I said, why not use DNS instead? Which this system uses.
Except it translates something everyone already has (an international telephone number) into other identifiers. If there's anything we've learned about universal identifiers, it's that the more complexity you add, the easier it is for someone to screw up or fudge the system. For that reason, I think unicode identifiers are going to bring about a new era in phishing, and I think it's the reason numeric identifiers are still popular and useful.
Think about someone trying to unambiguously tell you a URI over the phone. "Was that s as in Sam or f as in Fisher?", "Ok, was that google spelled g-o-o-g-o-l or g-o-o-g-l-e?", "I'm sorry, it's the word 'flicker' without the e?" If we encourage everyone and their dog to make a land-grab for alphanumeric universal identifiers, expect John Smith to have to pick something completely unrelated to his name anyway, and expect people to make a landgrab for things like "1.id" and "TheBigCheese.id" and other absurdity.
Do you really want to have to dial +DEAD:BEEF:CAFE:123:4567:890A:BCDE:F?
This uses a well understood system (DNS, and in the future, DNSSEC) to use the same numbers you already have to link to other online identifiers, including IP addresses. So we get all the benefits of IPv6 without having to switch everyone to potentially 39 digit addresses in their phone.
What you propose would be the death of picking up girls in bars, that's for sure. How do you propose to convince them to spend that much time writing down their number?
They're a developing nation, that's all. They were late to the industrial revolution, they were late to the computer revolution--although other nations had been using them for cheap labor, they lacked internal expertise in the technology. They're just late, is all.
Their GDP per capita is growing and will continue growing and will likely plateau like ours did, barring any new revolution in business.
There's quite a few more kernel changes under the hood, and new features or other things, and breaking changes to old features that would prevent them from ever calling it a SP.
He may have a better budget. Managing 100 clients and their accompanying cruft is a pain if you don't have anything to help you do it. But there are a lot, and I mean, a lot of tools out there to make it incredibly easy for one tech to manage 1000 clients, or more.
Deciding who and what to go with, and how to implement it is difficult, and of course you need the budget to pay for it, but there's certainly help out there.
The only reason we have to rely on either third party clouds or port forwarding, VPNs, and all this other mess is because IPv4 wasn't adequate in size or security.
With IPv6, everyone will have globally routable IPs with IPSEC as a standard feature. We will see a wave of new devices and software to take advantage of this. Want to sync your phone with your laptop, and your laptop with your desktop? Easy. Even home users will be able to do it if the software exists, and it won't require a third party. You'd need to have your phone, desktop, and LAN in your local, "trusted" network at home, or manually copy enough info to set up the IPSEC, and then done. You take your laptop and phone on vacation, it gets its MIPv6 address, it then sets up a connection with your home IPv6 address. Your desktop doesn't need a VPN, it has strong certificates you transferred at home to do IPSEC. Your desktop doesn't need port forwarding, you set up your stateful firewall to allow IPSEC and existing connections in, but block all unsolicited, insecure connections. Your desktop doesn't even need DynDNS because the address space is large enough that you will almost certainly get a large, very large range of static IPs, and MIPv6 will even let your phone and laptop carry their IPs with them on supporting carriers. If that fails, you can set up DynDNS or something like that on your desktop, and never have to worry about it again.
The reason we need globally unique IP addresses is because:
1. NAT isn't security. 2. NAT is just as much propping up the network security industry as Congress is propping up .
Proper IPv6 will eliminate most of the need for VPNs, result in increased network resiliency and create new business opportunities. It's like going up a step on Maslow's Hierarchy of Needs. Yeah, we had fun scrounging around on the first couple layers, but making globally routable IPs standard gets you one step closer to self-actualization;)
And you're right, there is no reason a wireless screen has to talk to the outside world. That's why no one is recommending you remove stateful firewalls, no one is recommending you set your devices to promiscuously accept connections. Existing firewall technology, plus globally routable IPs, plus IPSEC equals win.
Something can be open source and if it implements something protected by patent in the US or in other nations with laws that allow software patents or have agreements to make US patents enforceable, then it can still be illegal to distribute, and you'd probably be liable for damages if you built commercial software, but IANAL.
