MS probably needs to remove one or two levels of management to allow things to speed up again. Ideas and progress are slowed by too many filters.
Too many management layers and probably too many of the wrong people have been promoted over the years. It's not going to be as easy as saying "replace Balmer". Whoever takes over is going to have to do some serious housecleaning to get rid of those people who are making the decisions to ship bad products.
They should have done what the anti-trust fans wanted done years ago. Split the company up into at least 3 major segments and spin things off. Shove the MS-Office bunch into their own company, shove the server folks into their own company, shove the hardware products into yet another company, etc.
Which cuts down on the layers of bureaucracy and forces those product lines to compete on merit instead of relying on other corporate cash cows (or being used as a cash cow).
The worst, of course, is the AGPL. Do you really want some schmuck asking you for the old version of your web site's code from when they visited it 2 years ago?
Why would those files not be sitting in a version control system anyway? In which case it's a minor annoyance rather then "we don't have that".
My books don't consume electricity. The oldest ones I have are physical prints which are more than 50 years old. Still working and looking splendit... without electricity. I know, I might be a troll here.... but I never understood the reason for e-books....
Less physical clutter.
Less cost to move all those books to a new place.
The ability to resize the text on the fly to make it easier to read. This is probably the most desirable feature for me.
Bring a dozen books on a trip, without having to find room for all of them in my luggage.
For cover-to-cover reading (not random access, think fiction / novels) and not books with a lot of figures or that require color to explain things, it's very nice to read on. The Sony readers were very good at getting out of the way and letting you focus on the content.
I still prefer physical hard copy for reference works.
My Sony PRS-505, when new, was good for 2-3 weeks of an hour or two per night. And I could leave it lay on the bed stand for a week or three without worrying about the charge.
After 2-3 years, I have to tend to it at least every other week for it to stay charged and useful.
(Fewer books and no add-in cards helps. The SD card slot was always a battery killer compared to the Sony Memory Stick Duo.)
These are likely not so bad without exposure to Adobe and Java.
Let us be honest for once.
And Flash and Javascript.
(And the biggest issue with PDF, Flash and Java plugins are that they use a non-standard update mechanism instead of being built into Windows Updates. And both Oracle and Adobe are horrid about trying to install add-ons like browser toolbars, or constantly changing their update methods. Which leads to users never updating these key pieces of software, thus getting pwn'd a few years down the road.)
Machines that serve up public services (web servers, FTP, or anything that appears in a public DNS record) will still be heavily attacked. But machines configured via DHCP (where the assigned addresses are not sequential) or which are using the privacy addresses will be harder to find through guessing.
And in the case of the privacy addresses, those are typically only good for a few days. So the collected address list will not be much good for those end-users machines.
Would worms like Sasser have gotten as far if the search space was 1/1000th as sparse as it currently is? What if we could move that even two more orders of magnitude to only 1 in 100,000 addresses having active machines on the local network? Contrast that to probably at least a 30-50% utilization on current IPv4 networks.
Outbound-only IP6 firewalls will offer the same level of security as NAT. With a few other advantages as well.
What will remain to be seen is whether the firewall devices can be:
- Properly configured or come with sane defaults.
- Fail in a safe manner rather then suddenly just allowing every connection through.
- Can't be switched to completely transparent by attack software.
It will be interesting in a few years as IPv6 finally takes off. I think the 3rd option is going to be the interesting one. In a IPv4 NAT'd network, the attacker has to (a) know the internal IPs and (b) add an inbound port forward to the NAT device. In the IPv6 firewall scenario, because the devices inside the network already have routeable addresses, if they can open up the firewall then they win.
The saving grace will probably be the sheer size of the address pool in a local network. Unless you sniff the traffic (or look at DNS or ARP), knowledge of active IP addresses is hard to come by via scanning. Scanning a 2^64 range for active hosts will take a few years, which will slow down any worms that attempt to spread in that manner.
A few years, as in enumerating 2^64 addresses and processing 1 million per second means you need about 585,000 years. There are ways to fine that down such as only searching the list of valid MAC addresses, which cuts the size down to 2^40 to 2^48. And you could fine that down even more by only looking for popular MAC addresses, which would probably make it 2^36 to 2^40 roughly. Scanning 2^32 @ 1 million / second takes about 80 minutes, 2^36 is 19 hours, 2^40 is 305 hours. Of course, attempting to scan 1 million hosts per second would bury most boxes and would probably require 10Gbps to pull off.
