I wouldn't use TUX for a highly dynamic app or an e-commerce system, unless someone makes a mod_perl (or similar) for it. OTOH, I would very certainly consider TUX as a static webserver, to serve images. real-world servers serve several images per page, and it typically pays to have a separate box, or at least a separate httpd, for these. thttpd has so far been known as a good choice for this; it seems that TUX may be even better.
auto-shutting down a router on response to a portscan is one of the dumbest things I"ve seen in a long time. by doing this all they're doing is making it *really* easy to DoS them, even without meaning to.
... in the cartoon world, yep, he was a Gaul, not French. "France" hadn't been invented yet by the time the Roman Empire invaded the territory. In the actual world, however, Asterix is very much a *French* cartoon-hero. Btw, you'd be surprised at how much present-day French people identify with the Gauls; way more than they'd ever identify with the ancient Romans, at any rate.
That's pretty funny, you assume i'm American, with the "speak for us" thing about Mickey Mouse. turns out I'm not, I'm actually from the EU, less than 500km (that's 300 miles for you USAians) from where Bové (peacefully if you want, but stupidly nonetheless) destroyed a McDo franchise. And I stand by the words "just some local closed-mindedness"; I said "local" rather than French because I don't want to imply that the rest of the French are close-minded -- just that this guy is. And btw I have no love of American Culture (although there are some great things in there too), and certainly not for fast junk food.
do not confuse advocacy with information. FreeBSD and Linux are more or less at the same place when it comes to reliability, scalability, and network performance. at this particular point in time, I'd guess that Linux has the advantage with the improvements of the 2.4 kernel, but it doesn't really matter: FreeBSD and Linux are always catching up with each other; both teams are very good and neither will let the other OS get much better without getting better in the same (or equivalent) way. I'd say that, in choosing between Linux and BSD, you need to look specifically, either at personal preference and familiarity, or at the actuall support for the programs and services that you intend to run, and choose accordingly. Neither platform is overall significally better than the other.
GREAT, Thanks for the explanations! Now, is it possible to get more info about this TUX webserver? Is it open source? Is it available already? When kind of polling model does it use to share connections among threads? (sigqueues, poll(), something else??)
yep, it is. this guy is largely full of shit; he isn't "speaking for us", he would just like to replace Mickey Mouse with Asterix (French cartoon character, for those who don't know). unless you're a French patriot, there's nothing to celebrate here -- just some local closed-mindedness that happens to attack a couple of popular targets (globalization, and junk food). I don't like globalization (well, some effects of it) or junk food either, but I'd never support this guy.
err, no, slashdot works great under lynx. it actually shows the page (the text) as it loads, unlike netscape, which waits until all the 's have been closed. I read/. everyday under lynx, and find it extremely clunky whenever I look at it with Netscape. In fact, I find lynx great for reading news sites, where (as the article says) you go for the text anyway. on overdesigned commercial sites, you usually get 3 or 4 screenfuls of crap at the top (for things like left navigation on graphical browsers), but you learn to skip them *really* quickly, and you don't even give them a bit of attention. lynx is a great timesaver; I'd consider switching over to links (the newer text-mode browser) only if it implemented a lynx-like mode which flattens tables.
Speaking of HTTP-NG, is it still in development? is it planned to be deployed eventually? I remember reading about it more than 3 years ago! Anyway, maybe BXXP doesn't mean to supplant HTTP-NG, but it does look like it has the one key feature that HTTP-NG is/was supposed to bring over to HTTP: multiple channels.
I just hope they don't make BXXP a binary protocol. All the major app-level internet protocols (HTTP, SMTP, FTP, POP, IMAP, IRC) are text-based, and it's one of these things that make life much easier on developers.
First, I have to say that choosing Blowfish, Twofish, IDEA, 3DES, Serpent, Rijndael or something else, is not the first, nor the most important question, in a cryptograhpical product. There's *much* more to cryptography than choosing a symmetric cypher, and it's very easy to use a great algorithm in a broken way. As the saying goes, security is a process, not a product. And within a product, it's a protocol, not an algorithm. You need to design the entire way that the various clients and servers will talk, to be secure: how to choose and agree on the keys, how and when to rotate them or generate new ones, where to get your crypto-strong random seeds, using the right cyphering modes for the situation (ECB is not usually a good idea), whether to use a block or stream cypher, whether and how to interface to public key crypto, how to fend off replay attacks, and so on and so forth, the whole protocol. Only when you've figured out all this stuff, does it start to make sense to evaluate individual cyphers, for speed and perceived security. There, again, the general idea for safety is to go for something that has withstood serious analysis for a long time. I wouldn't count out Blowfish just because Twofish is its successor; Twofish looks very impressive, but has been around for a much shorter time. Right now I'd still trust Blowfish or 3DES better.
