But if the person is more clever they open up a tool that has legitmate uses (an editor is a good example) in a way that looks legitimate but while they are in there they do other things too. Afaict it is very hard to close down all such loopholes without rendering administration incredibly difficult.
You could log absoloutely everything that the admin types and sees during their session (not just the commands they run) as root but then you have a massive ammount of data (which will contain control sequences that make it make little sense except when replayed in real time through a terminal emulator) to go through to distinguish the legitimate editor use from the illigitimate use.
All sudo access is logged. How heavilly logged? just the commands or all interaction with them too?
If the former what is to stop someone launching something an editor though sudo obstinately to edit one file but actually editing other files or even spawning a shell while they are in there?
and if the latter is someone REALLY going to watch over every interactive editor session launched through sudo to watch what is going on?
The problem is that while the changes you propose sound simple their implications run very deep. Restricting the passwd command doesn't help if you can just edit the password store directly. You would therefore have to have a system with some files that noone, not even root could edit directly but then that would cause problems for things like backup, restore etc.
And then you have the problem of having to have more admins on call for when the shit hits the fan since there are some operations that require two of them. That alone could get very expensive for a small operation.
Direct X is a Microsoft product Direct X isn't really a product (you can't buy it and never have been able to). DirectX itself is an interfaces supplied by windows for various things gaming related. Most significantly these days 3D graphics.
These days each version of directx specifies a set of required features. A "DirectX 11 card" means a card that implements all the features required by DirectX 11. In this context it's perfectly reasonble to ask whether those features will be exposed to other operating systems.
We also talk about "test gear" or "test kit". Things like multimeters, scopes, spectrum analysers, VNAs etc. I suspect this is what was actually stolen.
RF test gear (which is what I suspect he actually stole) can cost tens of thousands of dollars a unit so it wouldn't take THAT much to run up a million dollars (at replacement cost) worth of theft and in a sufficiantly large and disorganised lab it could take quite some time to notice the stuff was missing and figure out who was taking it.
What people need is a broadcast of the current energy price, so they can optimize their usage What people need is a broadcast of the current energy price, so they can optimize their usage. Why would people care what the "current price" is if they aren't going to be paying the "current price"? If you want to actually charge people the "current price" you need to at least record how much electricity they used at each price.
Smartmeters are a somewhat thorny issue. On the one hand I think demand side management of the power balance is vital if a transition from somewhat flexible coal and very flexible gas to inflexible wind, solar and nuclear is to be successful. On the other hand they raise serious privicy and transparency (how do you fairly inform customs of the structure of a tarrif where power prices change with demand) issues.
I wonder could a bank of multiple lasers of different wavelengths be the soloution? It's easy to block a single laser beam with safety specs but can you block a red laser, a green laser and a blue laser at the same time without blocking so much light that the person can't see at all.
In the USA, our cities which have the strictest gun control laws, are the cities which have the highest homicide rates. It has always seemed to me that being an island of strict gun control in a larger area with lax gun control is about the worst situation to be in since the criminals won't care about bringing guns in illegally.
Not to mention mobile too, where battery life matter. Afaict there was never really a decent low power quad core laptop option. It's not like a C2Q was light on power either and I bet laptops big enough to have a C2Q also often had discrete graphics. So by and large migrating to nahelm was a positive for laptop vendors. When I look at dell most of their lattitude laptops are i series as are most other laptops i've looked at recently (other than ultrportables)
OTOH with corporate desktops at least dell and HP are still selling mostly LGA775 lineups (with the odd AMD and the odd LGA1156). If I was intel I'd really want to change that.
Intel only has QPI in the high end cpu and drive up the cost if need a lot of pci-e IO but not a high end cpu. Worse is for those who DO want a fast CPU but also want expandability. At least those who want a low end CPU and an expandable platform can go AMD. Those who want a fast processor don't really have that option.