Compare that to today's networks where the local network segment usually only has 256 to 4096 possible addresses. Multiple orders of magnitude easier to scan.
Correction: the X11 server runs on your glass; eg: your Windows system. All you need then are X11 clients on the Linux cluster nodes.
Ah, the joys of X11 terminology.
I can understand why they flip-flop the server/client locations and understand that it's technically correct, but it confuses the hell out of folks more often then not.
RHEL is fine, CentOS is just awful, and anytime someone offers up CentOS as a substitute for RHEL, I wonder of they've ever used CentOS. Watch for circular dependencies and lots of unavailable packages.
The only way you get into dependency hell in CentOS over RHEL is if you don't know what you're doing and how to control pulling packages from non-standard repositories.
And from the sounds of things, you're the type who adds a 3rd party repository and pulls everything in, instead of using the "includepkgs=" line to *only* pull in things from the 3rd party repository that you absolutely need.
My Tecra 9100 (from '02 or '03) had the potentiometer volume control. The Thinkpad T61p just has 3 buttons for volume control. Don't know if I've seen any laptops with the dials recently, but it's not high on the list of must-haves when we look.
For headphones, I always get ones with built-in volume controls, or use a short little cable with the potentiometer installed (Radio Shack 42-2559 or the like).
For the most part, modern attackers don't want to damage your computer, they want to get personal info. CC numbers and the like.
I would classify malware a bit differently as not all of them want the same things, and their goals sometimes overlap.
1) Control of the machine for use as a force-multiplier. Such as participating in a DDoS, a spam relay, or to harness CPU/GPU time. The traditional "botnet" falls into this category for the most part where the attacker wants to take over other machines to magnify the effect that they can have on a target or to simply spread the load out. The problem with this type is that it is noticeable, often slows down the system, and tends to lead to the machine being deloused.
2) Collection of personal information. Spyware, etc. This sort of operation can be extremely well hidden as it only sends a very small amount of data out and generally does not impact the use of the machine.
3) Ad fraud, click hijacking, page redirection, etc. Highly visible, the malware infects the machine specifically to display ads to the user or to redirect the user's web pages to an ad-serving page. Since it is highly visible and highly annoying, it tends to result in the machine being sanitized.
Even worse, the article says www.skype.com is unavailable. I just went there and it loaded up instantly and completely. Pretty sure the whole thing's bullshit, just someone with an axe to grind.
Or a routing issue that only affects some customers. Or a geographic load-balance issue where people from a certain area are seeing a broken site.
(It's working for me from NYC area at the moment.)
Maybe I'm off base on this, but if I am please correct me... It's like if Linux didn't have file system permissions the way it does now.. let's say you could write anywhere without any restrictions, and then suddenly there's an update that locked down the file system with permissions the way they are currently. Since the existing applications would try to write to where ever they would normally write, they'd hit errors.. and since the applications weren't written to handle those errors correctly, I'm guessing they would crash or hang.
Well, I think the closer analog would be starting to use SELinux after leaving it turned off for a long time.
If the SELinux profiles are properly written, and the software hasn't changed drastically since the profile was written, then it generally just works (at least with targeted mode). But if not, then you'll get all sorts of SELinux errors in the logs and the application will fail to function properly.
What's the best practice when reinstalling Windows from disc so that the computer doesn't get owned before it finishes downloading the updates over a slow Internet connection?
Same as it has been since the days of WinXP (prior to SP2 or SP3). Hook it up behind a NAT device or a firewall that only allows outbound connections.
Doesn't help with dial-up cases, but anyone installing a Windows box from scratch should be knowledgeable enough to use a NAT router or outbound-only firewall.
This article is about WebP, not WebM. Firefox does very much support WebM, just as do Chrome, Opera, Safari and IE (these last two browser require the WebM codecs to be installed, all the other just work). And YouTube is serving WebM video (among other formats).
Which may be how the camel gets its nose into the tent on this one. All Google has to do is switch all of the graphics on YouTube over to WebP and let the howls begin.
Or maybe "icanhascheezburger.com" would be a better wedge.
If it's truly better then JPEG (size, speed, quality) then it might take off. But JPEG is pretty entrenched at this point.
Or if they can get the camera manufacturers to switch to outputting WebP images instead of JPEG. That might encourage some migration too. The camera manufacturers might be sold on not having to pay any royalties. Assuming that there are still royalties being paid for JPEG capability.