The way this bug works is that you first use a little program to start a shell with the CAP_SETUID capability removed from the inheritable set. From that point on, if you run a suid program, setuid() still behaves like it does for non-root users, i.e it lets you get your old euid back. so the end result is that setuid root programs can't properly give up their privileges anymore.
I wrote two little programs to test this; one to test whether giving up privileges works, the other to start a shell with the CAP_SETUID capability removed. To check the bug on your system do:
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/blep.c $ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/suidcap. c
don't underestimate the power of the fringes, though. our mainstream pop-culture is 0wned... but it's also the least interesting part of what is being produced!
what you're doing between your comparison (between a Christian teleevangelist and a Linux proselyte) amounts to no more than saying "boo, others are hypocrytes so there's nothing wrong with us being hypocrites too!". in other words: the argument not only doesn't fly, but it crashes with a loud *THUD*.
please go back and re-read the original post, and see how what you're arguing against is not at all what the post was saying. to begin with, the major claim of the post that you're replyign to is that by largely abandoning religion (in the way society has done in this century -- which doesn't prevent a large part of the population from having religious belifs), something good has also been lost. we may agree with that or not (i'm a bit doubtful myself, though I see his point), but how can you compare that to claims of "all [linux users / christians / etc] are dumb" ? no-one said that!
no-one here has insulted Christianity (nor Linux, nor anything else, for that matter). the original post just made the observation that the social credibility and influence of christianity has gone down a *lot*, and that this is perceived as a backlash to widespread hypocrisy by religious powers. as far as I can tell, this observation is perfectly valid; christianity doesn't have the weight that it used to have, and Christian churches are quite widely perceived as having given a less than stellar performance when it comes to integrity.
no-one is invalidating anyone's belifs here, so there's no need to rant about how narrow-minded that would be.
for just a 2 or 4 node cluster, you buy a high-quality PC from VA or some other reputable shop that supports Linux well. once things start to grow, you use those for database, load balancing monitors and things like that, and you grab el cheapo clones for the gruntwork of running httpds.
the situations isn't *quite* as bad: 1) there is a way to do it that doesn't broadcast all the time: have one machine take care of the counting. that's what Windows does with their "WINS" servers. but this has its own problems too; to make it work reliably you want this to be on a fixed machine that's always on, and to configure its IP in the others in a fixed way. 2) there is a way to ask an NFS server for its export list: showmount -e hostname
no, your etymology is incorrect. "third world" is a direct translation of the French "tiers monde", which itself is an analogue to the previously existing "tiers etat", which referred to the common people, i.e those who were neither nobility nor clergy. "tiers" just means third, because they came after the two privileged classes.
ObWonder: Why don't 64-bit platforms have 64-bit ints? I mean, int has historically gone from 16 to 32 bits (was 16 in DOS, at least), so why not 32 to 64?
the standard answer is:
because 'int' is usually for numbers, and you very very rarely need numbers bigger than 2^32 anyway, and
because if char is 8bit, short is 16bit and int was 64bit, then there wouldnt' be a standard type with 32 bits, which would be annoying, and particularily silly to leave a gap like that while making int and long the same size
what this all means is that there's *still* one neat thing that you can assume: on all reasonable systems, sizeof(int) = 4 = 32bit.
OTOH, if it's true that win64 has 32bit long, now *that* is really ridiculous.
"client-side" perl doesn't mean that it has to be executing perl code downloaded from random webpages. it means that you can write a *local* app, in perl or python, using the mozilla framework. the perl/python/javascript code controls what the menus do, provide all the actual application interface. the app itself doesn't even need to be a webbrowser!
okay, since you ask... I like programming daemons. services. backend stuff. anything that doesn't have to deal with a user interface; let someone else do the UI part, preferably in another process, and connected via a socket. And, in general, I like to do these things single threaded, with a central poll() or select() loop.
yep, I eggs-acktly. this is not the real M16, just a daily prerelese. I grab the dailies several times a week these days, and the one from last friday was not one of the most stable I've seen; most of the Preferences menu was broken (it probably has something to do with the DOM changes that were announced a while back in the Mozilla slashbox). Unless you're a Mozilla freak, I'd suggest waiting for the proper M16.
but models don't just exist in a void, laws make them harder or easier. right now free software is discouraged by the legal IP framework, and I'd support the idea of making it more favorable. even if it's without going "all the way" like RMS would.