The blunt fact is that the high end sandy bridge processors beat every previous quad core CPU from BOTH AMD and INTEL by quite a significant margin. They don't quite keep up with the 980x in highly multithreaded benchmarks but many apps are still limited to four or less (often only 1) threads doing actual work*
I don't care about muli-gpu gaming but I do care about the flexibility to drop in a card for whatever the next standard to come along is and with the speeds USB3 and SATA 6G have already reached the few lanes leftover after the vendors have hung a load of stuff of the southbridge may not cut it. A NF200 connected in the sane way gives me the flexibility to use the 16 CPU lanes for graphics while gaming and yet use those same lanes for something else when not gaming.
*Many people will look at the number of threads in task manager and claim a program must be mulithreaded. The thing is many of those threads are created to do some specific task and spend most of their time blocked on IO. What counts are those threads actually doing significant work on the problem at hand.
cut pci but keep usb 2.0 and sata 3? Makes sense to me to keep most of the USB ports 2.0. USB 3 takes up a lot more pins (both more lines and they probably need much better grounding too). Remember despite the name USB3 is really a whole new interface that happens to have USB2 on the same connector. I really don't know why they didn't put ANY USB3 ports on there though (I heard rumours they were having some issues getting it to work properly but frankly I'd expect better than that from Intel).
I dunno why they didn't make all the sata ports 6G, maybe it is harder to deal with on the chip or maybe they just want to segment the market. Either way two 6G ports should be fine for the majority of systems (just how many systems are going to have more than two SSDs?)
PCI takes up a load of pins and is almost certainly a PITA to route (large fast paralell busses usually are). Having a bridge chip next to the PCI slots saves pins on the southbridge/PCH (which don't forget now has to take integrated graphics as well. Yes there WERE previous gen southbridges with integrated graphics but they were seriously limited in PCIe lanes) and should also make PCB routing easier.
Build in pci does still have use for stuff like on board sound Onboard sound isn't on PCI these days (i'm not sure if it ever was). Intel put the core of sound stuff (buffering etc) in the south-bridge and then connected it by a dedicated low speed (but streaming optimised) bus (initially AC97, later HDA) to separate chips that turn it to analog audio and/or S/PDIF (usually made by realtek or analog it seems). Modems could also use the bus (this was common in laptops but rare in desktops) and there were even special slots for it at times (though these never gained much favour afaict).
But minor points asside Intel has thrown high end users into a dilemma by releasing the mainstream platform for sandy bridge first. Do we go for LGA1155 and get the fastest quad core to date but on a low end platform or do we go for LGA1366 and get a worse selection of processors but on a high end platform. Motherboard vendors are trying to patch this up with third party chips but the creaks are showing (in particular a lot of the PCH PCIe is getting used up by all those extra chips leaving little for slots). I understand why they are doing things this way round, they royally fucked up the previous generation from a corporate desktop standard by not offering quad cores with integrated graphics).
Anyone know if there are any boards with a NF200 connected up in the sane way to ease the PCIe situation. LGA1155 has only 16 lanes from the CPU and those from the southbridge are now under even more pressure than they were before (because of onboard USB3, extra sata 6G ports and the fact that PCI slots now have to be driven off a seperate bridge connected by PCIe)with the result that on many boards there is a decided shortage of slots better than x1 (on some i've seen there was a slot that could operate in x4 but only if all the x1 slots were empty). I found a review of one board that had one but it had it connected in a rather strange way (From the reviews i've seen the sane way to connect a NF200 is to take ALL the CPUs PCIe lanes to it). It's not that I need it right now but if I decide to build a new computer i'd like to have a board that I know will have plenty of expandability since I tend to keep my machines for a long time.
BTW note that the article (intel do it too IIRC) quotes the TOTAL of the two directions of bandwidth for PCIe. This is as misleading as advertising full duplex fast ethernet as "200Mbps" (which a lot of vendors used to do in the early days of full duplex)
It is even more confusing with PCIe than with ethernet as PCIe only tends to improve by 2x each generation.