The technique will then shift to sniff instead of scan.
On the flip side, this is going to make it a lot harder to enumerate a network and see what exists - without using a dedicated monitoring port on the switch to observe all traffic and addresses.
I wish I could get 8GB in my Thinkpad T61p (from 2007). It's the only thing I don't like about the machine. But unless my job drastically changes or the laptop dies, I doubt that I'll upgrade before 2013 or 2014.
Dropped a SSD in it earlier this year, and got the keyboard and system motherboard replaced under warranty. Feels like a brand new machine except for only having 4GB. The SSD was worth every dollar. Made a huge difference in how responsive the machine felt and I went from hating to use the laptop to loving it again. Especially when I need to have half a dozen things open, then switch to deal with a 7th fire that just popped up.
(I kept my old Tecra 9100 for almost 5 years. And that was only a single-core 1.5GHz Pentium 4 w/ 1GB RAM. The single-core and memory limit is what did it in. It was just too unresponsive when things got busy and it limited my ability to task switch through the day. Either I was waiting on the CPU or I was having to dump programs to stay below 1GB.)
You don't keep your glorious monitor when your machine becomes too slow after a few years
At this point with dual/quad cores and 4GB of RAM being common... The time before a machine becomes "too slow" is starting to be measured in the range of 8-12 years.
This is not the 90s where computer power doubled every year. Back then a 3-year old machine was 6x-8x slower then a brand new one. It made a lot of sense to replace units every 3 years. Nor the period around 2000 where we only got doubled performance every 18-24 months. Where a 4-year old machine was 3x-4x slower then a brand new one.
We're well past that point and now individual cores are barely gaining any ground from year to year in performance and all of the action has been to keep adding cores. Compared to a machine from 5 years ago, new cores are only 50-60% more powerful. If it wasn't for dual / quad / hex / octo core chips, things would be extremely painful.
So give your average user a quad-core w/ 8GB today and odds are pretty good that they'll still be using it a decade from now. Hell, back in the middle of the 2000s, there were still many, many, MANY, people still running Windows 98 machines (single core units, under 500MHz and a machine with 64MB was high end). Those machines were all 5-7 years old at that point and still in use.
Ever since multi-core hit around 2005, computer lifespans have stretched dramatically. We're not even thinking of upgrading our dual-core units bought from 2006-2008 until at least 2012-2013. The only thing that would accelerate that would be hardware failures. And before we do a wholesale replacement, we'd consider boosting the RAM (2GB to 4GB) and dropping a 64GB or 128GB SSD in.
Because 80-90% of the people out there think testing and QA is answered by the question, "does it work?". And they believe that as long as it works then it is written correctly.
Proper QA requires knowledge of the system and understanding the weak points. Then you construct test cases to break the software on purpose and make sure that the tests cover those weak points. It is not testing for success, it is testing to make sure it doesn't fail.
I guess you'd have to bring your own iPad/Smart phone with you too. Good luck watching a whole movie on your phone before the battery runs out.
Er, I don't know what smart phones you've been using, but watching 2-3 hours of video on a Blackberry Storm2 is well within the range of possible. I wouldn't expect it to last for a full 5 hour flight though (bring a 2nd battery). But you can definitely watch a 2-hour movie.
When it comes to electronics with field replaceable batteries - pack a spare battery that is charged up and ready to go.
Heck, Fedora/RHEL/CentOS bootscripts do it for you during shutdown, and reload them during startup.
By default, I'm pretty sure they do not save the iptables chains on shutdown/restart. Not without edits to the iptables-config file.
/etc/sysconfig/iptables-config
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to/etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to/etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
Slashdot Mirror
MS probably needs to remove one or two levels of management to allow things to speed up again. Ideas and progress are slowed by too many filters.
Too many management layers and probably too many of the wrong people have been promoted over the years. It's not going to be as easy as saying "replace Balmer". Whoever takes over is going to have to do some serious housecleaning to get rid of those people who are making the decisions to ship bad products.
They should have done what the anti-trust fans wanted done years ago. Split the company up into at least 3 major segments and spin things off. Shove the MS-Office bunch into their own company, shove the server folks into their own company, shove the hardware products into yet another company, etc.
Which cuts down on the layers of bureaucracy and forces those product lines to compete on merit instead of relying on other corporate cash cows (or being used as a cash cow).