I think the patent encumbrances of ECC are the reason it's mysteriously absent from a lot of commercial software that deals with security and even a lot of Linux distros and software. I'd have to double-check, but for example, I don't think Windows Certificate Services supports ECC.
P.S.: Isn't it horrible that Error Correcting Codes and Elliptic Curve Cryptography have the same acronym? IMHO, we should rename one of the TLAs before it becomes a PITA.
Because it's hard to write renderers that catch all edge cases and harder still to sandbox a single thread of execution within a process. Just as the OS, to a degree, "owns" the process and can thus manipulate its environment, the process is the "owner" of its threads and is largely responsible for making sure they don't do anything improper.
Since on every OS platform a lot of work has gone into security in the past ten years, why reinvent the wheel? (Although, apparently, Google has already done this with Google Native Client, go figure.)
Well like the Meissner effect provides them with enough force to levitate, it might also make it difficult to remove. Also, the disruption to communications and electronics would only tilt the cost/benefit further. And perhaps the other unobtainium deposit was still larger, or at least more easily reached?
If this is like any other NASA devices, they'll say it'll last X years and it'll actually last 5X years due to them meeting higher constraints than were necessary and last-minute ingenuity.
Our lights are engineered to prevent accumulation. As far as I can tell, the hood covers the top but has a slot in the bottom, for snow to fall through. The lenses are flat and perhaps even slightly tilted. The edges are pretty close to seemless.
Snow gets on them, sticks, freezes, and then you can't see anything on half the intersection.
Users with a support contract (read: volume license) are under no obligation to use the most current version, and can in fact install any previous versions.
As Windows 2000 has not yet fallen out of support, our Windows Server 2008 R2 licenses may be used to acquire and install Windows 2000. I don't know if we can get Office 2000 still, but definitely 2003.
It's my understanding that to correct n bits of errors in m bytes requires a particular length of ECC, determined by algorithm choice and other things. What they've decided on doing is rather than protecting n bytes per 512 bytes, they'd rather protect q bytes per 4096 bytes. Even though the sector is eight times larger, the probability of eight simultaneous errors is far less likely and not worth protecting against.
I think that's the bigger issue. If we set a precedent where you have to have the infrastructure to keep track of all the sales taxes in the US in order to operate an online storefront, we'll end up killing all but the biggest players.
I'm confused on the relevance, but I'd agree. If you're targetting open source platforms and want paid support, you'd be doing something wrong if you paid for Windows Server Datacenter edition. And if your management stack is open source as well, and you're using KVM or VMWare or something else, why switch to Hyper-V and have the headache of a split environment?
I think you're confusing VMWare's HA and everyone else's. VMWare has a solution that allows a server to be unplugged and the VM remains up. Red Hat, Hyper-V, Xen, etc, currently can't do that. It's very tricky work.
I mean, that's even a step above HA. You set your cluster to replicate the memory and actions of a VM and you can pull the plug and everything keeps going.
As far as prices go, it sounds pretty good, but again, please don't quote "starting at." Quote one with comparable support. Microsoft's support is 24x7 phone support and after the 2nd or 3rd year of payments (depending on licensing program), the annual cost drops to a third or a half of the initial annual costs. So even Windows Server Datacenter drops down to around $1300 a year (still per socket, eugh) and Windows Server Enterprise drops to around $600 a year (8 socket max, 4 virtual instances included, so still not as good as RH Advanced Platform.)
We could continue to argue prices all day, but the point I was trying to make was that there's a ton of FUD about Windows pricing. And calling it Windows 2008 Not Crippled Edition is almost as bad as calling them M$. Some features cost more to implement, more to support, and more to maintain. This is true in the open source and proprietary world, and I just get annoyed when I read nonsense like he spouted.
Well Hyper-V Server is free, and supports clustering and subsequently, high-availability when images are stored on a SAN, live migration likewise, and all that.
The only difference with Windows Server editions, that is, Standard, Enterprise, and Datacenter, is that they give you additional guest licenses.
