Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Exactitude, Fortitude, Picnic

Posted by timothy on from the sanchitha dept.

Slashback tonight with another assortment of corrections, amplifications, looks backward (and even looks forward to looks backward). In this last case, it looks like you may even get fed.

You mean we have to reprint all the invitations? Reader Ian Cowley wrote with a slight correction about the end of an era:

"Your article on slashdot.org about the billionth second of the epoch is sort of (but not entirely) flawed.

Yes, UNIX systems will report 1000000000 seconds at 01:46:40 on 9th September. Which of course means the 1 billionth number will be 01:46:39.

But, these systems do not account for leap seconds. According to TAI (international atomic time), the 1 billionth second since the beginning of January 1st 1970 will occur at 01:46:17 on 9th September 2001, as 22 leap seconds have been inserted since 1970 (the first was 1972, the last 1999).

So celebrations of the 1000000000th second should be at 01:46:17, whilst 01:46:40 can be reserved for celebrating 1000000000 displayed on UNIX system clocks."

Errr ... thanks. We'll just have to start at "Unix Day, Observed."

What price the capture and humiliation of virus spreaders? JayHerrick writes: "We have posted a small bit of JSP that reports the number of times our server has been queried for a 'default.ida' page. It's stylish, it's cool, and it'll probably get Pepsi all mad at us because we ripped the Code Red logo off one of the bottles." Equally stylish, despite the name, is a small tool named codeRedNeck, described by reader mindriot thus: "As CodeRed probes port 80 of a machine, CodeRedNeck first answers on that port and then goes silent, thus forcing the worm to wait until the connection times out." He advises: "Read the original idea by Tom Liston. Heise also has more on this."

Even More Auspicious dates. No matter which date you choose to mark it, Linus' little kernel-that-could is about to mark its tenth birthday. ikluft writes:

"The "Linux10" Linux 10th anniversary picnic and BBQ will be held on Saturday, August 25 from 11AM to 6PM at Sunnyvale Baylands Park in Sunnyvale, California. Details and directions can be found at Linux10.org. If you can attend, please use the RSVP form so the organizers know how much food and soft drinks to provide (only provided if you RSVP.)

Linux10 is being organized as a family event -- bring the kids. In support of that goal, it is also a no-media event. Linux and Open Source enthusiasts who work for the media may attend and participate while off-duty.

Linux10 will gladly link to other Linux 10th anniversary events. Let us know the URLs for those events."

Reader big_drew adds: "The event is free (food, softdrinks, cds -- sorry, no free beer, but byo is ok)" and says "If you can't make it out to CA, you can still get the t-shirt (profits will be used to fund the picnic)."

Anyone want to organize a picnic in the vicinity of Knoxville, TN? :) I can bring some pasta salad and watermelon.

Ten candles all around here, too. Simon Spero writes: "As noted in http://www.w3.org/History.html, today, August 6th, is the 10th anniversary of the first public release of the CERN Web Software."

13 of 149 comments (clear)

  1. Re:Much Easier... by Pathwalker · · Score: 3, Interesting

    Why bother writing your own caching code when you can just let your Webserver do it for you?

    With Roxen's cache tag, I just threw <cache minutes=15> </cache> tags around the cpu intensive parts of mine and let Roxen handle the rest.

    I do have a cron job that parses the logs every 15 minutes, and updates the backend database. (I could have done that from the web page as well, but then my samples wouldn't be taken every 15 minutes).

  2. Re:CR2 response by IronChef · · Score: 4, Insightful


    Crack one IIS box, and you're a felon. Crack a million, and you're... some anonymous virus-writing guy that will never be brought to justice.

  3. JSP Garbage by Anonymous Coward · · Score: 3, Offtopic

    Behold PHP:

    <p><b>This webserver has been attacked by CodeRed 2
    <font color="#ff0000">
    <? $cr=passthru("grep -c XXXXXXXX /usr/local/apache/logs/access_log");
    echo $cr;
    ?>
    </font> Times</b>

    CC

    1. Re:JSP Garbage by JediTrainer · · Score: 5, Informative

      You might want to note that this can take long to run. I've had approx 1800 attacks on my machine, with a log file of about 55MB, and running this command right in the web page would make each request take about 10-15 seconds.