The worst, of course, is the AGPL. Do you really want some schmuck asking you for the old version of your web site's code from when they visited it 2 years ago?
Why would those files not be sitting in a version control system anyway? In which case it's a minor annoyance rather then "we don't have that".
My books don't consume electricity. The oldest ones I have are physical prints which are more than 50 years old. Still working and looking splendit ... without electricity. I know, I might be a troll here .... but I never understood the reason for e-books....
Less physical clutter.
Less cost to move all those books to a new place.
The ability to resize the text on the fly to make it easier to read. This is probably the most desirable feature for me.
Bring a dozen books on a trip, without having to find room for all of them in my luggage.
For cover-to-cover reading (not random access, think fiction / novels) and not books with a lot of figures or that require color to explain things, it's very nice to read on. The Sony readers were very good at getting out of the way and letting you focus on the content.
I still prefer physical hard copy for reference works.
My Sony PRS-505, when new, was good for 2-3 weeks of an hour or two per night. And I could leave it lay on the bed stand for a week or three without worrying about the charge.
After 2-3 years, I have to tend to it at least every other week for it to stay charged and useful.
(Fewer books and no add-in cards helps. The SD card slot was always a battery killer compared to the Sony Memory Stick Duo.)
Maybe it was not intended to be "AV software"? From the front page of Microsoft Safety Scanner (emphasis mine):
Equivalent tools from other sources do the job in about 1/8th the size.
(MBAM clocks in at around a 7.5MB download, and the database updates are only a few megabytes.)
These are likely not so bad without exposure to Adobe and Java.
Let us be honest for once.
And Flash and Javascript.
(And the biggest issue with PDF, Flash and Java plugins are that they use a non-standard update mechanism instead of being built into Windows Updates. And both Oracle and Adobe are horrid about trying to install add-ons like browser toolbars, or constantly changing their update methods. Which leads to users never updating these key pieces of software, thus getting pwn'd a few years down the road.)
Collections of active IP addresses will be readily available tomorrow, just as rainbow tables and collections of active email addresses are today.
That depends. I suggest reading RFC 5157.
Machines that serve up public services (web servers, FTP, or anything that appears in a public DNS record) will still be heavily attacked. But machines configured via DHCP (where the assigned addresses are not sequential) or which are using the privacy addresses will be harder to find through guessing.
And in the case of the privacy addresses, those are typically only good for a few days. So the collected address list will not be much good for those end-users machines.
Would worms like Sasser have gotten as far if the search space was 1/1000th as sparse as it currently is? What if we could move that even two more orders of magnitude to only 1 in 100,000 addresses having active machines on the local network? Contrast that to probably at least a 30-50% utilization on current IPv4 networks.
Outbound-only IP6 firewalls will offer the same level of security as NAT. With a few other advantages as well.
What will remain to be seen is whether the firewall devices can be:
- Properly configured or come with sane defaults.
- Fail in a safe manner rather then suddenly just allowing every connection through.
- Can't be switched to completely transparent by attack software.
It will be interesting in a few years as IPv6 finally takes off. I think the 3rd option is going to be the interesting one. In a IPv4 NAT'd network, the attacker has to (a) know the internal IPs and (b) add an inbound port forward to the NAT device. In the IPv6 firewall scenario, because the devices inside the network already have routeable addresses, if they can open up the firewall then they win.
The saving grace will probably be the sheer size of the address pool in a local network. Unless you sniff the traffic (or look at DNS or ARP), knowledge of active IP addresses is hard to come by via scanning. Scanning a 2^64 range for active hosts will take a few years, which will slow down any worms that attempt to spread in that manner.
A few years, as in enumerating 2^64 addresses and processing 1 million per second means you need about 585,000 years. There are ways to fine that down such as only searching the list of valid MAC addresses, which cuts the size down to 2^40 to 2^48. And you could fine that down even more by only looking for popular MAC addresses, which would probably make it 2^36 to 2^40 roughly. Scanning 2^32 @ 1 million / second takes about 80 minutes, 2^36 is 19 hours, 2^40 is 305 hours. Of course, attempting to scan 1 million hosts per second would bury most boxes and would probably require 10Gbps to pull off.
Compare that to today's networks where the local network segment usually only has 256 to 4096 possible addresses. Multiple orders of magnitude easier to scan.
