That's more of an issue of "the local gov't can't be arsed to build a bridge". Probably combined with NIMBY of people not wanting the hassles associated with constructing the bridge.
Grade level crossings are just bad ideas in general. Too many impatient drivers attempt to dodge around the crossing bars, or the bars fail to lower, or they cause traffic jams.
Try YesScript. You can blacklist sites that cause problems while letting the rest through without having to explicitly whitelist them.
Blacklists are useless in an environment like this, just like A/V scanners that depend on signatures won't stop infection. The problem with a blacklist is that it is reactive, you're always behind the curve, and you can't tell that a piece of code is bad until it has already executed and inserted malware into the system.
The reason that whitelists are better is that they are paranoid by default. Nothing executes unless it is from a site on the whitelist. Which means that if some hacker infects obscure-site-a.com and tricks you into visiting, the scripts on that obscure site will not run.
The vast majority of these hacks are done by either inserting malicious code into a 3rd party ad served along side the page content or by hacking sites that are not well administered. In the case of the ad exploit, the hackers get one ad approved, then swap out the content after the approval. They get away with it because the ad network does not properly track things and because they're not verifying the source. In the case of the obscure web site that gets hacked, the hackers use a tool to inject code into the existing pages, or break in via weak / sniffed FTP passwords and then insert code. The hacker then uses email or redirects / links on other sites to point your browser at the infected site.
Whitelists are not a perfect defense, but having a whitelist with a few dozen or few hundred sites reduces your infection risk to just those sites. Now the attacker's job just got a lot more difficult. It's not good enough that they hack a random site out there and trick you into visiting the link, they have to hack a site that is on your unique whitelist. That can easily cut your risk factor by a few orders of magnitude.
(The major weakness of whitelists is that popular sites are likely whitelisted by the user. So if a major breach occurs, you're still screwed. On the flip side, the popular sites are hopefully better admin'd, monitored and protected.)
It's Sony. I'm not sure how they'll take away the ability to boot Linux on phones that are running it, but they'll find a way. At the very least, one of the firmware updates to the existing software will remove the ability to install Linux, you can guarantee that.
And it's also a large company, with many divisions, many management layers, and the left hand often doesn't know what the right hand is doing.
So it doesn't surprise me when you see actions that are almost the polar opposite of another division.
This is not going to happen. Many major websites, many of the highest traffic websites involve hundreds of JS scripts to make a single page function. Web 2.0 and all...
The *average non-techie web surfer* is simply NOT going to turn off JS.
They will after their machine has to be taken into the shop again for maintenance due to being infected by drive-by exploits like this.
I've converted quite a few non-technical users over to using Firefox + FlashBlock + NoScript over the past few years. The results is that they whitelist the handful of sites that they care about, temporary whitelist for sites that are a one-time visit, and everything else stays blocked.
It's not a perfect solution, but the result for them is none of them have been infected since they switched. Cuts their risk factor by probably at least one or two orders of magnitude. Combine that with not letting them run as an admin user on XP, and even if the machine is infected, odds are 10:1 that it will only manage to infect the user's profile instead of the entire machine.
Does your GVIM data get stored somewhere that is accessible to you no matter where you are?
The contents are encrypted with their GPG key. If they have their GPG key and the encrypted files, then yes they can get access. If I need access to a particular password, I load the file into GPA's clipboard utility, decrypt it, then copy/paste the password over to where it is needed (or type it).
Personally, I store my encrypted files inside a version control system and use that to keep multiple systems in sync. Which solves the "keeping multiple systems up to date" problem, unless it's a system where you can't do version control.
And since it's GPG, you can store it as a ASCII text block, suitable for printing, faxing, framing, e-mailing, even old postal mail. Or shoving a copy on a sheet of paper into my safe deposit box. The weak link in a GPG system is the secret key, the encryption itself is strong enough that you can send copies of the text to anyone in the world without worry. They can't do jack with it unless they have the private key and the passphrase needed to decrypt the private key.
Interesting plug-in. On Windows, I've been storing passwords as GPG ASCII armored text blocks inside of regular text files (generally 1 per service or site). Decryption requires that I copy/paste the ASCII block into GPA's clipboard viewer.
(I try to keep things ASCII as much as possible when it comes to this, because that way you can fax / print / email the contents of the text file without having to do any binary/text conversion for fax/print.)
