I should add a disclaimer, I will not be buying this for a while, because I only use Linux. I will keep it in mind. And it's very cool that companies listen to the users (hopefully) and make better (or at least different) products
I hope the slashdot crowd puts their money where their mouth is then. It's a good idea, VPNs are always a hassle to set up and tune, so this would be welcome. I wonder, though, if "normal" people will try out this... On the other side, if you went the cloud route, you'd be the ten thousandth or so VPN provider, with only performance to differentiate the product. And you may even have lost out on performance, despite the channel bonding, if the competitors had servers all over the world.
I think there is hope for both business plans. The personal VPN server market hasn't been cracked yet. There was Hamachi, but it was bought by some company and not much happened. OpenVPN is as hard to set up as ever. NAT and firewalls mean that you need layers of fallback for reliable operation. I would suggest making a Linux version with low system requirements, in addition to the "Enterprise" linux version, because linux users will be overrepresented in the group of people who run always-on systems at home, and it could also run on VPSs. The enterprise VPN market is quite crowded, I can't say anything about how that will go. The hosted VPN market is equally crowded, but there is also a huge demand, partly because of inane geo-IP restrictions on various services. You'd have to sell it on speed, and speed is very much key for things like video on demand. I'm not sure about the value of channel bonding for personal use, as for many people their home connection or even courtesy wi-fi at coffee shps is significantly faster than the mobile connection, so switching to wi-fi when possible should give good speed and less monetary cost. This feature would be brilliant for enterprise systems though.
SuperGenPass has a lot of limitations due to its design, but its simplicity makes up for that IMO. It is not a password manager, just a hasher, which hashes the domain name and the master password into a unique 10 char alphanumeric password. Only one site I've used has complained about this, and that was eBay, which required punctuation as well. It can't handle well if a password must be changed (you can add something like "2012", "2013" to the master pw though). It is great that the passwords are stored nowhere, so there is no need for synchronisation or backup.
Password managers and SuperGenPass are a good solution, but too complicated for most people to use. The system suggested in the article doesn't work either. When a password DB is compromised there will be no entry in the audit hook. The audit hook will only give an elert too late, when the hackers use the password.
There are much better options for improving authentication. It's not easy to do without relying on a third party though, while still allowing logins from various new computers with little effort.
The 1. missing idea from my previous post is the output format. There is no reason to have documents be a stack of pages when they are displayed on a screen. It is absolutely boneheaded. There are solutions for producing HTML from TeX source, this was the first search result: http://hutchinson.belmont.ma.us/tth/ . I don't know why academics keep ignoring this and keep making PDFs which are only good for printing and for displaying on large monitors. There are many small devices which are better suited for reading (e.g. on the train), and PDF papers look like crap on them ( http://ask.slashdot.org/story/12/12/01/214255/ask-slashdot-tablets-for-papers-are-we-there-yet ). The problem with HTML is that it can't be saved locally and passed around easily. Maybe EPUB can help. The page I linked has a section on how to make EPUBs. So my suggestion is to have a prominent option to output to EPUB. Strike the collaboration features, we can handle using git or SVN for a few more years.
The 1. missing feature in TeX land is collaboration features. It's not horrible -- you can split the doc into files for different sections (don't know if you can do this in LyX) and use source control or Dropbox -- but it's not particularly elegant. Just having seamless integration with source control would be great: some kind of interactive conflict handling and easy committing of all dependent resources. It could also be useful for single-user projects to have revision tracking. Perhaps the Lyx project could be a git repository by default, but I would of course prefer if it supported SVN and anything else that comes along too. Something like the SVN integration for Eclipse would be cool, but it wouldn't have to be that comprehensive. Lyx would of course still have to support stand-alone files without all the VCS mumbo jumbo.
Bah, who cares about a few gigabytes on real computers (including netbooks too). Maybe sysadmins with hundreds of diskless clients care, but with installing TeX on a shared mount, that's no problem. And who worries about updates anymore when there's apt, yum and hundreds of hacked together solutions on Windows. Maybe sysadmins who have hundreds of clients who needs updates, but don't ahve unlimited bandwidth;) For that, there's local update repos
Remote compilation is interesting at first glance though because it can take ten or more seconds to compile a large Latex file on a slow computer, and compilation is single-threaded, so having a really fast server for this could be beneficial. Most other text processing jobs don't require much juice, with the unfortunate exception of *displaying* PDFs. After compilation, the resulting PDF file will have a size of order a few MB, so there will be practically no transmission delay on a LAN, and a few seconds over the internet. The problem is to upload the content to the server, including all graphical content. No problem on a LAN, but it would be a nightmare for home users, because the upload is typically 10 % of the download speed.
