Capital punishment is the ultimate punishment. It should be reserved for those who:

* caused a death. The death penalty for treason, rape, or other crimes where no death results is simply cruel and unusual.
* committed their act in cold blood without any mitigating circumstances. The slightest mental illness, the slightest intent not to kill, the slightest other circumstance which, if not present, would have resulted in a non-lethal outcome means life in prison is better.
* is, barring divine intervention, beyond redemption. The slightest acceptance of moral responsibility, even after sentence is handed down, means the execution should not go forward.
* the person would endanger the lives of others if he were incarcerated for life in the most secure prison possible

Very few people are simultaneously immoral or amoral and at the same time not mentally ill.

Of those who are, most can be kept from killing again by incarceration. For some, incarceration in a "supermax" prison may be necessary.

The number that is left is either very small or zero.

Since the combination of these conditions never or almost never happens, it is simply much more efficient to have life in prison than to have a death penalty.

I marked this "Pay no attention to my musings." If this shows up on Firehose then then the 'hose is hosed.

Problem:
Adjustable rate mortgages rise too fast.

Solution:
Mortgages whose payments go up with inflation, and down with deflation. The term of the loan shrinks or expands as needed, with a balloon payment of the remaining balance after some fixed period of time, say, 10 years past the stated term of the mortgage.

Twist:
Have the interest rate adjust with inflation as well, rather than the prime lending rate.

This holiday season please give to those less fortunate.

Most of us in the IT industry are what they call "highly compensated." With our 80-hour work-weeks we might not have time to serve dinner every week at the local soup kitchen, but we can buy a lot of soup.

This Christmas season, please share the joy and give to a reputable human-services charity such as the Red Cross, The Salvation Army, or your local shelter or soup kitchen.

You've been bitten by the Charity Profile Virus: Please make your own version and attach it to all of your online profiles through the Christmas 2007 season.

Problem:

When I install a machine from scratch I have to update dozens or over 100 items. This takes time and consumes network bandwidth.

Solution: Monthly security rollups.

The August 2007 rollup for XP should include every "important" XP base OS patch not included in SP2. Ditto for every other month since SP2 came out until the end of service for SP2. It would not include "important" updates to optional software or important updates to device drivers. It would include important updates to other important updates of course.

When run without options, it installs everything that is applicable to this machine or, for slipstreams, the target directory.

It would also have a "slipstream" option, an "unpack" option, and a "select" option.

The "slipstream" option would apply the service to a directory instead of the installed Windows.

The "unpack" option would create a mini-installer, one for each update.

The "select" option would limit which fixed got installed, slipstreamed, or unpacked.

The whole thing could be driven from a GUI or from a command line + response file.

Additional workload for Microsoft:

The package would be what you get if you take a base XP SP2 CD then run Windows Update again and again until there are no more important updates. As such, MS wold not be on the hook for much more in the way of testing. This is purely a packaging/delivery issue. The only real work would be resolving any dependencies that require more than one reboot.

If I had this, I could install:
XP, SP2, last month's security rollup, .NET 1.1, 2, 3, and their updates, IE7, MS Office, its latest service pack, and the latest version of Microsoft Update, all without getting on the network. Then when I finally did update, I'd have a much smaller number of updates to grab. If all I cared about was the base OS without optional updates, this would be a 2-step process: Install XP from the SP2-slipstreamed CD, then install the August updates.

Does anyone know of a 5.25" drive bay that can hold 4 2.5" SATA drives, preferably in a "pop-in/pop-out" configuration suitable for a RAID-5 or 2xRAID-1 configuration?

72-character template, treat as 1 line

01 23 45 67 89 AB CD EF 01 23 45 67 89 AB CD EF 01 23 45 67 89 AB CD EF

AACS key:
09f9 1102 9d74 e35b d841 56c5 6356 88c0

AACS key embedded in template, using italics. Substitute bold, strikeout, &nbsp, or font color=background color for other options.

