Websites these days are WAY heavy on the bandwidth, and from this perspective the bandwidth providers have a valid point (Google's minimalist designs notwithstanding).
Perhaps providers should be able to enforce a sliding, "bandwidth cap" that kicks in at various numbers of page views. If a site is willing to take steps to reduce network traffic by simplifying the HTML, compressing, reusing connections, and using less graphics/flash/java/etc., then they should be exempt from surcharges. This sliding bandwidth cap should be uniform among all providers/ISPs and approved by a committee composed of major and minor players (perhaps like ICANN was supposed to be).
OTOH, if some high-hit site is going to be a total bandwidth pig, then they should either support the network infrastructure or be relegated to low-priority connections.
I would think that this could be implemented in a fair and balanced manner, and, in the old days of the internet, it would be. Now, it will be some totally corporate fascist wet dream cooked up by AT&T that screws everybody.
...introduced in x86-64 are a) an additional 8 registers, and b) default 32-bit pointers (no need to lug around 64-bits all the time).
While I don't know x86 asm, doubling the register file while keeping the pointers the same size will certainly impact performance. Metrics would be interesting.
I remember that the last big OpenSSH vulnerability was a problem with signed/unsigned integer conversion, and that lint was able to detect this vulnerable usage, which facilitated a complete audit of the source tree.
Granted that Theo makes further mention of their lint work in the interview, if you had C code that concerned you, you should start with the OpenBSD lint.
This leads to a couple of points:
If a C programmer has critical code, (s)he needs to install OpenBSD for access to their lint
...is the fact that the only verison of DB2 that is fully instrumented is on the mainframe - it is in the end impossible to fully quantify performance problems under the Windows/UNIX/AS400 platforms. Oracle is fully instrumented everywhere.
Of course, I read this in some Oak Table literature, so I wonder if I should trust it fully.
It would have been interesting if RIM had called NTP's bluff and provoked an injunction.
While the damage to their business would have been grave, it would have been interesting to see them FIRST shut down all government users en masse.
If they could have delayed the shutdown of commercial systems by a few days or weeks, they might have gotten congress to pass special legislation putting a stop to it.
I wonder what shutdown options were discussed in the board room.
I don't know what this machine is running, but it should boot off a floppy. It should dhcp a network address, establish and encrypted session with a voting server, then record votes for candidates both to the remote server and to a local printer.
The local printer should be a specialty job, with some sort of transparent plastic window over a larger opaque assembly. After entering the choices, the voter should see the paper record of their votes printed - when the voter leaves, their record should stream past the transparent window.
In this setup, the whole voting system could report counts at any time, and every effort will have been expended to have the voter verify their choices. The final tally comes from the paper tape.
This whole thing should be dead simple. What is all the fuss?
Microsoft could short-circuit a whole bunch of people by releasing Vista with Gimp, Mplayer, Nautilus, etc. If the IE7 core was Gecko or KHTML, security would in some percentage become somebody else's problem. The apps are already freely available and would in no way hurt sales.
While I can't put my finger on the references at the moment, David Cutler (project lead for DEC VMS and RSX11) walked out of DEC when management canceled the x86 VMS port.
Supposedly he took the VMS (PRISM) source with him, and it was adapted to run DOS and OS/2 applications. Supposedly this was proved beyond a shadow of a doubt by comments in the NT kernel source that originated from DEC VMS kernel coders.
I understand that DEC threatened a lawsuit concerning this, but Eckhard Pfiffer (sp?) backed down when Microsoft offered to maintain an Alpha port of NT, among other table scraps.
What if the court had said that, in the case of the internet, the community standards used to judge the obscenity would be the standards where the material originates, and not where it is ultimately viewed?
Then, provide a couple of escape clauses - if the legislatures of three other states can pass laws banning the material, the community of origin must then consider the material obscene (but not ex-post-facto). Also allow an executive pardon to stay the power of the states.
Make this mechanism also applicable to online religious speech, so you have a MAD-arrangement between red and blue states.