Consider a grow op that puts some but not all of their lamps through the meter lamps through the meter (and the rest either from a tap-in before the meter or from other sources). The meter reader sees readings that look fairly normal for a domestic property and no suspicion is raised.
However the smart meter would see power cycling in lockstep with the timers on the grow-lamps. Maybe you could stagger them but I bet the pattern would still look very different from a normal household.
If you want a driver that's all AMDs work it's called frglx Last time I worked with FGLRX it had the glaring fault of crashing the system to the point that no further interaction was possible if the kernel module was missing. Nvidia's driver OTOH just gave an error message
The impression I got last time I dealt with ATI graphics on linux was that the OSS drivers were unfinished and the propietry ones were more of a PITA to deal with than the nvidia propietry ones. Has that changed?
On the x87 (traditional FPU for x86, still used by most code because of support for older processors) the internal temporaries are fixed size. This means if the compiler chooses to keep temporaries in FPU registers you can get marginally different results from if the compiler spills them to memory.
This has some nasty implications like doing the same comparison twice may give different results if the first comparision was done with the value still in the FPU registers and the second was done after the compiler had moved it to memory and back.
By making a variable volatile you force the compailer to store it in memory at all times and therefore ensure consistent results for comparisions involving it.
In the early days of safari on windows they put it selected by default in the list of "updates" with no indication that it was a whole new program rather than an update to something already installed.
I think they may have changed it now but it's a while since i've used a windows computer with apple stuff installed so i'm not sure.
It depends what you mean by "a C++ program". C and the C like bits of C++ are a very leaky abstraction and it's easy to write such code in a way that makes assumptions that work on one CPU but not another.
OTOH if you stick to high level C++ (STL etc) you would be much less likely to run into such problems unless the underlying implementation is buggy.
Microsofts desktop/server toolchains already support x86, x64 and ia64 so presumablly they already have interfaces to allow selection of the build target and since wince already supports arm they should already have an arm complier. So it should be "just" a matter of peicing the bits together and ironing out the bugs.
Well debian linux runs on arm, it's a bit more of a pain to install it than on PCs but that is more the fault of the arm platforms in question than of linux.
PCs have a standard BIOS that provides a number of basic services including communication with the user and reading boot images from hard drives and CD-ROM drives. Arm systems sometimes have something similar but it's generally specific to a particular subfamily and is often designed to be driven from a serial terminal since a lot of arm hardware lacks displays.
If it was just a competitive bidding process then someone would step in and buy the stuff at market price and let the government bid on it at a bit over market price and take the profit.
The real issue is that the government (and certain high-risk industries) insist on a lot of tracability and QC that most customers don't. That means extra work for the manufacturers and they rightly charge for it. Sometimes this is really nessacery but afaict it is often done just to cover arses.
A bunch of "hot" machines in a cold climate will produce much more condensation You seem to have your understanding backwards.
As you heat air it's water carrying capacity rises and it's relative humidity falls. So pumping cold outside air into your DC should not cause condensation problems in the DC (if people have been breathing in the DC you may get condensation when you release the air back into the atmosphere but you probablly don't care about that).
Condensation is mainly a problem when you have a cold object and a hot environment. As you cool the air it's water carrying capacity falls and depending on how humid the air was to start with some of the water may condense out. A DC in a cold environment would almost certainly want aclimitisation rooms so the temperature of equipment brought in from outside could be raised in a controlled manner.
In debian it will be available soon in unstable Afaict the general policy in debian is to only upload stuff to unstable if it's targetted at (note that targetted at doesn't nessacelly mean will be in) the next stable release. It seems unlikely that debian would try to push a new kernel version at this point in the release cycle.
So I wouldn't expect it to hit unstable until after squeeze releases.
Yeah sudo su - is bloody obvious.
But if the person is more clever they open up a tool that has legitmate uses (an editor is a good example) in a way that looks legitimate but while they are in there they do other things too. Afaict it is very hard to close down all such loopholes without rendering administration incredibly difficult.