<i>0</i>1 23 45 67 8<i>9</i> AB CD E<i>F</i> 01 23 45 67 8<i>9</i> AB CD EF 0<i>1</i> 23 45 67 89 AB CD EF
0<i>1</i> 23 45 67 89 AB CD EF <i>0</i>1 <i>2</i>3 45 67 8<i>9</i> AB C<i>D</i> EF 01 23 45 6<i>7</i> 89 AB CD EF
01 23 <i>4</i>5 67 89 AB CD <i>E</i>F 01 2<i>3</i> 4<i>5</i> 67 89 A<i>B</i> C<i>D</i> EF 01 23 45 67 <i>8</i>9 AB CD EF
01 23 <i>4</i>5 67 89 AB CD EF 0<i>1</i> 23 4<i>5</i> <i>6</i>7 89 AB <i>C</i>D EF 01 23 4<i>5</i> <i>6</i>7 89 AB CD EF
01 2<i>3</i> 4<i>5</i> <i>6</i>7 <i>8</i>9 AB CD EF 01 23 45 67 <i>8</i>9 AB <i>C</i>D EF <i>0</i>1 23 45 67 89 AB CD EF

AACS embedded as plain text, replace with x:

x1 23 45 67 8x AB CD Ex 01 23 45 67 8x AB CD EF 0x 23 45 67 89 AB CD EF
0x 23 45 67 89 AB CD EF x1 x3 45 67 8x AB Cx EF 01 23 45 6x 89 AB CD EF
01 23 x5 67 89 AB CD xF 01 2x 4x 67 89 Ax Cx EF 01 23 45 67 x9 AB CD EF
01 23 x5 67 89 AB CD EF 0x 23 4x x7 89 AB xD EF 01 23 4x x7 89 AB CD EF
01 2x 4x x7 x9 AB CD EF 01 23 45 67 x9 AB xD EF x1 23 45 67 89 AB CD EF

There are many variations on this theme, using may representations of the number.
Suggestions: Pick one, turn it into a bitmap, and use it as the background for protest images or videos.

As a 16x16 bitmap, X=1, .=0. Note: spaces inserted by Slashdot, remove them to make it look right:

....X..XXXXXX..X
...X...X......X.
X..XXX.X.XXX.X..
XXX...XX.X.XX.XX
XX.XX....X.....X
.X.X.XX.XX...X.X
.XX...XX.X.X.XX.
X...X...XX......

I marked this as "publish" not "publicize." If it winds up on the /. feed it is totally unintentional.

http://www.hakspace.net/
Hacker social networking site

http://www.internetworkexpert.com/resources/iosonpc.htm
Dynamips Cisco simulator for PCs

What is your favorite 20th-century OS version or distribution? Mainframe OSes are fair game.

The main rule is has to be officially unsupported as of January 1, 2000. Rule #2 is you had to actually USE it at least once. No "I heard the Amiga was cool."

I like the Commodore 64 and MacOS 2.0.

Stripped Linux kernel with LAMP or BSD-AMP server, SMB server, and SMB client, firewall. Device drivers for "bare minimum box" plus linux-side TAP/TUN driver or emulated driver for virtual ethernet device. No USB, etc. No loadable module support. Firewall locked down to just what's needed for ssh, smb, and web, plus configuration port.

Tiny configuration-port listener that listens for config info relayed from a config file on the Windows box. If config file is missing, default info is sent: IP address, username of user that launched it, and user's "My Web Pages" or "My Web Site" or "My website" folder or $wwwroot share. Config file also specifies whether to use samba. Config file also specifies apache config file, which defaults to using Windows-side files.

Optional:
kernel boot option will include IP address of windows machine, so firewall can enable config port input from that address.

smbmount mounts the share.

Apache runs.

Estimated total size: 10s of MBs.

Free-calling schemes based on tariff arbitrage are supposedly costing AT&T $250M.

Problem: Domestic long-distance companies are unfairly subsidizing international calls.

How would you solve this problem?

Here's two solutions I've thought of, I'm sure there are others:

Easy solution: Long-distance companies charge more for calls terminating to "high-fee" destinations.

This creates another problem: It makes legitimate calls to actual people living in those areas cost more than some international calls. It also puts more fine print in long-distance-carrier advertisements.

A better solution:

Set price caps at twice the statewide average, based on the number of lines served. So if the average phone line in Iowa has a termination fee of 1c, then the most you will pay for any particular line is 2c.

A modified version:

Because some mom-and-pop telcos need a certain minimum income to survive, they will be allowed to charge more than 2x the statewide average as long as their total income from connection fees is less than a certain amount per line. If all their lines are normal people, they will be able to charge 10c or whatever per call and not exceed the cap. If most of the lines are "free call" companies, they'll hit the limit within the first day or two each month.

