When it's cold, wear more clothes and only heat the rooms you use and keep the doors shut so you don't heat the rooms you're not using.
I just had a (reputable) HVAC engineer over to my new (to me) house to evaluate things. I asked him about "shutting off rooms" that were unused, and he said it usually has no effect (actually he said ±2% on the utility bill). He said the air in a closed-off room is not stagnant enough to be an effective insulator; it is not practical in homes to completely seal the room air-tight (with plastic tape over eveything including cracks in floor boards, drywall, etc.).
So the sealed-off room may be at a lower temperature than the rest of the house, which sounds good as there is a lower differential between that room and the outside, meaning less heat loss. But there is also increased heat loss from the rest of your house to the cold sealed room, and the result is a very small net benefit on the heating bill.
I guess my my grandparent post should have read "...not just per port or IP address..."
Per-flow filtering allows the devices to be much more flexible, and handle protocols that hop ports like IM and P2P applications. Sure, it's computationally mych easier to throttle based on port or IP, and these devices can do that, too. But such filtering is easily fooled, and rather inflexible, so the devices can do much more. Which is why they're capable of deep packet inspection and per-flow throttling.
What a crock. I paid for the bandwidth and they hosed me big-time.
Did you read your terms of service? You did not "pay for the bandwidth", you paid for best-effort service of up to X Mbps. And the terms of the agreement are subject to change at the ISP's whim.
Like it or not, no provider is going to give you multi-megabits of guaranteed bandwidth for under $100 per month. That's not economically viable when they have to pay Tier-1 ISPs for tranist of that traffic.
If you want truly unlimited service, buy a business-class leased line (T1,T3,Metro Ethernet, etc.). My company pays $1800/month for a fractional T3, but the TOS guarantees full-bandwidth transit onto Qwest's backbone with four-nines uptime.
Packeteer devices and other traffic shapers can shape traffic per flow, not per port or IP address. A traffic flow can be identified by any number of characteristics (layer 7 packet inspection, traffic patterns, etc.) It's the difference between a sledgehammer and a scalpel.
How, exactly, would you know they're not being exploited? You Mac guys have no AV software, right? And I'll bet you allow all outbound connections from your machine to the internet. Do you have an IDS to warn you of malicious traffic?
An attack doesn't have to be a worm. And it doesn't necessarily have to make itself easily visible by spewing megabits per second of traffic or slowing your machine appreciably.
Why? Power consumption. There's little use having a super-efficient CPU if all the battery juice you save goes to powering a steaming hunk of ATI or Nvidia silicon (and additional battery-draining high-performance video memory).
Integrated graphics are good enough for just about everything but gaming. Most laptop buyers actually use their laptops for work, surfing the net, email, etc. Longer battery life is more important than frames per second to that large market segment.
File parsing vulnerabilites are certainly as prevalent on Linux and OSX as Windows. It seems that most worm writers don't bother attacking these, though, as Linux and OSX combined make up a very small percentage of client workstations.
Southwest Michigan may have more per square mile, but my 10th floor balcony on Lake Shore Drive has no shortage of wind. I see 30-50 mph gusts almost every day of the year due to the layout of the other high-rises around me.
They locate wind farms in mountain passes or other natural high-wind locations; I wonder if turbines located in certain spots of major metropolitan areas would be super-efficient. The plaza south of the IBM building on the river in downtown Chicago has to be one of the windiest places on the face of the Earth... I've literally been blown over there on several occasions.
1) The USPTO isn't doing anything to shut down RIM... it's a bunch of plaintiff's lawyers 2) Companies usually file patents simultaneously in Canada & the US through the Patent Cooperation Treaty
That it's no different from most other physical goods? Some classic cars, in good shape, are worth many times the original sale price. The same is true of antiuque furniture, watches, and even stereo equipment.
A serious flaw with your logic is that corporate customers control a significant majority of the buying dollars in the processor market.
And that $100 extra doesn't mean sh*t to a company. Corporations want reliability above all else.