I store my password files in a version control system, which makes it easy to synchronize across multiple machines / locations / USB keys. It's only the GPG key that I have to be extra cautious about (and which has a very strong passphrase).
It gets even worse when you do something stupid like Blizzard and put a few random people into your group, who you've never met, don't come from the same server, and who you'll never see again.
(Ugh, I hate random cross-server LFG. Greater Internet Fuckwad theory in action.)
I mean... when are MMOs going to ACTUALLY try to change up gameplay? Story-driven missions and stuff are great, but what about some other form of targeting/using abilities? Is this still going to be a click-on-the-target, enable auto-attack, cast spell 1 followed by spell 2 followed by spell 3 and repeat?
Sadly, yes. Because other targeting methods don't work well when your clients have pings in the 150-300ms range.
So unless you want to limit your players where they will only get good play if they live within say 1500km of the server and their ping times are below 50ms, then you need to plan on 150-300ms input delays and real-time targeting doesn't work that well.
(I don't know whether other MMO shooters used non-select targeting. I just remember the hell of having a 50+ ms ping back when I played online FPS shooters circa 2004. Under 50ms was great, under 30ms was godly. Above 100ms was laggy.)
Eve-online: Great MMO supported by a company that loves it (to a degree) and really tries to make the game better. Driving 80% by player actions and the developers give the tools to the players to create their own content, this is a sandbox game
(laughs hysterically) Unless CCP has changed their tune in the last year, they're probably still rolling out new content while failing to fix the glaring bugs in the old content. Way too much time spent on the eternal "next year" tech of ambulation and new shinies, way too little time spent on basic bug fixing.
It is a great sandbox game. The PvP side is decent and very cutthroat. But CCP succeeds in spite of themselves, because there's no other game like EVE Online currently.
We have gps guided missiles that can hit the window in a building from 70 miles (or more) away and someone dosen't think that if there WAS something that presented a risk of exposure that that wreckage wouldn't have been blown to literal flinders shortly after the strike force took off? Really?
I think you're overestimating how fast you can setup a GPS guided cruise missle that can get from its launch point to the target point without hitting anything between.
I would guess at least an hour to prep and launch. Maybe a few hours, depending on how many obstacles you have to tell the thing to dodge or how tricky the insertion route has to be.
That's based on the assumption that GPS is only for making sure that it's on the assigned route and hitting the right target. AFAIK, route-planning is not automated and since it's not a ballistic missile, you can't just lob it in the general direction of the target.
And explosions don't destroy stuff reliably, they just toss it around. Destruction of the helicopter parts within the compound was probably done with fuel and some sort of incendiaries (or a match). Maybe with more energetic burning (thermite) in the compartments that contained sensitive equipment.
Was it just to reduce the noise of inserting the commandos?
Yes.
My impression is that once the cat is out of the bag (after the assault team is inserted), there's not as much worry about telling the host country that those Chinooks are not actually on a training flight, but are going to land and extract a team.
Most of the secrecy was probably aimed at not letting OBL get away, either by directly alerting him, or by alerting any spies that he had placed in the local command structure.
(Was it hundreds of miles? I thought they launched from a US base nearby? I confess that I was more interested in puzzling over the pictures then paying attention to the mission profile.)
The problem with Truecrypt and a single password file (or even multiple password files) - if the volume is mounted, your passwords are completely vulnerable to anything on the system that can read/write files.
Instead, consider just putting passwords into a text file, with the contents encrypted with GPG. Maybe one site per file if you wish. When you need a password, copy the ASCII armor block into the clipboard and decrypt with GPG (or a tool like GPA or WinPT).
The advantage here is that the contents of the text file are encrypted, you can mail them around in emails (it's plain text, a.k.a ASCII armored), and you don't have to take special steps to protect the contents of the files. You just need to be careful with your GPG private key. Stuff them into a version control system, or a file sync service, or carry them around on a USB key. They're useless unless you have your GPG private key and the passphrase used to decrypt the private key.
Consider simply switching to files where the contents are encrypted with your GPG key. Store the files in a version control system, and use that to synchronize across multiple machines. (I generally do 1 site per file, but I don't care whether the site names are known.)
The other advantage is that you can share credential files with other users by encrypting to multiple GPG keys. In a small shop with only a handful of people who need to know an admin password, you can just encrypt the file containing the password with everyone's GPG keys.