Slashdot Mirror
I wouldn't use TUX for a highly dynamic app or an e-commerce system, unless someone makes a mod_perl (or similar) for it. OTOH, I would very certainly consider TUX as a static webserver, to serve images. real-world servers serve several images per page, and it typically pays to have a separate box, or at least a separate httpd, for these. thttpd has so far been known as a good choice for this; it seems that TUX may be even better.
$r->header_out(Location => $url);
return REDIRECT;
auto-shutting down a router on response to a portscan is one of the dumbest things I"ve seen in a long time. by doing this all they're doing is making it *really* easy to DoS them, even without meaning to.
... in the cartoon world, yep, he was a Gaul, not French. "France" hadn't been invented yet by the time the Roman Empire invaded the territory. In the actual world, however, Asterix is very much a *French* cartoon-hero. Btw, you'd be surprised at how much present-day French people identify with the Gauls; way more than they'd ever identify with the ancient Romans, at any rate.
That's pretty funny, you assume i'm American, with the "speak for us" thing about Mickey Mouse. turns out I'm not, I'm actually from the EU, less than 500km (that's 300 miles for you USAians) from where Bové (peacefully if you want, but stupidly nonetheless) destroyed a McDo franchise. And I stand by the words "just some local closed-mindedness"; I said "local" rather than French because I don't want to imply that the rest of the French are close-minded -- just that this guy is. And btw I have no love of American Culture (although there are some great things in there too), and certainly not for fast junk food.
do not confuse advocacy with information. FreeBSD and Linux are more or less at the same place when it comes to reliability, scalability, and network performance. at this particular point in time, I'd guess that Linux has the advantage with the improvements of the 2.4 kernel, but it doesn't really matter: FreeBSD and Linux are always catching up with each other; both teams are very good and neither will let the other OS get much better without getting better in the same (or equivalent) way. I'd say that, in choosing between Linux and BSD, you need to look specifically, either at personal preference and familiarity, or at the actuall support for the programs and services that you intend to run, and choose accordingly. Neither platform is overall significally better than the other.
GREAT, Thanks for the explanations! Now, is it possible to get more info about this TUX webserver? Is it open source? Is it available already? When kind of polling model does it use to share connections among threads? (sigqueues, poll(), something else??)
yep, it is. this guy is largely full of shit; he isn't "speaking for us", he would just like to replace Mickey Mouse with Asterix (French cartoon character, for those who don't know). unless you're a French patriot, there's nothing to celebrate here -- just some local closed-mindedness that happens to attack a couple of popular targets (globalization, and junk food). I don't like globalization (well, some effects of it) or junk food either, but I'd never support this guy.
err, no, slashdot works great under lynx. it actually shows the page (the text) as it loads, unlike netscape, which waits until all the 's have been closed. I read /. everyday under lynx, and find it extremely clunky whenever I look at it with Netscape. In fact, I find lynx great for reading news sites, where (as the article says) you go for the text anyway. on overdesigned commercial sites, you usually get 3 or 4 screenfuls of crap at the top (for things like left navigation on graphical browsers), but you learn to skip them *really* quickly, and you don't even give them a bit of attention. lynx is a great timesaver; I'd consider switching over to links (the newer text-mode browser) only if it implemented a lynx-like mode which flattens tables.
I just hope they don't make BXXP a binary protocol. All the major app-level internet protocols (HTTP, SMTP, FTP, POP, IMAP, IRC) are text-based, and it's one of these things that make life much easier on developers.
First, I have to say that choosing Blowfish, Twofish, IDEA, 3DES, Serpent, Rijndael or something else, is not the first, nor the most important question, in a cryptograhpical product. There's *much* more to cryptography than choosing a symmetric cypher, and it's very easy to use a great algorithm in a broken way. As the saying goes, security is a process, not a product. And within a product, it's a protocol, not an algorithm. You need to design the entire way that the various clients and servers will talk, to be secure: how to choose and agree on the keys, how and when to rotate them or generate new ones, where to get your crypto-strong random seeds, using the right cyphering modes for the situation (ECB is not usually a good idea), whether to use a block or stream cypher, whether and how to interface to public key crypto, how to fend off replay attacks, and so on and so forth, the whole protocol. Only when you've figured out all this stuff, does it start to make sense to evaluate individual cyphers, for speed and perceived security. There, again, the general idea for safety is to go for something that has withstood serious analysis for a long time. I wouldn't count out Blowfish just because Twofish is its successor; Twofish looks very impressive, but has been around for a much shorter time. Right now I'd still trust Blowfish or 3DES better.
