Several, and it takes a fraction of a second to wipe the encrypted copies of the physical disk key (as opposed to the logical password you entered). Of course it doesn't help, as the cops are supposed to have imaged your drive before they let you anywhere near it.
I suspect the best bet would be a PC which needs a special USB key to boot. Leave it turned on but make sure it has an earthquake (tilt!) sensor so it will 'properly' shutdown when it gets stolen. You can probably also arrange things so that it only needs the key if it's shutdown by the sensor or a crash/power cut.
Now all you have to work out is what to do with the USB key.
That's why they hate censorship, they see exactly what the problem is. The war is still in living memory, including the horror of realising later what actually happened to friends and neighbours. They've seen personally what censorship can hide. The Index is seen as different, a way of hiding the obscenity or shame, a way of highlighting the feeling of never again!
It appears from the ticket that they've forgotten about their plausible deniability requirement. The FBI are basically claiming they knew full well what was on the site and actively search their machines for infringing content which they KEPT.
That looks like the core; the rest (including the money laundering) looks like wishful thinking to me, but they may manage to make it stick.
Oh and the phrase "mega conspiracy" sounds like a very unprofessional way to refer to the defendants.
You better get switching then, IPv6 NAT an exact duplicate of the IPv4 support in linux has been added
Personally I don't see why you should want to put everything behind a single address, everything on one machine would make you look like a more promising target. But I will like having the transparent proxy support. That way I'm on MORE machines and "they" attack the wrong one.
The trust is in the infrastructure around the system. The fact that they will try very hard to ensure that nothing is signed that will allow the boot to be broken.
The Signed drivers are enforced by the fact that an OS that is able to load unsigned drivers WONT BE SIGNED. If your company "maliciously deceives" Microsoft into signing your generic loader you won't get anything else signed.
This signing scheme can and does work in the simple case; In the case of Microsoft's Gigabytes of cruft there will be holes large enough to drive a cruse liner through but it won't stop it being a serious pain in the ass and requiring Windows to be installed and running on every machine.
Probably not grub. But a public domain MBR loader would be simple to arrange and perfect for breaking the trust chain in a safe and verifiable way. Basically it would be small enough to be distributed as a hex dump like below and someone who can use a disassembler can check it all in a few minutes.
000000: fa fc bb 00 7c 31 c0 8e d0 89 dc 8e d8 8e c0 b9 000010: 00 01 89 de bf 00 06 f3 a5 ea 1e 06 00 00 fb be 000020: be 07 80 3c 80 74 0b 83 c6 10 81 fe fe 07 75 f2 000030: eb 47 bf 06 00 c6 06 fe 7d 00 8b 14 56 31 db 53 000040: 53 ff 74 0a ff 74 08 53 68 00 7c 6a 01 6a 10 89 000050: e6 b4 42 cd 13 8d 64 10 5e 72 02 eb 0c 31 c0 cd 000060: 13 4f 75 d6 be ad 06 eb 13 bf fe 7d 81 3d 55 aa 000070: 75 b5 89 f5 ea 00 7c 00 00 be bd 06 e8 0f 00 be 000080: 9d 06 e8 09 00 31 c0 cd 16 ea 00 00 ff ff ac 3c 000090: 00 74 09 bb 07 00 b4 0e cd 10 eb f2 c3 0d 0a 50 0000a0: 72 65 73 73 20 72 65 74 75 72 6e 3a 00 44 69 73 0000b0: 6b 20 72 65 61 64 20 65 72 72 6f 72 00 4e 6f 20 0000c0: 62 6f 6f 74 61 62 6c 65 20 70 61 72 74 69 74 69 0000d0: 6f 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 0001b0: 00 00 00 00 00 00
Okay, firstly Enry (630!) the switch from address classes to CIDR actually became the problem. It caused a tremendous blow up in the size of the routing tables. IPv6 is a switch back away from CIDR, not all the way to classful but far enough to control the size of the tables at the cost of 'address overallocation'. Allocating each IPv4/32 independently would have required something like a 30GB routing table compared to the current IPv4 of quite a few megabytes and the IPv6 of tens of kilobytes.
This means that a/64 is the smallest network that will be allocated, as it contains 2^64 host addresses it's big enough for any private network.
