warfest the others seem to be having, if one is to believe the news. Anyone up for it? Meetings the third Tuesday of every month at the phone box in Park Lane. Since we will probably all fit into it, I also suggest we go the whole hog and claim minority status. God/Allah/Bhudda knows what we're going to use as an excuse to become extreme agnostics, but I'm sure we'll find something. Bring your own woad.
Whether we're black, brown, pink, yellow or sky-blue, seihk, bhuddist, atheist, christian, muslim, hindi, jewish, baha'i or hari-bloody-krishna, we're bleedin' British. The tip-off came from a citizen of this country whose moral courage overrode the dogma of extremists, if what I'm reading is true. I don't care whether he/she was a muslim or not; there are probably agnostics that I wouldn't bother to urinate on if they were on fire. What matters is that he or she had the courage to protect the rest of us. And thank his or her deity for that.
@fredrated: This wasn't a rant at you or your comment. It's aimed squarely at the media who, despite protestations of objectivity, continue to refer to sections of our citizenry as "the foobar community" (page 2 of TFA), thereby reinforcing the view of the bigoted minority that said communities are in some way inferior citizens and that it is surprising when they act with the greater good of whatever country in which they live in mind. In other words, political correctness gone mad. I wonder if the next murder report on the Beeb will contain the words "christian community"? No, I doubt it, too.
I'm also a member of the "normally stay indoors at a computer console, take two minutes to turn from blue to red when I do emerge then hide from the sun and read Slashdot" community. Perhaps they have a point...
Bear in mind that, for a Linux user, FreeBSD will appear to behave most like Gentoo, particularly when building applications from ports. The actual inheritance was the other way around, but that hardly matters to this discussion.
The kernel config file is flat text, with the various options described in detail in the ${SRC}/sys/conf/NOTES and ${SRC}/sys/${ARCH}/NOTES files. Once you get used to it, nothing ever comes close to the ease of compiling new kernels IMHO. Just watch what depends on what, especially the COMPAT_??? options. Also, try not to use "custom" compiler flags like -ffast-math and -funroll-loops as you can end up with hard to diagnose problems when building from source.
Oh, and for anyone reading this thread who is saying "I only have one dsp device that gets locked and nothing else can use it," there is a sysctl knob which needs setting: hw.snd.pcm?.vchans which I usually set to 4 in/etc/sysctl.conf.
There's a lot of help to be had on the Usenet group comp.unix.bsd.freebsd.misc, too.
My last word on the subject is this: If you have an amd64 machine, for now I would use the i386 port (CPUTYPE=athlon64 in/etc/make.conf which will compile everything with -march=athlon-mp), especially if you use Firefox or you may end up rather frustrated. OpenOffice now works perfectly on amd64, as does JDK15 (albeit without the browser plugin) but native Firefox still has "issues" (startup hangs on a machine with an NFS mounted/home, hard locks, crashes to name but a few problems I have encountered) and plugins are rather flaky. I tend to use the 32bit Linux version on amd64, but the native i386 version has the most plugins available for it (win32codecs, Flash - you need a patch to make Flash7 work with the linuxpluginwrapper and native Firefox, see the message displayed when you install the port - et al). Also, there are no proprietary nVidia drivers for amd64 yet, which is not true for i386. This is being addressed in -CURRENT as nVidia have intimated that a key function they require is not present in the amd64 port and the devs are working on it, so the situation is set to change in the near future.
By the way, ports count at present is ~15500. That's 15.5 thousand services, applications, libraries and utilities available for the cost of typing "make install clean".
4) Install a software firewall like Kerio or just use Windows XP's firewall. If you install Kerio, use V2.1.5 because it's non-intrusive. The later versions are too picky and get in your face.
Which can be found here for those having problems tracking it down.
Slashdot Mirror
Only in Linux as I understand it. There has been a few questions in the xorg@ mailing list about these chipsets and the general consensus is that the 3D portion is not likely to be implemented in BSD in the immediate future.
FYI, here is the DRI Wiki page dealing with Unichromes and such. You'd have to read it in conjunction with man 4x via to know it isn't just the CLE266 chipset it's referring to.
There's also the OpenChrome project here for more information about this chipset's 3D support, particularly this page which suggests a certain version of the Mesa source is required.
3D graphics and accelerometer input support? One word: Gaming. If you thought texting whilst driving was dangerous, you haven't seen anything until you've witnessed some idiot playing MotoGP whilst trying to aim their half a tonne of steel!