The CLSI does allow for caching, but it requires an URL for the cached content, so you'd need another server just to hold a second cached copy of the files. It would be an interesting challenge for developers to write code to manage the uploads -- with correct queueing and error handling. In the end I think that the time saved by having fast compilation is going to be negligible (except for on a LAN, but then the sysadmins would have to set up 1) an upload server and 2) a compilation server, and this is probably too much, except possibly at huge universities and NASA and CERN). It seems more interesting to have a purely remote system *including an editor* on the web (no, X11 forwarding with LyX doesn't cut it, too slow). That way one could work on documents from computers without having to install anything, for example when one has to borrow a computer. This wouldn't be a LyX project though.
It's not *just* out of generosity. It is in Google's interest to have users submit as much data as possible to them, and the users are more likely to do so if the government doesn't have easy access. It's a great thing nonetheless, but it just happens that there is a positive correlation between the interst of Google and that of the users.
I've never had a data disaster, but I still have a somewhat complex setup: 1. Automatic filesystem (ZFS) snapshots every 15 min on my desktop (home, also used for work from home) and RAID to protect against HW failures. 2. Unison (http://www.cis.upenn.edu/~bcpierce/unison/) sync between laptop and desktop keeps my home dir in two places (the important bits) 3. Work files are synced to the organisation's system, and that's probably enough 4. Rsync backup to external hard drive every ~3 days, drive is otherwise kept off line 5. Data integrity scan (ZFS scrub) ~every month 6. Rsync with checksums to backup drive to verify integrity, infrequently 7. Off site backup on another HDD, every ~6 months The snapshots are perhaps the most useful, because they protect against user error. They do not protect against admin errors though, such as running "zfs" commands. I am lacking a bit on the off site backups, and would lose a lot of days of data if there was a fire or a burglary, but I don't produce that much personal data. There should also be an "8. Complete system restore on VM" to see that the backups are good, but as they are only standard Truecrypt volumes with an ext4 filesystem I can inspect them manually and be reasonably sure they are OK.
Wait a sec. I should think it would be "Restore" day. At least for those of the various Christian persuasions.
Ignoring the joke for a second, Restore Day is a great idea! The only thing worse than not having backups is to have faulty backups, believing they are OK.
Same idea here. For my personal mail I have a filter to move sent and received mail older than 30 days off to a local folder. I use my web host/DNS registrar's IMAP service, and I would probably keep them for longer if I ran my own. Most of my/home including the local folder is synced between my desktop and laptop, so I still have access from there, but only to the last 30 days from the web and my mobile. Thunderbird seems to use a reasonable format where I can actually read the messages directly from the file, so even if there are no programs to read it, I can scan the archive and get what I want
Why? The good thing about the Internet and open source is that projects with 0.01 % market share or less can have viable communities and be useful to many people. Desktop Linux is a lot bigger than that, and it's doing its job for millions of people around the world
I think the problem is that a code repository is very much a moving target. They didn't say whether they had backups, so they probably didn't and that's stupid, but it would also be a problem if they had a week old backup
Sorry, I made a mistake. This is *not* an alternative as in replicating exactly what TRIM does. It will however give you slightly better write performance
There are two reasons why it may reduce the lifespan: 1) no TRIM support. Here is a Q/A which confirms this for LUKS on Linux, I doubt Truecrypt have TRIM support either. http://superuser.com/questions/124310/does-luks-encryption-affect-trim-ssd-and-linux . TRIM is relatively new, and while most filesystems do now support it, you're not losing out on much performance. An alternative is to leave a percentage (e.g. 10 %) of the drive completely unused, as an unformatted partition (NOT encrypted). This gives the drive's wear levelling algorithm some more room to work with. Drives do of course already have some such space which is not visible to the user.