Correction: the X11 server runs on your glass; eg: your Windows system. All you need then are X11 clients on the Linux cluster nodes.
Ah, the joys of X11 terminology.
I can understand why they flip-flop the server/client locations and understand that it's technically correct, but it confuses the hell out of folks more often then not.
RHEL is fine, CentOS is just awful, and anytime someone offers up CentOS as a substitute for RHEL, I wonder of they've ever used CentOS. Watch for circular dependencies and lots of unavailable packages.
The only way you get into dependency hell in CentOS over RHEL is if you don't know what you're doing and how to control pulling packages from non-standard repositories.
And from the sounds of things, you're the type who adds a 3rd party repository and pulls everything in, instead of using the "includepkgs=" line to *only* pull in things from the 3rd party repository that you absolutely need.
My Tecra 9100 (from '02 or '03) had the potentiometer volume control. The Thinkpad T61p just has 3 buttons for volume control. Don't know if I've seen any laptops with the dials recently, but it's not high on the list of must-haves when we look.
For headphones, I always get ones with built-in volume controls, or use a short little cable with the potentiometer installed (Radio Shack 42-2559 or the like).
Yep, I'm using a Model M from 1984 still. I tend to pickup spares off of auction sites (I have another one in a box from the early 90s as a spare).
It's a little depressing that my keyboard is ~27 years old.
For the most part, modern attackers don't want to damage your computer, they want to get personal info. CC numbers and the like.
I would classify malware a bit differently as not all of them want the same things, and their goals sometimes overlap.
1) Control of the machine for use as a force-multiplier. Such as participating in a DDoS, a spam relay, or to harness CPU/GPU time. The traditional "botnet" falls into this category for the most part where the attacker wants to take over other machines to magnify the effect that they can have on a target or to simply spread the load out. The problem with this type is that it is noticeable, often slows down the system, and tends to lead to the machine being deloused.
2) Collection of personal information. Spyware, etc. This sort of operation can be extremely well hidden as it only sends a very small amount of data out and generally does not impact the use of the machine.
3) Ad fraud, click hijacking, page redirection, etc. Highly visible, the malware infects the machine specifically to display ads to the user or to redirect the user's web pages to an ad-serving page. Since it is highly visible and highly annoying, it tends to result in the machine being sanitized.
And there are probably other smaller categories.
Grrr... you just *had* to link to tvtropes...
(Well, there went a half-hour of my day.)
Even worse, the article says www.skype.com is unavailable. I just went there and it loaded up instantly and completely. Pretty sure the whole thing's bullshit, just someone with an axe to grind.
Or a routing issue that only affects some customers. Or a geographic load-balance issue where people from a certain area are seeing a broken site.
(It's working for me from NYC area at the moment.)
Maybe I'm off base on this, but if I am please correct me... It's like if Linux didn't have file system permissions the way it does now.. let's say you could write anywhere without any restrictions, and then suddenly there's an update that locked down the file system with permissions the way they are currently. Since the existing applications would try to write to where ever they would normally write, they'd hit errors.. and since the applications weren't written to handle those errors correctly, I'm guessing they would crash or hang.
Well, I think the closer analog would be starting to use SELinux after leaving it turned off for a long time.
If the SELinux profiles are properly written, and the software hasn't changed drastically since the profile was written, then it generally just works (at least with targeted mode). But if not, then you'll get all sorts of SELinux errors in the logs and the application will fail to function properly.
What's the best practice when reinstalling Windows from disc so that the computer doesn't get owned before it finishes downloading the updates over a slow Internet connection?
Same as it has been since the days of WinXP (prior to SP2 or SP3). Hook it up behind a NAT device or a firewall that only allows outbound connections.
Doesn't help with dial-up cases, but anyone installing a Windows box from scratch should be knowledgeable enough to use a NAT router or outbound-only firewall.
This article is about WebP, not WebM. Firefox does very much support WebM, just as do Chrome, Opera, Safari and IE (these last two browser require the WebM codecs to be installed, all the other just work). And YouTube is serving WebM video (among other formats).
Which may be how the camel gets its nose into the tent on this one. All Google has to do is switch all of the graphics on YouTube over to WebP and let the howls begin.
Or maybe "icanhascheezburger.com" would be a better wedge.
If it's truly better then JPEG (size, speed, quality) then it might take off. But JPEG is pretty entrenched at this point.
