If you want to route things at speed why use something based on an anemic ARM chip running a few hundred megahertz when you have a multi gigahertz cpu at your disposal? I just dual-port my main computer and have it route and nat things. Routing works at least to 700 Mbits/sec. If I ever move to a country where gigabit ethernet to the home is available at a reasonable price (like in Japan where it is ~$100), then I'll have to revisit the routing situation.

(My setup is an athlon64 at 2Ghz, two linksys pci gigabit ethernet cards, fedora and iptables doing the NAT-ing. The computer is on 24/7 anyway because it serves web pages and accepts my email, so having it do the routing doesn't really increase my power bill. If power ever becomes an issue, I'll just move the server to an old laptop which will cut my power from 80watts to 20watts. That admittedly still isn't as low as an ARM chip, but you do get quite a bit more performance for your money.)

I owned a GM car that was prone to a stuck throttle at wide-open-throttle. The damn throttle-lever was never tightened at the factory and the lever would get stuck over the top of some parts hanging on the side of the carb. The factory trained monkeys they have doing warranty repairs never found the problem. It only got fixed when I finally decided to have a look myself.

The stuck throttle was pretty exciting. There is nothing like accelerating down city streets watching the slow traffic in front of you getting larger in your windshield. I can see why some people might panic. There is a part of you that just screams NOOOOOOO! On the other hand there is hopefully also the part of you that says, time to turn off the ignition, which is what I did.

The inclination to anyone that is used to driving a stick and likes their engine is to never hit the clutch when the engine is at WOT. It will almost certainly over-rev and destroy itself. I just turned the ignition off, coasted to a stop and then waited for my blood pressure to return to normal.

I find these claims of failed brakes etc very hard to take. Just how is the brake supposed to fail? The brakes are also much stronger than the engine, so would always win a tug of war. Which production car can do 0-60 faster than it can do 60-0?

I've never had a problem with the lid closed as long as I put the laptop on end with the exhaust port facing up. You do want to allow convection to cool the thing. Keeping it flat with the lid closed is going to be the worst possible orientation.

I second the laptop idea. My athlon-64 laptop running 64-bit linux sitting around lightly loaded takes about 15 watts as measured by the "kill-a-watt" power meter. I've often thought it would make more sense to run it as the server and save ~$200/year.

Watts
    47 compaq dv5000z laptop (bios, booting)
    22 compaq dv5000z laptop (fc5, yum update, login screen, 1Ghz w. ath0 ubiquiti card)
    18 compaq dv5000z laptop (fc5, idle, login screen, 1Ghz, ath0 ubiquiti card)
    15 compaq dv5000z laptop (fc5, idle, login screen, 1Ghz, screen blanked, ath0 ubiquiti card)

(Yes, these measurements are from many years ago. I expect similar or slightly better numbers for fedora-11/12.

I feel sorry for the folks putting this release together. They got handed a hot potato and it isn't clear how they are going to stabilize this distribution in time for the real release in a month. I installed the 64-bit version on two AMD machines (one laptop and one desktop) and both of them have issues with random lockups after 10 minutes or so. In addition nfs4 with autofs stopped working. Ironically default nfs4 was supposed to be one of the new features of this release. Last time this happened it was some weird nfs4 interaction with IPv6. I guess not even Red Hat is taking IPv6 seriously and making the developers eat their own dogfood.

In any case, I'll probably wait a while after the real release before I roll it out to the rest of the machines. It reminds me a bit of the old X11 releases where the word on the street was always to wait a month or two before installing it and let some other poor slob work out what is broken and how to work around it.

Blocking root is a bit of an over reaction. Blocking password, pam, kerberos, onetime and all that other rot is good enough for stopping the brute force attacks. Nobody is going to brute force root's 1k (or 2k) key in any usable timeframe. While one is editing the file, might as well put an ssh-level keepalive in there for 30 minutes to clean up dead connections and keep lame NAT boxes primed. Protocol 1 should probably also be turned off. It has a few known failure modes. Cranking down logingracetime keeps the bruteforce attacks from tying up too many resources. One should never see RSA login take 10 seconds on a modern system with the rsa key unlocked and stored in keyserver. Even typing the passowrd in realtime shouldn't take 10 seconds.

Protocol 2
LoginGraceTime 10
PermitRootLogin without-password
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
UsePAM no
X11Forwarding yes
ClientAliveInterval 60
ClientAliveCountMax 30
AllowUsers root myaccount

Give them a couple of years and the digital ballot stuffing software will get better. The voter numbers should be waaaay up.

Whatever happened to the claim that the ads paid for the hardcopy papers and the cover price was just a token fee to assure the advertisers that the papers weren't likely to just be taken and thrown out unread? If that is true, why would they need to charge anything in order to deliver the paper electronically? Don't the ads more than cover the delivery costs?

If you are truly using IPv6 couldn't you just plug a plain old Ethernet switch into your cable modem or dsl modem?

(Well, I guess that assumes one is running an OS that has a firewall just as capable as the ones in home "routers".)

Nothing gets fixed until it breaks so fully that people can't ignore it any longer. ARIN should just hand out the last of their IP assignment already and then we can move on with actually deploying IPv6.

Luckily the MS users that are moving to Linux right now are the smarter / more inquisitive members of the MS crowd. It isn't too hard for the Linux community to support and assimilate them. Lets hope there isn't a large rush of the unwashed masses to Linux. It will be like "Eternal September" all over again.

Is this the same ratio as the number of VCR's that are flashing 12:00?

It is?

A hex pre-shared key (PSK) would be:

0x75aaa618b013586721413a494bd515151ae73a28aeac8d951c9d98a0b2099af6

This is a 256-bit number. Remember, each hex "digit" only represents 0-15 or 4-bits of information.

WPA2 passwords can be either 0-63 character strings which will be converted to a 64-character hex key by the software, or can be specified as a 64-character hex key directly. Since the keyspace to guess a 64-character hex key is 2^256 choices long, the attacker is going to spend a very, very long time trying to guess the password.

My recommendation has always been that people that want the ultimate security use random keys pulled from /dev/random and converted to a hexadecimal number. That key should then be input using the hex key option. While they are at it, they should also turn off WEP and WPA1, turn off TKIP and only allow WPA2 with CCMP. That will give the crackers something hard to chew on.