2) Encrypted data are not compressible. Some SSDs use compression to get better write bandwidth and to reduce the number of writes. You shouldn't worry too much about this. You get what the hardware can support. The same thing would happen if you only stored H.264 videos, which also can't be compressed much, so the manufacturer has to allow for this.
This would sacrifice some security on any OS. You could stick/tmp ,/var/tmp,/home and swap on the encrypted drive, that would improve things. (I don't know if it handles well to have/var/log there, but as the parent says, logs can leak some significant information about when you were using the computer). Backup could be done at the file level.
Anyway, if you're throwing out windows anyway, and have one drive, it's fine to use full disk encryption. It is literally just a checkbox in the installer.
The problem seems to be with system backups. It *can* be a royal pain to reinstall the OS if you have a lot of custom software and configuration. I think the submitter is wrong in that the images can only be restored on the same drive as they were taken. If this is the case, it seems to be a failure of the drive imaging software or TrueCrypt.
It would be great if the SSH connections from my laptop used the reliable ethernet connection when it's plugged in, and seamlessly switched to wireless LAN when it was unplugged. Even better would be if I could put the laptop to sleep and move to a different location, and that the connections would stay open (given, of course, that there was no I/O on them while the computer was moving, and that it was only moving for a reasonably short time). It seems like it *may* be possible to open a new "subflow" even when no valid existing subflows exist between the computers, as would be the case when the computer disconnects from one network and connects to another. The performance is a bit of a "meh" for me as an end user. I even have two gigabit NICs on my motherboard, but I only use one because the file transfer protocols I use (or the CPU for encryption) max out at ~60MB/s anyway. Otherwise there is usually a "strict hierarchy" in the speeds of the connections. Ethernet >> 802.11? laptops, wired internet connections >> 802.11? on mobiles >> 3G >> GPRS >> Bluetooth
Your comment is correct, but NAT is not the core problem. In a world without NAT people would still use stateful firewalls. Those firewalls should be configured to drop anything unknown, because as a principle whitelisting is better than blacklisting.
I've been using 48kHz with pulseaudio because I watch some TV and movies as well as listen to music. It is possible to pick a high quality resampler, and I have no complaints, but this post is interesting and I will probably have to change things... Is it better to resample 44.1kHz to 96kHz vs. 48kHz? I just downloaded some free music from the store in the summary (now *that's* targeted advertisement) and it's at 96kHz, so I'd prefer to use that.
When you have at least two speakers, and signals from both speakers hit both ears of the listener, it makes a difference.
You can generate two high frequency signals, one from each speaker, such that the difference of the frequencies is in the audible range. The sum of the two signals includes a modulation with the difference of the frequencies (sin(x)+sin(y) = 2*sin([x+y]/2)*cos([x-y]/2). The phase depends on the distance from the speaker times the frequency. If the signals come from different sources, the phase of the low frequency modulation signal (which is audible in this example) depends on the distance from each speaker times the frequency of the signal from that speaker.
It is not possible to produce such a spatial variation with only low frequency signals. If both speakers instead produced a low frequency signal with a different phase each, the sum would have a phase which varies in space with a wavelength corresponding to that frequency. There would also be a sinusoidal spatial modulation resulting in places where the amplitude goes to zero (this doesn't happen in practice because of reflections in the room and the finite size of the source).
So the spatial variation of the sound will be affected by higher frequency information. Headphones are not affected, and can equally well be fed 22 kHz signals, but technologies like Dolby Headphone would theoretically make it equivalent to speakers. The variation of the phase in space is not reconstructed correctly by stereo speakers, or any number of speakers for that matter, except for at a single listening position if set up correctly, so it is not clear to me that the higher frequencies would improve the realism or the perception of space in music.
Here's a very un-scientific study in Norwegian. http://www.diskusjon.no/index.php?showtopic=1490576&st=140 The goal was to find the compressed version among 8 different wav files (I know, strange setup). The problem is that the files were numbered, which seems to have affected the result.The right one is #4. [I got the right one, but it may have been luck]
Slashdot Mirror
I should add a disclaimer, I will not be buying this for a while, because I only use Linux. I will keep it in mind. And it's very cool that companies listen to the users (hopefully) and make better (or at least different) products
I hope the slashdot crowd puts their money where their mouth is then. It's a good idea, VPNs are always a hassle to set up and tune, so this would be welcome. I wonder, though, if "normal" people will try out this... On the other side, if you went the cloud route, you'd be the ten thousandth or so VPN provider, with only performance to differentiate the product. And you may even have lost out on performance, despite the channel bonding, if the competitors had servers all over the world.