The issue isn't just "OMFG print cartridges can't be refilled." What about those of us who work in retail, having to become the front for this greed and attempting to justify to consumers what we KNOW to be immoral? What about the consumers themselves who, being lusers, aren't aware of the actual production costs at all and are, to my mind, being taken for a ride? Granted, this issue is not black-and-white (pun unintended), but there's more fallout than you make out.
Whilst we're at it, most consumers DO give a crap. A $1 rise in the price of even remanufactured carts turns some of them blue immediately. These are CONSUMERS, your typical "my cupholder is broke" lusers giving a shit here, bread and butter for some "tightly wound nerds."
It's times like this I'm grateful that I sidestepped retail.
Of course it has! You don't think Shuttleworth (should we be spelling that $huttleworth to prevent the karma wave from liberal doses of Micro$oft?) missed the opportunity to leave a pocketful of those awful orange and brown Ubuntu disks cluttering up the ISS, do you? Not only has it taken off, it's probably still in orbit.
I personally think Canonical and, to a lesser extent, Sun are trying to steal AOL's monopoly on sending out free coasters.
For those post-humour-bypass: There's nothing wrong with [Ku|U]buntu. I use it at work to set luserstations up. From blank HDD to productive in ten minutes.
For those who don't know, that'll be Taiyo Yuden disks :-)
Corona discharge is the underlying principle behind ionisers. As far as I know, Jared Bouck came up with ionic cooling for a PC first, as reported on here a while ago. Perhaps the fact that it's the processor being cooled rather than the case that makes the difference, but Jared deserves a bit of credit if KAT, Intel and UW are claiming a "new type of cooling," because it looks more like natural evolution of an existing idea to me.
Sorry for the subject, but you really need to understand this: You cannot buy a right. A right is something innate that you have already. It's yours, and woe betide any bastard that tries to pry it from you. It doesn't need managing, digitally or otherwise.
An all-too familiar example: I have the right to take free software code and do whatever I like with it for my own use. That's a right because I don't have to pay anyone, ask anyone or even let anyone know I'm doing it. It is a pre-established fact that people can do this, so it is a right. Thank whatever deity is in vogue this week that I don't exercise it very often, because my coding skills are unique: They both suck and blow all at the same time.
When you have to give up something (in the case of recorded art, money) to allow you to do certain things, it's called a licence (license, for the Leftpondians). That's where the GPL kicks in. I don't have the right to distribute free software unless I agree to the GPL, which places certain restrictions upon me. That then becomes a licence, as I have agreed to supply full source under the same licence in return for the ability to distribute derivative code. What I have given up is the ability to licence my own bits of code under any other licence if I wish to use the GPL code as a base. A licence simply gives you the ability to do something you have no innate right to do.
Over in Leftpondia, you have the right to format-shift (but again, like the GPL, not to distribute the results of that format shift) recorded arts for personal use. It's a statutory right, in fact, assumed to apply regardless of licence covering the recording. DRM *removes* that right from you, which is why it's viewed as a heinous application of technology. We have few enough rights as it is, without the corporations eroding them even further. DRM might even be illegal, although I admit to not understanding US law at all. Over here in the UK, things are a little different and we have no right to format-shift whatsoever. Even making a bit-by-bit backup of a CD is technically illegal.
Disclaimer: Dastardly Rights Modification, not Direct Rendering Manager, which is the nice version of the acronym.
...but I question the motives of these assorted authorities. Where do the fines go? Did DRAM get cheaper? Nope. All that happens, all that will ever happen, is that the fines levied get passed on downstream. As anyone who has ever worked for a PHB knows, shit collects on the way down and, folks, we're at the bottom. It's a stealth tax that appears, on the surface, to be for the public good but ends up reaming us anyway.
.govs, but until you change your penalties from fines to oversight of corporate policy for offending firms, all you're doing is making our lot less happy.
Thanks, assorted
Can't you see the logic? Novell *waives* IBM's transgression rather than letting the court prove there wasn't one in the first place. Now, coming as it does after the MS deal and the spectre of patent issues, does something not smell a little like a rotten herring?
There's enough conspiracy theory to go around, by the way. Just grab a chunk and go make your own post. This one's mine...
We're geeks. That means the next thing we build will be the coolest thing ever. Everything that we've built before is working boringly well. It's the debugging, swearing, kicking things around and getting your wife/GF started on the "calm down, you'll do yourself an injury" that is guaranteed to make you worse that is the adventure.