You could log absoloutely everything that the admin types and sees during their session (not just the commands they run) as root but then you have a massive ammount of data (which will contain control sequences that make it make little sense except when replayed in real time through a terminal emulator) to go through to distinguish the legitimate editor use from the illigitimate use.
All sudo access is logged.
How heavilly logged? just the commands or all interaction with them too?
If the former what is to stop someone launching something an editor though sudo obstinately to edit one file but actually editing other files or even spawning a shell while they are in there?
and if the latter is someone REALLY going to watch over every interactive editor session launched through sudo to watch what is going on?
The problem is that while the changes you propose sound simple their implications run very deep. Restricting the passwd command doesn't help if you can just edit the password store directly. You would therefore have to have a system with some files that noone, not even root could edit directly but then that would cause problems for things like backup, restore etc.
And then you have the problem of having to have more admins on call for when the shit hits the fan since there are some operations that require two of them. That alone could get very expensive for a small operation.
Direct X is a Microsoft product
Direct X isn't really a product (you can't buy it and never have been able to). DirectX itself is an interfaces supplied by windows for various things gaming related. Most significantly these days 3D graphics.
These days each version of directx specifies a set of required features. A "DirectX 11 card" means a card that implements all the features required by DirectX 11. In this context it's perfectly reasonble to ask whether those features will be exposed to other operating systems.
sorry, I read EMC in the title (and didn't RTFA before posting) as "electromagnetic compatibility" rather than "EMC corparation"
Still I bet they have some pretty high end test gear in that place and the SAN stuff isn't cheap either.
We also talk about "test gear" or "test kit". Things like multimeters, scopes, spectrum analysers, VNAs etc. I suspect this is what was actually stolen.
RF test gear (which is what I suspect he actually stole) can cost tens of thousands of dollars a unit so it wouldn't take THAT much to run up a million dollars (at replacement cost) worth of theft and in a sufficiantly large and disorganised lab it could take quite some time to notice the stuff was missing and figure out who was taking it.
What people need is a broadcast of the current energy price, so they can optimize their usage
What people need is a broadcast of the current energy price, so they can optimize their usage.
Why would people care what the "current price" is if they aren't going to be paying the "current price"? If you want to actually charge people the "current price" you need to at least record how much electricity they used at each price.
Smartmeters are a somewhat thorny issue. On the one hand I think demand side management of the power balance is vital if a transition from somewhat flexible coal and very flexible gas to inflexible wind, solar and nuclear is to be successful. On the other hand they raise serious privicy and transparency (how do you fairly inform customs of the structure of a tarrif where power prices change with demand) issues.
I wonder could a bank of multiple lasers of different wavelengths be the soloution? It's easy to block a single laser beam with safety specs but can you block a red laser, a green laser and a blue laser at the same time without blocking so much light that the person can't see at all.
In the USA, our cities which have the strictest gun control laws, are the cities which have the highest homicide rates.
It has always seemed to me that being an island of strict gun control in a larger area with lax gun control is about the worst situation to be in since the criminals won't care about bringing guns in illegally.
Not to mention mobile too, where battery life matter.
Afaict there was never really a decent low power quad core laptop option. It's not like a C2Q was light on power either and I bet laptops big enough to have a C2Q also often had discrete graphics. So by and large migrating to nahelm was a positive for laptop vendors. When I look at dell most of their lattitude laptops are i series as are most other laptops i've looked at recently (other than ultrportables)
OTOH with corporate desktops at least dell and HP are still selling mostly LGA775 lineups (with the odd AMD and the odd LGA1156). If I was intel I'd really want to change that.
Intel only has QPI in the high end cpu and drive up the cost if need a lot of pci-e IO but not a high end cpu.
Worse is for those who DO want a fast CPU but also want expandability. At least those who want a low end CPU and an expandable platform can go AMD. Those who want a fast processor don't really have that option.