I think there is hope for both business plans. The personal VPN server market hasn't been cracked yet. There was Hamachi, but it was bought by some company and not much happened. OpenVPN is as hard to set up as ever. NAT and firewalls mean that you need layers of fallback for reliable operation. I would suggest making a Linux version with low system requirements, in addition to the "Enterprise" linux version, because linux users will be overrepresented in the group of people who run always-on systems at home, and it could also run on VPSs. The enterprise VPN market is quite crowded, I can't say anything about how that will go. The hosted VPN market is equally crowded, but there is also a huge demand, partly because of inane geo-IP restrictions on various services. You'd have to sell it on speed, and speed is very much key for things like video on demand. I'm not sure about the value of channel bonding for personal use, as for many people their home connection or even courtesy wi-fi at coffee shps is significantly faster than the mobile connection, so switching to wi-fi when possible should give good speed and less monetary cost. This feature would be brilliant for enterprise systems though.
SuperGenPass has a lot of limitations due to its design, but its simplicity makes up for that IMO. It is not a password manager, just a hasher, which hashes the domain name and the master password into a unique 10 char alphanumeric password. Only one site I've used has complained about this, and that was eBay, which required punctuation as well. It can't handle well if a password must be changed (you can add something like "2012", "2013" to the master pw though). It is great that the passwords are stored nowhere, so there is no need for synchronisation or backup.
Password managers and SuperGenPass are a good solution, but too complicated for most people to use. The system suggested in the article doesn't work either. When a password DB is compromised there will be no entry in the audit hook. The audit hook will only give an elert too late, when the hackers use the password.
There are much better options for improving authentication. It's not easy to do without relying on a third party though, while still allowing logins from various new computers with little effort.
The 1. missing idea from my previous post is the output format. There is no reason to have documents be a stack of pages when they are displayed on a screen. It is absolutely boneheaded. There are solutions for producing HTML from TeX source, this was the first search result: http://hutchinson.belmont.ma.us/tth/ . I don't know why academics keep ignoring this and keep making PDFs which are only good for printing and for displaying on large monitors. There are many small devices which are better suited for reading (e.g. on the train), and PDF papers look like crap on them ( http://ask.slashdot.org/story/12/12/01/214255/ask-slashdot-tablets-for-papers-are-we-there-yet ). The problem with HTML is that it can't be saved locally and passed around easily. Maybe EPUB can help. The page I linked has a section on how to make EPUBs. So my suggestion is to have a prominent option to output to EPUB. Strike the collaboration features, we can handle using git or SVN for a few more years.
The 1. missing feature in TeX land is collaboration features. It's not horrible -- you can split the doc into files for different sections (don't know if you can do this in LyX) and use source control or Dropbox -- but it's not particularly elegant. Just having seamless integration with source control would be great: some kind of interactive conflict handling and easy committing of all dependent resources. It could also be useful for single-user projects to have revision tracking. Perhaps the Lyx project could be a git repository by default, but I would of course prefer if it supported SVN and anything else that comes along too. Something like the SVN integration for Eclipse would be cool, but it wouldn't have to be that comprehensive. Lyx would of course still have to support stand-alone files without all the VCS mumbo jumbo.
Bah, who cares about a few gigabytes on real computers (including netbooks too). Maybe sysadmins with hundreds of diskless clients care, but with installing TeX on a shared mount, that's no problem. And who worries about updates anymore when there's apt, yum and hundreds of hacked together solutions on Windows. Maybe sysadmins who have hundreds of clients who needs updates, but don't ahve unlimited bandwidth ;) For that, there's local update repos
Remote compilation is interesting at first glance though because it can take ten or more seconds to compile a large Latex file on a slow computer, and compilation is single-threaded, so having a really fast server for this could be beneficial. Most other text processing jobs don't require much juice, with the unfortunate exception of *displaying* PDFs. After compilation, the resulting PDF file will have a size of order a few MB, so there will be practically no transmission delay on a LAN, and a few seconds over the internet. The problem is to upload the content to the server, including all graphical content. No problem on a LAN, but it would be a nightmare for home users, because the upload is typically 10 % of the download speed.
