It's Debian. If you have stable in your sources.conf, you'll get upgraded next time you run apt-get update && apt-get dist-upgrade (once it is released). which is why admins with a clue don't put stable in thier sources.list (the installer used to do this but i belive it has been changed).
the reality is while the package managers get most stuff right there is nearly always some level of handholding involved in an upgrade from one stable release to the next (e.g. on sarge-etch it is easy to end up with no kernel installed if you are not carefull) and it certainly isn't something you want happening to you without warning.
use release codenames in your sources.list and read the release notes before moving from one stable release to the next especially if you do not know how to repair broken systems.
i'd imagine that cheap comms and cheap energy are probablly more important than cheap land. And theese containers sound like they will be far from an efficiant use of land anyway unless they are stacked really high.
i'd also imagine that the cost of fast comms has a rather large upfront component offsetting the cost of moving.
Lameness filter encountered. Post aborted! Reason: Don't use so many caps. It's like YELLING. well yes i know, i'm yelling to make sure people notice it before following the link
Craigslist, because it is on the Internet and anonymous, has no identity verification at all. Many people, most in fact, will do things they would never consider doing if they know it can never be traced back to them and there cannot possibly be any consequences.
of course the people who belive that are almost certainly wrong. cragslist presumablly have an IP and timestamp, with the ISPs cooperation that should be enough unless the person making the post was carefull to cover thier tracks.
Any newspaper would collect enough billing information to send the person a bill. here in the uk there are very often special papers where it is free to place your advert with the cost being borne by the buyer. Usually theese are local in scope but i don't belive there is any identity checking in posting to them. Probablly more anonymous than cragslist.
but even assuming a regular newspaper personal information can be hidden. They can pay using a stolen or prepaid card and give fake addresses (or even the address of the victim). They can ensure stuff is printed rather than handwritten, use gloves etc. How is this any different than chaining proxies to avoid internet based tracking?
afaict criminals generally get caught either because they are too stupid/ignorant to take proper precautions or because they commit many crimes and eventually get careless or unlucky.
assumming the stick has a programmable microcontroller of some kind it would have to be reprogrammed. then it can present itself as anything it wants.
it wouldn't surprise me if modern flash drives use special purpose controller chips though so i dunno if they would have sufficiant programability or not.
i'd imagine doing this kind of hack would require at the very least a development rig for the processor and opening the drive case. You'd then have to work out how to connect to the programming lines.
so not impossible but certainly beyond most people who don't have experiance in the field and a fair bit of time and money.
1: there would be a copy of any copyrighted work availible without drm encumberments (possiblly from schemes that are no longer availible) if and when the work finally enters the public domain. 2: people wouldn't gnerally copyright trivial things. people would only use copyright if they thought they had a good enough reason too. 3: there would be a lot less fighting over who owned the copyright to something.
law enforcements main tool for keeping crime down is instilling fear of getting caught and the consequences that follow. Noone wants to go to prison (or even to be held in a police cell for a few days) or to have to pay large fines and cameras provide good evidence for the cops/court so generally people will avoid a crime if they think they will be caught on camera.
i presume they hope that reminding people that they are being caught on camera will deter them from continuing with thier activity.
True, but in mathematics you can conclusively prove something. They're called theorems.
remember this from a VERY famous scientist As far as the laws of math refer to reality, they are not certain, as far as they are certain, they do not relate to reality.
or to put it another way mathematics can prove that a group of equations and/or conditions implies other equations and/or conditions but it cannot prove that when you characterised the real-world relationships you knew about by a set of equations that you got it right.
i've never seen an ethernet adapter damaged by it. i don't know how recent your experiance is but you should bear in mind that gigabit gear is far more likely to be vulnerable to this as the middle pair (which is usually what is used for phone connections) is an active data pair in gigabit ethernet.
phone lines use non trivial voltages (about 50V dc open circuit, less when loading by an off hook phone far more when ringing), while they aren't anywhere near as brutal as a properly built etherkiller (note that the original etherkiller was badly done, they put the voltage between the pairs rather than on the pairs meaning that if the pulse transformer was good enough it wouldn't even hit the ICs at all) they are certainly something to watch out for with regards anything electronic.
the gigabit ethernet spec says that manufacturers must protect users from safety issues caused by phone voltages presented to a gigabit ethernet port but does not require them to protect against hardware damage.