I say, rather than begging for donations, the OpenBSD team needs to get their act together and find a way to keep the lights on, or they're going to see fewer and fewer people trusting the use of their software in large corporate environments.
OpenSSH gets deployed by just about every modern UNIX distribution, and even some not-UNIX stuff (Cisco and VMS come to mind).
These lazy freeloaders with $1 billion plus market caps need a swift kick in the shins. IMHO Theo ought to directly threaten them with retroactive removal of their platform from the portable code releases.
Doing it to IBM should result in some interesting fireworks and a PR disaster for the target.
There really isn't a good reason one nameserver can't serve internal and external users.
Back in the bind 4 days, when I did serious DNS, my company wanted a few servers visible in their domain(s) for external dns host resolution.
For people behind the firewall, they wanted a far more extensive list of hosts that were not to be seen for queries outside the firewall.
I did this by using scp to transfer the zone files from the external to the internal DNS server; the internal server would then "cat" the additional hosts to the zone and HUP the named.
AFAIK modern BIND uses "zones" so you can accomplish the above on one server, if you want. I've never used it, but I can see a number of situations where I'd need my above solution even with this feature.
What BIND needs is not a "recursion no;" option, but instead a "recursion eth0;" or "recursion 1.2.3.*;" so recursive queries must originate from a trusted network.
Remember also that not everyone in the world uses BIND - people with ActiveDirectory or NDS name servers might be screwed until a vendor patch.
Your English is really good. Very understandable; just a few errors:
By Swedish law this is perfectly legal. Some years ago a guy was sued for posting links to mp3's on his web page. And the Swedish court desided (sp. - decided) that it (that there was nothing) was nothing wrong with that. He didn't ditribute the mp3's only showing (but only showed) were they where (were). And the same thing is pirate bay doing now.
Hope my english is better than the Swedeish in the muppets show.
It's one thing to try to hack a static machine that has been carefully prepared for the assault. It's quite a different matter to hack a heavily used workstation which supports many more applications and much higher activity than the above-mentioned test case.
Let's face it - AFAIK OS X doesn't support NX. Given that even XP has no-execute pages at this point, OS X is way behind the times. I don't see Apple implementing ProPolice, rodata, randomized malloc, extensive privsep, or even a strlcpy/strlcat audit.
The above features can mean the difference between getting hacked and not. I don't know if they would help in the latest OS X security problems, but they will close a number of doors.
It goes without saying that users are boneheads. An OS with extensive security features is the best for neophyte users when you don't want the system to go down (praise be to VMS).
If Wisconsin is serious, give out the IP of the OS X box that belongs to the President's Secretary. Have him/her download a bunch of applications - listen to MP3s, run some bittorrent, use Office, get a few chat clients. Let that test run for six months.
In any case, Apple has a security reputation that they don't deserve. Lazy bums.
As you may or may not know, a human brain is composed of three distinct layers: the "reptilian" (R-Complex), the "mammalian" (limbic system), and the simian/human (the frontal/temporal/parietal/occipital lobes). Each of these strata are distinct and capapble of hijacking behavior in the right circumstances.
As you also may or may not be aware, every brain structure is duplicated on the right and left side with the exception of the pitumen. These mirror structures are not identical - the right lobes have much longer dendrites than the left, for example.
IMHO, it is unwise to eschew the processing of any layer. Evolution put these processing centers within you for a reason - discount them at your peril.
Oracle is a successful company. In the products tied to their core competence, they have made their customers very, very happy.
Oracle's database is light years beyond the competetion. It has some major problems (security) which are being addressed. For example, IBM DB2 didn't get triggers until v5 (in the late 90s I believe), and the new Oracle db features such as flashback, dataguard, etc. just have no equal.
If you are a customer in the areas of Oracle's core competence (and you have the money), you will be pleased with the product, even if the sales force is somewhat aggressive.
In the ERP arena, it is a different story, but hopefully this will shake down in the next few years into something polished.
