Because we've all got all the Beatles music we want - or we cant afford it. Personally I can take or leave the beatles - but either way I already have had YEARS to go out there and buy their music.
U2 has a new CD out
Maybe you haven't noticed because you're listening to U2 for crying out loud, but the Beatles catalog on CD has had more releases in the last 5 and 10 years than U2 has. Just being half-dead doesn't mean they can't sell records - look what dying did for Jimi and Janis's careers. Hell, even Keith Richards is selling records when he's half-dead.
It's just strange to me that of all the talent out there, Apple would choose a second or third-tier group like U2 to do this with.
Besides, there's no stage big enough to hold both the egos of Jobs and Bono at the same time. By the way, why post anonymously? I really don't get that whole thing; why not stand up for your words?
I'm curious to see what the Beatles'/Apple Records' lawyers will say about this.
Well, Apple Computers has continued to do what they agreed not to do, time after time, and continues to give money to Apple Corps, LTD because of it. All I can figure is that it's considered a "cost of doing business" and is factored in already. I can't personally see why U2 of all groups would be what they'd do this with - why not work _with_ The Beatles and release an iPod with the Beatles catalog on it? Now _that_, I would buy, and pay a premium for even (since I own the whole thing in several formats already). Hell, the Beatles collectors would probably buy a ton of these, leave 'em unopened, and so on. What better than a sale with no support costs post-sale? Seems like a natural to me...
A turbine engine can burn nearly anything. I can't imagine why they'd choose diesel fuel, it's not adequately explained in the non-details in the article. Noise, though, should be manageable, and careful selection of an appropriate fuel should mitigate that problem as well.
What I find annoying about this is that we keep seeing the same picture of the non-functional prototype with a promise that it'll be ready in 4 years. Same picture, different year, same distance from getting done. From this I can only assume they aren't making any progress but the funding keeps coming in...
If the fuel is a clean hydrocarbon, the exhaust will be CO2 and H2O. Using batteries pollutes too, you just don't see it right there because it's either at the power plant where your battery charger got it's energy from, or it's in the chemical pollution of used dead batteries, or both.
Ohh, and you do know that on unix you can remove a binary of a program that's running, put a new one in, and do a quick kill/start?
Actually, for most of the configuration changes (short of an actual version upgrade or SSL cert change), you can do an 'apachectl graceful' and it applies your changes to the _new_ sessions, while letting the existing sessions close in the natural flow of the users' use of your site. Nice for minor tweaks on the fly during the day, with zero downtime.
Are we talking about the same Apache webserver?
on
Hardening Apache
·
· Score: 3, Informative
There seemed to be little in the way of practical material that gave specific and step-by-step instructions for installing and running Apache on Linux.
Maybe you missed the "documentation" section at the apache.org website? Or, do a google search for "linux apache howto". Tons of good stuff out there.
Apache on Linux requires you to spend 8 hours per day just to keep it up and running,
On what planet is this true? There's about 4 things to change from one webserver to another; you build one config file for your environment, and for the next one modify the listen, the user if you want, the document_root, and maybe servlet mapping if you're using that. Trivial and one-time.
and while its performance and security is fine if you have the time and staff for it, there is no way to just set it up and let it sit while installing patches when needed.
Our experience differs profoundly. Perhaps someone like you needs to hire someone like me to help you get set up. It's a trivial setup, configuration is well documented, and once it's up and running a webserver doesn't need any attention whatsoever until the next version comes out or you decide you want to change what it does.
Arguing against Apache on actual factual grounds would be one thing, but "it's hard to set up and lots of work to keep running" is demonstrably false.
I've considered getting one of the last model iMacs for my Mom....from my tests on OSX, I think she'd be able to use it easier than the windows box I tried to put together for her.
Been there, done that. Went _very_ well. It started with a phone call from my dad, who was uncharacteristically upset. Words included "printer", "computer", "reboot", "again", and "shotgun". With a $1000 budget, I set 'em up with a mid-low eMac (the CRT rather than the flatscreen). They've both gone from calling me for "It crashed and the printer doesn't work", "it crashed and now the printer doesn't work", "the scanner stopped working _again_", and so on, to the very occasional call for less-than-obvious application usage questions. I'm not chasing viruses, they're not getting popups, and I taught 'em how to block that one relative's email (you know, the one who sends _every old recycled email glurge and hoax there is_.
