You apparently haven't read IBM's published notes on it. As described at http://www-128.ibm.com/developerworks/linux/librar y/l-kexec.html, it works only with Linux kernels, and it's playing serious magic with the Linux OS to get the hardware to revet to a known state so as to start the new kernel.
Kexec is a great tool for swapping kernels on the fly without a laborious reboot, but swapping it to a different OS's kernel with a running OS is a bad joke.
There are other risks: recompiling, in a trivially distinct but subtlely incompatible environment, generates massive headaches for debugging. Little features like using NIS vs. LDAP vs. local users for authentication can destabilize Apache, and having to incorporate built-on-the-fly drivers for software RAID, IPv6 compatibility, or filesystems can make it even more difficult to track the incompatibilities.
Flexibility is great, but it also seriously increases some types of risk.
You're talking about physically replacing the *LIVE* NT Kernel with a Linux kernel, or at least that looks like what you wrote. I challenge you to produce a single instance of anyone actually managing this: Wine and VMWare and Crossover office use a fundamentally different approach, where the existing NT kernel runs an emulator inside with a Linux kernel and file system are accessed and providing a layer to reach from that kernel back out into the NT graphics, input devices, and hard drive links.
A bootable OS image for VMWare to use from Windows would be vastly, vastly simpler, and eliminate about 5 yeasrs of design work that will be broken by the next Windows operating system anyway.
But a base OS image or tarball, instead of the adventures of negotiating the RPM installers at base installation time, would simplify and speed the process a lot. Having just enough there to allow RPM to function and talk to local or remote repositories would ease installation and update: this approach has been used by numerous operating sytem image installers, and has proven fast and reliable, especially for network or single CD installers. Is Fedora Core looking at this for future installers?
You've hit a key issue: the niggling little dependencies on things like nautilus by many other core packages, or the X libraries to use emacs, helps create a dependency problem. Similarly, the dependencies on MySQL and PostgreSQL and SQLite by software like bugzilla that can use any of the 3 databases force installation of all of them. Nautilus is one of the worst, since there's no graceful way to disable it entirely and prevent a software update from restoring its use, and it tends to be a real CPU sink. Ripping it out by the roots yanks dozens if not hundreds of other packages with it.
If we paid the Fedora Core authors, we could tell them "spend the time to split out the dependencies into sub-modules". But that does take some work and some cunning: the software authors often do not have these split out gracefully, and it means writing patches on top of the original software. But getting them to go harass the bugzilla authors to split out dependencies is asking a lot from them. It's often simpler to buy a bigger disk and just install everything as asked, and not worry about a few unnecessary Megabytes here or there.
I've seen what you describe. The people behind such policies tend to see alternative configurations as timesinks and distractions, rather than as amazingly useful education for their staff about how things really work and what tools are available. Also, I've noticed that competent Linux and open source admins at small sites tend to get hired away as their skills grow. We also tend to embarass the heck out of the Windows IT staff by bringing better knowledge of the underlying problems and protocols to the staff meetings, and pointing out fixes that they may not have been aware of.
This is particularly true of middle managers who are worried about their jobs: the open source people tend to scare the tar out of them by blowing their pet projects sky high. It's incredibly frustrating to try and get them to loosen their grip: it takes presenting them, and especially their managers, with hard numbers on the benefits of open source software to their productivity and especially to their costs.
"Having a feature" is not the same thing as enabling it by default. People may not realize the repercussions, especially in terms of file-space used and drafts of a sensitive document, exactly the sort of thing that will turn up at an awkward moment in a lawsuit from a subpoenaed laptop.
Of course, I'd love to get 10 minutes to look at the laptop of a "professional services" contractor and look at previous versions of the letter he wrote to me about a technical problem, and given that when such contractors are allowed onto a business network they often have their new password written down, it should be easy to access the C$ share on their laptop and poke around. If the feature is available over CIFS, that would make it especially sweet for poking someone else's sysetm.
