Slashdot Mirror
Slashback: Spambots, Retroism, VoIPhooey
Let's find the spamsters and turn them over to Hormel. Neil Gunton writes: "Further to my previous article about stopping Spambots with Apache, Perl, MySQL and ipchains, it appears that the spambots have evolved somewhat. They seem to come in using a search engine to find promising pages, and then spoof the User-Agent field and generally try to behave as much like a real person as possible. Here is an update to my original article. This is something that anyone who runs a website and dislikes spambots should be aware of..."
If I ever have children I might let it go at that. jamie writes: "'If I ever have children,' says Rich Dreher, 'I would want them to see and touch one of the very first 'real' personal computers, not some simulation of an Apple in a window on a Pentium VIII running Windows 2012.' Over the last few months he's put together a CompactFlash/IDE adapter card for the Apple //e and IIgs, and now he's taking orders. The largest hard drive that ProDOS supports, as flash RAM, costs $14! Seeing the card really brought back memories..."
We mentioned this a while ago, before the pressing need of Apple ][ owners was quite so evident.
What's a little $80 million mistake among friends? Sinjun writes: "In what is believed to be one of the first prison sentences given to the creator of a virus, David L. Smith of the infamous Melissa plague recieves 20 months in federal lockup. I would have thought he would recieve more, seeing the massive amount of money lost by corporate America resulting from Melissa. Oh well, this is the precedent that has been set."
Smith should be grateful that his victims weren't allowed to each pluck one hair from his body per Melissa message received.
But what about the GBA? bobbydigitales writes: "A while back someone suggested porting linux to Samsungs GP32 handheld games console. As I own one, I did a bit of 'googling' and found a post from a guy at Samsung about a problem he was having with his linux port to the s3c2400x chip (this constitutes most of the GP32's hardware). It seems he finished his port as he sent me all the patches and instructions needed to compile the kernal for the s3c2400x.
As I dont have any experience porting linux i thought I'd share this information with the world and see if anyone could offer help and/or suggestions on how to proceed. Here are the files and info.
Samsung have completed the following drivers:
- LCD
- Serial
- USB Host (with mouse driver),
- Sound
- Keyboard
- Network (not actually on the GP32 chip)
Things that are missing:
- bootloader,
- SmartMedia Card driver"
I knew I should have ordered a few. Alex Law writes "Only days after Slashdot's article about Creative Labs great deal on VoIP Blasters, it appears that they are no longer in production or available from Creative's web site. Shame; mine arrived yesterday, and we were all quite impressed."
From the Mozilla front: Lots of good reports and an oops.
The good stuff -- reaper20 writes "With 1.0 around the corner, it seems like the folks over at Mozilla.org have their hands full. Between interviews and last minute security bug fixes, it seems like the Mozilla is poised for the big push to 1.0.
David Hyatt brings up the IE Advantage, and the death of user-experince based browsers. Mozilla.org itself has stood firm on some of these marketing driven issues - yet some changes have caused some interesting developments in the Mozilla community. The recent context menu revisions and personal toolbar recommendations by Netscape have caused a bit of controversy. (Bugzilla entries ommitted for obvious reasons)
Recently, the mozilla/browser and Chimera projects have been started to address certain usability problems and the desire for OS X native widgets. With Galeon and other Mozilla derivatives getting better and better, it seems that Mozilla 'proper' will serve as a platform for derivative browsers customized for the target platform.
Lots of standards-compliant clients each tailored to user needs, sounds like what web was originally designed for."
And the oops -- An Anonymous Coward writes: "An Israeli software firm has discovered a flaw in Netscape and Mozilla software that allows code hidden in a Web page to read files from the user's PC. The bug is a more serious variant of one patched in Microsoft's Internet Explorer in February."
They have not really dropped the ball,
because the versions of IE were released, final,
production versions, wheras Mozilla is not.
