But how is that different from su or sudo? Your su/sudo target account doesn't have to be root.

That means he would have killed prisoner every 4 seconds for four days, non-stop. I go out on a limb and say that it's pretty safe to assume that the number is a bit on the high side.

Those of us that have worked in medium or large networks know how difficult life can be with NAT. It is one thing to have the NAT between your internal network and internet, but something quite different when you have overlapping RFC1918 ranges within your network.

During the past 10 years company I work for has gone through 4 huge mergers and a lot of smaller ones and in every case there have been problem with overlapping address spaces. In those cases you first and foremost goal will be renumbering the conflicting address spaces and quite obviously this wouldn't be necessary if everybody will be using public addresses. During the last merger we renumbered 100k+ workstations, servers and phones.

Anycast, not multicast.

Even though you meant this as a joke, the sad thing is I see that there are lots of people in /. that seriously think that way.

Correct me if I'm wrong, but isn't SDXC defined by SD Association, not by Microsoft. Microsoft is one member of the association, I give you that, but there are several others as well. Unless Microsoft somehow coerced the association to select exFAT, I consider this to be a bad move by the association rather than Microsoft.

So true. Here is a site that I always find relevant when discussion veers into this specific incident.

Exactly. There isn't anything inherently evil about GOTO, you just need to make sure you don't misuse it.

I just hate when some people (no, I don't necessarily mean you) think that GOTO is somehow evil by definition and must be avoided at all cost.

GOTOs don't produce bad code, bad programmers do.

But CALL is equivalent of PUSH/JMP ;)

Around 150000ft (source)

I haven't checked the details yet, but I was told that IBM QS21 is Cell based blade system

"Physics is to mathematics as sex is to masturbation"

- Richard Feynman

Diffie-Hellman key exchange is considered to be secure against eavesdropping but vulnerable to MitM.

The point is that the last implicit rule of the rule set should be DROP ANY. This is the case with PIX, Checkpoint and most of the other firewalls I have seen.

To match the functionality of the current NAT devices, default rule set should

1. Allow all outbound traffic from Trusted interface to Internet
2. Allow inbound traffic if it is return packet for connection initiated from Trusted network.

If user then decides to remove all rules, failure mode will be exactly the same (all inbound/outbound packets will be dropped).

I think you got this wrong.

Currently most of the users don't set up their NAT (which is usually PAT anyway) and just like others pointed out, REJECT rule could be default like the NAT rule is.

Only difference would be that if these inane users want to allow some remote applications (e.g. Torrent) to establish connection to their computer, they need to be tinkering around with port forwarding and need to dedicate different port for each computer and so on.

Without NAT and using the REJECT by default would allow users to use very similar point-and-click interface for enabling the connections to those computers they desire, much like they do with the port forwarding at the moment, but without a need to be tinkering around with the port settings on the application side.