Easier is to just put the credentials inside a text file where the contents are encrypted with your GPG key. Since it's plain text and encrypted, you can email copies to your personal account, print out a copy for the safe deposit box, or stuff it into any backup system. Heck, I store them in SVN so that I can synchronize the password folder across multiple machines.
Nothing complicated. No proprietary software. GPG is cross-platform, and PGP can fill in if needed, and it's worked for decades.
The only question is how many passwords you put in a single text file and whether you allow the filenames to reflect what site the contents are associated with.
The alternative is keeping passwords inside an encrypted TrueCrypt (or other disk encryption) container, but when the container is open, all of the passwords are vulnerable.
Pretty much. 100-desktops is probably about the point where you need managed switches. But that would depend on how much load you're actually putting on a gigabit network.
Not much network traffic? No need to push multiple 1Gbps streams over the network at the same time? Then you can go with a baseline "smart" switch that allows SNMP queries (3com Baseline Switch 2948, or the basic HP, etc.). They're commercial-grade switches, not overly expensive, etc. Generally in the $15-$25 per port range (consumer grade crap tends to be under $10/port).
But if you're pushing a lot of network traffic, or you need maximum redundancy, then you have to go with the switches that let you chain them together and do LACP across multiple switches. So that if a single switch fails, LACP automatically keeps the network running. The baseline switches won't do that and you'll have to spend more like $50-$100 per port (or more).
So it depends on how big a downtime window you can afford. If an hour or two of downtime will not kill the company if the desktops go dark, then go with the baseline switches, keep a spare on the shelf, and keep spare open ports on the other switches. Use the more expensive switches where it matters down in the core of the network.
I worry about it a little bit, but as long as they are price/performance equivalent to the Intel CPUs in the low-mid range, I don't think there's a huge issue. (Assuming that they keep making a profit.)
Very few people buy CPUs over $200-$300.
(I stick with AMD for a few reasons. There's never any guesses about whether an Opteron will support hardware virtualization or whether it will be disabled by the chipset/BIOS. Their product lineup is straight forward compared to Intel, and their sockets make sense. And mostly because they came out with *inexpensive* dual-core CPUs for under $200 back when Intel was still charging $300-$400.)
I'm in a similar boat, I get things running and then prefer not to migrate. Heck, unless you need raw CPU power and are still running on a dual-core, there's not much incentive for moving to a new system more often now then every 4-5 years.
My primary machine (Thinkpad T61p) is almost 4 years old already (and the Tecra 9100 before that lasted 5 years). Yes, I wish it had more RAM and maybe a slightly faster video card. But instead of buying a new laptop this year, I dropped a large SSD in it instead.
Wonder of wonders, my four year old dual-core laptop feels speedy again. I probably won't upgrade now for a few more years. Since I'm also getting the keyboard replaced this week along with the cooling system (before the warranty runs out), the only weak spot might be the backlight (but that is still fine).
(I have the ability to farm CPU-intensive work off to secondary machines / servers. Which helps a lot in not needing the laptop CPU to be blazing fast.)
Nah, I never upgrade just the CPU without also upgrading the MB/RAM too. If you do all three at the same time, you end up with a MB/CPU/RAM that can be re-purposed for other things (or a less demanding user). If you upgrade one thing at a time, you're left with a pile of spare parts that is basically worthless. Plus, memory types have changed so often that you basically have to upgrade CPU/MB/RAM at the same time anyway.
Most of the time, unless you went *super* cheap on the initial CPU purchase, the most power you'd get from an upgrade in the last few years is a measly 20-30%. My 2.5GHz Phenom II X4 is not that far behind newer CPUs (under $200) that it's worth throwing it out and dropping in a new one.
And if I was considering upgrading to say a 3.2GHz Hex-core, I'd want a new motherboard anyway to take advantage of USB 3.0. And probably DDR3 RAM instead of DDR2.
754 was the budget socket. No bets there. If you bought a 754-based system and expected upgrades, you did not do your homework. Budget based systems are design for people who buy a cheap machine, and treat it like a black box.
939 was the single-CPU version, 940 was the dual-CPU setup and no CPU that fit in those sockets supported DDR2. Unlike Intel's chips at the time, AMD's memory controllers were *inside* the CPU. To support DDR2, they had to break compatibility at the socket level due to electrical / circuitry issues. Maybe it was a bit of short-sightedness not planning ahead to allow 939/940 sockets to talk to DDR2 memory, but on the flip side, having the memory controller inside the CPU sped things up a lot. But there was also a lot of warning about the coming socket change (I still have a dual-940 Opteron running) and the move to new memory was going to require a new motherboard anyway.