Next exciting project: An NMEA multiplexer - already have the schematic designed and the sample ICs from the good folks at Maxim, just waiting on a trip to the local emporium for a packet of ferric chloride. Last boring, working, finished project: A charge regulator for my outboard's silly AC output.
As an aside, I wonder how Linus would answer this? Would it be "that kernel thingy that Andy Tanenbaum said was a flawed design" or "my homemade electronic arse-kicker that reacts to people trying to commit half-tested crap"? I think we have a right to know...
It's nothing to do with weasel-speak. You made a good point with the firewall in a reply further up the thread. Now extend that idea to the TCP/IP stack that ships with the OS. Not only that, but some consumers will not activate a WAN connection immediately. In those, admittedly exceptional, circumstances, you need a way to jail off the update process from the already flawed software running in the kernel to safely update.
Then there's the USB modems that need proprietary firmware uploads like the Speedtouch (I specified the Speedtouch in my OP because there are issues not covered by "if you can't do more than load a CD you shouldn't be touching someone else's machine," along with the fact that the entire advisory session was conducted over the 'phone with a couple of hundred miles between me and my friend and the infection occurred whilst performing a Windows Update. The machine was an SP1 box. Obviously some people understand less than they try to pretend) which will never ship in the default install of Windows unless they're slipstreamed into the install image by a suitably authorised OEM. In these cases, the machine doesn't have a chance to get a WAN connection until the OS is installed and manual installation of the hardware has occurred.
Windows setup already has a method of donwloading updates, but the only time I ever see it working is behind a NAPT router using a NIC that Windows recognises (Intel EE pro or 3Com are prime examples of cards Windows picks up without faffing about) or a Hayes AT compatible modem (Arkvoodle forbid we should try to download ~100MB of updates on one of those). It's feeble, broken from the start and adds little to the eventual security of the OS. Also, do you trust MS enough to say, hand-on-heart, that fetching updates is *all* that session does? I don't.
As I said above, my rationale for suggesting a VM is layered security, which seems to be the only method that truly works these days.
Yes, Mike. Not rocket science *for us*, but we seem to continue making the same mistakes most IT pros make when dealing with technology: That because it's simple for us, it's simple for everyone. It's not. Firewalls aren't understood by everyone. Heck, a lot of post-September users think fairies [1] deliver web pages.
o ks/faq/funnies.html with apologies to Paul from the UK mailing list for quoting him out of context.
The reason I suggest a VM is to jail the security update network stack from the main kernel. If you have, for example, a buffer overflow that allows arbitrary code execution in kernel space TCP/IP, you really don't want that running in your main kernel with a public connection; you want it jailed and only when the data is verified and checked against its hash do you want to apply the update image. If the jailed or virtual kernel becomes corrupt, it can be killed without harming the host OS. Detecting the jail doing something nasty should be simple; it should simply talk to one IP and download an image and hash file. If it starts opening other ports, kill it immediately. In fact, simply make the jailed process capable of only talking to the one host on one port. Useless for users and crackers, but just enough to update the OS safely.
I know it's heretic of me in the extreme to suggest the OS takes away a choice, that of diving into the big electronic blue without care or conscience, but a lot of Windows users (and maybe a few others) need these safety nets, if for no other reason than to keep the rest of us safe and our mail servers from fending off spam floods from botnets.
Doing this retroactively isn't an option; users of Windows up to and including Vista gold are now SOL for this idea, which is sad, especially given that Vista has a working out-of-the-box IPv6 stack. You think it's bad now? Just wait until every new machine has it's own publicly routable IP.
The idea, or any such protection mechanism, *must* be implemented in the first RTM version of the OS to work effectively, or at the very least a service pack or point release that OEMs will pre-install. That means in the future, but it is imperative now that IT pros start thinking long-term rather than trying to tidy up their mistakes of the past. These problems cannot be solved by dwelling on mistakes made, just mitigated by exploiting obsolescence and helping time heal.
[1] http://www1.uk.freebsd.org/doc/en_US.ISO8859-1/bo
I know what you're thinking, mods. But it isn't just another "don't use Windows" post. TFA seems to concentrate on the dominant OS, so i will do the same.
I remember talking someone through setting up Tiscali broadband a few years ago using a Speedtouch and the Tiscali CD. His brand new, shiny Windows XP machine became infected over the connection in under 4 minutes. It's a classic catch-22 situation: You can't update your OS without a connection and you can't go online safely until you've updated your OS.