Point is, set 'em up, give 'em their own accounts (which aren't the admin account), and turn 'em loose. They can't break the important stuff because the OS won't _let_ them break the important stuff, the hardware is rock-solid, it's easy to use, and when I want to do remote support, I ssh in and take care of stuff remotely if I want. Can't beat it.
This is the sort of application that screams for a script, rather than some sort of drag-n-drool GUI windows-ish thing. There are several audio sampling and processing utilities over at sourceforge.net, which would be suitable for this sort of thing.
Maybe it's because my background is in the *nix world, but it'd be a half-day project to get this up and running done on a *nix box with something free from sourceforge.
Usually one wants to design the solution to fit the problem, not to introduce more complexity by limiting what the solution can be chosen from. Doesn't seem to be the case in this guy's project. I also can't imagine finding audio sampled snippets of someone's day all that interesting, but I'm sure there are people who enjoy that sort of thing?
it is safe to say you are reading this 'online'... therefore it fits the catagory.
I'm also reading it while sitting in a chair, but that doesn't mean that chairs are the topic. Maybe I'm the only person that reads this category as "Your rights (while) online"? Or maybe I just take AC's too seriously and should just ignore 'em.
I don't get it. Just like many other places, a reasonable, non-intrusive technology is being used to compare visitors to a list of known problem people. It's an attractive target, and would mean a lot to the terrorists to blow up. I don't see a problem with using this as a way to deter that.
Additionally, this is a pretty nifty use of biometric technology, to key the person's fingerprint to locking & opening a locker. I'd think the implementation of such a system would be more on-topic for Slashdot than trying to turn this into some sorts of online rights issue.
What about when there's a security hole found in a Linux app? This has happened, and don't pretend it hasn't.
I don't think anyone has claimed it hasn't except your statement, so that's a bit of a red herring. Yes, vulnerabilities in the components of the OS that haven't been stripped out are tested and patched. This is considerably faster, easier, and more effective when you have the source code.
The "test before you patch" isn't the vendor being nasty about it, it's the US Federal Government'sstatutes, particulary #21CFR11 (google is your friend) which says we can't ship something we haven't tested. Seems logical, doesn't it?
It comes down to being in a bad place either way. If the OS you're trying to fix (and in MS's case, there have been bugs that they _refuse_ to fix for months) doesn't have a good patch model, and the OS vendor won't let you roll your own patches, don't use that OS for something important.
Medical devices are a bit more critical than, say, a gaming PC, so these things need proper testing so they don't break the scanner.
Well, it _isn't_ "used for every single application". The update issue is part of it - patches are done periodically and as appropriate, once they are tested. I can't say too much about the core Linux build for several reasons (haven't seen it in 2 years and shouldn't comment too much on it in any case), but suffice it to say that it's very carefully controlled and limited in it's scope. Given that a Linux vulnerability is less likely to make it's way into a hospital's IT system and through the various and unnamed security built into the scanner's systems, this is considerably less of a problem than it would be with a 'doze host.
A bigger factor was having Microsoft tell one of the higher-ups "Yes, that's a bug, no we won't fix it until the next major OS revision" one time too many. Open-source was the obvious cure to _that_ particular problem. Why Linux? Well, expertise, portability, device support, and other factors went into the selection process. I wasn't there for the end of that process, so I can't say (and wouldn't) what all went in to it at the end, but having source code and better control were huge early factors.
Yup, although I understand that the whole six-sigma thing is toning down a bit, at least to a tolerable level. It's a set of tools, folks, a set of _great_ tools, but it's not a freaking religion. Put away the tamborine and saffron robes, and I'll play, but that look they get in their eyes when certain folks go on and on about it - it's just scary.
its been running VxWorks from day one. I should know I build the software for the damed thing...