Did you know that one installation of Apache can serve multiple web sites? IIS can do the same. indeed it can
now add on the fact that you need mail for each domain stored in a different place (generaly people want e-mail on thier websites domain).
now add on the fact that you have to be very carefull to stop active content doing nasty things to others sites.
then you have the issue that not everything about apache can be controlled through htacess files
it gets even more complex if you have multiple users per site.
now there are frontends that try and deal with theese admin problems for you (cpanel, webappliance etc) but they have issues of thier own (they tend to get in the way if you want to have services other than those thier designers thought of).
Using 100 guest OSes running on a server to support 100 web sites is insane. depends on the situation. If all sites are run by one admin team then sure just configure the stuff you need to handle multiple domains. If every domain just needs simple webhosting with basic script requirements then sure go ahead and use cpanel or webappliance or similar. If each domain has some scripts with strange requirements or requires other low load services in addition to web and mail or you want complete independence in management then virtual machines start to shine.
what do you propose they do instead? the main purpose of first level support is to keep down the cost of dealing with lusers who can't diagnose if something is a hardware problem by themselves. The low end pc market has razor thin margins and lots of idiot customers so the only rational thing to do is to put a barrier of script monkeys in place to deal with them before they cost you serious money.
corporate is better for two reasons, firstly because you are paying for better service as part of the price and secondly because the company doesn't have to deal with lusers directly (for corporate machines the internal IT support department generally does the job of keeping lusers off the suppliers back)
I do the same with MacBooks. It also offeres you the way to keep your private data from ever going back to the laptop mfgr during a repair. out of interest how hard are the drives to get out on the normal macbooks (not pro)?
i remember hearing (i'm not a mac owner but considering becoming one) in the powerpc days on the ibook it was a nightmare while on the powerbook it was trivial trivial.
you have to admit its pretty terrible design to rely on software in that way though.
letting the software do the day to day management does not preclude having crude but effective management (e.g. if it gets over temperature X cut the damn power) at a lower level for when the software fails.
There's a warning in x86config when setting monitor refresh rates that warns you that your choice may destroy your monitor. thats mainly there for historical reasons (and when it was a current issue i think it was an issue accross all platforms). I'm pretty sure monitors have had protection against this for over a decade now.
some hardware is actually pretty fragile. Anyone remember when lg made thier cd-rom (not writer or dvd) drives use the command that was meant to be for packet write enable as the firmware update command resulting in a certain version of linux bricking the drives in question (lg did eventually publish how to put the drives in emergency re-flash mode but they took thier time doing it and claimed linux was at fault).
a minimum wage worker is in a hurry and can't figure out where its supposed to go so they hide it somewhere.
a customer has looked at something and puts it back in the wrong place (less likely if its a top shelf but could possiblly lead to the first one when the minimum wage floor staff are tidying up).
All the stock database (which the website and workers both use as a data source) knows is what stock has come in, what has gone out through legitimate channels and what has been reported as missing. It can't know where stuff physcially is in the store or whether stuff has been slipped out without paying for it. Eventually if they really can't find something they may mark it as missing but they are only going to do that once they are pretty sure it actually has gone.
i'm quite sure there is proffesional gear out there that works at 192khz 24 bit. that puts the nyquist point a pretty long way out of the audio range and the quantisation step well below the noise floor of the incoming analog signal.
now if your digital recording hardware sucks you will of course lose a lot more information. The same applies if your analog recording gear sucks. If stuff is lost below the noise floor of an analog system then it is no more or less lost than if it is lost in a digitisation process.