The CLSI does allow for caching, but it requires an URL for the cached content, so you'd need another server just to hold a second cached copy of the files. It would be an interesting challenge for developers to write code to manage the uploads -- with correct queueing and error handling. In the end I think that the time saved by having fast compilation is going to be negligible (except for on a LAN, but then the sysadmins would have to set up 1) an upload server and 2) a compilation server, and this is probably too much, except possibly at huge universities and NASA and CERN). It seems more interesting to have a purely remote system *including an editor* on the web (no, X11 forwarding with LyX doesn't cut it, too slow). That way one could work on documents from computers without having to install anything, for example when one has to borrow a computer. This wouldn't be a LyX project though.
Seems like performance is a big concern for the submitter, and then LXC is a great idea.
It's not *just* out of generosity. It is in Google's interest to have users submit as much data as possible to them, and the users are more likely to do so if the government doesn't have easy access. It's a great thing nonetheless, but it just happens that there is a positive correlation between the interst of Google and that of the users.
I've never had a data disaster, but I still have a somewhat complex setup:
1. Automatic filesystem (ZFS) snapshots every 15 min on my desktop (home, also used for work from home) and RAID to protect against HW failures.
2. Unison (http://www.cis.upenn.edu/~bcpierce/unison/) sync between laptop and desktop keeps my home dir in two places (the important bits)
3. Work files are synced to the organisation's system, and that's probably enough
4. Rsync backup to external hard drive every ~3 days, drive is otherwise kept off line
5. Data integrity scan (ZFS scrub) ~every month
6. Rsync with checksums to backup drive to verify integrity, infrequently
7. Off site backup on another HDD, every ~6 months
The snapshots are perhaps the most useful, because they protect against user error. They do not protect against admin errors though, such as running "zfs" commands. I am lacking a bit on the off site backups, and would lose a lot of days of data if there was a fire or a burglary, but I don't produce that much personal data. There should also be an "8. Complete system restore on VM" to see that the backups are good, but as they are only standard Truecrypt volumes with an ext4 filesystem I can inspect them manually and be reasonably sure they are OK.
Wait a sec. I should think it would be "Restore" day. At least for those of the various Christian persuasions.
Ignoring the joke for a second, Restore Day is a great idea! The only thing worse than not having backups is to have faulty backups, believing they are OK.
Same idea here. For my personal mail I have a filter to move sent and received mail older than 30 days off to a local folder. I use my web host/DNS registrar's IMAP service, and I would probably keep them for longer if I ran my own. Most of my /home including the local folder is synced between my desktop and laptop, so I still have access from there, but only to the last 30 days from the web and my mobile. Thunderbird seems to use a reasonable format where I can actually read the messages directly from the file, so even if there are no programs to read it, I can scan the archive and get what I want
Why? The good thing about the Internet and open source is that projects with 0.01 % market share or less can have viable communities and be useful to many people. Desktop Linux is a lot bigger than that, and it's doing its job for millions of people around the world
I think the problem is that a code repository is very much a moving target. They didn't say whether they had backups, so they probably didn't and that's stupid, but it would also be a problem if they had a week old backup
The article suggests using ZFS because of its protections against bad hardware.
It implies that ZFS protects against bad RAM but *this is not the case*. The ZFS developers recommend using ECC memory.
An alternative is to[...]
Sorry, I made a mistake. This is *not* an alternative as in replicating exactly what TRIM does. It will however give you slightly better write performance
I can't speak to the security of SSDs.
There are two reasons why it may reduce the lifespan: 1) no TRIM support. Here is a Q/A which confirms this for LUKS on Linux, I doubt Truecrypt have TRIM support either. http://superuser.com/questions/124310/does-luks-encryption-affect-trim-ssd-and-linux . TRIM is relatively new, and while most filesystems do now support it, you're not losing out on much performance. An alternative is to leave a percentage (e.g. 10 %) of the drive completely unused, as an unformatted partition (NOT encrypted). This gives the drive's wear levelling algorithm some more room to work with. Drives do of course already have some such space which is not visible to the user.