Either way, large-scale regulatory arbitrage will no longer be cost-effective.

How to cure illegal immigration and solve the HB-1 visa in one fell swoop:

Allow anyone who is employable and not a danger to society in for work or immigration purposes. Allow dependents under the age of 18 in also. The only illegals will be the unemployable, the criminal, and anyone else who is individually banned.

Anyone allowed in for residency should be eligible for public assistance such as welfare, should the need arise.

Many immigrants come to earn money that they send right back home. Do NOT allow anyone, including citizens, to send money abroad unless they are current with their taxes and have repaid any public assistance received in the last year, including taxpayer-provided emergency room visits.

Tax non-citizens, including permanent residents, an income surtax on all income over the local poverty level for their family size. This will encourage people to become citizens and raise the salary requirements of what are now HB-1 visa-holders.

This surtax should be dedicated to offsetting the impact new immigration, particularly then non-citizen working poor.

This plan will result in a short-term influx of Latin Americans, high-tech workers, and others. This will be a shock to America but it will fade. In the long term we will have larger immigration than we do now, but it will be all documented, regulated, and taxed. Overall, it will be good for the economy.

What needs to be done ahead of any such law:
1) tamper-evident, biometric, easy-to-verify identity cards for everyone. This shouldn't be a "national" identity card, one that is state-issued should be fine as long as it is tamper-evident, contains a picture, fingerprint, or other biometric information, and can be verified immediately with the issuing authority. Verification should validate all information on the id, including name, address, d.o.b., and biometric information such as a picture.
2) the cities, states, and economic sectors likely to be impacted by a sudden influx of immigrants need to be prepared for such an influx. This means housing, schools, and the like should be in the planning stages and federal funds available so they can be built quickly if the influx happens. These homes, schools, etc. can be temporary and low-cost if planners don't see new immigrants permanently settling in the initial move-in areas.

Does your ISP cap overall usage? What happens if you go over the cap? Does it force you into a higher-priced plan, throttle you for the rest of the month, cut you off for the month, or terminate your service entirely?

I don't mind paying for what I use, but I'm looking for a list of cable and DSL providers that won't leave you high and dry like Comcast does if you go over the official or unofficial limits.

Update2: Original entry deleted, re-posted as a private entry.

Update: This stream-of-consciousness half-baked journal entry wasn't supposed to be on FireHose. I took the default marking "Publish: Share this with other Slashdot users." I did NOT choose "Publicize: Submit this story to be posted to the Slashdot front page."

Sorry for wasting your time everyone.
-----------------------------

How to detect illegal movies:

Break movie file up into chunks. Fewer chunks mean simpler encoding, shorter chunks mean simpler verification.

Chunks by time are best because DVDs are already marked by scene.

For each scene, create a few dozen "markers" that can be in one of at least two states. For example, a pixel can have an RGB color of {100,100,100} or {100,100,101}, a sound can be slightly altered, or the time can be slightly compressed or dilated.

For each customer make a unique version of the scene. With 30 markers you have a billion combinations.

Digitally sign each scene.

On playback, the player will show the identity of the signer, along with a trademarked "authentic" symbol. Scenes that are not signed will be labeled as "not authenticated." Scenes whose signatures don't check out will be marked as "authentication failed, possibly corrupted." This can be turned off by the customer, and will be most of the time.

Movie studios can use this as evidence of an illegally copied movie in two ways:
1) complete scenes with the authentication tampered with are most likely bootleg.
2) complete scenes which are untampered can be traced to the original buyer.
3) file-sharing services can use the presence or absence of authentication markers, plus matching of the clip against a database, to determine if the copy is authorized for use on that service.

This can be applied to other content and media as well.

Goal:
=====
=====

Create a framework so any newly-developed filesystem can have a user-tunable and user-extensible mechanism for handling deleted files and deallocated blocks.

Problem:
=======
=======
Filesystems allocate new disk from the free disk pool based on factors OTHER than the free disk space's "readiness" to be re-used. Filesystems tend optimize for quickly locating available space or read-write performance after the space is assigned to a particular file.