Now, for the rest of the comment chain: Hurricane Electric are allocating TWO/64 subnets when you connect to them. The first has just TWO hosts on it XXX::1/128 for their end of the tunnel and XXX::2/128 for your end. The second subnet XXY::/64 is for your internal network and is to be allocated to the machine's (second) ethernet connector and all the hosts "on the same wire". HE will allocate up to 5 pairs of in this fashion but if you have a more complicated network they are eager to allocate you a/48 (with 65536 networks on it) rather than the second/64.
Note, nothing stops you doing CIDR on your single/64 and all it really means is that you have to use DHCP6 and cannot use the privacy extensions. Also CIDR is a reasonable way of subdividing a/48, but CIDR has been ruled out for the global internet until such time (if ever) that addresses start getting scarce again.
Oh, and if you want another scary number; 4294967296 IPv6/48 networks were allocated a while back to "6to4"; that is 65536 networks to every single IPv4 address. That many were allocated only because you need one/64 for each internal network and a/128 on a different/64 to configure the tunnel adapter properly.
"They" didn't have any bugs; I'm talking of (Google, Bing, facebook etc) what they did last year was turn on ipv6 for a day in the hope that you'd fix any problems with your equipment.
In June they'll be throwing the switch, you will only have problems if you have a broken IPv6 setup. If you have either working IPv6 or NO ipv6 you'll be fine.
Because they weren't really spreading it as such they were just "catering to existing demand". So unlike the newsies they were just making money off the movement without returning anything of value. I expect Dr King's preferred result would have been for 20'C Fox to give some royalties to the cause, but I would further guess that they were too chicken.
No it doesn't, not on it's own. But it does make it more expensive because you have to replace the tamper proof pieces too. ie: give it a new motherboard with a fake TPM.
TPM is a method of 'amplifying' a small tamper proof device so that the rest of the machine becomes cryptographically tamper proof. But if you need to add the ability to secure the encryption keys for the hard disk part of the dm-crypt key must be stored in the tamper proof device. This key piece MUST be a true random number (a private key) so that it only exists in the original TPM, if the tamper proof device is replaced the key cannot be. That way if the mobo is replaced the HDD won't boot.
This is exactly what Microsoft are not doing, only they can put keys into the TPM.
Anyway, a normal keylogger is a hardware device, not a special boot sector. The modus operandi is:
1) Install hardware keylogger to capture password
2) Wait for a reboot
3) Confiscate whole machine and keylogger
4)...
5) Prosecute
If you could collect the entire incident energy of the sun over that area (say by being in orbit) you may be right, one or two thousand square miles doesn't sound unreasonable. But most of that energy is absorbed or reflected by the atmosphere before it hits ground level and of that only a small percentage of the remainder will be collected by any current or near future collector.
Based on that, current energy consumption (of about 20 Terawatts) needs closer to quarter of a million square miles of solar panels as has been calculated here.
The area actually needed is huge, but it is possible for current power and some future growth. You will notice, however, that the prediction on that page doesn't go even one human lifetime into the future, let alone the time periods that "renewables" are supposed to last.
If you want really long term there are two choices; fission and fusion. Fission of U-238 can be done now and known reserves are estimated to last of the order of 4 billion years, which is longer than the Earth will remain habitable without serious air conditioning. Before then they'll have to have solved the fusion problems else everyone gets a really good suntan.
Getting anywhere near a Type I civilisation using just solar power would devastate the environment. Doing it with just Earth based collectors wouldn't be reasonable; after all it's definition is (more or less) covering the entire surface of the world with solar cells. So you're talking about space borne solar power with beamed power back to the Earth. (It's very unreasonable to consider any significant portion of the population will move off this world to live in rabbit hutches elsewhere in the solar system.) The only beam based tools we have can't work at high power densities; they become cutting tools, so you still have to cover large areas with power collectors. Luckily this time you may be able to use the poles; but the environmental impact is still huge and will be destructive if you can't find some way to stop heat leakage.
But that's just the technical problem, you then have the political problem of 10 petawatts of laser energy pointed at your voters, or as the opposition will put it 10,000 terawatt frickin laser cannons.
The only reasonable way we know of to get to Type I levels is local fusion power, environmental damage does occur but it's limited to local areas where it can be repaired. The only problem is we don't have controllable fusion. But things are looking good, the plasma based methods will work eventually but we don't have the ability to sufficiently limit the search for the right detailed design so it's mostly trial and error. There are a few other methods too, sneaky low energy methods that have a low chance of ever working and various other, more promising, methods of confining small amounts of fuel at very high energies (laser, inertial, electrostatic and probably others I've missed) .