Or if they can get the camera manufacturers to switch to outputting WebP images instead of JPEG. That might encourage some migration too. The camera manufacturers might be sold on not having to pay any royalties. Assuming that there are still royalties being paid for JPEG capability.
The technique will then shift to sniff instead of scan.
On the flip side, this is going to make it a lot harder to enumerate a network and see what exists - without using a dedicated monitoring port on the switch to observe all traffic and addresses.
Of course, as soon as I say that, I do some digging and it looks like I might be able to get 8GB in the T61p from Kingston.
So I guess that will be the fall upgrade along with some form of a 64bit OS.
I wish I could get 8GB in my Thinkpad T61p (from 2007). It's the only thing I don't like about the machine. But unless my job drastically changes or the laptop dies, I doubt that I'll upgrade before 2013 or 2014.
Dropped a SSD in it earlier this year, and got the keyboard and system motherboard replaced under warranty. Feels like a brand new machine except for only having 4GB. The SSD was worth every dollar. Made a huge difference in how responsive the machine felt and I went from hating to use the laptop to loving it again. Especially when I need to have half a dozen things open, then switch to deal with a 7th fire that just popped up.
(I kept my old Tecra 9100 for almost 5 years. And that was only a single-core 1.5GHz Pentium 4 w/ 1GB RAM. The single-core and memory limit is what did it in. It was just too unresponsive when things got busy and it limited my ability to task switch through the day. Either I was waiting on the CPU or I was having to dump programs to stay below 1GB.)
You don't keep your glorious monitor when your machine becomes too slow after a few years
At this point with dual/quad cores and 4GB of RAM being common... The time before a machine becomes "too slow" is starting to be measured in the range of 8-12 years.
This is not the 90s where computer power doubled every year. Back then a 3-year old machine was 6x-8x slower then a brand new one. It made a lot of sense to replace units every 3 years. Nor the period around 2000 where we only got doubled performance every 18-24 months. Where a 4-year old machine was 3x-4x slower then a brand new one.
We're well past that point and now individual cores are barely gaining any ground from year to year in performance and all of the action has been to keep adding cores. Compared to a machine from 5 years ago, new cores are only 50-60% more powerful. If it wasn't for dual / quad / hex / octo core chips, things would be extremely painful.
So give your average user a quad-core w/ 8GB today and odds are pretty good that they'll still be using it a decade from now. Hell, back in the middle of the 2000s, there were still many, many, MANY, people still running Windows 98 machines (single core units, under 500MHz and a machine with 64MB was high end). Those machines were all 5-7 years old at that point and still in use.
Ever since multi-core hit around 2005, computer lifespans have stretched dramatically. We're not even thinking of upgrading our dual-core units bought from 2006-2008 until at least 2012-2013. The only thing that would accelerate that would be hardware failures. And before we do a wholesale replacement, we'd consider boosting the RAM (2GB to 4GB) and dropping a 64GB or 128GB SSD in.
Because 80-90% of the people out there think testing and QA is answered by the question, "does it work?". And they believe that as long as it works then it is written correctly.
Proper QA requires knowledge of the system and understanding the weak points. Then you construct test cases to break the software on purpose and make sure that the tests cover those weak points. It is not testing for success, it is testing to make sure it doesn't fail.
I guess you'd have to bring your own iPad/Smart phone with you too. Good luck watching a whole movie on your phone before the battery runs out.
Er, I don't know what smart phones you've been using, but watching 2-3 hours of video on a Blackberry Storm2 is well within the range of possible. I wouldn't expect it to last for a full 5 hour flight though (bring a 2nd battery). But you can definitely watch a 2-hour movie.
When it comes to electronics with field replaceable batteries - pack a spare battery that is charged up and ready to go.
Heck, Fedora/RHEL/CentOS bootscripts do it for you during shutdown, and reload them during startup.
/etc/sysconfig/iptables-config
/etc/sysconfig/iptables if firewall gets stopped
/etc/sysconfig/iptables if firewall gets
By default, I'm pretty sure they do not save the iptables chains on shutdown/restart. Not without edits to the iptables-config file.
# Save current firewall rules on stop.
# Value: yes|no, default: no
# Saves all firewall rules to
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"
# Save current firewall rules on restart.
# Value: yes|no, default: no
# Saves all firewall rules to
# restarted.
IPTABLES_SAVE_ON_RESTART="no"
(Taken from a RHEL 5.6 server.)