In some cases, you want to preserve a deleted block until certain actions can be taken. This may be to aide in file-recovery, or to scrub a block multiple times before using it for real data.

The solution:
============
============

Tag deleted blocks with the following information:
=================================================
Arbitrary information added by a deleted-block handler (DBH), including priority level assigned by the DBH.
The arbirary information includes information needed to help determine how "valuable" the data is, possibly including the time of deletion, the userid of the deleter, the process name of the deleter, the previous owner of the file, the previous inode number of the file, the block-offset into the file, and other information. Typically it will just be the time of deletion.
The priority level DBH_CURRENT_PRIORITY will range from 0=DBH_UNPROCESSED to MAXPRIORITY=DBH_FULLYPROCESSED, with higher-priority blocks getting preference to lower-priority blocks during allocation.

The filesystem itself will record the following parameters:
==========================================================
DBH_PRIORITY_HARD_CUTOFF = n >= 0
DBH_PRIORITY_SOFT_CUTOFF = n >= DBH_PRIORITY_SOFT_CUTOFF
DBH_SOFT_CUTOFF_ACTION = {skip, fix}

Tunable while mounted:
=====================
A filesystem's DBH_PRIORITY_HARD_CUTOFF, DBH_PRIORITY_SOFT_CUTOFF, and DBH_SOFT_CUTOFF_ACTION are all tunable while a FS is mounted. Likewise, the DBH routine itself can be replaced while the system is mounted. Whether mounted or unmounted, changing values can have side-effects, so it is recommended that any such change be carefully controlled to prevent disaster. One way to do this is to raise lower the cutuff priorities to 0, another to raise the DBH_CURRENT_PRIORITY of all existing deleted blocks to above the soft cutoff. More sophisticated means would examine each deleted block on a block-by-block basis and make an intelligent decision. This takes time and is not recommended on anotherwise-busy system.

Discussion:
==========

Deleted blocks whose DBH_CURRENT_PRIORITY is less than DBH_PRIORITY_HARD_CUTOFF will be unavailable for use by non-privilaged users. If the only blocks avaible are below DBH_HARD_CUTOFF then call the DBH to perform additional cleanup.

Deleted blocks whose DBH_CURRENT_PRIORITY is between DBH_HARD_CUTOFF and DBH_SOFT_CUTOFF will either be skipped until they are the only available blocks left or an immediate call will be made to the DBH to perform additional cleanup, depending on the value of DBH_SOFT_CUTOFF_ACTION. If the only blocks avaible are below DBH_SOFT_CUTOFF then call the DBH to perform additional cleanup.

Examples:
========
========

A typical DBH might do the following:
=====================================
If the file is less than 24 hours old, preserve it and keep DBH_CURRENT_PRIORITY at 0.
Then, on a time-available, lowest-priority basis, sweep the entire filesystem overwriting each block first with 0's then with alternating patterns. At each pass, raise DBH_CURRENT_PRIORITY.
Set DBH_PRIORITY_HARD_CUTOFF at 1 and DBH_PRIORITY_SOFT_CUTOFF at the maximum value.
DBH_SOFT_CUTOFF_ACTION is set to fix.
The typical "fix" action will be to overwrite the data enough times to raise DBH_CURRENT_PRIORITY to DBH_PRIORITY_SOFT_CUTOFF.

A typical security-conscience environment:
==========================================
Run a medium-priority task to scrub sectors.
Set DBH_PRIORITY_HARD_CUTOFF and DBH_PRIORITY_SOFT_CUTOFF to the maximum priority.
Set DBH_SOFT_CUTOFF_ACTION to skip.

A typical performance-oriented environment:
===========================================
Set DBH_PRIORITY_HARD_CUTOFF at 0 and DBH_PRIORITY_SOFT_CUTOFF at 1.
DBH_SOFT_CUTOFF_ACTION to skip or fix depending on which gives better overall system performance.
This will give preference to sectors that have been overwritten one time.

Disabling this feature entirely:
===============================
Set DBH_PRIORITY_HARD_CUTOFF at 0 and DBH_PRIORITY_SOFT_CUTOFF at 0.
This makes DBH_SOFT_CUTOFF_ACTION moot.
Install a stub, do-nothing DBH. It won't ever be called once the filesystem is mounted.