So yes we may have the technological capability to get to Type I right now, but only if you have a spare Earth to give us, otherwise we need fusion.
Some simple math... assume there are 10000 users (this is very low but let's assume), assume there is a 'contention ration' of 100:1, that means the connection from the ISP to the net is 100 DSLs. One percent of users can fill the ISP's internet link, sounds like they may be onto something here. But if we increase to 101 users each gets 99% of a DSL, Ahhhh, that's not a problem. How about 200 users, ie: 2%, trying to go flat out? Well they get only a 50% of a DSL each... that's still doesn't seem like a problem, after all the contention ratio only guarantees you get 1% of a DSL and 50% would still be 12Mb/s... we really do need very large percentages of users running flat out for it to be a problem.
And here I'm talking about a very low subscriber base, if there are more people for the same ratio the incremental addition of one person is that much lower so the chance of you getting the bandwidth you want is that much higher in the real world.
I suspect the real problems is two fold, firstly it isn't being properly shared, these ISPs are just used standard boxed routers with standard setup to try to run their decidedly non-standard networks; ie they're not sharing their ISP link between their customers but just relying on the default FIFO methods of a normal router. This fails the first time someone opens a second TCP/IP connection, even a simple 'round robin' between customer IPs would be better in their environment. The second is the old greed problem; they're using INSANE contention ratios, the 100:1 in my math is really poor; I suspect they're far worse.
So what's wrong with my math? If that 1% are allowed to use 50% then there's another 50% for the rest of us(them) to share. If I'm right there shouldn't be a problem. Sure if everybody is being charged the same the 99% might feel it's a little unfair; but the answer to that is simple too, charge the highest users extra and give it to the lowest users as a rebate next month. But of course the phone companies are far too greedy to do something like actually giving back money, even after they've got a month's interest from it.
The "windows registry" is a pretty good idea, one known place to store all the configuration information. One place to backup and restore all your settings. Easy, clean, trouble free...
Really crap implementation.
1. Completely unprotected in the event of a crash/power failure. NTFS logging only protects the file system metadata.
2. No way of cleaning up 'cruft' when an application is uninstalled because
3. The API tools are rubbish; regedit is worse for this than notepad is for INF files.
4. No way of adding metadata for the registry entries. With and text configuration files (including INF) people can and do add comments for every entry. Notepad lefts you add and modify these if you wish. Occasionally a special purpose editor will use special "comments" to format and limit the values that can be added to a key. The registry has none of this.
The windows registry could have been a good thing, ADM like files stored as metadata beside the tags could have provided a superb way of viewing, changing and understanding the configuration values. The data could have been stored in a true (mini) database with real ACID functionality.
But instead we have black sacks full of random rubbish all mixed together with the odd postit note for a label.
IPSec was designed as an add-on for IPv6 back in the '90's and backported to IPv4. Unfortunately, it wasn't one of the well tested parts of the standard with many years of experience behind it, instead it was a recognition than encryption would become more important, and hopefully ubiquitous.
But nothing has happened. Instead of becoming the normal way to encrypt data across the internet it's been sidelined to enterprise VPNs were it does quite well because of the very long protocol documentation it has. This is perfect for breaking the finger pointing crap that is so common in that environment. For general use encryption is still done at the application level.
I think the worst problem is the usual suspect: key distribution. There is no reasonable way of ensuring that the right key data gets to the right clients. Though I had hopes for DNSSEC...
But the problem here isn't that. The problem is the original expectation that ALL data would become encrypted. Because of this they inserted the encryption into the middle of the IP stack (a shim if you will) which sometimes converts TCP/IP packets into TCP/IPSec/IP packets without changing the IP addresses or routing or anything else. Because of this design decision the exact version/variant of the IPSec protocol HAS to exist in the kernel binary. You can't work around this.
Every other VPN solution does it the right way. Actually creating a Virtual Private Network Adaptor for a Virtual Private Network Wire onto a Virtual Private Network. So you actually have a visible private network and you can see the routing and you can enforce firewall rules (or reverse path rules).