I wrote two little programs to test this; one to test whether giving up privileges works, the other to start a shell with the CAP_SETUID capability removed. To check the bug on your system do:
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/blep.c. c
$ wget ftp://quatramaran.ens.fr/pub/orabidoo/tmp/suidcap
$ gcc -o blep blep.c ./blep ./suidcap ./blep
$ gcc -o suidcap suidcap.c
$ su
Password:
# chown root.root blep
# chmod 4755 blep
# exit
$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] [your-uid]
(this is the expected result)
$
launching shell...
sh-2.03$
BEFORE: [your-uid] 0
GAVE UP: [your-uid] [your-uid]
GOT BACK: [your-uid] 0
PROBLEM!!
If you don't see the 'PROBLEM!!' part, then you don't have a problem.
don't underestimate the power of the fringes, though. our mainstream pop-culture is 0wned... but it's also the least interesting part of what is being produced!
please go back and re-read the original post, and see how what you're arguing against is not at all what the post was saying. to begin with, the major claim of the post that you're replyign to is that by largely abandoning religion (in the way society has done in this century -- which doesn't prevent a large part of the population from having religious belifs), something good has also been lost. we may agree with that or not (i'm a bit doubtful myself, though I see his point), but how can you compare that to claims of "all [linux users / christians / etc] are dumb" ? no-one said that!
no-one here has insulted Christianity (nor Linux, nor anything else, for that matter). the original post just made the observation that the social credibility and influence of christianity has gone down a *lot*, and that this is perceived as a backlash to widespread hypocrisy by religious powers. as far as I can tell, this observation is perfectly valid; christianity doesn't have the weight that it used to have, and Christian churches are quite widely perceived as having given a less than stellar performance when it comes to integrity.
no-one is invalidating anyone's belifs here, so there's no need to rant about how narrow-minded that would be.
for just a 2 or 4 node cluster, you buy a high-quality PC from VA or some other reputable shop that supports Linux well. once things start to grow, you use those for database, load balancing monitors and things like that, and you grab el cheapo clones for the gruntwork of running httpds.
blame sun, and firewall port 111!
okay, does anyone know if this BeOpen company has anything to do with the BeOS?
the situations isn't *quite* as bad:
1) there is a way to do it that doesn't broadcast all the time: have one machine take care of the counting. that's what Windows does with their "WINS" servers. but this has its own problems too; to make it work reliably you want this to be on a fixed machine that's always on, and to configure its IP in the others in a fixed way.
2) there is a way to ask an NFS server for its export list: showmount -e hostname
no, your etymology is incorrect. "third world" is a direct translation of the French "tiers monde", which itself is an analogue to the previously existing "tiers etat", which referred to the common people, i.e those who were neither nobility nor clergy. "tiers" just means third, because they came after the two privileged classes.
- because 'int' is usually for numbers, and you very very rarely need numbers bigger than 2^32 anyway, and
- because if char is 8bit, short is 16bit and int was 64bit, then there wouldnt' be a standard type with 32 bits, which would be annoying, and particularily silly to leave a gap like that while making int and long the same size
what this all means is that there's *still* one neat thing that you can assume: on all reasonable systems, sizeof(int) = 4 = 32bit.OTOH, if it's true that win64 has 32bit long, now *that* is really ridiculous.
"client-side" perl doesn't mean that it has to be executing perl code downloaded from random webpages. it means that you can write a *local* app, in perl or python, using the mozilla framework. the perl/python/javascript code controls what the menus do, provide all the actual application interface. the app itself doesn't even need to be a webbrowser!
sure, it's first order. but there are plenty of undecidable first-order statements, so this proves nothing about this problem being decidable or not.
okay, since you ask... I like programming daemons. services. backend stuff. anything that doesn't have to deal with a user interface; let someone else do the UI part, preferably in another process, and connected via a socket. And, in general, I like to do these things single threaded, with a central poll() or select() loop.
yep, I eggs-acktly. this is not the real M16, just a daily prerelese. I grab the dailies several times a week these days, and the one from last friday was not one of the most stable I've seen; most of the Preferences menu was broken (it probably has something to do with the DOM changes that were announced a while back in the Mozilla slashbox). Unless you're a Mozilla freak, I'd suggest waiting for the proper M16.
but models don't just exist in a void, laws make them harder or easier. right now free software is discouraged by the legal IP framework, and I'd support the idea of making it more favorable. even if it's without going "all the way" like RMS would.