Using this to prioritize deleted sectors by age:
===============================================
Routinely update DBH_CURRENT_PRIORITY based on age, with most-recently-deleted files having a value of 0 and files that are very old having a maximum priority.
Set DBH_PRIORITY_HARD_CUTOFF to a value corresponding to the minimum time you guarentee files will be kept and DBH_PRIORITY_SOFT_CUTOFF to a higher value.
Set DBH_SOFT_CUTOFF_ACTION to skip.
Set the DBH handler to make the block available if DBH_CURRENT_PRIORITY is greater than DBH_PRIORITY_SOFT_CUTOFF.

Alternative method to prioritize deleted sectors by age which checks blocks on-demand:
=====================================================================================
Routinely update DBH_CURRENT_PRIORITY based on age, with most-recently-deleted files having a value of 0 and files that are very old having a maximum priority.
Set DBH_PRIORITY_HARD_CUTOFF to 0, it is ignored.
Set DBH_PRIORITY_SOFT_CUTOFF to 1.
Set DBH_SOFT_CUTOFF_ACTION to fix.
Set the DBH handler to make the block available if the time since deletion is long enough.

Performance impact:
===================
===================

Formatting and mounting a filesystem will have a small additional overhead to write and read fs-wide values.

While a filesystem is mounted, additional memory is needed to hold additional filesystem metadata.

Any operation that requests a block will have an overhead as DBH_CURRENT_PRIORITY is checked and, if necessary, the DBH is called to make a block available.

Any operation that requests a block may not get the block it wants, leading to a sub-optimal layout of the file on disk.

Any operation that requests a block may fail due to lack of available blocks when it otherwise would not have.

Any operation that frees a block will have an overhead while the block's DBH_CURRENT_PRIORITY and other arbitrary date is set. This can probably be made very simple and fast if additional data isn't kept.

If the user-level free-block scavenging task does not get enough opportunity to run, the system can degenerate to a point where every block is below the DBH_HARD_CUTOFF and only root can use the system. If DBH_HARD_CUTOFF is set to 0 then the degenerate case will have every block being made available as needed, possibly a time-consuming operation. The latter can be a design feature, as it is in the example "Alternative method to prioritize deleted sectors by age which checks blocks on-demand" above.

Benefit:
========
========

The reuse of free disk space becomes a tunable parameter.
This can aid in file recovery and in legal compliance for data retention and destruction.

Requirements of a filesystem:
============================
============================
Any filesystem that impliments this will need hooks or callbacks in the appropriate places, such as:
initialization, volume-formatting, volume-mounting, volumen-unmounting, block-allocation, block-delallocation, etc.
It will also need a way to store information about deleted sectors in non-volatile storage and a way to store additional information in memory.
To the extend that information is recorded, this information should be quick to generate. Information such as the current time is quick to generate. Information such as the previous owner of a block may not be in all filesystems, and in some situations the information may have been destroyed prior to deleting the block. Some operating systems or filesystems may require an "assistant" routine that is called before any file is removed to temporarily record useful information.
A well-defined data block that says "here is a list of easy to find things and here are their values or here is where to find them" will be useful to make user-written deleted-block-data-saving routines more portable across filesystems and operating systems. This data block will be populated by filesystem- and operating-system-specific routine when files are deleted or blocks deallocated.

History:
========
========
Many filesystems, including DOS's FAT, preserve some information about the names and other meta-data for deleted files to aide in reconstruction.
Microsoft's NTFS has the concept of a "tombstone" to hold recently-deleted data.

Implementation:
===============
This has not been implemented yet. This is a high-level description of what such a system might look like.

One of the biggest dangers to PDAs, digital cameras, and the like is identity theft if the items are lost or stolen.

Some devices have keypad-locks, which is a start.

I recommend all devices have keypad-locks that activate after a user-configurable period of time or after boot.

I also recommend that all data be strongly encrypted and never stored in clear-text when the device is off.

If public-key encryption is used, most people will not be able to memorize the public key. Take the private key, encrypt it using a passphrase, and store the encrypted version on an second device which can be plugged into or brought near the cell-phone, PDA, or camera.

In the case of a camera, photos are stored encrypted, and must be decrypted before use on a PC. In the case of a cell phone, all data, including call records and photos, are stored encrypted.
This feature is especially useful when traveling to countries that do not value privacy.