I agree with you that 64 bits for the address would have been a more sensible choice.
But I think the worst decision of all is that there has been no provision made for compatability between IPv6 and IPv4. It should have been done in such a way that an IPv6 client can communicate with an IPv4 server, possibly via some service in a router that translates the addresses (which operates just like a NAT router).
Preferably, an IPv4 client would also be capable of communicating with selected IPv6 servers that are in some part of the address space and/or have been configured to be reachable via another translation service.
This would make it possible to rollout IPv6 without confronting the early adopters with only disadvantages, as it is now.
This situation differs for different markets. Here in the Netherlands all DSL providers assign fixed addresses. Most networks use PPPoA where you get your address assigned automatically by the PPP negotiation, but the address is written in your welcome letter and will only change when there is a technical need.
Cable providers originally assigned variable addresses, but faced with the ADSL competition most have moved to de-facto-fixed addresses (you still get your address via DHCP but it will always be the same).
There is no extra charge for all of this. Extra charges only apply when you want additional addresses (when that is even possible on that network).
Apple completely rewrote the boot sequence for 10.4
But probably only because people made comparisons like the above... Linux developers have also incorporated may startup sequence improvements after people put the XP boottimes under their nose.
Economy in its current form is another threat to the world, but that should not be confused with terrorism.
On the other hand, the whole idea that America is the engine of the world economy and that economy is about domination of the lesser party is a large contributing factor to the current acts of terrorism against "powerful" countries.
Those "powerful" countries should realize that they have to share, not dominate. After all, there is no reason why people in other countries should have no right to have a reasonable standard of living. Even if they did not have it in the recent past.
The whole idea of economy as something that is only good when it is growing and when money is flowing towards your own country is something that, at a world-wide view, is doomed to fail. Either we run out of energy or other natural resources, or some countries flourish and other starve. When you consider that a good thing, don't be astonished when some people start to bomb that system out of existence.
Presidents that work for terrorists
on
Google Terror Threat
·
· Score: 4, Insightful
The worst presidents (and other heads of governments) are those that continuously state that terrorists are a threat, and that everything that could possibly help a terrorist has to be taken down.
Terrorism is about threat, and continously emphasising that threat is only helping the terrorists.
with most of those differences being no more onerous to the typical user than the differences between Windows 2000 and Windows XP
The problem is not the differences for the typical user. At least not the immediate problem. The big problem is that the large number of different distributions makes it difficult for application builders to release something that will "work on Linux". They cannot write simple instructions like "insert the CD, double-click the my computer icon, double-click the CD icon, then click on our setup program" because such procedures are widely different between Linux distributions. And even once they get past that, they still face differences in directory structure, and other environmental issues.
This is a major factor holding back Linux deployment on the typical user's PC. Denying that is a wellknown standpoint of Linux techies, but is not going to bring us wide depoyment. (which usually is just what those people want)
You may think that the Netherlands is a free country, but we have had laws like that for years here. Every company providing public communication has to be able to tap all traffic on demand. This not only includes fixed telephone lines, but also mobile (including location of the mobile set), Internet, etc.
The number of active taps per capita here is amongst the highest in the world. And the consumer is paying for all this, as the cost compensation given to the companies is not nearly covering the real cost of making these taps.
Furthermore, tapping is addictive. Now that the secret service has so many taps running, they start to see that it would be even better when everything is tapped and kept, so that after-the-crime analysis of data can be done as well.
Current law proposals are moving in this direction. Call records, mobile position data, Internet logs etc have to be kept longer and be made available on request. This is of course only an intermediate step. Once this is implemented, it is found that even more information could be gained from the actual traffic, and the next requirement is to record all phone conversations and keep them for half a year. And to capture all Internet data sent to and from customers.
Worst of all is that we are part of the EU. Politicians abuse the EU for a kind of ping-pong game where they first draft up some idiotic idea, then discuss it (behind closed doors) with fellow politicians in other EU countries, a few countries implement the same idea, and then they report back in their own country that the new laws have to be passed for harmonisation within the EU.
In the first phase, any protest is waved away with "it is too early to discuss it, too early to protest, we are still drafting it and negotiating with EU partners" and then after some time (and a behind-closed-doors decision in the EU), the stance is changed to "we cannot turn this back, we are mandated by the EU to implement these laws, no need to protest because we are not making the decision".