I'm delighted you're seeing and appreciating technological change. But saying "what makes stem cells differentiate is inside the DNA" is like saying "what makes a car work is inside the metal". It leaves out all the details, and even succeeds in leaving out all the other known fascinating factors like RNA, mitochondria, maternal hormones, and the fascinating neighboring cell promote/discourage interactions that are found throughout biology.
There's a tremendous amount of fascinating work going on.
Few researchers in the US dare pursue embryonic stem cell work: the federal disapproval of it interferes with funding for them and their peers in other departments. The result is that much of it has moved or is only being pursued overseas, which you're less likely to see mentioned in US newspapers or professional publications.
There are fascinating issues with stem cells and the immune system, and the way embryonic stem cells differentiate to form complete organs: it's certainly worth studying as basic research.
Forget the "2 ton" bit, since a styrofoam slab of size similar to the concrete slabs used would weigh so much less. It's an interesting question: would a 20 foot wide slab of styrofoam, falling onto a car, be fractured by the car and leave a breathing space? Will it be corroded by car exhaust, or ignite in the inevitable burning car that will eventually happen in the tunnel from someone rear-ending someone else with a gascan mounted in a bad place
I've looked at some reports of the epoxy technique used: I've used similar techniques in machine work, and have some idea of how strong it can be, which might well support the weight if done right. But the reports of workers simply cutting off bolt ends when they hit embedded steel, and of using duct tape to thicken bolts in holes that got drilled over-large, are what you get when a rushed management hires low-bid workers to finish an overdue project and lacks competent inspectors to say "this will not work!"
Amen. Before a major system update, always, always, always do a clean system backup and archive it: you may need it 3 weeks or a month from now. A new hard drive is a good way to do it, too, and allows easy reverting if things break down harshly.
I actually like using removable hard drive bays in testing rigs for just this sort of swap and update.
No, they don't want unauthorized software to be used to burn DVD's or mount USB drives, or be able to write encrypted documents with MS-Word that cannot be traced with the Trusted Computing keys to a particular system.
Basically, anonymity and free access to record data are not rights the government wants folks to have without the government having the ability to over-ride it at will. Trusted Computing is only partly about preventing unauthorized people or software from using or writing data: it's about giving a central authority access to all secured data. As things currently stand Microsoft is the single biggest vendor of operating systems and office software and the owner of the critical keys and patents for using Trusted Computing, so it's giving them unprecedented control over software and hardware.
And these tools are going to be integrated with hardware: tools like biometric scanners and DVD burners are going to have Trusted Computing features to authentic the hardware and prevent "unauthorized" use.
And its real use is Digital Rights Management: this doesn't just mean preventing people from playing MP3's, but ensuring that only the software that the document author or the software vendor authorizes to open a document can open that document. There are actually good security uses for such authentication. Unfortunately, it also means that documents become much more traceable, and that the encryption keys for almost all such software, especially purchased software keys, are sitting in a database somewhere that the NSA can subpoena or just steal at will.
So kiss personal privacy goodbye with these tools. The Trusted Computing CD burners and encryption widgets can and will have backdoors in them involving the vendor keys to access the data you do not want them to access.
Use Lynx or links or the text-based browsers: it's great for speeding up downloads, precisely because they don't support the javascript and "dancing bears" so many websites waste their bandwidth on.
It's not an update, it's an *upgrade*. These always cause trouble, especially when Microsoft does its violations of its own unpublished API's to add new functions.
There are reasons to do it: people have been fleeing IE6 in droves to get the tabbed features of FireFox, and getting it in place in OEM releases before Christmas will help encourage users to stay with it. It will also help flatten the learning curve of switching to Vista, whenever that finally comes out.
Oh, there have been plenty. Remember when Java was "Write once, Run Anywhere"? Or when Perl would make all programs easy to write because there were so many ways to do the exact same thing? Or when LISP was hailed for its abstract programming, and turned out to be worse than XML for letting programmers handwave about made up functions that never actually got specified? Or Object Oriented programming? Or stylesheets?