I stopped buying AMDs for my company several years ago after having about 10 Athlons melt on us, usually because of clogged fans. No termperature failsafe logic on those old Athlons. Sony money we saved on AMD on the front end was quickly overwhelmed by suppoort costs and user downtime on the back end. Yes, I know AMD solved this particular problem a few years back. But, after being burned on the K7, I was seriously cautious about buying from AMD again.
We have only recently started buying Opterons for the server room. The performance/watt is wonderful compared with our Xeon boxes; reliability has been great. But we still chose Intel for our laptop standard this year; perhaps AMD might win for our desktop standard. But you know what? Laptops represent about 60% of our hardware budget... and Intel is getting all that money.
...and new accounts are created with superuser access by default.
This is completely false. If a workstation is a member of a windows domain, a new user account has onlyvery restricted Users-group privileges by default. It has been that way since at least 1996 and NT 4.0, perhaps even with NT 3.5...
I prefer smaller, less bureaucratic charities. Far more of the money is put to actual charitable work.
However, searching CharityNavigator.org for diorrhoea predictably turns up 0 hits. However, I did run across this one via Google, but I cannot vouch for how good they are. The site says they spend only 2% on administration and marketing, but who knows.
So many charities are frauds these days that it's difficult to figure out which smaller organizations are worthwhile. Even if a chaity isn't a total sham, I don't want to buy the CEO a BMW.
HIV is easy to prevent, from a medical standpoint. Condoms and abstinance can irradicate it. The only barriers to stopping the spread of HIV are political and social.
That said, HIV is totally politicized, and is actually grossly over-funded compared with many other diseases.
Diarrhoea kills 4.2 times as many children as HIV, but you don't see Susan Saradon wearing a brown ribbon at the Oscars. Diarrhoea can be cured with a US$0.10 packet of rehydration salts and some clean water. A few million bucks could save all of those kids, including the logisitcal costs.
But Diarrhoea isn't a popular cause with the lefty crowd (or the righty crowd for that matter). Why? Because actors and politicians actually know nothing about public health, and are only interested in causes that promote their own images. HIV is a good "image" issue because a number of famous people have contracted it. There's little chance of anyone from Hollywood dying from Diarrhoea unless they're marooned in Ecuador on an Eco-toursim trip.
A six-fold increase in price over 40 years is just 4.5% increase per year. Cumulative inflation from 1965 to 2005 would have resulted in a 6.2-fold increase in the value of the camera if it was just sitting somewhere in a box.
So your camera actually lost some value in real-dollar terms, although very little.
So why would Microsoft Research be wasting its time with Singularity if it wasn't going to be turned into a product some day? The project is not a researcher's whim -- it has been running for several years. 26 dedicated reasearchers, plus the efforts of part-timers from other MSFT research groups like the compiler group.
Security/reliability are the "features" that MS can market as an upgrade from the status quo. It's clear that the marketplace now values both of those more than feature creep.
Supporting your lock-in conspiracy theories, Singularity only allows "trusted, safe" code from an ILM-compiled language. This means integration with TPM hardware, code signing, and most importantly code analysis to prove the safety of applications. Microsoft will of course be in the best position to provide "trusted & safe" applications for such an OS.
At some point Microsoft will release a completely new OS. It will probably look something very much like Singularity. Reliability and security, rather than speed or features, will be the focus.
Do you have Microsoft's internal coder policies handy?
I've heard the MSFT patch QA process described at a TechEd presentation. I'm sure there are references on th MS site somewhere. My impression was that the process was overwhelmingly thorough.
Yes, it's trivial to set up your own apt repository...
Your definition of trivial and mine are very different... and you'd have to do that for every group of machines, write scripts to set all of the machines' apt sources properly.
To be honest, in four years of using Debian I've never had to roll back a patch issued against stable...
And I've never had to roll back an MS patch in my network, either. But that doesn't mean the feature isn't an absolute requirement for a production network of hundreds/thousands of machines. It is.
In my experience, PHP is an intepreted, unstructured, code-mixed-with-markup hellhole. Comparable to the original ASP or JSP. The state-of-the-art development platforms moved past that sort of thing several years ago... too many maintenance and scalability issues.
The Sun Java SDK is distributed as a self-extracting EXE installer for Windows. As is Apache Tomcat.