The blunt fact is that the high end sandy bridge processors beat every previous quad core CPU from BOTH AMD and INTEL by quite a significant margin. They don't quite keep up with the 980x in highly multithreaded benchmarks but many apps are still limited to four or less (often only 1) threads doing actual work*
I don't care about muli-gpu gaming but I do care about the flexibility to drop in a card for whatever the next standard to come along is and with the speeds USB3 and SATA 6G have already reached the few lanes leftover after the vendors have hung a load of stuff of the southbridge may not cut it. A NF200 connected in the sane way gives me the flexibility to use the 16 CPU lanes for graphics while gaming and yet use those same lanes for something else when not gaming.
*Many people will look at the number of threads in task manager and claim a program must be mulithreaded. The thing is many of those threads are created to do some specific task and spend most of their time blocked on IO. What counts are those threads actually doing significant work on the problem at hand.
cut pci but keep usb 2.0 and sata 3?
Makes sense to me to keep most of the USB ports 2.0. USB 3 takes up a lot more pins (both more lines and they probably need much better grounding too). Remember despite the name USB3 is really a whole new interface that happens to have USB2 on the same connector. I really don't know why they didn't put ANY USB3 ports on there though (I heard rumours they were having some issues getting it to work properly but frankly I'd expect better than that from Intel).
I dunno why they didn't make all the sata ports 6G, maybe it is harder to deal with on the chip or maybe they just want to segment the market. Either way two 6G ports should be fine for the majority of systems (just how many systems are going to have more than two SSDs?)
PCI takes up a load of pins and is almost certainly a PITA to route (large fast paralell busses usually are). Having a bridge chip next to the PCI slots saves pins on the southbridge/PCH (which don't forget now has to take integrated graphics as well. Yes there WERE previous gen southbridges with integrated graphics but they were seriously limited in PCIe lanes) and should also make PCB routing easier.
Build in pci does still have use for stuff like on board sound
Onboard sound isn't on PCI these days (i'm not sure if it ever was). Intel put the core of sound stuff (buffering etc) in the south-bridge and then connected it by a dedicated low speed (but streaming optimised) bus (initially AC97, later HDA) to separate chips that turn it to analog audio and/or S/PDIF (usually made by realtek or analog it seems). Modems could also use the bus (this was common in laptops but rare in desktops) and there were even special slots for it at times (though these never gained much favour afaict).
But minor points asside Intel has thrown high end users into a dilemma by releasing the mainstream platform for sandy bridge first. Do we go for LGA1155 and get the fastest quad core to date but on a low end platform or do we go for LGA1366 and get a worse selection of processors but on a high end platform. Motherboard vendors are trying to patch this up with third party chips but the creaks are showing (in particular a lot of the PCH PCIe is getting used up by all those extra chips leaving little for slots). I understand why they are doing things this way round, they royally fucked up the previous generation from a corporate desktop standard by not offering quad cores with integrated graphics).
Anyone know if there are any boards with a NF200 connected up in the sane way to ease the PCIe situation. LGA1155 has only 16 lanes from the CPU and those from the southbridge are now under even more pressure than they were before (because of onboard USB3, extra sata 6G ports and the fact that PCI slots now have to be driven off a seperate bridge connected by PCIe)with the result that on many boards there is a decided shortage of slots better than x1 (on some i've seen there was a slot that could operate in x4 but only if all the x1 slots were empty). I found a review of one board that had one but it had it connected in a rather strange way (From the reviews i've seen the sane way to connect a NF200 is to take ALL the CPUs PCIe lanes to it). It's not that I need it right now but if I decide to build a new computer i'd like to have a board that I know will have plenty of expandability since I tend to keep my machines for a long time.
BTW note that the article (intel do it too IIRC) quotes the TOTAL of the two directions of bandwidth for PCIe. This is as misleading as advertising full duplex fast ethernet as "200Mbps" (which a lot of vendors used to do in the early days of full duplex)
It is even more confusing with PCIe than with ethernet as PCIe only tends to improve by 2x each generation.