So, the first real socket swap was the move to AM2 so that they could support DDR2. Then came AM2+ and then AM3. And there's some possible mix-match between the sockets and CPUs. Mostly it depends on what type of memory the motherboard supports and whether the CPU supports that type of memory (the controller is still inside the CPU).
The other side of the issue is "who the frick actually only upgrades a CPU these days"? CPU/MB/RAM have always been tightly bound and the base-speed CPU for $X is generally no less then 30-40% slower then the top-end CPU that will fit into the motherboard (and that ratio keeps shrinking). And if you do swap out the CPU, you're left with a $100 paperweight which will be a PITA to offload at an auction site. Better to spend the extra $50 when you purchase the initial machine to get the fastest CPU before the price/performance curve takes a sharp bend. The only upgrade that has made sense for a while is to only fill half the RAM slots at the start, then add more RAM later. Then you're at least not left with obsolete parts sitting around, clogging up drawers or inventory.
No reason to buy a $200 Phenom II X4 980 now when there is no application that needs that much power.
Wow, such a narrow world view.
There are a lot of applications out there where single-core speed matters. And $200 is chump change for a CPU that is at the upper end of the speed range. It wasn't that many years ago that a *dual* core CPU was considered affordable once they dropped below $300 (and it was a happy day when they got below $200).
And no, you wouldn't buy this for the average office worker who only does word processing. You use powerful CPUs for the workers who need the raw CPU power in order to get their jobs done (developers, database admins, simulations, modeling, etc.). Then you move their 18-24 month old machines (which are probably dual/quad core) to the regular office workers.
(And for the killer application that needs that much single-core speed? Dwarf Fortress. Or any other application that is single-threaded and consumes lots of CPU power.)
Prime95, in this context, is for convincing 0v3rcl0ckz0r kiddiez that their massive overclock is stable even though it's a terrible stability test. A prime number search program is not exactly the world's best method of achieving full test coverage of a CPU, no matter what a billion leetboy forums may tell you.
Eh... Prime95 is a darned sight better then a simple memory test, because it actually *does* stress the CPU and L1/L2 cache as well as the RAM. Plus it keeps track of whether the calculations are correct.
Which is the exact same tactic that you'd better take if you're going to "do scientific calculations which have to be right". You run the calculation and either you have built-in checks or you do the calculation twice, on two different machines and compare the results. (Surprise surprise, guess how Mersenne.org checks that the turned-in results are correct?)
I've been using Prime95 ever since it came out. I've personally seen it find RAM that is slightly dodgy on timing where other tools like MemTest86 gave the RAM a free pass. In one case, the RAM was GEIL and was mislabled as a faster CL value then it actually could handle (naughty GEIL, or might have been counterfeit). Let Prime95 run for 24-48 hours with no errors, and you've got a pretty good assurance that there are no issues with timings or the memory / CPU. (Doesn't do jack to test the disk / video, but there are other tools for that.)
Now, you complain that it's not a comprehensive tool. Have you *ever* seen a case where a CPU was bad / dodgy where Prime95 did not throw an error that you caught in some other manner? That was specifically something wrong with the CPU / cache / RAM?
And frankly, there have always been those who think product X is a magic bullet. Your rant is misplaced.
Think back to the earlier days of computing when it might take 30 seconds or more to get an application started. I recall on my PCjr booting up games and sitting there for a good minute while the drive ground away. That said, some games nowadays have some rather appalling load times. But look at what has to be loaded compared to those games from the 80s.
Back with the PCjr, you could *hear* the drive grinding away. I think that had a large part of why it seemed acceptable at the time, that you could tell something was happening. Modern systems are a lot quieter, so if there's no visual indicator on the screen, it's harder to tell whether something happened or not.
(All of which is why I've switched to either 10k RPM SATA or SSDs for my primary drive. The SSD puts the bottleneck of the system back on the CPU and really helps with program loading / responsiveness.)
Slashdot Mirror
The old saw comes to mind:
If you owe the bank $100, they are in control. If you owe the bank a few billion, you are in control.
No way in hell will VISA or MC terminate Sony's merchant contract. When the client is that large, normal rules no longer apply.
That's more of an issue of "the local gov't can't be arsed to build a bridge". Probably combined with NIMBY of people not wanting the hassles associated with constructing the bridge.