Eclipse is distributed in a ZIP file that contains executables for launching on Windows, namely eclipse.exe
All of these would be blocked by our transparent web proxy, as well as the software restriction policies in place on many of our PCs.
Blocking "unknown" executables is an effective strategy that prevents a whole lot of problems. Only tested & approved software can run on the company's machines. Sure, the help desk guys have to do a lot of software packaging and distribution, but that's all done from a central location. They spend almost no time cleaning up after viruses/spyware/buggy software. Also, we also don't have to worry that we have 35 unlicensed cracked versions of Adobe Illustrator out there without IT's knowledge.
It took a helluva lot of management stroking to get this policy into place, as you might imagine.
We've used MSFT software restriction policies (part of Windows Group Policy) to restrict the running of all but approved executables/DLLs on some of our machines. Approval is verified by the OS at run-time by code signature, SHA-1 hash, or (less-securely) by file/path name. Windows will simply not run an executable if it is not in the approved list.
This works wonderfully for certain classes of machines (temps, the call center, public kiosks, etc.) It prevents the vast majority of malware... even if an unpatched hole is exploited, the supporting executables that the malware tries to use are blocked from running. Something like SQL Slammer, though, would probably slip past this defense, as it existed only in memory as far as I can recall.
We have also taken the mirror-image of this "default deny" tactic and set up machines which only banned certain executables (P2P file-sharing applications for example).
Maintenance can be a PITA, though, as new patches/versions must be added to the approved list quite frequently.
Perhaps his company uses similar policies, so the JDK, Eclipse, or whatever installer would not even run on his Windows box.
Yeah, because typing "apt-get update" and "apt-get upgrade" once in a while is so damn hard to manage
Ahh, but who tested those patches for you? Can you really rely on the QA process when so many different developers, with different policies and prioirities are involved? Can you easily assign patches to different groups of machines from a centralized console, so you can test them internally on a subset of machines? Can you easily remove patches from hundreds of machines if one of the patches turns out to have a nasty bug? Maybe with a lot of scripting...
Say what you will about Microsoft's patch timliness, but they got it right with Windows Software Update Services.
Slashdot Mirror
I just had a (reputable) HVAC engineer over to my new (to me) house to evaluate things. I asked him about "shutting off rooms" that were unused, and he said it usually has no effect (actually he said ±2% on the utility bill). He said the air in a closed-off room is not stagnant enough to be an effective insulator; it is not practical in homes to completely seal the room air-tight (with plastic tape over eveything including cracks in floor boards, drywall, etc.).
So the sealed-off room may be at a lower temperature than the rest of the house, which sounds good as there is a lower differential between that room and the outside, meaning less heat loss. But there is also increased heat loss from the rest of your house to the cold sealed room, and the result is a very small net benefit on the heating bill.
I guess my my grandparent post should have read "...not just per port or IP address..."
Per-flow filtering allows the devices to be much more flexible, and handle protocols that hop ports like IM and P2P applications. Sure, it's computationally mych easier to throttle based on port or IP, and these devices can do that, too. But such filtering is easily fooled, and rather inflexible, so the devices can do much more. Which is why they're capable of deep packet inspection and per-flow throttling.
All non-tier-1 ISPs pay the big boys for transit of their traffic based on 95/5 metering. Rogers and Shaw are not Tier-1 ISPs.
Did you read your terms of service? You did not "pay for the bandwidth", you paid for best-effort service of up to X Mbps. And the terms of the agreement are subject to change at the ISP's whim.
Like it or not, no provider is going to give you multi-megabits of guaranteed bandwidth for under $100 per month. That's not economically viable when they have to pay Tier-1 ISPs for tranist of that traffic.
If you want truly unlimited service, buy a business-class leased line (T1,T3,Metro Ethernet, etc.). My company pays $1800/month for a fractional T3, but the TOS guarantees full-bandwidth transit onto Qwest's backbone with four-nines uptime.
Packeteer devices and other traffic shapers can shape traffic per flow, not per port or IP address. A traffic flow can be identified by any number of characteristics (layer 7 packet inspection, traffic patterns, etc.) It's the difference between a sledgehammer and a scalpel.