How about this: Virtualisation is a reality on most machines nowadays. Why doesn't MS use this technology to set up a simple one-time VM to connect and download from a single SSL connection, the public key of which is compiled into the VM, ignoring all other traffic with the single focus of fetching the patches for the worst vulnerabilities, those which have remote exploits? If this were mandatory before enabling the general TCP/IP stack for WAN connections, Joe Sixpack wouldn't be participating in quite so many botnets. Hello! New connection not in my private address checklist. Disable TCP/IP and get the updates before releasing the user to the big, bad Internet. Please wait whilst I sort my ragged arse out and stop you from becoming another statistic...
Or have I simply made the problem too simplistic in my own mind? It seems to me that a single connection from a single port over SSL with no intermediate DNS or man-in-the-middle stages makes sense, even more so if part of the download is the MD5 hash of the update image and the VM rejects any image not matching that.
Bear in mind that the above idea works only for machines using a direct non-RFC1918 or draft-manning address for Internet connections. Those using routers should already be protected from the worst culprits, attack vectors which utilise services running by default, as these usually cannot traverse NAPT, but the feature should include the option to enable manual initialisation over such connections.
Too simple?
Correct. It's called cavitation and it is also the bane of motor cruiser propellors. Ram a fast boat into reverse and the sudden drop in pressure around the thrust side of the prop blades allows water to vaporize, causing a pocket of gas. Believe me, this can shatter a propeller like nothing else.
If you have a look at the installation instructions for transom mounted transducers for fishfinders, you'll find that mounting them for'ard of a prop is a bad idea for just the same reason; they create cavitation on their trailing edge and ruin your nice, expensive prop.
I see one possibility (actually a personal wishlist item more than anything): A GDAL based, cross-platform GPS application that can render geotiffs to a window and plot the current position for locally stored maps. Currently, the only application that does this and, even then, only just (no disrespect, I use it a lot, but maritime charts rarely fit into a 1280x1024 pixel raster) is GPSDrive. Yes, I've heard of mapd and had a few attempts to port it, but it doesn't play nice with FreeBSD. The Grass port, when it is updated, may make exporting them a bit easier than the current GIMP/cut/paste/save as/calibrate routine I currently have to put up with, but until then I'm SOL.
So, guys, since Google Earth uses GDAL (JFGI for the non believers) and gaia is already in the ports tree (with a little hackery to make it respect make.conf's CFLAGS), any chance? Or is it non-trivial?
Irony.
Aye, that it was. Why? Because MS had deals with OEMs to keep their OS outlay to a minimum as long as said OEMs didn't use any other operating system. In other words, every fscking new computer sold had, and still has, a copy of this rot on it and people found they had to use it. After all, Joe Sixpack can hardly install any operating system from scratch without help.
Windows is the de-facto standard because MS's marketing department is the best there is. There's nothing technical about it, nor is it the vote of the end users. It's the fact that MS has the manufacturers right where it wants them: With their bollocks in its twenty tonne press and the salesmen, watching they don't break the agreements, ready to pump the handle by making them pay the "going rate" for the OS if they sell so much as one PC with another OS on it.
Dell was bloody lucky the n series with FreeDOS didn't bring the wrath of Redmond upon it. Of course, FreeDOS isn't much use to anyone these days unless you're flashing the odd firmware or two, so they probably weren't worried about Joe Sixpack discovering that Linux et al are just as simple as Windows XP when someone else installs it for him.
Because big business hasn't even got the thin veil of legitimacy "the mandate of the people" gives goverments. IIRC, a company or PLC has the same rights and obligations under the law as any other individual/legal entity.
Let the companies get away with it and it becomes a free-for-all privacy nightmare.
...but with blackjack? And hookers?
Regarding KHTML, I just had to fire up Konq to test it. The only thing that doesn't appear to work in Konq is the little widget on the left that shows the status of comments/threads. Everything else, including moderation (I had mod points) works nicely. I can't test Safari, but I'm sure some kind Mac geek will do so.
Now a suggestion: Can you (/., not hackstraw) extend this to the metamoderation pages and allow context, parents and such to be opened whilst metamodding without losing your place? That would be a useful addition.
Really? So Gary Starkweather employed a dwarf with very fast drawing skills and very neat handwriting to cram into that very first laser photolithography box, then? You learn something new every day. No wonder the darned things were so expensive at first.
LaserJet is a trademark. Laser printers were invented by Xerox as a natural progression of their Xerographic photolithography process. In fact, Xerox and IBM beat HP to market. There's an MIT page here that confirms this, and you can check out the Wikipedia page here for a more in-depth discussion.