Then you probably know who I am if you look at my initials. I left there in early 2002. OK, so let's take the MR scanner. ECG input comes from patient through the SCM. Gets displayed on a...anybody? Anybody? PC running Windows. Just one example, but I could dredge up more if you'd like. If Bill E. hasn't retired again, he could fill you in on the history you don't know. Rob J. could undoubtedly do the same, or Steve C., or John Z, or J. Eric S.... (he's pretty busy lately, though). Yes, the digital front end is running a quad PPC (more now maybe?). MGD is not the entire scanner.
Maybe current production has (finnally) phased out the 'doze box, but to say "has never contained" is demonstrably false.
Why don't they design their software, so that it doesn't break when patches are applied?
Actually, all it shows is that one of us has more exposure to the products in question than the other. Surely even an AC can see that there's nothing uniquely bureaucratic about the "I didn't know that therefore it doesn't exist" types, right?
Why don't they design their software, so that it doesn't break when patches are applied?
You don't seriously believe that Microsoft gives anyone advance notice of what the patch is going to break, do you? Have you seen the ambiguous and undetailed language that goes with the WinXP SP2 patch? There's nothing actionable in there, certainly nothing testable. Until GE gets it and tests it, and authorizes it for the build, it's an astonishingly risky thing to install it.
21cfr11 mandates that only the tested configuration can be used, and if the hospital choses to violate that federal statute, they are not just at risk of screwing up their scanner, but they're technically in violation of federal statute.
I'm not defending Microsoft here, nor am I saying it's smart to have Windows in scanners, but it's there (less now than 5 years ago, but still there). The penalty for using it is that it's quite likely that some piece of malware _will_ find its way into the scanner. They're more vulnerable if they don't patch, they are going into an unsupported (and unsupportable) configuration if they do patch. The only answer is to not use Windows, but until all the 'doze-based scanners are history, they're stuck with it.
Go look at an MRI scanner, see where the ECG and scan time is displaed, and get back to me on that.
If they're not shipping 'em that way today, wonderful, but as of 2-3 years ago it was the case. I know this, because I _fought against it_, y'see. Maybe they've finally phased it out of production, but with the life cycle of a medical scanner exceeding a decade, there are an awful lot of 'em out there today at customer sites; a ten year old scanner isn't unheard of by any means.
I've been here 23 years. None of our critical equipment has shipped on Windows (or other MS OS) in the time I've been here.
Sorry, you are _not_ correct. Would you like me to provide 46-numbers, or will general descriptions suffice? You can find 'doze in shipped systems as recently as 3 years ago, in Ultrasound, MR, and CT at least.
Sorry, Ryan, but you're not correct. I worked for GEMS for 12 years, in software engineering. There _are_ Windows systems embedded into some of these scanners. Most of them do trivial things and are being phased out in favor of *nix systems, but there _are_ Windows-based medical devices.
It's quite a quandry. If you don't patch the 'doze boxes, (and if you don't have a firewall...) it's possible that someone could infect that system. The problem is, GE (and obviously the other device manufacturers) test the hell out of that specific OS build and patch set. When Windows Update breaks things (which happens more than never), the system is now in a state which GE didn't test, and may in fact break the functionality of the scanner. At this point, the FE has no choice but to re-load the PC from the GE-supplied media(which doesn't have the latest patch that the hospital just installed).
The solution? It's pretty simple, stop using Windows in critical situations. I was trying to make that point 10 through 5 years ago there, and was involved in some of the very first Linux tests, prototypes, and production implementations there. The current generation of scanners is mostly linux/intel based, although there is still a lot of SGI/Irix at the top-end where heavy image processing is done. The fix for this problem, is to avoid this problem, and that's really the only sensible approach.
So, yes, they do have 'doze systems embedded in some of these scanners, but it's getting better. The hospital gets to choose between complying with HIPPA and patching the systems, or installing an unsupported patch which might break the scanner. Not a good place to be in, but then again, people shouldn't be reading their email or surfing the web from the MRI scanner's console, and the hospital _should_ have a firewall blocking the slammer/whichever ports.
Slashdot Mirror
Because we've all got all the Beatles music we want - or we cant afford it. Personally I can take or leave the beatles - but either way I already have had YEARS to go out there and buy their music. U2 has a new CD out
Maybe you haven't noticed because you're listening to U2 for crying out loud, but the Beatles catalog on CD has had more releases in the last 5 and 10 years than U2 has. Just being half-dead doesn't mean they can't sell records - look what dying did for Jimi and Janis's careers. Hell, even Keith Richards is selling records when he's half-dead.