Grade level crossings are just bad ideas in general. Too many impatient drivers attempt to dodge around the crossing bars, or the bars fail to lower, or they cause traffic jams.
Unfortunately, bridges are expensive.
Try YesScript. You can blacklist sites that cause problems while letting the rest through without having to explicitly whitelist them.
Blacklists are useless in an environment like this, just like A/V scanners that depend on signatures won't stop infection. The problem with a blacklist is that it is reactive, you're always behind the curve, and you can't tell that a piece of code is bad until it has already executed and inserted malware into the system.
The reason that whitelists are better is that they are paranoid by default. Nothing executes unless it is from a site on the whitelist. Which means that if some hacker infects obscure-site-a.com and tricks you into visiting, the scripts on that obscure site will not run.
The vast majority of these hacks are done by either inserting malicious code into a 3rd party ad served along side the page content or by hacking sites that are not well administered. In the case of the ad exploit, the hackers get one ad approved, then swap out the content after the approval. They get away with it because the ad network does not properly track things and because they're not verifying the source. In the case of the obscure web site that gets hacked, the hackers use a tool to inject code into the existing pages, or break in via weak / sniffed FTP passwords and then insert code. The hacker then uses email or redirects / links on other sites to point your browser at the infected site.
Whitelists are not a perfect defense, but having a whitelist with a few dozen or few hundred sites reduces your infection risk to just those sites. Now the attacker's job just got a lot more difficult. It's not good enough that they hack a random site out there and trick you into visiting the link, they have to hack a site that is on your unique whitelist. That can easily cut your risk factor by a few orders of magnitude.
(The major weakness of whitelists is that popular sites are likely whitelisted by the user. So if a major breach occurs, you're still screwed. On the flip side, the popular sites are hopefully better admin'd, monitored and protected.)
It's Sony. I'm not sure how they'll take away the ability to boot Linux on phones that are running it, but they'll find a way. At the very least, one of the firmware updates to the existing software will remove the ability to install Linux, you can guarantee that.
And it's also a large company, with many divisions, many management layers, and the left hand often doesn't know what the right hand is doing.
So it doesn't surprise me when you see actions that are almost the polar opposite of another division.
This is not going to happen. Many major websites, many of the highest traffic websites involve hundreds of JS scripts to make a single page function. Web 2.0 and all...
The *average non-techie web surfer* is simply NOT going to turn off JS.
They will after their machine has to be taken into the shop again for maintenance due to being infected by drive-by exploits like this.
I've converted quite a few non-technical users over to using Firefox + FlashBlock + NoScript over the past few years. The results is that they whitelist the handful of sites that they care about, temporary whitelist for sites that are a one-time visit, and everything else stays blocked.
It's not a perfect solution, but the result for them is none of them have been infected since they switched. Cuts their risk factor by probably at least one or two orders of magnitude. Combine that with not letting them run as an admin user on XP, and even if the machine is infected, odds are 10:1 that it will only manage to infect the user's profile instead of the entire machine.
Does your GVIM data get stored somewhere that is accessible to you no matter where you are?
The contents are encrypted with their GPG key. If they have their GPG key and the encrypted files, then yes they can get access. If I need access to a particular password, I load the file into GPA's clipboard utility, decrypt it, then copy/paste the password over to where it is needed (or type it).
Personally, I store my encrypted files inside a version control system and use that to keep multiple systems in sync. Which solves the "keeping multiple systems up to date" problem, unless it's a system where you can't do version control.
And since it's GPG, you can store it as a ASCII text block, suitable for printing, faxing, framing, e-mailing, even old postal mail. Or shoving a copy on a sheet of paper into my safe deposit box. The weak link in a GPG system is the secret key, the encryption itself is strong enough that you can send copies of the text to anyone in the world without worry. They can't do jack with it unless they have the private key and the passphrase needed to decrypt the private key.
(On Windows, look at the GPG4Win toolset.)
Interesting plug-in. On Windows, I've been storing passwords as GPG ASCII armored text blocks inside of regular text files (generally 1 per service or site). Decryption requires that I copy/paste the ASCII block into GPA's clipboard viewer.
(I try to keep things ASCII as much as possible when it comes to this, because that way you can fax / print / email the contents of the text file without having to do any binary/text conversion for fax/print.)