The ideal way to set up Hyper-V and Windows Server licensing wise is to have all your management stuff (System Center, third party management consoles, whatever you need to manage VMs and guest OSes) on the physical OS instance. Then you have one to many VMs that do "work", that is, runs your application, provides remote desktop, etc.
Now, I don't know how loosely Microsoft defines management. Is running the physical instance as an Active Directory Domain Controller considered "work" or is it necessary to manage the guest operating systems? I think they leave this intentionally vague and I doubt you'd ever get in trouble if they audited you and found that your server farm used physical instances for stuff like that. And with Hyper-V, in order to provide DHCP, DNS, etc to a private virtual network, you'd have to run those services on your physical instance or another VM.
So, to play it safe, pretend that with Server Standard and Server Enterprise you get 1 or 4 instances to play with on a server, and then each install counts as one. That's the absolutely safe way to do it. If you really want to play it safe and you're consolidating a lot of VMs, Datacenter gives you unlimited VMs and is more cost effective than Enterprise when you use more than 4 Windows Server VMs per processor.
Hope this helps. I am an IT/developer at a small business in Iowa and we use Linux for some services, firewalls and VPNs to branch offices (one in Iowa, two in Minnesota.)
Because they often don't need to write kernel modules for Linux. But if they did, and it ever left their premises, they'd be obligated to release said code.
Slashdot Mirror
Oh man, you haven't gotten your audio drivers working either? Tell me about it... Preferably through IM, SMS or TTY.
I said, why not use DNS instead? Which this system uses.
Except it translates something everyone already has (an international telephone number) into other identifiers. If there's anything we've learned about universal identifiers, it's that the more complexity you add, the easier it is for someone to screw up or fudge the system. For that reason, I think unicode identifiers are going to bring about a new era in phishing, and I think it's the reason numeric identifiers are still popular and useful.
Think about someone trying to unambiguously tell you a URI over the phone. "Was that s as in Sam or f as in Fisher?", "Ok, was that google spelled g-o-o-g-o-l or g-o-o-g-l-e?", "I'm sorry, it's the word 'flicker' without the e?" If we encourage everyone and their dog to make a land-grab for alphanumeric universal identifiers, expect John Smith to have to pick something completely unrelated to his name anyway, and expect people to make a landgrab for things like "1.id" and "TheBigCheese.id" and other absurdity.
Let's keep things simple and harder to abuse.
I don't disagree. There are a lot of factors to cost-effective IT, and having the right mindset (for both users and management) is necessary.
Do you really want to have to dial +DEAD:BEEF:CAFE:123:4567:890A:BCDE:F?
This uses a well understood system (DNS, and in the future, DNSSEC) to use the same numbers you already have to link to other online identifiers, including IP addresses. So we get all the benefits of IPv6 without having to switch everyone to potentially 39 digit addresses in their phone.
What you propose would be the death of picking up girls in bars, that's for sure. How do you propose to convince them to spend that much time writing down their number?
They're a developing nation, that's all. They were late to the industrial revolution, they were late to the computer revolution--although other nations had been using them for cheap labor, they lacked internal expertise in the technology. They're just late, is all.
Their GDP per capita is growing and will continue growing and will likely plateau like ours did, barring any new revolution in business.
There's quite a few more kernel changes under the hood, and new features or other things, and breaking changes to old features that would prevent them from ever calling it a SP.
He may have a better budget. Managing 100 clients and their accompanying cruft is a pain if you don't have anything to help you do it. But there are a lot, and I mean, a lot of tools out there to make it incredibly easy for one tech to manage 1000 clients, or more.
Deciding who and what to go with, and how to implement it is difficult, and of course you need the budget to pay for it, but there's certainly help out there.
Hasn't Carmack all but reversed his position on DirectX, saying that OpenGL is failing to keep up?
http://linux.slashdot.org/story/09/08/24/0059218/Linux-Port-For-ids-Tech-5-Graphics-Engine-Unlikely?from=rss
Oh yeah.