What's more because of this every single one of them can easily be altered to work purely in userspace repurposing whatever virtual adaptor may be available on the platform be it PPP/SLIP/TAP or someone else's VPN adaptor. With this the horrific complexity that is IPSec can be avoided because you can run two versions of the VPN client on the same machine preserving compatibility by keeping old (put patched) versions of the software rather than creating a rats nest of compatibility hacks within the standard itself.
The end result, IPSec is avoided unless somebody "requires" this enterprisey solution AND will be paying for it.
What's so funny? I've got one of these and it works very well thankyou.
The marketing specs are: "Charge the battery panel under sunlight for 8 hours and it will last up to 5 hours". It normally takes longer than that to reach full charge but even a half charge is longer than an old torch.
IPv6 works pretty well with XP, there are quite a few sites already available over IPv6. A lot more are ready for IPv6 but don't enable it because about 0.1% of clients have broken IPv6 connections that look like they should work, but don't.
Of course, IPv4 won't be turned off for a VERY long time, I'd bet at least 20 years, probably longer.
To be honest, the only reason I eventually chopped in 2K for XP was that MS started shipping tools and SDKs that (arbitrarily) refused to install on 2K.
Me too, the same happened with Windows 9X and the same has already happened with versions of XP before SP3.
It's also slated to happen with the next version of MS-SQL which won't install on windows 2003 server, this has had me creating two new Virtual machines on a shiny new VM host machine one with Windows 2008 and one with Windows 2k because MS-SQL-2000 apparently doesn't work on Windows 2008.
It's depressing how much faster (and lighter) the Windows 2000 virtual machine is.
If you mean drivers for nasty bits of hardware bought from China (or similar) for half the cost they should be I'd agree with you. But I've used these machines as a testbed for various bits of "respectable" hardware and I've never seen a shortage of drivers. Sometimes they're labelled as Windows 2003 x64 drivers, but that's okay.
As for "KMCSP", I think that's the reason I have had problems with finding drivers for Windows 7.
BTW: I've never really got why malware would want to use a rootkit. Sure it looks neat but all it's really gonna do is maybe make it a little more expensive to clean up the infection. For the vast majority of users with infected machines it's not going to make it any more difficult to spot the infection; they don't notice extra processes or "unusual" files, they just notice the machine getting slow or their homepage getting redirected.
If you write your program as a "FastCGI" process it's running as a normal process that accepts tasks one at a time from the web server and sends the results back for the webserver to forward to the client. Your process keeps running so you don't have the overhead of continually restarting your web program that you get with plain CGI.
It is, in theory, possible to have a FastCGI server using a shell script. But pointless because FastCGI is supposed to be used to eliminate cost of starting of processes. Otherwise any language that makes normal executable program can be used, if a library exists or you write something following the (pretty simple) documentation, but for really limited languages you may need a wrapper.
Once you're writing your own persistent program in your own choice of language to service the requests the rest is supposed to be easy.:-)
Actually no, it's a political (money) failure. The problem with those reactors is that they're very very old and haven't been kept up to date with (probably expensive) safety features.
Those reactors require an active, powered, cooling system to be able to shut down cleanly, this hasn't been true of modern designs for decades. A fully modern design can safely use purely passive cooling to go from maximum generating capacity to cold.
However, there are a great many 'overaged' plants still running. The thing is these plants should be fitted with a passive shutdown (or instant shutdown) system by now. For example the AGC reactor design common with UK nuclear generation has a similar problem.
It takes a long time to shutdown properly and while it doesn't need external power it does need a working cooling system.
The problem is solved for the AGC reactors, small 'boron balls' can be used to 'poison' the reactions and permanently shutdown the reactor; however, these balls will get everywhere and be almost impossible to get out so if it's ever shutdown using this it'll never be reactivated.
So we have an expensive addition that will never be used guess what.
I don't see either WiFI or Cellular dying out in favour of the other for a long time. Mainly because physically the technologies are so similar to each other that they feed off each other so any advancement in one can usually be applied to the other.
The problem you are seeing is that the WiFi is being used as a "freeish" service. They tried doing it as a free service; but as soon as somebody hit them with a bittorrent (or similar) the performance went into the toilet for everyone else. They needed a zero maintenance solution to this problem so they're trying to exclude people who make a nuisance of themselves by limiting the people that can connect to 'good customers'.