DSL only goes so far along the copper wire from the DSLAM in the phone company central office. If you are past 11-12000 feet, you can kiss ADSL goodbye, past 18000 ft, you can forget about SDSL. If you live further than that, no amount of, "we are expanding into your area" is going to happen. Unless the LEC builds a new CO, closer to you, and has all of your copper terminate there instead of the old place, then, you might be able to get DSL. But for the most part, if you can't get DSL now, you can't get DSL ever.
surely it is feasible to build a DSLAM that it suitable for installation in a patch cabinet outside and then run a single fiber to it. You don't need something on the scale of a full central office.
no with C writing bad code is the default mode, pointer aritmetic and standard apis like prinf require extreme care to avoid writing insecure code.
secure programming in general is very hard though some languages make it harder than others. Secure programming requires carefull consideration of many issues some of which span accross the application. It also requires good documentation (how should things be quoted at this interface? is the creator of this data trustworthy or should the data be treated as potentially malicious and so on).
php does have some big issues though, newbie attractiveness is one, register_globals was another (thankfully disabled by default nowadays), another less known one involves the normal way (or at least one of the normal ways) of getting headers doing some bogus merging and hence allowing breakage of the x-forwarded-for system (which is used by sites that use reverse proxies to store the real ip of a request). (see http://en.wikipedia.org/wiki/User:Brion_VIBBER/Coo l_Cat_incident_report for more info)
they are supposed to track addresses so that they are globally unique (since this is the only way to be absoloutely sure that any combination of ethernet products placed on a lan with thier factory addresses have unique addresses). To achive that manufacturers must keep track of which addresses they have allocated.
Some manufacturers do screw up sometimes though and i bet it often goes unnoticed because the probability of collisions is fairly low unless a manufacturer does something *REALLY* stupid like shipping a cratefull of cards with the same mac or shipping a firmware upgrade utility that screws up the MAC.
but i agree with your main point, pick a random mac within the range of a vendor that really exists and you are pretty safe.
The very process of converting from analog to digital automatically results in tremendous data loss the moment you do it when you get right down to it. digitisation has two main degrading effects, neither is as you put it "massive" if the digitisation is done properly.
firstly it introduces quantisation noise and other noise in the ADC but you only get that once unlike the noise of analogue recording, its usually much lower than the noise of analogue recording too.
secondly it loses high frequencies (and produces phase distortion on slightly lower ones due to the anti-aliasing filter in the front end) but analog recordings also have a frequency beyond which the signal level drops below the noise floor.
The important point is digitisation does involve loss but the loss can be made relatively small and you only suffer that loss once, whereas with analog each copy is worse than the original and the original gets worse as it ages.
For example if all music illegally on P2P went away do you think the RIAA would care anymore? No. If they are sensible then they will try to kill P2P rather than just illegal use of P2P.
People getting into the habbit of downloading music free is what the recording industry is really scared of, in fact legitimately free music is probablly more scary because they can't use the law against it.
Not quite sure about the "too much time on my hands" part if you are doing a big backup job to DVD then it probablly means that time has a very low value to you and the time saving from using dual layer probablly isn't enough to make you buy the media.
I'm pretty sure the average person knows you need oxygen to breathe. trouble is we have no senses that can directly detect oxygen shortage in the air, so like carbon monoxide poisening its a silent killer.
our bodies work on the assumption that oxygen and C02 levels are related and detect the overabundance of C02 rather than the lack of oxygen.
btw for this reason its dangerous to hyperventilate while swimming, you may think you are building up oxygen to go under but in fact all you are doing is removing C02 and hence your bodies built in warning that it is time to surface.
can't say i've ever tried to work with libtiff but a quick poke at the api docs seems to indicate you have to use different interfaces depending on the underlying structure of the tiff file.
and while the dependancies aren't as bad as i thought then if you can't assume it will already be installed (which you almost certainly can't) it will still add at least a meg to the size of your app (ok ok its nothing compared to the size of some megabloat apps but its hardly insignificant either).
and then you have to find or write imports for the language you use on all platforms you use and if dynamically linking it work out how to install it on all platforms you use.
and then you have to track it for security updates and find a way of getting those to users of your app.
and this all assumes that calling custom native code is an option, in many cases (browser applets and other bytecode that runs in security limited environments) it isn't
It's Debian. If you have stable in your sources.conf, you'll get upgraded next time you run apt-get update && apt-get dist-upgrade (once it is released).