This nearly went wrong with software patents, and now the same risk occurs with extended tapping of all telephone and internet traffic.
What amazes me most is that todays politicians are so easily being abused by terrorists. Terrorism is achieving its goals using threat, and politicians easily play their game of threat amplification. Without having to actually perform any attacks, they move the entire free world to break down their free societies and destroy all the values they were so proud of a decade ago. That seems like a bigger victory than blowing up some building.
Catching them is not worth much over here. It has happened before that gangs of computer criminals were arrested and then later let go because of "lack of evidence". (e.g. it was proven that the offense was made via an internet connection in a certain house, the inhabitants were arrested, but there was no way to prove that those inhabitants, and which of them, made the offense)
The "included pre-installed Windows" is not going to yield you a Windows license laying around in case you need one! The license is only for that pre-install on that box.
I have been running multiple apache instances on older versions, and it was just a matter of copying that directory, change all path references in it, make extra log directory, and copy the startup script (modifying the reference to the config directory). It works fine, but you should not use the "rcapache2 restart" etc commands, because they do not expect multiple servers. Just reload the right server by kill command.
A large bank here has used this system for over a decade, but still was attacked by phishers. They simply requested "the next three numbers to be typed in" on their fake site.
Well, it seems the world and its idea of freedom is changing... Before, when you were a normal citizen in a "free" country you had nothing to worry about. Now, laws are proposed to keep all Internet traffic data for each citizen in the country, keep the location data for his mobile phone, photograph license plates at strategic points and keep that data. Each buyer of recordable media is pre-assumed to be using it to record copyrighted material and charged with a levy.
From an "innocent until proven guilty" we are quickly moving into a "suspect until proven innocent" society. In this environment it is best not to keep data on your disks that is no longer relevant to you. It might be used as evidence in whatever case. Even browser cache files that happen to contain illegal material can be used as additional evidence indicating "he is looking at illegal material for some reason".
An encrypted filesystem does nothing whatsoever w.r.t. erasing deleted data. My filesystem is already encrypted. Do you think that makes any difference when analyzing the loop device on which it resides at the block level?
Encrypted swap would be similarly affected. Encryption serves a different purpose than destruction.
Well, since Reiserfs doesn't do what you want, why not switch?
Because Reiserfs is a very good filesystem.
Or consider adding the support you DO want to Reiserfs?
Before I consider adding something, I always investigate if that same thing already exists. When googling does not yield anything obvious, discussing on some forum may help.
What do you think fsck does?
fsAUUCck is not supposed to run on a live filesystem. when you do that, you are considered insane.
What you really seem to want is an encrypted block device.
The block device is already encrypted for the filesystem. As you may know, this offers little protection when the system is investigated before being shut down, or when you are forced to provide the key.
SuSE does not support encrypted swap by default. I could add this by fiddling a bit with their startup scripts, but I have not done that yet. Indeed, it would be possible to swap to a device with a random key generated at boot. However, this still leaves the analysis possibility as long as the system has not been shut down.
You should try to run "cat (swapdevice) | strings | less" for fun.
(Useless Use of Cat Award alert: this is not a useless use of cat)
- it would take a very long time to write over all the hundreds of free gigabytes on this 1TB system, while it would be sufficient to write only over the blocks that once belonged to files and are now free - at the moment the dd hits a full filesystem, random things may happen to other processes running on the system (disk full conditions are typically badly handled in Linux programs)
Also, as remarked, it would be better to use zero blocks. I have tried the above on my swapspace once, and it was apparent that the rate of output from/dev/urandom was only 10-20% of the sustained write rate of the disks. I.e. using/dev/urandom made it 5-10 times slower than using/dev/zero.
This is somewhat like what I mean, but: - I use Reiserfs, not ext2fs - I'm not that paranoid that I want immediate zeroing at remove time. for me it would be "good enough" when the overwriting is done in the background and at low priority.
Also I do not like the idea of a user process directly accessing the FS. Probably good enough for a virtual machine environment where you can stop the machine and run the program, but this is for a live filesystem.
Up to now, I have not found anything that really does what I want...
For swap, it would be possible to zero it on boot and shutdown, but it takes a bit too long on my 2GB swap, and also it would not help against forensic analyzers who are careful not to boot the system.