      Multiply that by 1 request per second and you're toast. I'd suggest strongly that you use something else to generate your statistics OFFLINE, such as this excellent perl program which also generates quite a nifty, sortable report!

      To the author of that, by the way, a warm thank you! I'm using it myself!

      --

      You can accomplish anything you set your mind to. The impossible just takes a little longer.
    2. Re:JSP Garbage by ralmeida · · Score: 4, Funny

      I'd second that -- I've now had almost 14000 attacks on my server in the last 7 days. Apart from blowing out all the logs, it has cost me about $40 in bandwidth as well. Where can I send the bill?

      Send Bill Gates to that place...

      --
      This space left intentionally blank.
  4. Free as in speech, not beer by Swaffs · · Score: 5, Funny

    How could you have a free Linux party without free beer? Or is this just another attempt to get people to understand what the "free" in Free Software really means?

    --

    --
    "Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]

  5. Linux Birthday Bash by bendude · · Score: 3, Insightful

    Anyone interested in a Melbourne, Australia, Linux 10th anniversary picnic and BBQ on Saturday, August 25.

    Having used so many flimsy excuses for a piss up, I think it would be a shame to let this one go.

    --


    Get the Hell off my planet, you slimy mobster Bush!
  6. Exactitude, Fortitude, Picnic... by Nightpaw · · Score: 4, Funny

    Did anyone else read that as the Slashdot-endorsed opposite of Fear, Uncertainty, Doubt?

    Or am I on drugs?

  7. Visualizing a billion units of time... by Speare · · Score: 5, Interesting

    Did I get my math right?

    About a billion seconds ago, the first man walked on the moon. (~31 years)

    About a billion minutes ago, the first man was said to have walked on water. (~1860 years, sorta close to the 0 CE mark)

    About a billion hours ago, the first man walked through what we now call Europe. (~111600 years, homo sapiens in upper pleistocene)

    About a billion days ago, the first man walks. (over 2.6 million years, a bit before the oldest known homo habilis)

    About a billion years ago, the first multicelled animals form. (eukaryotes supplant prokaryotes)

    About a billion decades ago, the Milky Way galaxy began to form.

    --
    [ .sig file not found ]
    1. Re:Visualizing a billion units of time... by blang · · Score: 4, Funny

      Extrapolating on that, we must expect something big to happen within the next billion milliseconds. Which is roughly 10 days from now. Anyone care to make a guess? And a billion my, micro, or microseconds after that(about 15 minutes), another major event will occur.

      --
      -- Another senseless waste of fine bytes.
    2. Re:Visualizing a billion units of time... by Sloppy · · Score: 4, Funny

      And about billion clock cycles ago, I was typing the word "typing."

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  8. Re:CR2 response by s390 · · Score: 3, Insightful

    Er, a bit dodgy if well-meaning. In many jurisdictions, using the CR2 backdoor at all would make you potentially liable for a cracking offense, no matter that you disabled a zombied server out of the best intentions for greater good. Unauthorized access is... felony.

    Suppose the infected system provided suicide-prevention access, or battered-women's services, and your code shut it down completely, and someone got hurt, or dead - your little hack could get you in a major civil or even criminal hole that you'd regret.

    Think twice before messing with anyone else's server, especially through any automated script. But that said - if you could shut down the worm, patch the server, remove the backdoors, and post a message to /var/log/messages to notify the admin - that _might_ be helpful and low risk. But you'd have to remain prepared to defend yourself and _prove_ that you didn't add a backdoor.

    At minimum, you'd have to keep complete TCP/IP traffic logs for such interdictions for seven years or whatever the longest Federal, State, or Local statute of limitations requires. You'd also need to escrow these and all your code with your attorney immediately.

  9. How Code Red uses sockets... by Scott+Robinson · · Score: 5, Informative

    Umm, I hate to be the damper in evil plans for Code Red ...

    ... but according to incidents.org and other virus websites, Code Red uses non-blocking socket connections "uses a nonblocking socket to connect to each target. Specifically this means that if one thread is stuck waiting for a slow connection to a particular target, the wait will not slow down the rest of the threads from continuing their scanning function."

    Any servers which "wait" are just wasting their own processor and memory.

    Scott.