I store my password files in a version control system, which makes it easy to synchronize across multiple machines / locations / USB keys. It's only the GPG key that I have to be extra cautious about (and which has a very strong passphrase).
+1
It gets even worse when you do something stupid like Blizzard and put a few random people into your group, who you've never met, don't come from the same server, and who you'll never see again.
(Ugh, I hate random cross-server LFG. Greater Internet Fuckwad theory in action.)
I mean... when are MMOs going to ACTUALLY try to change up gameplay? Story-driven missions and stuff are great, but what about some other form of targeting/using abilities? Is this still going to be a click-on-the-target, enable auto-attack, cast spell 1 followed by spell 2 followed by spell 3 and repeat?
Sadly, yes. Because other targeting methods don't work well when your clients have pings in the 150-300ms range.
So unless you want to limit your players where they will only get good play if they live within say 1500km of the server and their ping times are below 50ms, then you need to plan on 150-300ms input delays and real-time targeting doesn't work that well.
(I don't know whether other MMO shooters used non-select targeting. I just remember the hell of having a 50+ ms ping back when I played online FPS shooters circa 2004. Under 50ms was great, under 30ms was godly. Above 100ms was laggy.)
Those two systems are still being camped?
(My last trip through Rancer/Amamake was spring 2010...)
Eve-online: Great MMO supported by a company that loves it (to a degree) and really tries to make the game better. Driving 80% by player actions and the developers give the tools to the players to create their own content, this is a sandbox game
(laughs hysterically) Unless CCP has changed their tune in the last year, they're probably still rolling out new content while failing to fix the glaring bugs in the old content. Way too much time spent on the eternal "next year" tech of ambulation and new shinies, way too little time spent on basic bug fixing.
It is a great sandbox game. The PvP side is decent and very cutthroat. But CCP succeeds in spite of themselves, because there's no other game like EVE Online currently.
We have gps guided missiles that can hit the window in a building from 70 miles (or more) away and someone dosen't think that if there WAS something that presented a risk of exposure that that wreckage wouldn't have been blown to literal flinders shortly after the strike force took off? Really?
I think you're overestimating how fast you can setup a GPS guided cruise missle that can get from its launch point to the target point without hitting anything between.
I would guess at least an hour to prep and launch. Maybe a few hours, depending on how many obstacles you have to tell the thing to dodge or how tricky the insertion route has to be.
That's based on the assumption that GPS is only for making sure that it's on the assigned route and hitting the right target. AFAIK, route-planning is not automated and since it's not a ballistic missile, you can't just lob it in the general direction of the target.
And explosions don't destroy stuff reliably, they just toss it around. Destruction of the helicopter parts within the compound was probably done with fuel and some sort of incendiaries (or a match). Maybe with more energetic burning (thermite) in the compartments that contained sensitive equipment.
Was it just to reduce the noise of inserting the commandos?
Yes.
My impression is that once the cat is out of the bag (after the assault team is inserted), there's not as much worry about telling the host country that those Chinooks are not actually on a training flight, but are going to land and extract a team.
Most of the secrecy was probably aimed at not letting OBL get away, either by directly alerting him, or by alerting any spies that he had placed in the local command structure.
(Was it hundreds of miles? I thought they launched from a US base nearby? I confess that I was more interested in puzzling over the pictures then paying attention to the mission profile.)
The problem with Truecrypt and a single password file (or even multiple password files) - if the volume is mounted, your passwords are completely vulnerable to anything on the system that can read/write files.
Instead, consider just putting passwords into a text file, with the contents encrypted with GPG. Maybe one site per file if you wish. When you need a password, copy the ASCII armor block into the clipboard and decrypt with GPG (or a tool like GPA or WinPT).
The advantage here is that the contents of the text file are encrypted, you can mail them around in emails (it's plain text, a.k.a ASCII armored), and you don't have to take special steps to protect the contents of the files. You just need to be careful with your GPG private key. Stuff them into a version control system, or a file sync service, or carry them around on a USB key. They're useless unless you have your GPG private key and the passphrase used to decrypt the private key.
Consider simply switching to files where the contents are encrypted with your GPG key. Store the files in a version control system, and use that to synchronize across multiple machines. (I generally do 1 site per file, but I don't care whether the site names are known.)
The other advantage is that you can share credential files with other users by encrypting to multiple GPG keys. In a small shop with only a handful of people who need to know an admin password, you can just encrypt the file containing the password with everyone's GPG keys.