That is why I prefer some background service in the system that does the erasing when the disk is idle, instead of for each remove request. The freed blocks would be put in a destruction queue to be overwritten when convenient, and the system can continue operation. When a diskblock has to be allocated and will be overwritten anyway, the system could use a block from that destruction queue and it would not need to be overwritten.
Doesn't such a filesystem store all data semi-permanently, even the data you no longer want? When I delete a file, maybe I want it to be nonrecoverable.
It would be nice to have a feature in the system that automatically wipes deleted files. While I have found utilities that wipe files by overwriting them with different passes of varying data, this may not work at all in a journalling filesystem where a rewrite of a file not necessarily stores the datablocks in the same location. It also does not work when you forget to wipe the file before deleting, or for temporary files that are deleted without user action.
What I would like to see is some daemon process or kernel thread that securely erases all files that have been deleted (or truncated) through the normal system calls. Probably you would want to have it configurable to write only zeroes or write that DOD-certified series of patters for the really paranoid. And maybe some configurable priority for the overwrites (only do it when the disk is really idle, or perform the overwrites with some urgency). Blocks from files being deleted by the filesystem would be handed over to this daemon to be securely erased at a convenient time.
Same for swapspace. Blocks from processes that have exited or that have been swapped back in and subsequently modified in memory would be erased.
The whole principle of the detector is that it is not possible to clean it sufficiently... If that were possible, the terrorists could clean their stuff before having it checked.
The point is not that the user abuses the tool, but that the tool is badly constructed.
When you buy a hammer, you hammer in some nail, and the hammerhead flies off and kills your cat, the hammer company has something to do with that. It has to make sure that the head remains attached under normal circumstances.
Software companies get away with denying such responsibility. Until now, that is.
The solution is simple: sell the phone for the realistic price. To allow everyone to own one, offer a postponed payment scheme (essentially a loan). Add a network subscription separately. Now everyone can switch to a different provider at will. Of course they are still obliged to payoff their loan.
Slashdot Mirror
I agree with you that 64 bits for the address would have been a more sensible choice.
But I think the worst decision of all is that there has been no provision made for compatability between IPv6 and IPv4.
It should have been done in such a way that an IPv6 client can communicate with an IPv4 server, possibly via some service in a router that translates the addresses (which operates just like a NAT router).
Preferably, an IPv4 client would also be capable of communicating with selected IPv6 servers that are in some part of the address space and/or have been configured to be reachable via another translation service.
This would make it possible to rollout IPv6 without confronting the early adopters with only disadvantages, as it is now.
This situation differs for different markets.
Here in the Netherlands all DSL providers assign fixed addresses. Most networks use PPPoA where you get your address assigned automatically by the PPP negotiation, but the address is written in your welcome letter and will only change when there is a technical need.
Cable providers originally assigned variable addresses, but faced with the ADSL competition most have moved to de-facto-fixed addresses (you still get your address via DHCP but it will always be the same).
There is no extra charge for all of this. Extra charges only apply when you want additional addresses (when that is even possible on that network).
Multicast has existed as a feature of IPv4 for a very long time, yet "nobody" uses it. Because ISPs don't make it available to their customers.
I don't see why IPv6 would change that. When Multicast is desired, it can be setup in IPv4 as well.
You are wrong on v6/v4 compatability.
When you give your customers only IPv6, all they can access is IPv6 services.
This is the single biggest design problem in IPv6: it cannot communicate with IPv4 systems.
That is what is holding back its adoption.
It is not even routed!
Apparently it is their equivalent of network 10.
Take back and re-allocate.
Apple completely rewrote the boot sequence for 10.4
But probably only because people made comparisons like the above...
Linux developers have also incorporated may startup sequence improvements after people put the XP boottimes under their nose.
Economy in its current form is another threat to the world, but that should not be confused with terrorism.
On the other hand, the whole idea that America is the engine of the world economy and that economy is about domination of the lesser party is a large contributing factor to the current acts of terrorism against "powerful" countries.
Those "powerful" countries should realize that they have to share, not dominate.
After all, there is no reason why people in other countries should have no right to have a reasonable standard of living. Even if they did not have it in the recent past.
The whole idea of economy as something that is only good when it is growing and when money is flowing towards your own country is something that, at a world-wide view, is doomed to fail. Either we run out of energy or other natural resources, or some countries flourish and other starve.
When you consider that a good thing, don't be astonished when some people start to bomb that system out of existence.