In reality they don't care how it works, they just don't want it to become a source of complaints. That's why, IMO, the correct solution is a "traffic shaping" WiFi router. So that every host (within range) gets a "fair share" of the bandwidth, if someone starts up a bittorrent their connectivity may go down the toilet but everyone else will still be running fine; ie if there are 5 people trying to download at one moment (one of them using bittorrent) they still all get one fifth of the connection. What's more such a router can put other other simple limitations on, eg: port 80 (http) gets more bandwidth other ports.
The reason I think this is a reasonable solution is that the tools are already implemented in Linux, the OS that already runs many of these WiFi routers. All that's needed is for this facility to be exposed in the web interface of the router and turned on.
Slashdot Mirror
What about half size porn dolls ...
Several, and it takes a fraction of a second to wipe the encrypted copies of the physical disk key (as opposed to the logical password you entered). Of course it doesn't help, as the cops are supposed to have imaged your drive before they let you anywhere near it.
I suspect the best bet would be a PC which needs a special USB key to boot. Leave it turned on but make sure it has an earthquake (tilt!) sensor so it will 'properly' shutdown when it gets stolen. You can probably also arrange things so that it only needs the key if it's shutdown by the sensor or a crash/power cut.
Now all you have to work out is what to do with the USB key.
That's why they hate censorship, they see exactly what the problem is. The war is still in living memory, including the horror of realising later what actually happened to friends and neighbours. They've seen personally what censorship can hide. The Index is seen as different, a way of hiding the obscenity or shame, a way of highlighting the feeling of never again!
Now Godwin this shit.
It appears from the ticket that they've forgotten about their plausible deniability requirement. The FBI are basically claiming they knew full well what was on the site and actively search their machines for infringing content which they KEPT.
That looks like the core; the rest (including the money laundering) looks like wishful thinking to me, but they may manage to make it stick.
Oh and the phrase "mega conspiracy" sounds like a very unprofessional way to refer to the defendants.
You better get switching then, IPv6 NAT an exact duplicate of the IPv4 support in linux has been added
Personally I don't see why you should want to put everything behind a single address, everything on one machine would make you look like a more promising target. But I will like having the transparent proxy support. That way I'm on MORE machines and "they" attack the wrong one.
The trust is in the infrastructure around the system. The fact that they will try very hard to ensure that nothing is signed that will allow the boot to be broken.
The Signed drivers are enforced by the fact that an OS that is able to load unsigned drivers WONT BE SIGNED. If your company "maliciously deceives" Microsoft into signing your generic loader you won't get anything else signed.
This signing scheme can and does work in the simple case; In the case of Microsoft's Gigabytes of cruft there will be holes large enough to drive a cruse liner through but it won't stop it being a serious pain in the ass and requiring Windows to be installed and running on every machine.
Probably not grub. But a public domain MBR loader would be simple to arrange and perfect for breaking the trust chain in a safe and verifiable way. Basically it would be small enough to be distributed as a hex dump like below and someone who can use a disassembler can check it all in a few minutes.
I think I might get a teeshirt printed ...
Geeeze, you lot!
Okay, firstly Enry (630!) the switch from address classes to CIDR actually became the problem. It caused a tremendous blow up in the size of the routing tables. IPv6 is a switch back away from CIDR, not all the way to classful but far enough to control the size of the tables at the cost of 'address overallocation'. Allocating each IPv4/32 independently would have required something like a 30GB routing table compared to the current IPv4 of quite a few megabytes and the IPv6 of tens of kilobytes.
This means that a /64 is the smallest network that will be allocated, as it contains 2^64 host addresses it's big enough for any private network. /64 subnets when you connect to them. The first has just TWO hosts on it XXX::1/128 for their end of the tunnel and XXX::2/128 for your end. The second subnet XXY::/64 is for your internal network and is to be allocated to the machine's (second) ethernet connector and all the hosts "on the same wire". HE will allocate up to 5 pairs of in this fashion but if you have a more complicated network they are eager to allocate you a /48 (with 65536 networks on it) rather than the second /64.
Now, for the rest of the comment chain: Hurricane Electric are allocating TWO
Note, nothing stops you doing CIDR on your single /64 and all it really means is that you have to use DHCP6 and cannot use the privacy extensions. Also CIDR is a reasonable way of subdividing a /48, but CIDR has been ruled out for the global internet until such time (if ever) that addresses start getting scarce again.