The only reason we have to rely on either third party clouds or port forwarding, VPNs, and all this other mess is because IPv4 wasn't adequate in size or security.
With IPv6, everyone will have globally routable IPs with IPSEC as a standard feature. We will see a wave of new devices and software to take advantage of this. Want to sync your phone with your laptop, and your laptop with your desktop? Easy. Even home users will be able to do it if the software exists, and it won't require a third party. You'd need to have your phone, desktop, and LAN in your local, "trusted" network at home, or manually copy enough info to set up the IPSEC, and then done. You take your laptop and phone on vacation, it gets its MIPv6 address, it then sets up a connection with your home IPv6 address. Your desktop doesn't need a VPN, it has strong certificates you transferred at home to do IPSEC. Your desktop doesn't need port forwarding, you set up your stateful firewall to allow IPSEC and existing connections in, but block all unsolicited, insecure connections. Your desktop doesn't even need DynDNS because the address space is large enough that you will almost certainly get a large, very large range of static IPs, and MIPv6 will even let your phone and laptop carry their IPs with them on supporting carriers. If that fails, you can set up DynDNS or something like that on your desktop, and never have to worry about it again.
The reason we need globally unique IP addresses is because:
1. NAT isn't security.
2. NAT is just as much propping up the network security industry as Congress is propping up .
Proper IPv6 will eliminate most of the need for VPNs, result in increased network resiliency and create new business opportunities. It's like going up a step on Maslow's Hierarchy of Needs. Yeah, we had fun scrounging around on the first couple layers, but making globally routable IPs standard gets you one step closer to self-actualization ;)
And you're right, there is no reason a wireless screen has to talk to the outside world. That's why no one is recommending you remove stateful firewalls, no one is recommending you set your devices to promiscuously accept connections. Existing firewall technology, plus globally routable IPs, plus IPSEC equals win.
He said patent encumbered, not copyrighted.
Something can be open source and if it implements something protected by patent in the US or in other nations with laws that allow software patents or have agreements to make US patents enforceable, then it can still be illegal to distribute, and you'd probably be liable for damages if you built commercial software, but IANAL.
I think the patent encumbrances of ECC are the reason it's mysteriously absent from a lot of commercial software that deals with security and even a lot of Linux distros and software. I'd have to double-check, but for example, I don't think Windows Certificate Services supports ECC.
P.S.: Isn't it horrible that Error Correcting Codes and Elliptic Curve Cryptography have the same acronym? IMHO, we should rename one of the TLAs before it becomes a PITA.
Because it's hard to write renderers that catch all edge cases and harder still to sandbox a single thread of execution within a process. Just as the OS, to a degree, "owns" the process and can thus manipulate its environment, the process is the "owner" of its threads and is largely responsible for making sure they don't do anything improper.
Since on every OS platform a lot of work has gone into security in the past ten years, why reinvent the wheel? (Although, apparently, Google has already done this with Google Native Client, go figure.)
Well like the Meissner effect provides them with enough force to levitate, it might also make it difficult to remove. Also, the disruption to communications and electronics would only tilt the cost/benefit further. And perhaps the other unobtainium deposit was still larger, or at least more easily reached?
I may have employed a bit of hyperbole, but lacking a specific example, it was Spitzer and some of the Mars rovers that I was referring to.
If this is like any other NASA devices, they'll say it'll last X years and it'll actually last 5X years due to them meeting higher constraints than were necessary and last-minute ingenuity.
Our lights are engineered to prevent accumulation. As far as I can tell, the hood covers the top but has a slot in the bottom, for snow to fall through. The lenses are flat and perhaps even slightly tilted. The edges are pretty close to seemless.
Snow gets on them, sticks, freezes, and then you can't see anything on half the intersection.
APP-V for Windows does the same thing at, I want to say $20/client/year. Virtualizes apps, lets you manage them from group policy, etc.
Users with a support contract (read: volume license) are under no obligation to use the most current version, and can in fact install any previous versions.
As Windows 2000 has not yet fallen out of support, our Windows Server 2008 R2 licenses may be used to acquire and install Windows 2000. I don't know if we can get Office 2000 still, but definitely 2003.