I don't mean to sound like a marketing brochure, but a successful company must start with a good product. Oracle has done so.
If Oracle takes out MySQL and the other free databases expand to fill the void, what is to stop Oracle from using their patent portfolio as a lethal weapon?
MySQL is currently the big fish, and it's getting skinned. The rest of the free db ecosystem is waiting for the other shoe to drop.
RIM's hands aren't clean.
on
Hopes Rise for RIM
·
· Score: 3, Interesting
I don't know much about it, but this guy's comment doesn't make RIM look likely to be a good poster boy for patent reform.
If you fill 95% of the device with some static file, then repeatedly write/erase some small file in that remaining 5%, you will probably cause that 5% area to fail much faster.
Or is the wear leaving algorithm able to move static storage around the device also?
I haven't used Solaris recently, but aren't they bundling:
PostgreSQL
Gnome
Java
You will find none of this in the heavily-audited OpenBSD base. You also get added protection from W^X, randomized order in loading shared libraries, a malloc that uses mmap and discontiguous memory, gcc propolice, plus other defenses that make weaknesses in C code harder to exploit. There is at least one other C defense mechanism that is available if you run SPARC rather than i386. True, some of the previous list does exact a slight performance penalty.
(I assume that) an equivalent of W^X is available under Solaris (if you are on the right CPU), but most of the other stuff wouldn't be.
...might be the best way to go. Boot one OS or the other; the non-active hard drive is powered down. That way, OSX is more difficult to corrupt by a Win32 virus that fdisks the drives.
Perhaps the Win32 hard drive could even be usb, and the support outsourced.
Slashdot Mirror
AFAIK, there is precious little code from a BSD kernel in the Apple kernel.
I believe that CMU issued MACH under a BSD license, but MACH never touched CSRG or any of the BSD derivatives.
Outside of MACH, Apple wrote most of their kernel from scratch (again, AFAIK).
Websites these days are WAY heavy on the bandwidth, and from this perspective the bandwidth providers have a valid point (Google's minimalist designs notwithstanding).
Perhaps providers should be able to enforce a sliding, "bandwidth cap" that kicks in at various numbers of page views. If a site is willing to take steps to reduce network traffic by simplifying the HTML, compressing, reusing connections, and using less graphics/flash/java/etc., then they should be exempt from surcharges. This sliding bandwidth cap should be uniform among all providers/ISPs and approved by a committee composed of major and minor players (perhaps like ICANN was supposed to be).
OTOH, if some high-hit site is going to be a total bandwidth pig, then they should either support the network infrastructure or be relegated to low-priority connections.
I would think that this could be implemented in a fair and balanced manner, and, in the old days of the internet, it would be. Now, it will be some totally corporate fascist wet dream cooked up by AT&T that screws everybody.
Oh, for the good old days...
...introduced in x86-64 are a) an additional 8 registers, and b) default 32-bit pointers (no need to lug around 64-bits all the time).
While I don't know x86 asm, doubling the register file while keeping the pointers the same size will certainly impact performance. Metrics would be interesting.
I remember that the last big OpenSSH vulnerability was a problem with signed/unsigned integer conversion, and that lint was able to detect this vulnerable usage, which facilitated a complete audit of the source tree.
Granted that Theo makes further mention of their lint work in the interview, if you had C code that concerned you, you should start with the OpenBSD lint.
This leads to a couple of points:
...is the fact that the only verison of DB2 that is fully instrumented is on the mainframe - it is in the end impossible to fully quantify performance problems under the Windows/UNIX/AS400 platforms. Oracle is fully instrumented everywhere.
Of course, I read this in some Oak Table literature, so I wonder if I should trust it fully.
It would have been interesting if RIM had called NTP's bluff and provoked an injunction.
While the damage to their business would have been grave, it would have been interesting to see them FIRST shut down all government users en masse.
If they could have delayed the shutdown of commercial systems by a few days or weeks, they might have gotten congress to pass special legislation putting a stop to it.