How, exactly, would you know they're not being exploited? You Mac guys have no AV software, right? And I'll bet you allow all outbound connections from your machine to the internet. Do you have an IDS to warn you of malicious traffic?
An attack doesn't have to be a worm. And it doesn't necessarily have to make itself easily visible by spewing megabits per second of traffic or slowing your machine appreciably.
Why? Power consumption. There's little use having a super-efficient CPU if all the battery juice you save goes to powering a steaming hunk of ATI or Nvidia silicon (and additional battery-draining high-performance video memory).
Integrated graphics are good enough for just about everything but gaming. Most laptop buyers actually use their laptops for work, surfing the net, email, etc. Longer battery life is more important than frames per second to that large market segment.
Umm... how about these file format bugs, which could be exploited just by opening/viewing files on Linux or OSX?
PNG ZIP GIFFile parsing vulnerabilites are certainly as prevalent on Linux and OSX as Windows. It seems that most worm writers don't bother attacking these, though, as Linux and OSX combined make up a very small percentage of client workstations.
Southwest Michigan may have more per square mile, but my 10th floor balcony on Lake Shore Drive has no shortage of wind. I see 30-50 mph gusts almost every day of the year due to the layout of the other high-rises around me.
They locate wind farms in mountain passes or other natural high-wind locations; I wonder if turbines located in certain spots of major metropolitan areas would be super-efficient. The plaza south of the IBM building on the river in downtown Chicago has to be one of the windiest places on the face of the Earth... I've literally been blown over there on several occasions.
1) The USPTO isn't doing anything to shut down RIM... it's a bunch of plaintiff's lawyers
2) Companies usually file patents simultaneously in Canada & the US through the Patent Cooperation Treaty
I ran across this... documentation from MS for all the originally undocumented Win32 API pieces used by MS software (dated 2001).
References, please?
That it's no different from most other physical goods? Some classic cars, in good shape, are worth many times the original sale price. The same is true of antiuque furniture, watches, and even stereo equipment.
People are willing to pay for nostalgia.
A serious flaw with your logic is that corporate customers control a significant majority of the buying dollars in the processor market.
And that $100 extra doesn't mean sh*t to a company. Corporations want reliability above all else.
I stopped buying AMDs for my company several years ago after having about 10 Athlons melt on us, usually because of clogged fans. No termperature failsafe logic on those old Athlons. Sony money we saved on AMD on the front end was quickly overwhelmed by suppoort costs and user downtime on the back end. Yes, I know AMD solved this particular problem a few years back. But, after being burned on the K7, I was seriously cautious about buying from AMD again.
We have only recently started buying Opterons for the server room. The performance/watt is wonderful compared with our Xeon boxes; reliability has been great. But we still chose Intel for our laptop standard this year; perhaps AMD might win for our desktop standard. But you know what? Laptops represent about 60% of our hardware budget... and Intel is getting all that money.
This is completely false. If a workstation is a member of a windows domain, a new user account has onlyvery restricted Users-group privileges by default. It has been that way since at least 1996 and NT 4.0, perhaps even with NT 3.5...
I prefer smaller, less bureaucratic charities. Far more of the money is put to actual charitable work.
However, searching CharityNavigator.org for diorrhoea predictably turns up 0 hits. However, I did run across this one via Google, but I cannot vouch for how good they are. The site says they spend only 2% on administration and marketing, but who knows.
So many charities are frauds these days that it's difficult to figure out which smaller organizations are worthwhile. Even if a chaity isn't a total sham, I don't want to buy the CEO a BMW.
HIV is easy to prevent, from a medical standpoint. Condoms and abstinance can irradicate it. The only barriers to stopping the spread of HIV are political and social.
That said, HIV is totally politicized, and is actually grossly over-funded compared with many other diseases.
Diarrhoea kills 4.2 times as many children as HIV, but you don't see Susan Saradon wearing a brown ribbon at the Oscars. Diarrhoea can be cured with a US$0.10 packet of rehydration salts and some clean water. A few million bucks could save all of those kids, including the logisitcal costs.