Easier is to just put the credentials inside a text file where the contents are encrypted with your GPG key. Since it's plain text and encrypted, you can email copies to your personal account, print out a copy for the safe deposit box, or stuff it into any backup system. Heck, I store them in SVN so that I can synchronize the password folder across multiple machines.
Nothing complicated. No proprietary software. GPG is cross-platform, and PGP can fill in if needed, and it's worked for decades.
The only question is how many passwords you put in a single text file and whether you allow the filenames to reflect what site the contents are associated with.
The alternative is keeping passwords inside an encrypted TrueCrypt (or other disk encryption) container, but when the container is open, all of the passwords are vulnerable.
Pretty much. 100-desktops is probably about the point where you need managed switches. But that would depend on how much load you're actually putting on a gigabit network.
Not much network traffic? No need to push multiple 1Gbps streams over the network at the same time? Then you can go with a baseline "smart" switch that allows SNMP queries (3com Baseline Switch 2948, or the basic HP, etc.). They're commercial-grade switches, not overly expensive, etc. Generally in the $15-$25 per port range (consumer grade crap tends to be under $10/port).
But if you're pushing a lot of network traffic, or you need maximum redundancy, then you have to go with the switches that let you chain them together and do LACP across multiple switches. So that if a single switch fails, LACP automatically keeps the network running. The baseline switches won't do that and you'll have to spend more like $50-$100 per port (or more).
So it depends on how big a downtime window you can afford. If an hour or two of downtime will not kill the company if the desktops go dark, then go with the baseline switches, keep a spare on the shelf, and keep spare open ports on the other switches. Use the more expensive switches where it matters down in the core of the network.
I worry about it a little bit, but as long as they are price/performance equivalent to the Intel CPUs in the low-mid range, I don't think there's a huge issue. (Assuming that they keep making a profit.)
Very few people buy CPUs over $200-$300.
(I stick with AMD for a few reasons. There's never any guesses about whether an Opteron will support hardware virtualization or whether it will be disabled by the chipset/BIOS. Their product lineup is straight forward compared to Intel, and their sockets make sense. And mostly because they came out with *inexpensive* dual-core CPUs for under $200 back when Intel was still charging $300-$400.)
I'm in a similar boat, I get things running and then prefer not to migrate. Heck, unless you need raw CPU power and are still running on a dual-core, there's not much incentive for moving to a new system more often now then every 4-5 years.
My primary machine (Thinkpad T61p) is almost 4 years old already (and the Tecra 9100 before that lasted 5 years). Yes, I wish it had more RAM and maybe a slightly faster video card. But instead of buying a new laptop this year, I dropped a large SSD in it instead.
Wonder of wonders, my four year old dual-core laptop feels speedy again. I probably won't upgrade now for a few more years. Since I'm also getting the keyboard replaced this week along with the cooling system (before the warranty runs out), the only weak spot might be the backlight (but that is still fine).
(I have the ability to farm CPU-intensive work off to secondary machines / servers. Which helps a lot in not needing the laptop CPU to be blazing fast.)
Nah, I never upgrade just the CPU without also upgrading the MB/RAM too. If you do all three at the same time, you end up with a MB/CPU/RAM that can be re-purposed for other things (or a less demanding user). If you upgrade one thing at a time, you're left with a pile of spare parts that is basically worthless. Plus, memory types have changed so often that you basically have to upgrade CPU/MB/RAM at the same time anyway.
Most of the time, unless you went *super* cheap on the initial CPU purchase, the most power you'd get from an upgrade in the last few years is a measly 20-30%. My 2.5GHz Phenom II X4 is not that far behind newer CPUs (under $200) that it's worth throwing it out and dropping in a new one.
And if I was considering upgrading to say a 3.2GHz Hex-core, I'd want a new motherboard anyway to take advantage of USB 3.0. And probably DDR3 RAM instead of DDR2.
754 was the budget socket. No bets there. If you bought a 754-based system and expected upgrades, you did not do your homework. Budget based systems are design for people who buy a cheap machine, and treat it like a black box.
939 was the single-CPU version, 940 was the dual-CPU setup and no CPU that fit in those sockets supported DDR2. Unlike Intel's chips at the time, AMD's memory controllers were *inside* the CPU. To support DDR2, they had to break compatibility at the socket level due to electrical / circuitry issues. Maybe it was a bit of short-sightedness not planning ahead to allow 939/940 sockets to talk to DDR2 memory, but on the flip side, having the memory controller inside the CPU sped things up a lot. But there was also a lot of warning about the coming socket change (I still have a dual-940 Opteron running) and the move to new memory was going to require a new motherboard anyway.