I wonder what shutdown options were discussed in the board room.
I don't know what this machine is running, but it should boot off a floppy. It should dhcp a network address, establish and encrypted session with a voting server, then record votes for candidates both to the remote server and to a local printer.
The local printer should be a specialty job, with some sort of transparent plastic window over a larger opaque assembly. After entering the choices, the voter should see the paper record of their votes printed - when the voter leaves, their record should stream past the transparent window.
In this setup, the whole voting system could report counts at any time, and every effort will have been expended to have the voter verify their choices. The final tally comes from the paper tape.
This whole thing should be dead simple. What is all the fuss?
Microsoft could short-circuit a whole bunch of people by releasing Vista with Gimp, Mplayer, Nautilus, etc. If the IE7 core was Gecko or KHTML, security would in some percentage become somebody else's problem. The apps are already freely available and would in no way hurt sales.
If only they could get over their NIH syndrome.
While I can't put my finger on the references at the moment, David Cutler (project lead for DEC VMS and RSX11) walked out of DEC when management canceled the x86 VMS port.
Supposedly he took the VMS (PRISM) source with him, and it was adapted to run DOS and OS/2 applications. Supposedly this was proved beyond a shadow of a doubt by comments in the NT kernel source that originated from DEC VMS kernel coders.
I understand that DEC threatened a lawsuit concerning this, but Eckhard Pfiffer (sp?) backed down when Microsoft offered to maintain an Alpha port of NT, among other table scraps.
NT's VMS heritage is otherwise well-documented.
You neglect the fact that many Linux distributions now rely on bittorrent in preference to other protocols. Centos comes to mind.
In these cases, I use ctorrent. Very small, non-gui.
What if the court had said that, in the case of the internet, the community standards used to judge the obscenity would be the standards where the material originates, and not where it is ultimately viewed?
Then, provide a couple of escape clauses - if the legislatures of three other states can pass laws banning the material, the community of origin must then consider the material obscene (but not ex-post-facto). Also allow an executive pardon to stay the power of the states.
Make this mechanism also applicable to online religious speech, so you have a MAD-arrangement between red and blue states.
OpenSSH gets deployed by just about every modern UNIX distribution, and even some not-UNIX stuff (Cisco and VMS come to mind).
These lazy freeloaders with $1 billion plus market caps need a swift kick in the shins. IMHO Theo ought to directly threaten them with retroactive removal of their platform from the portable code releases.
Doing it to IBM should result in some interesting fireworks and a PR disaster for the target.
Back in the bind 4 days, when I did serious DNS, my company wanted a few servers visible in their domain(s) for external dns host resolution.
For people behind the firewall, they wanted a far more extensive list of hosts that were not to be seen for queries outside the firewall.
I did this by using scp to transfer the zone files from the external to the internal DNS server; the internal server would then "cat" the additional hosts to the zone and HUP the named.
AFAIK modern BIND uses "zones" so you can accomplish the above on one server, if you want. I've never used it, but I can see a number of situations where I'd need my above solution even with this feature.
What BIND needs is not a "recursion no;" option, but instead a "recursion eth0;" or "recursion 1.2.3.*;" so recursive queries must originate from a trusted network.
Remember also that not everyone in the world uses BIND - people with ActiveDirectory or NDS name servers might be screwed until a vendor patch.
Your English is really good. Very understandable; just a few errors:
By Swedish law this is perfectly legal. Some years ago a guy was sued for posting links to mp3's on his web page. And the Swedish court desided (sp. - decided) that it (that there was nothing) was nothing wrong with that. He didn't ditribute the mp3's only showing (but only showed) were they where (were). And the same thing is pirate bay doing now.
Hope my english is better than the Swedeish in the muppets show.
Really?
"Every part of memory is executable by default," Grenier said. "Just about every place you can stick data into memory, you can get it to execute."
Such a charmer you are... you must work in Apple's PR department.