It's just strange to me that of all the talent out there, Apple would choose a second or third-tier group like U2 to do this with.
Besides, there's no stage big enough to hold both the egos of Jobs and Bono at the same time. By the way, why post anonymously? I really don't get that whole thing; why not stand up for your words?
I'm curious to see what the Beatles'/Apple Records' lawyers will say about this.
Well, Apple Computers has continued to do what they agreed not to do, time after time, and continues to give money to Apple Corps, LTD because of it. All I can figure is that it's considered a "cost of doing business" and is factored in already. I can't personally see why U2 of all groups would be what they'd do this with - why not work _with_ The Beatles and release an iPod with the Beatles catalog on it? Now _that_, I would buy, and pay a premium for even (since I own the whole thing in several formats already). Hell, the Beatles collectors would probably buy a ton of these, leave 'em unopened, and so on. What better than a sale with no support costs post-sale? Seems like a natural to me...
A turbine engine can burn nearly anything. I can't imagine why they'd choose diesel fuel, it's not adequately explained in the non-details in the article. Noise, though, should be manageable, and careful selection of an appropriate fuel should mitigate that problem as well.
What I find annoying about this is that we keep seeing the same picture of the non-functional prototype with a promise that it'll be ready in 4 years. Same picture, different year, same distance from getting done. From this I can only assume they aren't making any progress but the funding keeps coming in...
If the fuel is a clean hydrocarbon, the exhaust will be CO2 and H2O. Using batteries pollutes too, you just don't see it right there because it's either at the power plant where your battery charger got it's energy from, or it's in the chemical pollution of used dead batteries, or both.
Can't speak to 2.0; I'm still using 1.99_16 myself, which seems to be playing nice with 2.0.50 and I assume 2.0.51 (building now).
I assume your response is to the guy I'm answering, rather than to me? By replying to my post rather than his, it makes it unclear.
Ohh, and you do know that on unix you can remove a binary of a program that's running, put a new one in, and do a quick kill/start?
Actually, for most of the configuration changes (short of an actual version upgrade or SSL cert change), you can do an 'apachectl graceful' and it applies your changes to the _new_ sessions, while letting the existing sessions close in the natural flow of the users' use of your site. Nice for minor tweaks on the fly during the day, with zero downtime.
There seemed to be little in the way of practical material that gave specific and step-by-step instructions for installing and running Apache on Linux.
Maybe you missed the "documentation" section at the apache.org website? Or, do a google search for "linux apache howto". Tons of good stuff out there.
Apache on Linux requires you to spend 8 hours per day just to keep it up and running,
On what planet is this true? There's about 4 things to change from one webserver to another; you build one config file for your environment, and for the next one modify the listen, the user if you want, the document_root, and maybe servlet mapping if you're using that. Trivial and one-time.
and while its performance and security is fine if you have the time and staff for it, there is no way to just set it up and let it sit while installing patches when needed.
Our experience differs profoundly. Perhaps someone like you needs to hire someone like me to help you get set up. It's a trivial setup, configuration is well documented, and once it's up and running a webserver doesn't need any attention whatsoever until the next version comes out or you decide you want to change what it does. Arguing against Apache on actual factual grounds would be one thing, but "it's hard to set up and lots of work to keep running" is demonstrably false.
I've considered getting one of the last model iMacs for my Mom....from my tests on OSX, I think she'd be able to use it easier than the windows box I tried to put together for her.
Been there, done that. Went _very_ well. It started with a phone call from my dad, who was uncharacteristically upset. Words included "printer", "computer", "reboot", "again", and "shotgun". With a $1000 budget, I set 'em up with a mid-low eMac (the CRT rather than the flatscreen). They've both gone from calling me for "It crashed and the printer doesn't work", "it crashed and now the printer doesn't work", "the scanner stopped working _again_", and so on, to the very occasional call for less-than-obvious application usage questions. I'm not chasing viruses, they're not getting popups, and I taught 'em how to block that one relative's email (you know, the one who sends _every old recycled email glurge and hoax there is_.