But Diarrhoea isn't a popular cause with the lefty crowd (or the righty crowd for that matter). Why? Because actors and politicians actually know nothing about public health, and are only interested in causes that promote their own images. HIV is a good "image" issue because a number of famous people have contracted it. There's little chance of anyone from Hollywood dying from Diarrhoea unless they're marooned in Ecuador on an Eco-toursim trip.
A six-fold increase in price over 40 years is just 4.5% increase per year. Cumulative inflation from 1965 to 2005 would have resulted in a 6.2-fold increase in the value of the camera if it was just sitting somewhere in a box.
So your camera actually lost some value in real-dollar terms, although very little.
So why would Microsoft Research be wasting its time with Singularity if it wasn't going to be turned into a product some day? The project is not a researcher's whim -- it has been running for several years. 26 dedicated reasearchers, plus the efforts of part-timers from other MSFT research groups like the compiler group. Security/reliability are the "features" that MS can market as an upgrade from the status quo. It's clear that the marketplace now values both of those more than feature creep. Supporting your lock-in conspiracy theories, Singularity only allows "trusted, safe" code from an ILM-compiled language. This means integration with TPM hardware, code signing, and most importantly code analysis to prove the safety of applications. Microsoft will of course be in the best position to provide "trusted & safe" applications for such an OS.
At some point Microsoft will release a completely new OS. It will probably look something very much like Singularity. Reliability and security, rather than speed or features, will be the focus.
I've heard the MSFT patch QA process described at a TechEd presentation. I'm sure there are references on th MS site somewhere. My impression was that the process was overwhelmingly thorough.
Your definition of trivial and mine are very different... and you'd have to do that for every group of machines, write scripts to set all of the machines' apt sources properly.
And I've never had to roll back an MS patch in my network, either. But that doesn't mean the feature isn't an absolute requirement for a production network of hundreds/thousands of machines. It is.
In my experience, PHP is an intepreted, unstructured, code-mixed-with-markup hellhole. Comparable to the original ASP or JSP. The state-of-the-art development platforms moved past that sort of thing several years ago... too many maintenance and scalability issues.
The Sun Java SDK is distributed as a self-extracting EXE installer for Windows. As is Apache Tomcat.
Eclipse is distributed in a ZIP file that contains executables for launching on Windows, namely eclipse.exe
All of these would be blocked by our transparent web proxy, as well as the software restriction policies in place on many of our PCs.
Blocking "unknown" executables is an effective strategy that prevents a whole lot of problems. Only tested & approved software can run on the company's machines. Sure, the help desk guys have to do a lot of software packaging and distribution, but that's all done from a central location. They spend almost no time cleaning up after viruses/spyware/buggy software. Also, we also don't have to worry that we have 35 unlicensed cracked versions of Adobe Illustrator out there without IT's knowledge.
It took a helluva lot of management stroking to get this policy into place, as you might imagine.
We've used MSFT software restriction policies (part of Windows Group Policy) to restrict the running of all but approved executables/DLLs on some of our machines. Approval is verified by the OS at run-time by code signature, SHA-1 hash, or (less-securely) by file/path name. Windows will simply not run an executable if it is not in the approved list.
This works wonderfully for certain classes of machines (temps, the call center, public kiosks, etc.) It prevents the vast majority of malware... even if an unpatched hole is exploited, the supporting executables that the malware tries to use are blocked from running. Something like SQL Slammer, though, would probably slip past this defense, as it existed only in memory as far as I can recall.
We have also taken the mirror-image of this "default deny" tactic and set up machines which only banned certain executables (P2P file-sharing applications for example).
Maintenance can be a PITA, though, as new patches/versions must be added to the approved list quite frequently.
Perhaps his company uses similar policies, so the JDK, Eclipse, or whatever installer would not even run on his Windows box.
Ahh, but who tested those patches for you? Can you really rely on the QA process when so many different developers, with different policies and prioirities are involved? Can you easily assign patches to different groups of machines from a centralized console, so you can test them internally on a subset of machines? Can you easily remove patches from hundreds of machines if one of the patches turns out to have a nasty bug? Maybe with a lot of scripting...
Say what you will about Microsoft's patch timliness, but they got it right with Windows Software Update Services.