Or guilty as sin and still be acquitted: take a look at OJ Simpson for someone who was convicted under civil law, but not convicted under criminal law for fundamentally the same act.
The advantage to arresting him after is that it reduces the likelihood of the event getting slashdotted. The disadvantage is that he may slip away, it wastes the arresting officers' time as the audience plays the perennial game of "spot the narc" and takes pictures of them for posting to their websites, and politically slapping down crackers in public is a desirable act to discourage other casual crackers.
Unfortunately, I now expect that oh-so-Confidential-Informant to have their name and personal details splattered all over the web by the more amused of the crackers in the crowd. Doing this arrest publicly was not a good way to keep a Confidential Informant confidential. And I wonder if, in fact, Mr. Rambam's alleged claims about the informant as a dangerous person are well-founded: they may be, given the FBI's history of hiring and protecting extremely dangerous criminals as informants. (Whitey Bulger comes to mind as an example of the FBI protecting murderers from prosecution.)
They're prisoners: they're not being kept after class to wash blackboards, they're serving hard tim in isolation that is normally reserved for the hardest prisoners in US jails.
No, they weren't. Testimony from the family and witnesses in Iraq and Afghanistan is that many were seized in sweeps of young men, and when captured were not armed or engaged in any conflict. Since they are denied any hearing whatsoever, in direct contravention of the Geneva Convention and the US Code of Military Justice for enemy combatants, they have no opportunity to establish their innocence or to contact family or their communities to even verify their captivity. And given the demonstrated use of torture by US guards in Iraq and our shipment of prisoners to countries where torture is permitted specifically to use torture in interrogation, there's almost no way to verify that the prisoners are not tortured or mistreated.
They're hardly insignificant: they're an example of this regime foregoing civil rights in an ill-defined war, with no way for people to prove their innocence. If they're doing this in GITMO, despite all the pressure brought to bear by both civil rights groups and international treaties, what might they be doing elsewhere?
Where in the world do you get the idea that "civil rights" only apply to US citizens on US soil? And since the names of the prisoners are not published and legally *cannot* be published, nor can their cases be discussed with them without fighting one's way through an incredible stonewall of "national security", how can you tell who has been arrested where or what kind of citizen they are? And given that this sort of violation of the Geneva Convention and the US Military Code of Justice is in place, how can you begin to guess what other violations of international and US law are occurring in prisons? Remember, the US has been caught deliberately shipping prisoners to countries where torture is allowed, in order to question them without prosecution or a court hearing and to obtain vital information.
Given this behavior, and the continuing existence of illegal monitoring of our core Internet routers as described in the EFF vs. AT&T court battle, how can you have any confidence that this administration's prisoners actually committed or have even been charged with a crime? Under the Patriot Act, they don't have to be charged, and you can't even publish that you know what they're accused of in some circumstances without going to jail yourself!
You have a good point. We've seen exactly this sort of attempt with the XML aspects of WinFS, with their modifications of Kerberos, and in their attempt to extend SPF with their SenderID system.
Fortunately, WinFS has finally been cancelled, Kerberos has been extended by MIT's authors to work around Microsoft's mistaken "extension", and fortunately or unfortunately SPF has basically been rejected due to the licensing problems Microsoft's "exteionsion" created.
I've looked around: I see so much ranting by third parties, it's hard to tell which of them has facts. I'll point out that the relays.osirusoft.com page is also long on accusations, and short of facts. (Why did Rambam press the lawsuit against osirusoft.com, for example?)
And unfortunately, incompetent or simply overly aggressive blacklist authors are much like spammers: it sometimes takes the baseball bat of a lawsuit and losing their network connection to get them to change tactics, and they complain bitterly about their freedoms being infringed when you use such strong steps, even if they've ignored every previous attempt at reason.
You apparently haven't read IBM's published notes on it. As described at http://www-128.ibm.com/developerworks/linux/librar y/l-kexec.html, it works only with Linux kernels, and it's playing serious magic with the Linux OS to get the hardware to revet to a known state so as to start the new kernel.