which is why admins with a clue don't put stable in thier sources.list (the installer used to do this but i belive it has been changed).
the reality is while the package managers get most stuff right there is nearly always some level of handholding involved in an upgrade from one stable release to the next (e.g. on sarge-etch it is easy to end up with no kernel installed if you are not carefull) and it certainly isn't something you want happening to you without warning.
use release codenames in your sources.list and read the release notes before moving from one stable release to the next especially if you do not know how to repair broken systems.
i'd imagine that cheap comms and cheap energy are probablly more important than cheap land. And theese containers sound like they will be far from an efficiant use of land anyway unless they are stacked really high.
i'd also imagine that the cost of fast comms has a rather large upfront component offsetting the cost of moving.
WARNING GOATSE LIKE IMAGE LINKED BY PARENT
Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.
well yes i know, i'm yelling to make sure people notice it before following the link
Craigslist, because it is on the Internet and anonymous, has no identity verification at all. Many people, most in fact, will do things they would never consider doing if they know it can never be traced back to them and there cannot possibly be any consequences.
of course the people who belive that are almost certainly wrong. cragslist presumablly have an IP and timestamp, with the ISPs cooperation that should be enough unless the person making the post was carefull to cover thier tracks.
Any newspaper would collect enough billing information to send the person a bill.
here in the uk there are very often special papers where it is free to place your advert with the cost being borne by the buyer. Usually theese are local in scope but i don't belive there is any identity checking in posting to them. Probablly more anonymous than cragslist.
but even assuming a regular newspaper personal information can be hidden. They can pay using a stolen or prepaid card and give fake addresses (or even the address of the victim). They can ensure stuff is printed rather than handwritten, use gloves etc. How is this any different than chaining proxies to avoid internet based tracking?
afaict criminals generally get caught either because they are too stupid/ignorant to take proper precautions or because they commit many crimes and eventually get careless or unlucky.
assumming the stick has a programmable microcontroller of some kind it would have to be reprogrammed. then it can present itself as anything it wants.
it wouldn't surprise me if modern flash drives use special purpose controller chips though so i dunno if they would have sufficiant programability or not.
i'd imagine doing this kind of hack would require at the very least a development rig for the processor and opening the drive case. You'd then have to work out how to connect to the programming lines.
so not impossible but certainly beyond most people who don't have experiance in the field and a fair bit of time and money.
the effect would be
1: there would be a copy of any copyrighted work availible without drm encumberments (possiblly from schemes that are no longer availible) if and when the work finally enters the public domain.
2: people wouldn't gnerally copyright trivial things. people would only use copyright if they thought they had a good enough reason too.
3: there would be a lot less fighting over who owned the copyright to something.
law enforcements main tool for keeping crime down is instilling fear of getting caught and the consequences that follow. Noone wants to go to prison (or even to be held in a police cell for a few days) or to have to pay large fines and cameras provide good evidence for the cops/court so generally people will avoid a crime if they think they will be caught on camera.
i presume they hope that reminding people that they are being caught on camera will deter them from continuing with thier activity.
True, but in mathematics you can conclusively prove something. They're called theorems.
remember this from a VERY famous scientist
As far as the laws of math refer to reality, they are not certain, as far as they are certain, they do not relate to reality.
or to put it another way mathematics can prove that a group of equations and/or conditions implies other equations and/or conditions but it cannot prove that when you characterised the real-world relationships you knew about by a set of equations that you got it right.
i've never seen an ethernet adapter damaged by it.
i don't know how recent your experiance is but you should bear in mind that gigabit gear is far more likely to be vulnerable to this as the middle pair (which is usually what is used for phone connections) is an active data pair in gigabit ethernet.
phone lines use non trivial voltages (about 50V dc open circuit, less when loading by an off hook phone far more when ringing), while they aren't anywhere near as brutal as a properly built etherkiller (note that the original etherkiller was badly done, they put the voltage between the pairs rather than on the pairs meaning that if the pulse transformer was good enough it wouldn't even hit the ICs at all) they are certainly something to watch out for with regards anything electronic.
the gigabit ethernet spec says that manufacturers must protect users from safety issues caused by phone voltages presented to a gigabit ethernet port but does not require them to protect against hardware damage.