It might actually.
Consider a grow op that puts some but not all of their lamps through the meter lamps through the meter (and the rest either from a tap-in before the meter or from other sources). The meter reader sees readings that look fairly normal for a domestic property and no suspicion is raised.
However the smart meter would see power cycling in lockstep with the timers on the grow-lamps. Maybe you could stagger them but I bet the pattern would still look very different from a normal household.
If you want a driver that's all AMDs work it's called frglx
Last time I worked with FGLRX it had the glaring fault of crashing the system to the point that no further interaction was possible if the kernel module was missing. Nvidia's driver OTOH just gave an error message
The impression I got last time I dealt with ATI graphics on linux was that the OSS drivers were unfinished and the propietry ones were more of a PITA to deal with than the nvidia propietry ones. Has that changed?
Debian now has dkms, so you can just install nvidia-kernel-dkms and nvidia-glx and let the system handle rebuilding the module for you.
On the x87 (traditional FPU for x86, still used by most code because of support for older processors) the internal temporaries are fixed size. This means if the compiler chooses to keep temporaries in FPU registers you can get marginally different results from if the compiler spills them to memory.
This has some nasty implications like doing the same comparison twice may give different results if the first comparision was done with the value still in the FPU registers and the second was done after the compiler had moved it to memory and back.
By making a variable volatile you force the compailer to store it in memory at all times and therefore ensure consistent results for comparisions involving it.
In the early days of safari on windows they put it selected by default in the list of "updates" with no indication that it was a whole new program rather than an update to something already installed.
I think they may have changed it now but it's a while since i've used a windows computer with apple stuff installed so i'm not sure.
isn't that what chain link fencing and razor wire are for?
It depends what you mean by "a C++ program". C and the C like bits of C++ are a very leaky abstraction and it's easy to write such code in a way that makes assumptions that work on one CPU but not another.
OTOH if you stick to high level C++ (STL etc) you would be much less likely to run into such problems unless the underlying implementation is buggy.
Microsofts desktop/server toolchains already support x86, x64 and ia64 so presumablly they already have interfaces to allow selection of the build target and since wince already supports arm they should already have an arm complier. So it should be "just" a matter of peicing the bits together and ironing out the bugs.
Well debian linux runs on arm, it's a bit more of a pain to install it than on PCs but that is more the fault of the arm platforms in question than of linux.
PCs have a standard BIOS that provides a number of basic services including communication with the user and reading boot images from hard drives and CD-ROM drives. Arm systems sometimes have something similar but it's generally specific to a particular subfamily and is often designed to be driven from a serial terminal since a lot of arm hardware lacks displays.
If it was just a competitive bidding process then someone would step in and buy the stuff at market price and let the government bid on it at a bit over market price and take the profit.
The real issue is that the government (and certain high-risk industries) insist on a lot of tracability and QC that most customers don't. That means extra work for the manufacturers and they rightly charge for it. Sometimes this is really nessacery but afaict it is often done just to cover arses.
A bunch of "hot" machines in a cold climate will produce much more condensation
You seem to have your understanding backwards.
As you heat air it's water carrying capacity rises and it's relative humidity falls. So pumping cold outside air into your DC should not cause condensation problems in the DC (if people have been breathing in the DC you may get condensation when you release the air back into the atmosphere but you probablly don't care about that).
Condensation is mainly a problem when you have a cold object and a hot environment. As you cool the air it's water carrying capacity falls and depending on how humid the air was to start with some of the water may condense out. A DC in a cold environment would almost certainly want aclimitisation rooms so the temperature of equipment brought in from outside could be raised in a controlled manner.
In debian it will be available soon in unstable
Afaict the general policy in debian is to only upload stuff to unstable if it's targetted at (note that targetted at doesn't nessacelly mean will be in) the next stable release. It seems unlikely that debian would try to push a new kernel version at this point in the release cycle.
So I wouldn't expect it to hit unstable until after squeeze releases.