Kexec is a great tool for swapping kernels on the fly without a laborious reboot, but swapping it to a different OS's kernel with a running OS is a bad joke.
There are other risks: recompiling, in a trivially distinct but subtlely incompatible environment, generates massive headaches for debugging. Little features like using NIS vs. LDAP vs. local users for authentication can destabilize Apache, and having to incorporate built-on-the-fly drivers for software RAID, IPv6 compatibility, or filesystems can make it even more difficult to track the incompatibilities.
Flexibility is great, but it also seriously increases some types of risk.
*YOU* started Whitebox? Fabulous, nice job, I really liked your stuff.
When can we get you to merge with CentOS so we don't need to support two mirrors?
You're talking about physically replacing the *LIVE* NT Kernel with a Linux kernel, or at least that looks like what you wrote. I challenge you to produce a single instance of anyone actually managing this: Wine and VMWare and Crossover office use a fundamentally different approach, where the existing NT kernel runs an emulator inside with a Linux kernel and file system are accessed and providing a layer to reach from that kernel back out into the NT graphics, input devices, and hard drive links.
A bootable OS image for VMWare to use from Windows would be vastly, vastly simpler, and eliminate about 5 yeasrs of design work that will be broken by the next Windows operating system anyway.
But a base OS image or tarball, instead of the adventures of negotiating the RPM installers at base installation time, would simplify and speed the process a lot. Having just enough there to allow RPM to function and talk to local or remote repositories would ease installation and update: this approach has been used by numerous operating sytem image installers, and has proven fast and reliable, especially for network or single CD installers. Is Fedora Core looking at this for future installers?
You've hit a key issue: the niggling little dependencies on things like nautilus by many other core packages, or the X libraries to use emacs, helps create a dependency problem. Similarly, the dependencies on MySQL and PostgreSQL and SQLite by software like bugzilla that can use any of the 3 databases force installation of all of them. Nautilus is one of the worst, since there's no graceful way to disable it entirely and prevent a software update from restoring its use, and it tends to be a real CPU sink. Ripping it out by the roots yanks dozens if not hundreds of other packages with it.
If we paid the Fedora Core authors, we could tell them "spend the time to split out the dependencies into sub-modules". But that does take some work and some cunning: the software authors often do not have these split out gracefully, and it means writing patches on top of the original software. But getting them to go harass the bugzilla authors to split out dependencies is asking a lot from them. It's often simpler to buy a bigger disk and just install everything as asked, and not worry about a few unnecessary Megabytes here or there.
I've seen what you describe. The people behind such policies tend to see alternative configurations as timesinks and distractions, rather than as amazingly useful education for their staff about how things really work and what tools are available. Also, I've noticed that competent Linux and open source admins at small sites tend to get hired away as their skills grow. We also tend to embarass the heck out of the Windows IT staff by bringing better knowledge of the underlying problems and protocols to the staff meetings, and pointing out fixes that they may not have been aware of.
This is particularly true of middle managers who are worried about their jobs: the open source people tend to scare the tar out of them by blowing their pet projects sky high. It's incredibly frustrating to try and get them to loosen their grip: it takes presenting them, and especially their managers, with hard numbers on the benefits of open source software to their productivity and especially to their costs.
"Having a feature" is not the same thing as enabling it by default. People may not realize the repercussions, especially in terms of file-space used and drafts of a sensitive document, exactly the sort of thing that will turn up at an awkward moment in a lawsuit from a subpoenaed laptop.
Of course, I'd love to get 10 minutes to look at the laptop of a "professional services" contractor and look at previous versions of the letter he wrote to me about a technical problem, and given that when such contractors are allowed onto a business network they often have their new password written down, it should be easy to access the C$ share on their laptop and poke around. If the feature is available over CIFS, that would make it especially sweet for poking someone else's sysetm.