It's one thing to try to hack a static machine that has been carefully prepared for the assault. It's quite a different matter to hack a heavily used workstation which supports many more applications and much higher activity than the above-mentioned test case.
Let's face it - AFAIK OS X doesn't support NX. Given that even XP has no-execute pages at this point, OS X is way behind the times. I don't see Apple implementing ProPolice, rodata, randomized malloc, extensive privsep, or even a strlcpy/strlcat audit.
The above features can mean the difference between getting hacked and not. I don't know if they would help in the latest OS X security problems, but they will close a number of doors.
It goes without saying that users are boneheads. An OS with extensive security features is the best for neophyte users when you don't want the system to go down (praise be to VMS).
If Wisconsin is serious, give out the IP of the OS X box that belongs to the President's Secretary. Have him/her download a bunch of applications - listen to MP3s, run some bittorrent, use Office, get a few chat clients. Let that test run for six months.
In any case, Apple has a security reputation that they don't deserve. Lazy bums.
As you may or may not know, a human brain is composed of three distinct layers: the "reptilian" (R-Complex), the "mammalian" (limbic system), and the simian/human (the frontal/temporal/parietal/occipital lobes). Each of these strata are distinct and capapble of hijacking behavior in the right circumstances.
As you also may or may not be aware, every brain structure is duplicated on the right and left side with the exception of the pitumen. These mirror structures are not identical - the right lobes have much longer dendrites than the left, for example.
IMHO, it is unwise to eschew the processing of any layer. Evolution put these processing centers within you for a reason - discount them at your peril.
Oracle is a successful company. In the products tied to their core competence, they have made their customers very, very happy.
Oracle's database is light years beyond the competetion. It has some major problems (security) which are being addressed. For example, IBM DB2 didn't get triggers until v5 (in the late 90s I believe), and the new Oracle db features such as flashback, dataguard, etc. just have no equal.
If you are a customer in the areas of Oracle's core competence (and you have the money), you will be pleased with the product, even if the sales force is somewhat aggressive.
In the ERP arena, it is a different story, but hopefully this will shake down in the next few years into something polished.
I don't mean to sound like a marketing brochure, but a successful company must start with a good product. Oracle has done so.
If Oracle takes out MySQL and the other free databases expand to fill the void, what is to stop Oracle from using their patent portfolio as a lethal weapon?
MySQL is currently the big fish, and it's getting skinned. The rest of the free db ecosystem is waiting for the other shoe to drop.
I don't know much about it, but this guy's comment doesn't make RIM look likely to be a good poster boy for patent reform.
...Oracle should contact him immediately, and determine any schedule he may have on revealing further security flaws.
I assume that Litchfield has additional bombshell revelations in store, and it is obvious that he has run out of patience.
Oracle should be silent on criticism of Litchfield, and they should quickly triage which problems they intend to solve, and when.
p.s. Oracle should also stop distributing Apache. Their version has more holes than swiss cheese.
If you fill 95% of the device with some static file, then repeatedly write/erase some small file in that remaining 5%, you will probably cause that 5% area to fail much faster.
Or is the wear leaving algorithm able to move static storage around the device also?
If security or availability is a must, go VMS. The aforementioned link will astonish you.
I haven't used Solaris recently, but aren't they bundling:
You will find none of this in the heavily-audited OpenBSD base. You also get added protection from W^X, randomized order in loading shared libraries, a malloc that uses mmap and discontiguous memory, gcc propolice, plus other defenses that make weaknesses in C code harder to exploit. There is at least one other C defense mechanism that is available if you run SPARC rather than i386. True, some of the previous list does exact a slight performance penalty.
(I assume that) an equivalent of W^X is available under Solaris (if you are on the right CPU), but most of the other stuff wouldn't be.
...might be the best way to go. Boot one OS or the other; the non-active hard drive is powered down. That way, OSX is more difficult to corrupt by a Win32 virus that fdisks the drives.
Perhaps the Win32 hard drive could even be usb, and the support outsourced.