Point is, set 'em up, give 'em their own accounts (which aren't the admin account), and turn 'em loose. They can't break the important stuff because the OS won't _let_ them break the important stuff, the hardware is rock-solid, it's easy to use, and when I want to do remote support, I ssh in and take care of stuff remotely if I want. Can't beat it.
This is the sort of application that screams for a script, rather than some sort of drag-n-drool GUI windows-ish thing. There are several audio sampling and processing utilities over at sourceforge.net, which would be suitable for this sort of thing.
Maybe it's because my background is in the *nix world, but it'd be a half-day project to get this up and running done on a *nix box with something free from sourceforge.
Usually one wants to design the solution to fit the problem, not to introduce more complexity by limiting what the solution can be chosen from. Doesn't seem to be the case in this guy's project. I also can't imagine finding audio sampled snippets of someone's day all that interesting, but I'm sure there are people who enjoy that sort of thing?
it is safe to say you are reading this 'online' ... therefore it fits the catagory.
I'm also reading it while sitting in a chair, but that doesn't mean that chairs are the topic. Maybe I'm the only person that reads this category as "Your rights (while) online"? Or maybe I just take AC's too seriously and should just ignore 'em.
I don't get it. Just like many other places, a reasonable, non-intrusive technology is being used to compare visitors to a list of known problem people. It's an attractive target, and would mean a lot to the terrorists to blow up. I don't see a problem with using this as a way to deter that.
Additionally, this is a pretty nifty use of biometric technology, to key the person's fingerprint to locking & opening a locker. I'd think the implementation of such a system would be more on-topic for Slashdot than trying to turn this into some sorts of online rights issue.
What about when there's a security hole found in a Linux app? This has happened, and don't pretend it hasn't.
I don't think anyone has claimed it hasn't except your statement, so that's a bit of a red herring. Yes, vulnerabilities in the components of the OS that haven't been stripped out are tested and patched. This is considerably faster, easier, and more effective when you have the source code.
The "test before you patch" isn't the vendor being nasty about it, it's the US Federal Government'sstatutes, particulary #21CFR11 (google is your friend) which says we can't ship something we haven't tested. Seems logical, doesn't it?
It comes down to being in a bad place either way. If the OS you're trying to fix (and in MS's case, there have been bugs that they _refuse_ to fix for months) doesn't have a good patch model, and the OS vendor won't let you roll your own patches, don't use that OS for something important.
Medical devices are a bit more critical than, say, a gaming PC, so these things need proper testing so they don't break the scanner.
Well, it _isn't_ "used for every single application". The update issue is part of it - patches are done periodically and as appropriate, once they are tested. I can't say too much about the core Linux build for several reasons (haven't seen it in 2 years and shouldn't comment too much on it in any case), but suffice it to say that it's very carefully controlled and limited in it's scope. Given that a Linux vulnerability is less likely to make it's way into a hospital's IT system and through the various and unnamed security built into the scanner's systems, this is considerably less of a problem than it would be with a 'doze host.
A bigger factor was having Microsoft tell one of the higher-ups "Yes, that's a bug, no we won't fix it until the next major OS revision" one time too many. Open-source was the obvious cure to _that_ particular problem. Why Linux? Well, expertise, portability, device support, and other factors went into the selection process. I wasn't there for the end of that process, so I can't say (and wouldn't) what all went in to it at the end, but having source code and better control were huge early factors.
Yup, although I understand that the whole six-sigma thing is toning down a bit, at least to a tolerable level. It's a set of tools, folks, a set of _great_ tools, but it's not a freaking religion. Put away the tamborine and saffron robes, and I'll play, but that look they get in their eyes when certain folks go on and on about it - it's just scary.
its been running VxWorks from day one. I should know I build the software for the damed thing...
... (he's pretty busy lately, though). Yes, the digital front end is running a quad PPC (more now maybe?). MGD is not the entire scanner.
Then you probably know who I am if you look at my initials. I left there in early 2002. OK, so let's take the MR scanner. ECG input comes from patient through the SCM. Gets displayed on a...anybody? Anybody? PC running Windows. Just one example, but I could dredge up more if you'd like. If Bill E. hasn't retired again, he could fill you in on the history you don't know. Rob J. could undoubtedly do the same, or Steve C., or John Z, or J. Eric S.