Did you know that one installation of Apache can serve multiple web sites? IIS can do the same.
indeed it can
now add on the fact that you need mail for each domain stored in a different place (generaly people want e-mail on thier websites domain).
now add on the fact that you have to be very carefull to stop active content doing nasty things to others sites.
then you have the issue that not everything about apache can be controlled through htacess files
it gets even more complex if you have multiple users per site.
now there are frontends that try and deal with theese admin problems for you (cpanel, webappliance etc) but they have issues of thier own (they tend to get in the way if you want to have services other than those thier designers thought of).
Using 100 guest OSes running on a server to support 100 web sites is insane.
depends on the situation. If all sites are run by one admin team then sure just configure the stuff you need to handle multiple domains. If every domain just needs simple webhosting with basic script requirements then sure go ahead and use cpanel or webappliance or similar. If each domain has some scripts with strange requirements or requires other low load services in addition to web and mail or you want complete independence in management then virtual machines start to shine.
what do you propose they do instead? the main purpose of first level support is to keep down the cost of dealing with lusers who can't diagnose if something is a hardware problem by themselves. The low end pc market has razor thin margins and lots of idiot customers so the only rational thing to do is to put a barrier of script monkeys in place to deal with them before they cost you serious money.
corporate is better for two reasons, firstly because you are paying for better service as part of the price and secondly because the company doesn't have to deal with lusers directly (for corporate machines the internal IT support department generally does the job of keeping lusers off the suppliers back)
I do the same with MacBooks. It also offeres you the way to keep your private data from ever going back to the laptop mfgr during a repair.
out of interest how hard are the drives to get out on the normal macbooks (not pro)?
i remember hearing (i'm not a mac owner but considering becoming one) in the powerpc days on the ibook it was a nightmare while on the powerbook it was trivial trivial.
you have to admit its pretty terrible design to rely on software in that way though.
letting the software do the day to day management does not preclude having crude but effective management (e.g. if it gets over temperature X cut the damn power) at a lower level for when the software fails.
There's a warning in x86config when setting monitor refresh rates that warns you that your choice may destroy your monitor.
thats mainly there for historical reasons (and when it was a current issue i think it was an issue accross all platforms). I'm pretty sure monitors have had protection against this for over a decade now.
some hardware is actually pretty fragile. Anyone remember when lg made thier cd-rom (not writer or dvd) drives use the command that was meant to be for packet write enable as the firmware update command resulting in a certain version of linux bricking the drives in question (lg did eventually publish how to put the drives in emergency re-flash mode but they took thier time doing it and claimed linux was at fault).
some posibilities
a minimum wage worker is in a hurry and can't figure out where its supposed to go so they hide it somewhere.
a customer has looked at something and puts it back in the wrong place (less likely if its a top shelf but could possiblly lead to the first one when the minimum wage floor staff are tidying up).
All the stock database (which the website and workers both use as a data source) knows is what stock has come in, what has gone out through legitimate channels and what has been reported as missing. It can't know where stuff physcially is in the store or whether stuff has been slipped out without paying for it. Eventually if they really can't find something they may mark it as missing but they are only going to do that once they are pretty sure it actually has gone.
i'm quite sure there is proffesional gear out there that works at 192khz 24 bit. that puts the nyquist point a pretty long way out of the audio range and the quantisation step well below the noise floor of the incoming analog signal.
now if your digital recording hardware sucks you will of course lose a lot more information. The same applies if your analog recording gear sucks. If stuff is lost below the noise floor of an analog system then it is no more or less lost than if it is lost in a digitisation process.
