I don't think that is a full jailbreak. It just lets you load your own applications. Plus if you want to distribute applications to regular phones you have to give them a 30% cut.

It's 4 out of 7 to get the key that can decrypt the backup. The backup is not in the hands of the 7,so they cannot do anything by themselves!

You don't have to start from scratch. You just have to enable the extents feature. It won't auto convert the old stuff, but any time something is changed it will be made into an extent.

Three years to deploy RFC 4956 is not "technical reasons"

Then your best bet would be to create a local repository out of the contents of cds, or a dvd. Which should be a basic thing you are going to do anyway if you have more than a few servers that don't have access to the internet. Then you would mirror in updates, and let them update from that.

There is graphical software that will let you install stuff straight from discs, and even ask for the right disc.

Is "yum install httpd" really that hard? I know I have done this before on plenty of servers.

I recently diagnosed two desktop machines. One ended up having a bad stick of memory, with the original symptoms being a corrupted copy of Windows XP that wouldn't boot. The other a bad hard drive, the symptoms being it would hang during use randomly and even during boot.

I used Prime95 and Memtest86+ to detect the bad stick of memory. Prime95 quickly came up with a error during the stress test, and Memtest86+ also came immediately came up with errors. In the past I have since subtle errors with Memtest86+ that only show up in later tests or with multiple passes. Instant answers isn't how it always goes.

For the bad hard drive I ended up doing a variety of tests. I tried Prime95, and since it was a Seagate drive, Seagate's Seatools. I didn't get any clear answers from them. At a later point I booted into a Fedora 11 Live cd, which popped up with a SMART error. Which ended up being a bad sector that needed to be remapped. I then tried using Spinrite to fix it, but ended up seeming to just hang on this one spot. So I replaced the hard drive. Afterword I reran Spinrite against the new drive, and it came up with nothing. I also played with Sandra Benchmarks at the end to stress the machine.

A lot of firmwares, like DD-WRT, have issues with binary only drivers and programs. I ran into it with the nas process in DD-WRT a few months ago.

  I had decided to move to WPA2 Enterprise. It sort of worked, but there is a long standing bug in DD-WRT relating to WPA2 Enterprise. WPA2 Enterprise depends on Radius. The nas process will only try a Radius server once. If it fails, then it won't try again. The only workaround is to kill the nas process one way or another. Then to make it all the more fun, the nas process is binary only.

  I ended up having to go back to the official Linksys firmware for my WRT600N to get working WPA2 Enterprise.

Powerdns was vulnerable to the Kaminsky attack, but in a different way. It was actually easier to spoof the server due to its more actively dropping certain DNS packets. So while it did perform source port randomization, it was not totally immune to the attack either.

http://doc.powerdns.com/security-policy.html itself states:

All versions of PowerDNS before 2.9.21.1 do not respond to certain queries. This in itself is not a problem, but since the discovery by Dan Kaminsky of a new spoofing technique, this silence for queries PowerDNS considers invalid, within a valid domain, allows attackers more chances to feed *other* resolvers bad data.

Though it is phrased as "someone elses problem", in the DNS word of course nothing is "someone elses problem". DNS servers are chained in hierachies and one problem somewhere leads to problems elsewhere. DNS is all about protocol compliance to ensure interoperability. With the "someone elses problem" approach, we would have had no "reflection attack" and "amplification attack" problems either, it being "someone elses problem". Despite the nice phrasing, powerdns caused cache poisoning problems as a result of the Kaminsky attack that needed to be addressed.

In general, I have a problem with bug reports and changelogs writing things as "improved error handling", "made more robust" or "add security to" which are too often used to hide the real security impact of certain bugs. DJB's policy of "it is not my bug to fix, because it is an operating system bug" is also completely bogus from a system administrator point of view who still ends up with a security problem.

I wouldn't say it is snake oil. Putting versions in a page allows you to Google for it. Which makes the attack a lot easier. It also allows the attacker to do reconnaissance a lot less detectably a hold of time, and then spring it on everyone at once.

I have two setups like that.

  At home two 24" monitors on one computer, along with a second computer with a 20" monitor. They are connected with synergy and a ps/2 kvm. The kvm is good for when the main one is down. I can just hotkey over and use the second computer. I use it mainly for IM, but also sometimes for a second browser. Both computers are running Fedora I find having two computers comes in handy regularly. I also use the second computer as a iscsi server for the first. The first computer already has six drives in it. So the second computer allows me to expand to ten.

  The office setup is two 20" monitors on one computer, along with a second computer with a 20" monitor. They are connected with synergy. In this case I actually have two keyboards and nice. The main computer has no ps/2, and I have no usb kvms. I use a two port ps/2 kvm to share one keyboard between the second computer and a third computer. Then I toggle the monitor between dvi and vga. I do it this way since 99% of the time I don't need console access on the third computer. I access it via ssh for CUDA programs. The first computer runs Fedora, the second runs Vista, and the third runs Fedora. Vista is good in the office. It lets me do things like VMware Infrastructure client(currently Windows only), Internet Explorer(just today I was told to use IE on the HR site, since it works better), and other little things.

Sounds like it is either using MyISAM for tables, or you aren't using the --single-transaction option of mysql-dump for INNODB.