So, the first real socket swap was the move to AM2 so that they could support DDR2. Then came AM2+ and then AM3. And there's some possible mix-match between the sockets and CPUs. Mostly it depends on what type of memory the motherboard supports and whether the CPU supports that type of memory (the controller is still inside the CPU).
The other side of the issue is "who the frick actually only upgrades a CPU these days"? CPU/MB/RAM have always been tightly bound and the base-speed CPU for $X is generally no less then 30-40% slower then the top-end CPU that will fit into the motherboard (and that ratio keeps shrinking). And if you do swap out the CPU, you're left with a $100 paperweight which will be a PITA to offload at an auction site. Better to spend the extra $50 when you purchase the initial machine to get the fastest CPU before the price/performance curve takes a sharp bend. The only upgrade that has made sense for a while is to only fill half the RAM slots at the start, then add more RAM later. Then you're at least not left with obsolete parts sitting around, clogging up drawers or inventory.
No reason to buy a $200 Phenom II X4 980 now when there is no application that needs that much power.
Wow, such a narrow world view.
There are a lot of applications out there where single-core speed matters. And $200 is chump change for a CPU that is at the upper end of the speed range. It wasn't that many years ago that a *dual* core CPU was considered affordable once they dropped below $300 (and it was a happy day when they got below $200).
And no, you wouldn't buy this for the average office worker who only does word processing. You use powerful CPUs for the workers who need the raw CPU power in order to get their jobs done (developers, database admins, simulations, modeling, etc.). Then you move their 18-24 month old machines (which are probably dual/quad core) to the regular office workers.
(And for the killer application that needs that much single-core speed? Dwarf Fortress. Or any other application that is single-threaded and consumes lots of CPU power.)
Prime95, in this context, is for convincing 0v3rcl0ckz0r kiddiez that their massive overclock is stable even though it's a terrible stability test. A prime number search program is not exactly the world's best method of achieving full test coverage of a CPU, no matter what a billion leetboy forums may tell you.
Eh... Prime95 is a darned sight better then a simple memory test, because it actually *does* stress the CPU and L1/L2 cache as well as the RAM. Plus it keeps track of whether the calculations are correct.
Which is the exact same tactic that you'd better take if you're going to "do scientific calculations which have to be right". You run the calculation and either you have built-in checks or you do the calculation twice, on two different machines and compare the results. (Surprise surprise, guess how Mersenne.org checks that the turned-in results are correct?)
I've been using Prime95 ever since it came out. I've personally seen it find RAM that is slightly dodgy on timing where other tools like MemTest86 gave the RAM a free pass. In one case, the RAM was GEIL and was mislabled as a faster CL value then it actually could handle (naughty GEIL, or might have been counterfeit). Let Prime95 run for 24-48 hours with no errors, and you've got a pretty good assurance that there are no issues with timings or the memory / CPU. (Doesn't do jack to test the disk / video, but there are other tools for that.)
Now, you complain that it's not a comprehensive tool. Have you *ever* seen a case where a CPU was bad / dodgy where Prime95 did not throw an error that you caught in some other manner? That was specifically something wrong with the CPU / cache / RAM?
And frankly, there have always been those who think product X is a magic bullet. Your rant is misplaced.
Lenovo defines HD as 1366 x 768, HD+ as 1600 x 900, and FHD as 1920 x 1080. (Available on the T420/T520.)
And frankly, 1920x1080 on a 15" LCD is pretty small, I'd go with the 1600x900 instead for the slightly larger pixel size.
Think back to the earlier days of computing when it might take 30 seconds or more to get an application started. I recall on my PCjr booting up games and sitting there for a good minute while the drive ground away. That said, some games nowadays have some rather appalling load times. But look at what has to be loaded compared to those games from the 80s.
Back with the PCjr, you could *hear* the drive grinding away. I think that had a large part of why it seemed acceptable at the time, that you could tell something was happening. Modern systems are a lot quieter, so if there's no visual indicator on the screen, it's harder to tell whether something happened or not.
(All of which is why I've switched to either 10k RPM SATA or SSDs for my primary drive. The SSD puts the bottleneck of the system back on the CPU and really helps with program loading / responsiveness.)