The worst presidents (and other heads of governments) are those that continuously state that terrorists are a threat, and that everything that could possibly help a terrorist has to be taken down.
Terrorism is about threat, and continously emphasising that threat is only helping the terrorists.
with most of those differences being no more onerous to the typical user than the differences between Windows 2000 and Windows XP
The problem is not the differences for the typical user. At least not the immediate problem.
The big problem is that the large number of different distributions makes it difficult for application builders to release something that will "work on Linux". They cannot write simple instructions like "insert the CD, double-click the my computer icon, double-click the CD icon, then click on our setup program" because such procedures are widely different between Linux distributions.
And even once they get past that, they still face differences in directory structure, and other environmental issues.
This is a major factor holding back Linux deployment on the typical user's PC.
Denying that is a wellknown standpoint of Linux techies, but is not going to bring us wide depoyment.
(which usually is just what those people want)
You may think that the Netherlands is a free country, but we have had laws like that for years here.
Every company providing public communication has to be able to tap all traffic on demand. This not only includes fixed telephone lines, but also mobile (including location of the mobile set), Internet, etc.
The number of active taps per capita here is amongst the highest in the world. And the consumer is paying for all this, as the cost compensation given to the companies is not nearly covering the real cost of making these taps.
Furthermore, tapping is addictive. Now that the secret service has so many taps running, they start to see that it would be even better when everything is tapped and kept, so that after-the-crime analysis of data can be done as well.
Current law proposals are moving in this direction. Call records, mobile position data, Internet logs etc have to be kept longer and be made available on request.
This is of course only an intermediate step. Once this is implemented, it is found that even more information could be gained from the actual traffic, and the next requirement is to record all phone conversations and keep them for half a year. And to capture all Internet data sent to and from customers.
Worst of all is that we are part of the EU. Politicians abuse the EU for a kind of ping-pong game where they first draft up some idiotic idea, then discuss it (behind closed doors) with fellow politicians in other EU countries, a few countries implement the same idea, and then they report back in their own country that the new laws have to be passed for harmonisation within the EU.
In the first phase, any protest is waved away with "it is too early to discuss it, too early to protest, we are still drafting it and negotiating with EU partners" and then after some time (and a behind-closed-doors decision in the EU), the stance is changed to "we cannot turn this back, we are mandated by the EU to implement these laws, no need to protest because we are not making the decision".
This nearly went wrong with software patents, and now the same risk occurs with extended tapping of all telephone and internet traffic.
What amazes me most is that todays politicians are so easily being abused by terrorists.
Terrorism is achieving its goals using threat, and politicians easily play their game of threat amplification. Without having to actually perform any attacks, they move the entire free world to break down their free societies and destroy all the values they were so proud of a decade ago.
That seems like a bigger victory than blowing up some building.
Catching them is not worth much over here.
It has happened before that gangs of computer criminals were arrested and then later let go because of "lack of evidence".
(e.g. it was proven that the offense was made via an internet connection in a certain house, the inhabitants were arrested, but there was no way to prove that those inhabitants, and which of them, made the offense)
The "included pre-installed Windows" is not going to yield you a Windows license laying around in case you need one!
The license is only for that pre-install on that box.
I have been running multiple apache instances on older versions, and it was just a matter of copying that directory, change all path references in it, make extra log directory, and copy the startup script (modifying the reference to the config directory).
It works fine, but you should not use the "rcapache2 restart" etc commands, because they do not expect multiple servers. Just reload the right server by kill command.
A large bank here has used this system for over a decade, but still was attacked by phishers.
They simply requested "the next three numbers to be typed in" on their fake site.
Well, it seems the world and its idea of freedom is changing...
Before, when you were a normal citizen in a "free" country you had nothing to worry about.
Now, laws are proposed to keep all Internet traffic data for each citizen in the country, keep the location data for his mobile phone, photograph license plates at strategic points and keep that data.
Each buyer of recordable media is pre-assumed to be using it to record copyrighted material and charged with a levy.
From an "innocent until proven guilty" we are quickly moving into a "suspect until proven innocent" society.
In this environment it is best not to keep data on your disks that is no longer relevant to you.
It might be used as evidence in whatever case. Even browser cache files that happen to contain illegal material can be used as additional evidence indicating "he is looking at illegal material for some reason".
So it is better to erase it. You never know.
An encrypted filesystem does nothing whatsoever w.r.t. erasing deleted data.