Maybe current production has (finnally) phased out the 'doze box, but to say "has never contained" is demonstrably false.
Your assumption that Windows is more buggy or less stable than Linux is false.
Based on what facts, exactly? (show your work - links to microsoft.com do not qualify as cites in the context of this argument).
I work for one of your competitors, and the reverse engineering of a GEMS product showed a definite presence of Windows...
Heh. You don't need to reverse-engineer anything, you can see from the GUI which OS a given screen is running.
Why don't they design their software, so that it doesn't break when patches are applied?
Actually, all it shows is that one of us has more exposure to the products in question than the other. Surely even an AC can see that there's nothing uniquely bureaucratic about the "I didn't know that therefore it doesn't exist" types, right?
Why don't they design their software, so that it doesn't break when patches are applied?
You don't seriously believe that Microsoft gives anyone advance notice of what the patch is going to break, do you? Have you seen the ambiguous and undetailed language that goes with the WinXP SP2 patch? There's nothing actionable in there, certainly nothing testable. Until GE gets it and tests it, and authorizes it for the build, it's an astonishingly risky thing to install it.
21cfr11 mandates that only the tested configuration can be used, and if the hospital choses to violate that federal statute, they are not just at risk of screwing up their scanner, but they're technically in violation of federal statute.
I'm not defending Microsoft here, nor am I saying it's smart to have Windows in scanners, but it's there (less now than 5 years ago, but still there). The penalty for using it is that it's quite likely that some piece of malware _will_ find its way into the scanner. They're more vulnerable if they don't patch, they are going into an unsupported (and unsupportable) configuration if they do patch. The only answer is to not use Windows, but until all the 'doze-based scanners are history, they're stuck with it.
Go look at an MRI scanner, see where the ECG and scan time is displaed, and get back to me on that. If they're not shipping 'em that way today, wonderful, but as of 2-3 years ago it was the case. I know this, because I _fought against it_, y'see. Maybe they've finally phased it out of production, but with the life cycle of a medical scanner exceeding a decade, there are an awful lot of 'em out there today at customer sites; a ten year old scanner isn't unheard of by any means.
I've been here 23 years. None of our critical equipment has shipped on Windows (or other MS OS) in the time I've been here.
Sorry, you are _not_ correct. Would you like me to provide 46-numbers, or will general descriptions suffice? You can find 'doze in shipped systems as recently as 3 years ago, in Ultrasound, MR, and CT at least.
Sorry, Ryan, but you're not correct. I worked for GEMS for 12 years, in software engineering. There _are_ Windows systems embedded into some of these scanners. Most of them do trivial things and are being phased out in favor of *nix systems, but there _are_ Windows-based medical devices.
It's quite a quandry. If you don't patch the 'doze boxes, (and if you don't have a firewall...) it's possible that someone could infect that system. The problem is, GE (and obviously the other device manufacturers) test the hell out of that specific OS build and patch set. When Windows Update breaks things (which happens more than never), the system is now in a state which GE didn't test, and may in fact break the functionality of the scanner. At this point, the FE has no choice but to re-load the PC from the GE-supplied media(which doesn't have the latest patch that the hospital just installed).
The solution? It's pretty simple, stop using Windows in critical situations. I was trying to make that point 10 through 5 years ago there, and was involved in some of the very first Linux tests, prototypes, and production implementations there. The current generation of scanners is mostly linux/intel based, although there is still a lot of SGI/Irix at the top-end where heavy image processing is done. The fix for this problem, is to avoid this problem, and that's really the only sensible approach.
So, yes, they do have 'doze systems embedded in some of these scanners, but it's getting better. The hospital gets to choose between complying with HIPPA and patching the systems, or installing an unsupported patch which might break the scanner. Not a good place to be in, but then again, people shouldn't be reading their email or surfing the web from the MRI scanner's console, and the hospital _should_ have a firewall blocking the slammer/whichever ports.
Come on, you expect me to believe that this meat can _think_?
Makes the whole concept of a "data dump" a lot less appealing.