Oh, wait, I see nothing about Xerox's machine fornicating. Perhaps you are right...
I'm setting up an agnostic community. Then the reporters will be able to disambiguate us from the other religions and we can join in this warfest the others seem to be having, if one is to believe the news. Anyone up for it? Meetings the third Tuesday of every month at the phone box in Park Lane. Since we will probably all fit into it, I also suggest we go the whole hog and claim minority status. God/Allah/Bhudda knows what we're going to use as an excuse to become extreme agnostics, but I'm sure we'll find something. Bring your own woad.
Whether we're black, brown, pink, yellow or sky-blue, seihk, bhuddist, atheist, christian, muslim, hindi, jewish, baha'i or hari-bloody-krishna, we're bleedin' British. The tip-off came from a citizen of this country whose moral courage overrode the dogma of extremists, if what I'm reading is true. I don't care whether he/she was a muslim or not; there are probably agnostics that I wouldn't bother to urinate on if they were on fire. What matters is that he or she had the courage to protect the rest of us. And thank his or her deity for that.
@fredrated: This wasn't a rant at you or your comment. It's aimed squarely at the media who, despite protestations of objectivity, continue to refer to sections of our citizenry as "the foobar community" (page 2 of TFA), thereby reinforcing the view of the bigoted minority that said communities are in some way inferior citizens and that it is surprising when they act with the greater good of whatever country in which they live in mind. In other words, political correctness gone mad. I wonder if the next murder report on the Beeb will contain the words "christian community"? No, I doubt it, too.
I'm also a member of the "normally stay indoors at a computer console, take two minutes to turn from blue to red when I do emerge then hide from the sun and read Slashdot" community. Perhaps they have a point...
Yes, there is. http://ezine.daemonnews.org/200302/fbsdscratch.htm l
o ks/handbook/
/etc/sysctl.conf.
/etc/make.conf which will compile everything with -march=athlon-mp), especially if you use Firefox or you may end up rather frustrated. OpenOffice now works perfectly on amd64, as does JDK15 (albeit without the browser plugin) but native Firefox still has "issues" (startup hangs on a machine with an NFS mounted /home, hard locks, crashes to name but a few problems I have encountered) and plugins are rather flaky. I tend to use the 32bit Linux version on amd64, but the native i386 version has the most plugins available for it (win32codecs, Flash - you need a patch to make Flash7 work with the linuxpluginwrapper and native Firefox, see the message displayed when you install the port - et al). Also, there are no proprietary nVidia drivers for amd64 yet, which is not true for i386. This is being addressed in -CURRENT as nVidia have intimated that a key function they require is not present in the amd64 port and the devs are working on it, so the situation is set to change in the near future.
First and foremost, read the handbook. This cannot be overstated. http://www1.uk.freebsd.org/doc/en_US.ISO8859-1/bo
Bear in mind that, for a Linux user, FreeBSD will appear to behave most like Gentoo, particularly when building applications from ports. The actual inheritance was the other way around, but that hardly matters to this discussion.
The kernel config file is flat text, with the various options described in detail in the ${SRC}/sys/conf/NOTES and ${SRC}/sys/${ARCH}/NOTES files. Once you get used to it, nothing ever comes close to the ease of compiling new kernels IMHO. Just watch what depends on what, especially the COMPAT_??? options. Also, try not to use "custom" compiler flags like -ffast-math and -funroll-loops as you can end up with hard to diagnose problems when building from source.
Oh, and for anyone reading this thread who is saying "I only have one dsp device that gets locked and nothing else can use it," there is a sysctl knob which needs setting: hw.snd.pcm?.vchans which I usually set to 4 in
There's a lot of help to be had on the Usenet group comp.unix.bsd.freebsd.misc, too.
My last word on the subject is this: If you have an amd64 machine, for now I would use the i386 port (CPUTYPE=athlon64 in
By the way, ports count at present is ~15500. That's 15.5 thousand services, applications, libraries and utilities available for the cost of typing "make install clean".
It would never work. Consider this:
...you are charged with... Blasphemy! And are hereby sentenced to be stoned to death!
yo_tuco:
Darl: Look, all I said was "That code was good enough for Linux!"
Slashdot crowd: OOOH! fx: Hurls rocks at Darl.
yo_tuco: Stop! Who threw that? Look, nobody is to start until I blow this whistle, even if he does say "Linux"!
Slashdot crowd: OOOH! fx: Hurls rocks at yo_tuco...