My filesystem is already encrypted. Do you think that makes any difference when analyzing the loop device on which it resides at the block level?
Encrypted swap would be similarly affected.
Encryption serves a different purpose than destruction.
Well, since Reiserfs doesn't do what you want, why not switch?
Because Reiserfs is a very good filesystem.
Or consider adding the support you DO want to Reiserfs?
Before I consider adding something, I always investigate if that same thing already exists.
When googling does not yield anything obvious, discussing on some forum may help.
What do you think fsck does?
fsAUUCck is not supposed to run on a live filesystem. when you do that, you are considered insane.
What you really seem to want is an encrypted block device.
The block device is already encrypted for the filesystem. As you may know, this offers little protection when the system is investigated before being shut down, or when you are forced to provide the key.
SuSE does not support encrypted swap by default. I could add this by fiddling a bit with their startup scripts, but I have not done that yet. Indeed, it would be possible to swap to a device with a random key generated at boot.
However, this still leaves the analysis possibility as long as the system has not been shut down.
You should try to run "cat (swapdevice) | strings | less" for fun.
(Useless Use of Cat Award alert: this is not a useless use of cat)
It would work, but it has two problems:
/dev/urandom was only 10-20% of the sustained write rate of the disks. I.e. using /dev/urandom made it 5-10 times slower than using /dev/zero.
- it would take a very long time to write over all the hundreds of free gigabytes on this 1TB system, while it would be sufficient to write only over the blocks that once belonged to files and are now free
- at the moment the dd hits a full filesystem, random things may happen to other processes running on the system (disk full conditions are typically badly handled in Linux programs)
Also, as remarked, it would be better to use zero blocks. I have tried the above on my swapspace once, and it was apparent that the rate of output from
This is somewhat like what I mean, but:
- I use Reiserfs, not ext2fs
- I'm not that paranoid that I want immediate zeroing at remove time. for me it would be "good enough" when the overwriting is done in the background and at low priority.
Also I do not like the idea of a user process directly accessing the FS. Probably good enough for a virtual machine environment where you can stop the machine and run the program, but this is for a live filesystem.
Up to now, I have not found anything that really does what I want...
For swap, it would be possible to zero it on boot and shutdown, but it takes a bit too long on my 2GB swap, and also it would not help against forensic analyzers who are careful not to boot the system.
That is why I prefer some background service in the system that does the erasing when the disk is idle, instead of for each remove request. The freed blocks would be put in a destruction queue to be overwritten when convenient, and the system can continue operation.
When a diskblock has to be allocated and will be overwritten anyway, the system could use a block from that destruction queue and it would not need to be overwritten.
Doesn't such a filesystem store all data semi-permanently, even the data you no longer want?
When I delete a file, maybe I want it to be nonrecoverable.
It would be nice to have a feature in the system that automatically wipes deleted files.
While I have found utilities that wipe files by overwriting them with different passes of varying data, this may not work at all in a journalling filesystem where a rewrite of a file not necessarily stores the datablocks in the same location. It also does not work when you forget to wipe the file before deleting, or for temporary files that are deleted without user action.
What I would like to see is some daemon process or kernel thread that securely erases all files that have been deleted (or truncated) through the normal system calls. Probably you would want to have it configurable to write only zeroes or write that DOD-certified series of patters for the really paranoid. And maybe some configurable priority for the overwrites (only do it when the disk is really idle, or perform the overwrites with some urgency).
Blocks from files being deleted by the filesystem would be handed over to this daemon to be securely erased at a convenient time.
Same for swapspace. Blocks from processes that have exited or that have been swapped back in and subsequently modified in memory would be erased.
Does such a thing exist for Linux?
The whole principle of the detector is that it is not possible to clean it sufficiently...
If that were possible, the terrorists could clean their stuff before having it checked.
It is the thingy that powers AJAX
The point is not that the user abuses the tool, but that the tool is badly constructed.
When you buy a hammer, you hammer in some nail, and the hammerhead flies off and kills your cat, the hammer company has something to do with that. It has to make sure that the head remains attached under normal circumstances.
Software companies get away with denying such responsibility. Until now, that is.
The solution is simple: sell the phone for the realistic price. To allow everyone to own one, offer a postponed payment scheme (essentially a loan). Add a network subscription separately.
Now everyone can switch to a different provider at will. Of course they are still obliged to payoff their loan.