Does anyone have a Vista beta to try this on?
I'm delighted you're seeing and appreciating technological change. But saying "what makes stem cells differentiate is inside the DNA" is like saying "what makes a car work is inside the metal". It leaves out all the details, and even succeeds in leaving out all the other known fascinating factors like RNA, mitochondria, maternal hormones, and the fascinating neighboring cell promote/discourage interactions that are found throughout biology.
There's a tremendous amount of fascinating work going on.
Few researchers in the US dare pursue embryonic stem cell work: the federal disapproval of it interferes with funding for them and their peers in other departments. The result is that much of it has moved or is only being pursued overseas, which you're less likely to see mentioned in US newspapers or professional publications.
There are fascinating issues with stem cells and the immune system, and the way embryonic stem cells differentiate to form complete organs: it's certainly worth studying as basic research.
Forget the "2 ton" bit, since a styrofoam slab of size similar to the concrete slabs used would weigh so much less. It's an interesting question: would a 20 foot wide slab of styrofoam, falling onto a car, be fractured by the car and leave a breathing space? Will it be corroded by car exhaust, or ignite in the inevitable burning car that will eventually happen in the tunnel from someone rear-ending someone else with a gascan mounted in a bad place
I've looked at some reports of the epoxy technique used: I've used similar techniques in machine work, and have some idea of how strong it can be, which might well support the weight if done right. But the reports of workers simply cutting off bolt ends when they hit embedded steel, and of using duct tape to thicken bolts in holes that got drilled over-large, are what you get when a rushed management hires low-bid workers to finish an overdue project and lacks competent inspectors to say "this will not work!"
Amen. Before a major system update, always, always, always do a clean system backup and archive it: you may need it 3 weeks or a month from now. A new hard drive is a good way to do it, too, and allows easy reverting if things break down harshly.
I actually like using removable hard drive bays in testing rigs for just this sort of swap and update.
No, they don't want unauthorized software to be used to burn DVD's or mount USB drives, or be able to write encrypted documents with MS-Word that cannot be traced with the Trusted Computing keys to a particular system.
Basically, anonymity and free access to record data are not rights the government wants folks to have without the government having the ability to over-ride it at will. Trusted Computing is only partly about preventing unauthorized people or software from using or writing data: it's about giving a central authority access to all secured data. As things currently stand Microsoft is the single biggest vendor of operating systems and office software and the owner of the critical keys and patents for using Trusted Computing, so it's giving them unprecedented control over software and hardware.
And these tools are going to be integrated with hardware: tools like biometric scanners and DVD burners are going to have Trusted Computing features to authentic the hardware and prevent "unauthorized" use.
And its real use is Digital Rights Management: this doesn't just mean preventing people from playing MP3's, but ensuring that only the software that the document author or the software vendor authorizes to open a document can open that document. There are actually good security uses for such authentication. Unfortunately, it also means that documents become much more traceable, and that the encryption keys for almost all such software, especially purchased software keys, are sitting in a database somewhere that the NSA can subpoena or just steal at will.
So kiss personal privacy goodbye with these tools. The Trusted Computing CD burners and encryption widgets can and will have backdoors in them involving the vendor keys to access the data you do not want them to access.
And it's why you actually follow the W3C guidelines, and use the validator at http://validator.w3c.org/.
Use Lynx or links or the text-based browsers: it's great for speeding up downloads, precisely because they don't support the javascript and "dancing bears" so many websites waste their bandwidth on.
It's not an update, it's an *upgrade*. These always cause trouble, especially when Microsoft does its violations of its own unpublished API's to add new functions.
There are reasons to do it: people have been fleeing IE6 in droves to get the tabbed features of FireFox, and getting it in place in OEM releases before Christmas will help encourage users to stay with it. It will also help flatten the learning curve of switching to Vista, whenever that finally comes out.