It's my understanding that to correct n bits of errors in m bytes requires a particular length of ECC, determined by algorithm choice and other things. What they've decided on doing is rather than protecting n bytes per 512 bytes, they'd rather protect q bytes per 4096 bytes. Even though the sector is eight times larger, the probability of eight simultaneous errors is far less likely and not worth protecting against.
tl;dr: it's complicated.
I think that's the bigger issue. If we set a precedent where you have to have the infrastructure to keep track of all the sales taxes in the US in order to operate an online storefront, we'll end up killing all but the biggest players.
RHEV looks like it's their hypervisor solution and management built into one SKU, without emphasizing the "linux" part.
I'm confused on the relevance, but I'd agree. If you're targetting open source platforms and want paid support, you'd be doing something wrong if you paid for Windows Server Datacenter edition. And if your management stack is open source as well, and you're using KVM or VMWare or something else, why switch to Hyper-V and have the headache of a split environment?
I think you're confusing VMWare's HA and everyone else's. VMWare has a solution that allows a server to be unplugged and the VM remains up. Red Hat, Hyper-V, Xen, etc, currently can't do that. It's very tricky work.
http://www.vmware.com/products/fault-tolerance/
I mean, that's even a step above HA. You set your cluster to replicate the memory and actions of a VM and you can pull the plug and everything keeps going.
As far as prices go, it sounds pretty good, but again, please don't quote "starting at." Quote one with comparable support. Microsoft's support is 24x7 phone support and after the 2nd or 3rd year of payments (depending on licensing program), the annual cost drops to a third or a half of the initial annual costs. So even Windows Server Datacenter drops down to around $1300 a year (still per socket, eugh) and Windows Server Enterprise drops to around $600 a year (8 socket max, 4 virtual instances included, so still not as good as RH Advanced Platform.)
We could continue to argue prices all day, but the point I was trying to make was that there's a ton of FUD about Windows pricing. And calling it Windows 2008 Not Crippled Edition is almost as bad as calling them M$. Some features cost more to implement, more to support, and more to maintain. This is true in the open source and proprietary world, and I just get annoyed when I read nonsense like he spouted.
What a terrific business opportunity...
I can't imagine why more businesses don't develop and sell Linux kernel modules.
http://www.microsoft.com/hyper-v-server/en/us/default.aspx
Well Hyper-V Server is free, and supports clustering and subsequently, high-availability when images are stored on a SAN, live migration likewise, and all that.
The only difference with Windows Server editions, that is, Standard, Enterprise, and Datacenter, is that they give you additional guest licenses.
The way I understand it, from this resource:
http://www.microsoft.com/windowsserver2008/en/us/licensing-faq.aspx
The ideal way to set up Hyper-V and Windows Server licensing wise is to have all your management stuff (System Center, third party management consoles, whatever you need to manage VMs and guest OSes) on the physical OS instance. Then you have one to many VMs that do "work", that is, runs your application, provides remote desktop, etc.
Now, I don't know how loosely Microsoft defines management. Is running the physical instance as an Active Directory Domain Controller considered "work" or is it necessary to manage the guest operating systems? I think they leave this intentionally vague and I doubt you'd ever get in trouble if they audited you and found that your server farm used physical instances for stuff like that. And with Hyper-V, in order to provide DHCP, DNS, etc to a private virtual network, you'd have to run those services on your physical instance or another VM.
So, to play it safe, pretend that with Server Standard and Server Enterprise you get 1 or 4 instances to play with on a server, and then each install counts as one. That's the absolutely safe way to do it. If you really want to play it safe and you're consolidating a lot of VMs, Datacenter gives you unlimited VMs and is more cost effective than Enterprise when you use more than 4 Windows Server VMs per processor.
Hope this helps. I am an IT/developer at a small business in Iowa and we use Linux for some services, firewalls and VPNs to branch offices (one in Iowa, two in Minnesota.)
Because they often don't need to write kernel modules for Linux. But if they did, and it ever left their premises, they'd be obligated to release said code.