Oh, and if you want another scary number; 4294967296 IPv6 /48 networks were allocated a while back to "6to4"; that is 65536 networks to every single IPv4 address. That many were allocated only because you need one /64 for each internal network and a /128 on a different /64 to configure the tunnel adapter properly.
"They" didn't have any bugs; I'm talking of (Google, Bing, facebook etc) what they did last year was turn on ipv6 for a day in the hope that you'd fix any problems with your equipment.
In June they'll be throwing the switch, you will only have problems if you have a broken IPv6 setup. If you have either working IPv6 or NO ipv6 you'll be fine.
You can check for yourself again on the test site.
Because they weren't really spreading it as such they were just "catering to existing demand". So unlike the newsies they were just making money off the movement without returning anything of value. I expect Dr King's preferred result would have been for 20'C Fox to give some royalties to the cause, but I would further guess that they were too chicken.
UEFI secure boot does.
No it doesn't, not on it's own. But it does make it more expensive because you have to replace the tamper proof pieces too. ie: give it a new motherboard with a fake TPM.
TPM is a method of 'amplifying' a small tamper proof device so that the rest of the machine becomes cryptographically tamper proof. But if you need to add the ability to secure the encryption keys for the hard disk part of the dm-crypt key must be stored in the tamper proof device. This key piece MUST be a true random number (a private key) so that it only exists in the original TPM, if the tamper proof device is replaced the key cannot be. That way if the mobo is replaced the HDD won't boot.
This is exactly what Microsoft are not doing, only they can put keys into the TPM.
Anyway, a normal keylogger is a hardware device, not a special boot sector. The modus operandi is: ...
1) Install hardware keylogger to capture password
2) Wait for a reboot
3) Confiscate whole machine and keylogger
4)
5) Prosecute
If you could collect the entire incident energy of the sun over that area (say by being in orbit) you may be right, one or two thousand square miles doesn't sound unreasonable. But most of that energy is absorbed or reflected by the atmosphere before it hits ground level and of that only a small percentage of the remainder will be collected by any current or near future collector.
Based on that, current energy consumption (of about 20 Terawatts) needs closer to quarter of a million square miles of solar panels as has been calculated here.
The area actually needed is huge, but it is possible for current power and some future growth. You will notice, however, that the prediction on that page doesn't go even one human lifetime into the future, let alone the time periods that "renewables" are supposed to last.
If you want really long term there are two choices; fission and fusion. Fission of U-238 can be done now and known reserves are estimated to last of the order of 4 billion years, which is longer than the Earth will remain habitable without serious air conditioning. Before then they'll have to have solved the fusion problems else everyone gets a really good suntan.
Getting anywhere near a Type I civilisation using just solar power would devastate the environment. Doing it with just Earth based collectors wouldn't be reasonable; after all it's definition is (more or less) covering the entire surface of the world with solar cells. So you're talking about space borne solar power with beamed power back to the Earth. (It's very unreasonable to consider any significant portion of the population will move off this world to live in rabbit hutches elsewhere in the solar system.) The only beam based tools we have can't work at high power densities; they become cutting tools, so you still have to cover large areas with power collectors. Luckily this time you may be able to use the poles; but the environmental impact is still huge and will be destructive if you can't find some way to stop heat leakage.
But that's just the technical problem, you then have the political problem of 10 petawatts of laser energy pointed at your voters, or as the opposition will put it 10,000 terawatt frickin laser cannons.
The only reasonable way we know of to get to Type I levels is local fusion power, environmental damage does occur but it's limited to local areas where it can be repaired. The only problem is we don't have controllable fusion. But things are looking good, the plasma based methods will work eventually but we don't have the ability to sufficiently limit the search for the right detailed design so it's mostly trial and error. There are a few other methods too, sneaky low energy methods that have a low chance of ever working and various other, more promising, methods of confining small amounts of fuel at very high energies (laser, inertial, electrostatic and probably others I've missed) .
So yes we may have the technological capability to get to Type I right now, but only if you have a spare Earth to give us, otherwise we need fusion.
So why is this even allowed to be a problem?