Oh, there have been plenty. Remember when Java was "Write once, Run Anywhere"? Or when Perl would make all programs easy to write because there were so many ways to do the exact same thing? Or when LISP was hailed for its abstract programming, and turned out to be worse than XML for letting programmers handwave about made up functions that never actually got specified? Or Object Oriented programming? Or stylesheets?
Or guilty as sin and still be acquitted: take a look at OJ Simpson for someone who was convicted under civil law, but not convicted under criminal law for fundamentally the same act.
The advantage to arresting him after is that it reduces the likelihood of the event getting slashdotted. The disadvantage is that he may slip away, it wastes the arresting officers' time as the audience plays the perennial game of "spot the narc" and takes pictures of them for posting to their websites, and politically slapping down crackers in public is a desirable act to discourage other casual crackers.
Unfortunately, I now expect that oh-so-Confidential-Informant to have their name and personal details splattered all over the web by the more amused of the crackers in the crowd. Doing this arrest publicly was not a good way to keep a Confidential Informant confidential. And I wonder if, in fact, Mr. Rambam's alleged claims about the informant as a dangerous person are well-founded: they may be, given the FBI's history of hiring and protecting extremely dangerous criminals as informants. (Whitey Bulger comes to mind as an example of the FBI protecting murderers from prosecution.)
They're prisoners: they're not being kept after class to wash blackboards, they're serving hard tim in isolation that is normally reserved for the hardest prisoners in US jails.
No, they weren't. Testimony from the family and witnesses in Iraq and Afghanistan is that many were seized in sweeps of young men, and when captured were not armed or engaged in any conflict. Since they are denied any hearing whatsoever, in direct contravention of the Geneva Convention and the US Code of Military Justice for enemy combatants, they have no opportunity to establish their innocence or to contact family or their communities to even verify their captivity. And given the demonstrated use of torture by US guards in Iraq and our shipment of prisoners to countries where torture is permitted specifically to use torture in interrogation, there's almost no way to verify that the prisoners are not tortured or mistreated.
They're hardly insignificant: they're an example of this regime foregoing civil rights in an ill-defined war, with no way for people to prove their innocence. If they're doing this in GITMO, despite all the pressure brought to bear by both civil rights groups and international treaties, what might they be doing elsewhere?
Where in the world do you get the idea that "civil rights" only apply to US citizens on US soil? And since the names of the prisoners are not published and legally *cannot* be published, nor can their cases be discussed with them without fighting one's way through an incredible stonewall of "national security", how can you tell who has been arrested where or what kind of citizen they are? And given that this sort of violation of the Geneva Convention and the US Military Code of Justice is in place, how can you begin to guess what other violations of international and US law are occurring in prisons? Remember, the US has been caught deliberately shipping prisoners to countries where torture is allowed, in order to question them without prosecution or a court hearing and to obtain vital information.
Given this behavior, and the continuing existence of illegal monitoring of our core Internet routers as described in the EFF vs. AT&T court battle, how can you have any confidence that this administration's prisoners actually committed or have even been charged with a crime? Under the Patriot Act, they don't have to be charged, and you can't even publish that you know what they're accused of in some circumstances without going to jail yourself!
You have a good point. We've seen exactly this sort of attempt with the XML aspects of WinFS, with their modifications of Kerberos, and in their attempt to extend SPF with their SenderID system.
Fortunately, WinFS has finally been cancelled, Kerberos has been extended by MIT's authors to work around Microsoft's mistaken "extension", and fortunately or unfortunately SPF has basically been rejected due to the licensing problems Microsoft's "exteionsion" created.
I've looked around: I see so much ranting by third parties, it's hard to tell which of them has facts. I'll point out that the relays.osirusoft.com page is also long on accusations, and short of facts. (Why did Rambam press the lawsuit against osirusoft.com, for example?)
And unfortunately, incompetent or simply overly aggressive blacklist authors are much like spammers: it sometimes takes the baseball bat of a lawsuit and losing their network connection to get them to change tactics, and they complain bitterly about their freedoms being infringed when you use such strong steps, even if they've ignored every previous attempt at reason.