2) Encrypted data are not compressible. Some SSDs use compression to get better write bandwidth and to reduce the number of writes. You shouldn't worry too much about this. You get what the hardware can support. The same thing would happen if you only stored H.264 videos, which also can't be compressed much, so the manufacturer has to allow for this.
This would sacrifice some security on any OS. You could stick /tmp , /var/tmp, /home and swap on the encrypted drive, that would improve things. (I don't know if it handles well to have /var/log there, but as the parent says, logs can leak some significant information about when you were using the computer). Backup could be done at the file level.
Anyway, if you're throwing out windows anyway, and have one drive, it's fine to use full disk encryption. It is literally just a checkbox in the installer.
The problem seems to be with system backups. It *can* be a royal pain to reinstall the OS if you have a lot of custom software and configuration. I think the submitter is wrong in that the images can only be restored on the same drive as they were taken. If this is the case, it seems to be a failure of the drive imaging software or TrueCrypt.
It would be great if the SSH connections from my laptop used the reliable ethernet connection when it's plugged in, and seamlessly switched to wireless LAN when it was unplugged. Even better would be if I could put the laptop to sleep and move to a different location, and that the connections would stay open (given, of course, that there was no I/O on them while the computer was moving, and that it was only moving for a reasonably short time). It seems like it *may* be possible to open a new "subflow" even when no valid existing subflows exist between the computers, as would be the case when the computer disconnects from one network and connects to another. The performance is a bit of a "meh" for me as an end user. I even have two gigabit NICs on my motherboard, but I only use one because the file transfer protocols I use (or the CPU for encryption) max out at ~60MB/s anyway. Otherwise there is usually a "strict hierarchy" in the speeds of the connections. Ethernet >> 802.11? laptops, wired internet connections >> 802.11? on mobiles >> 3G >> GPRS >> Bluetooth
Your comment is correct, but NAT is not the core problem. In a world without NAT people would still use stateful firewalls. Those firewalls should be configured to drop anything unknown, because as a principle whitelisting is better than blacklisting.
I've been using 48kHz with pulseaudio because I watch some TV and movies as well as listen to music. It is possible to pick a high quality resampler, and I have no complaints, but this post is interesting and I will probably have to change things... Is it better to resample 44.1kHz to 96kHz vs. 48kHz? I just downloaded some free music from the store in the summary (now *that's* targeted advertisement) and it's at 96kHz, so I'd prefer to use that.
When you have at least two speakers, and signals from both speakers hit both ears of the listener, it makes a difference.
You can generate two high frequency signals, one from each speaker, such that the difference of the frequencies is in the audible range. The sum of the two signals includes a modulation with the difference of the frequencies (sin(x)+sin(y) = 2*sin([x+y]/2)*cos([x-y]/2). The phase depends on the distance from the speaker times the frequency. If the signals come from different sources, the phase of the low frequency modulation signal (which is audible in this example) depends on the distance from each speaker times the frequency of the signal from that speaker.
It is not possible to produce such a spatial variation with only low frequency signals. If both speakers instead produced a low frequency signal with a different phase each, the sum would have a phase which varies in space with a wavelength corresponding to that frequency. There would also be a sinusoidal spatial modulation resulting in places where the amplitude goes to zero (this doesn't happen in practice because of reflections in the room and the finite size of the source).
So the spatial variation of the sound will be affected by higher frequency information. Headphones are not affected, and can equally well be fed 22 kHz signals, but technologies like Dolby Headphone would theoretically make it equivalent to speakers. The variation of the phase in space is not reconstructed correctly by stereo speakers, or any number of speakers for that matter, except for at a single listening position if set up correctly, so it is not clear to me that the higher frequencies would improve the realism or the perception of space in music.
This is an interesting question. I hope someone else answers it, but I will have a crack at the maths
Here's a very un-scientific study in Norwegian. http://www.diskusjon.no/index.php?showtopic=1490576&st=140 The goal was to find the compressed version among 8 different wav files (I know, strange setup). The problem is that the files were numbered, which seems to have affected the result.The right one is #4. [I got the right one, but it may have been luck]
Yeah, 100 % agreed. It's not like we can't afford at worst 9 % extra storage space, just to have a little more headroom