Some simple math ... assume there are 10000 users (this is very low but let's assume), assume there is a 'contention ration' of 100:1, that means the connection from the ISP to the net is 100 DSLs. One percent of users can fill the ISP's internet link, sounds like they may be onto something here. But if we increase to 101 users each gets 99% of a DSL, Ahhhh, that's not a problem. How about 200 users, ie: 2%, trying to go flat out? Well they get only a 50% of a DSL each ... that's still doesn't seem like a problem, after all the contention ratio only guarantees you get 1% of a DSL and 50% would still be 12Mb/s ... we really do need very large percentages of users running flat out for it to be a problem.
And here I'm talking about a very low subscriber base, if there are more people for the same ratio the incremental addition of one person is that much lower so the chance of you getting the bandwidth you want is that much higher in the real world.
I suspect the real problems is two fold, firstly it isn't being properly shared, these ISPs are just used standard boxed routers with standard setup to try to run their decidedly non-standard networks; ie they're not sharing their ISP link between their customers but just relying on the default FIFO methods of a normal router. This fails the first time someone opens a second TCP/IP connection, even a simple 'round robin' between customer IPs would be better in their environment. The second is the old greed problem; they're using INSANE contention ratios, the 100:1 in my math is really poor; I suspect they're far worse.
So what's wrong with my math? If that 1% are allowed to use 50% then there's another 50% for the rest of us(them) to share. If I'm right there shouldn't be a problem. Sure if everybody is being charged the same the 99% might feel it's a little unfair; but the answer to that is simple too, charge the highest users extra and give it to the lowest users as a rebate next month. But of course the phone companies are far too greedy to do something like actually giving back money, even after they've got a month's interest from it.
The "windows registry" is a pretty good idea, one known place to store all the configuration information. One place to backup and restore all your settings. Easy, clean, trouble free...
Really crap implementation.
The windows registry could have been a good thing, ADM like files stored as metadata beside the tags could have provided a superb way of viewing, changing and understanding the configuration values. The data could have been stored in a true (mini) database with real ACID functionality.
But instead we have black sacks full of random rubbish all mixed together with the odd postit note for a label.
Half a job Bill strikes again!
IPSec was designed as an add-on for IPv6 back in the '90's and backported to IPv4. Unfortunately, it wasn't one of the well tested parts of the standard with many years of experience behind it, instead it was a recognition than encryption would become more important, and hopefully ubiquitous.
But nothing has happened. Instead of becoming the normal way to encrypt data across the internet it's been sidelined to enterprise VPNs were it does quite well because of the very long protocol documentation it has. This is perfect for breaking the finger pointing crap that is so common in that environment. For general use encryption is still done at the application level.
I think the worst problem is the usual suspect: key distribution. There is no reasonable way of ensuring that the right key data gets to the right clients. Though I had hopes for DNSSEC...
But the problem here isn't that. The problem is the original expectation that ALL data would become encrypted. Because of this they inserted the encryption into the middle of the IP stack (a shim if you will) which sometimes converts TCP/IP packets into TCP/IPSec/IP packets without changing the IP addresses or routing or anything else. Because of this design decision the exact version/variant of the IPSec protocol HAS to exist in the kernel binary. You can't work around this.
Every other VPN solution does it the right way. Actually creating a Virtual Private Network Adaptor for a Virtual Private Network Wire onto a Virtual Private Network. So you actually have a visible private network and you can see the routing and you can enforce firewall rules (or reverse path rules). What's more because of this every single one of them can easily be altered to work purely in userspace repurposing whatever virtual adaptor may be available on the platform be it PPP/SLIP/TAP or someone else's VPN adaptor. With this the horrific complexity that is IPSec can be avoided because you can run two versions of the VPN client on the same machine preserving compatibility by keeping old (put patched) versions of the software rather than creating a rats nest of compatibility hacks within the standard itself.
The end result, IPSec is avoided unless somebody "requires" this enterprisey solution AND will be paying for it.
What's so funny? I've got one of these and it works very well thankyou.
The marketing specs are: "Charge the battery panel under sunlight for 8 hours and it will last up to 5 hours". It normally takes longer than that to reach full charge but even a half charge is longer than an old torch.
Try it, with a tunnel.
IPv6 works pretty well with XP, there are quite a few sites already available over IPv6. A lot more are ready for IPv6 but don't enable it because about 0.1% of clients have broken IPv6 connections that look like they should work, but don't.