DSL only goes so far along the copper wire from the DSLAM in the phone company central office. If you are past 11-12000 feet, you can kiss ADSL goodbye, past 18000 ft, you can forget about SDSL. If you live further than that, no amount of, "we are expanding into your area" is going to happen. Unless the LEC builds a new CO, closer to you, and has all of your copper terminate there instead of the old place, then, you might be able to get DSL. But for the most part, if you can't get DSL now, you can't get DSL ever.
surely it is feasible to build a DSLAM that it suitable for installation in a patch cabinet outside and then run a single fiber to it. You don't need something on the scale of a full central office.
no with C writing bad code is the default mode, pointer aritmetic and standard apis like prinf require extreme care to avoid writing insecure code.
o l_Cat_incident_report for more info)
secure programming in general is very hard though some languages make it harder than others. Secure programming requires carefull consideration of many issues some of which span accross the application. It also requires good documentation (how should things be quoted at this interface? is the creator of this data trustworthy or should the data be treated as potentially malicious and so on).
php does have some big issues though, newbie attractiveness is one, register_globals was another (thankfully disabled by default nowadays), another less known one involves the normal way (or at least one of the normal ways) of getting headers doing some bogus merging and hence allowing breakage of the x-forwarded-for system (which is used by sites that use reverse proxies to store the real ip of a request). (see http://en.wikipedia.org/wiki/User:Brion_VIBBER/Co
if they haven't locked down the bootloader as well you can use init=/bin/sh on the kernel command line to get a rootshell on linux.
they are supposed to track addresses so that they are globally unique (since this is the only way to be absoloutely sure that any combination of ethernet products placed on a lan with thier factory addresses have unique addresses). To achive that manufacturers must keep track of which addresses they have allocated.
Some manufacturers do screw up sometimes though and i bet it often goes unnoticed because the probability of collisions is fairly low unless a manufacturer does something *REALLY* stupid like shipping a cratefull of cards with the same mac or shipping a firmware upgrade utility that screws up the MAC.
but i agree with your main point, pick a random mac within the range of a vendor that really exists and you are pretty safe.
The very process of converting from analog to digital automatically results in tremendous data loss the moment you do it when you get right down to it.
digitisation has two main degrading effects, neither is as you put it "massive" if the digitisation is done properly.
firstly it introduces quantisation noise and other noise in the ADC but you only get that once unlike the noise of analogue recording, its usually much lower than the noise of analogue recording too.
secondly it loses high frequencies (and produces phase distortion on slightly lower ones due to the anti-aliasing filter in the front end) but analog recordings also have a frequency beyond which the signal level drops below the noise floor.
The important point is digitisation does involve loss but the loss can be made relatively small and you only suffer that loss once, whereas with analog each copy is worse than the original and the original gets worse as it ages.
For example if all music illegally on P2P went away do you think the RIAA would care anymore? No.
If they are sensible then they will try to kill P2P rather than just illegal use of P2P.
People getting into the habbit of downloading music free is what the recording industry is really scared of, in fact legitimately free music is probablly more scary because they can't use the law against it.
Not quite sure about the "too much time on my hands" part
if you are doing a big backup job to DVD then it probablly means that time has a very low value to you and the time saving from using dual layer probablly isn't enough to make you buy the media.
I'm pretty sure the average person knows you need oxygen to breathe.
trouble is we have no senses that can directly detect oxygen shortage in the air, so like carbon monoxide poisening its a silent killer.
our bodies work on the assumption that oxygen and C02 levels are related and detect the overabundance of C02 rather than the lack of oxygen.
btw for this reason its dangerous to hyperventilate while swimming, you may think you are building up oxygen to go under but in fact all you are doing is removing C02 and hence your bodies built in warning that it is time to surface.
can't say i've ever tried to work with libtiff but a quick poke at the api docs seems to indicate you have to use different interfaces depending on the underlying structure of the tiff file.
and while the dependancies aren't as bad as i thought then if you can't assume it will already be installed (which you almost certainly can't) it will still add at least a meg to the size of your app (ok ok its nothing compared to the size of some megabloat apps but its hardly insignificant either).
and then you have to find or write imports for the language you use on all platforms you use and if dynamically linking it work out how to install it on all platforms you use.
and then you have to track it for security updates and find a way of getting those to users of your app.
and this all assumes that calling custom native code is an option, in many cases (browser applets and other bytecode that runs in security limited environments) it isn't