Of course, IPv4 won't be turned off for a VERY long time, I'd bet at least 20 years, probably longer.
Ah, yes, there are some things that Microsoft get better at.
To be honest, the only reason I eventually chopped in 2K for XP was that MS started shipping tools and SDKs that (arbitrarily) refused to install on 2K.
Me too, the same happened with Windows 9X and the same has already happened with versions of XP before SP3.
It's also slated to happen with the next version of MS-SQL which won't install on windows 2003 server, this has had me creating two new Virtual machines on a shiny new VM host machine one with Windows 2008 and one with Windows 2k because MS-SQL-2000 apparently doesn't work on Windows 2008.
It's depressing how much faster (and lighter) the Windows 2000 virtual machine is.
If you mean drivers for nasty bits of hardware bought from China (or similar) for half the cost they should be I'd agree with you. But I've used these machines as a testbed for various bits of "respectable" hardware and I've never seen a shortage of drivers. Sometimes they're labelled as Windows 2003 x64 drivers, but that's okay.
As for "KMCSP", I think that's the reason I have had problems with finding drivers for Windows 7.
BTW: I've never really got why malware would want to use a rootkit. Sure it looks neat but all it's really gonna do is maybe make it a little more expensive to clean up the infection. For the vast majority of users with infected machines it's not going to make it any more difficult to spot the infection; they don't notice extra processes or "unusual" files, they just notice the machine getting slow or their homepage getting redirected.
What's wrong with 64bit XP? I use it every day. I need to run some Microsoft programs that only work on XP.
Only problem I've seen is that some installers seem to think it's Windows server 2003 not Windows XP.
If you write your program as a "FastCGI" process it's running as a normal process that accepts tasks one at a time from the web server and sends the results back for the webserver to forward to the client. Your process keeps running so you don't have the overhead of continually restarting your web program that you get with plain CGI.
It is, in theory, possible to have a FastCGI server using a shell script. But pointless because FastCGI is supposed to be used to eliminate cost of starting of processes. Otherwise any language that makes normal executable program can be used, if a library exists or you write something following the (pretty simple) documentation, but for really limited languages you may need a wrapper.
Once you're writing your own persistent program in your own choice of language to service the requests the rest is supposed to be easy. :-)
Actually no, it's a political (money) failure. The problem with those reactors is that they're very very old and haven't been kept up to date with (probably expensive) safety features.
Those reactors require an active, powered, cooling system to be able to shut down cleanly, this hasn't been true of modern designs for decades. A fully modern design can safely use purely passive cooling to go from maximum generating capacity to cold.
However, there are a great many 'overaged' plants still running. The thing is these plants should be fitted with a passive shutdown (or instant shutdown) system by now. For example the AGC reactor design common with UK nuclear generation has a similar problem. It takes a long time to shutdown properly and while it doesn't need external power it does need a working cooling system.
The problem is solved for the AGC reactors, small 'boron balls' can be used to 'poison' the reactions and permanently shutdown the reactor; however, these balls will get everywhere and be almost impossible to get out so if it's ever shutdown using this it'll never be reactivated.
So we have an expensive addition that will never be used guess what.
I don't see either WiFI or Cellular dying out in favour of the other for a long time. Mainly because physically the technologies are so similar to each other that they feed off each other so any advancement in one can usually be applied to the other.
The problem you are seeing is that the WiFi is being used as a "freeish" service. They tried doing it as a free service; but as soon as somebody hit them with a bittorrent (or similar) the performance went into the toilet for everyone else. They needed a zero maintenance solution to this problem so they're trying to exclude people who make a nuisance of themselves by limiting the people that can connect to 'good customers'.
In reality they don't care how it works, they just don't want it to become a source of complaints. That's why, IMO, the correct solution is a "traffic shaping" WiFi router. So that every host (within range) gets a "fair share" of the bandwidth, if someone starts up a bittorrent their connectivity may go down the toilet but everyone else will still be running fine; ie if there are 5 people trying to download at one moment (one of them using bittorrent) they still all get one fifth of the connection. What's more such a router can put other other simple limitations on, eg: port 80 (http) gets more bandwidth other ports.
The reason I think this is a reasonable solution is that the tools are already implemented in Linux, the OS that already runs many of these WiFi routers. All that's needed is for this facility to be exposed in the web interface of the router and turned on.