Simple
What's a little $80 million mistake among friends? Sinjun writes: "In what is believed to be one of the first prison sentences given to the creator of a virus, David L. Smith of the infamous Melissa plague recieves 20 months in federal lockup. I would have thought he would recieve more, seeing the massive amount of money lost by corporate America resulting from Melissa. Oh well, this is the precedent that has been set."
The massive amount of money lost by corporate America?!?!
First of all, since when do we start supporting corporate america?
Second, were do "they" get damage figures from? Probably the same accountant that say software firms lose "billions and billions" to piracy although many people would never buy the software anyways.
Also, if corporate america didn't have their heads up their asses, they could have avoided all the "damage" the melissa virus did. In fact many companies who know what their doing were completely unaffected.
By the way, why not jail the programmers at Microsoft for writing an e-mail client that allows "billions and billions of damage"
simple fact is this, It's well known that outlook is not secure. If companies have not taken steps to protect themselfs, I can hardly agree with jailing someone who wrote a program (and I believe didn't distribute).
Chicago2600.net more than a lifestyle, its a survival trait.
Why not pay users to collect e-mail addresses? Just create a 'plugin' (not unlike the google tool bar) so that where ever users go, the plugin automatically collects the e-mail addresses on the page. The user could get paid in some way (money? otherwise?), and there could even be a space in the tool bar to enter e-mail addresses obscured, as in an email addresses displayed as an image, as to avoid detection.
you should be drug out into the street and shot...
Nope. The whole point of robots.txt is to ask search engines to refrain from spidering parts of your site that they normally would because they're linked to.
A non-robots.txt-respecting spider will simply follow all the links on every page. Once they somehow find some way onto your site (perhaps via Google), they can harvest whatever they want.
For someone to rely on the completely optional (and forgeable) referer field is truly a bad decision, even if it is only one part of a check.
Dude, you totally agree with me.
Every other effort he's taken involves dealing with such ill-behaved spiders as you mention.
This Slashback has to do with new spiders which do not follow any links on your page, and which use google to find all of your pages.
Any robot that follows links on the site falls prey to his other spambot attacks, so he only has to worry about the new breed that comes through google.
My amazing wife - Artist, Author, Philosopher - Laurie M
No, that's not true. IE6 only looks for favicon.ico when a user bookmarks or creates a shortcut to a URL, or uses a bookmark/shortcut. I just tested this to be sure. As far as I know this is also the case with IE5 and IE4.
I won't post the bug number (bugzilla won't allow links from slashdot anyway), but it's already been fixed as of tonights builds, if I remember correctly.
slashdot broke my sig
This does not just set the precedent that virus writers can be put in prison for their code, this sets precedent that writing software can land you in prison. This is a very bad thing no matter how you slice it. This precedent flies in the face of the "Software as Free Speech" argument favored by most slashdotters. I, as a long-time slashdot reader, am appalled at the support for this judgement. A man has been imprisoned for writing software. Not killing, raping, or even dealing drugs. No, just writing software. What will it come to next? Will I be imprisoned for describing a virus in public where anyone could put my ideas to code? Will they be imprisoned for putting my ideas to code?
SOFTWARE IS FREE SPEECH!!!
And what of a writer whose essay starts riots? Will we as slashdotters stand behind the writer voicing his opinion or will we say that his speech caused riots in which people died? Don't we, as slashdotters, support free speech in all its forms regardless of the harm it may cause? DeCSS could cause as much damage to the MPAA as Melissa did to the rest of the corporate world. Why do we stand behind DeCSS and its authors and not the poor MPAA victims? Because DeCSS is protected speech, that's why!
I'm not arguing that what the guy did was right or wrong. That's a matter of opinion. I am arguing that Melissa was free speech. It was exploit code demonstrating a security hole in Microsoft Outlook. Was it irresponsible of someone to spread it in the wild? Hell yes. But it was just plain old exploit code nonetheless.
Oh shit! I forgot to click "Post Anonymously"...
No, that person was wrong. Let's say there is a popular gun manufacturer called Smallnlimp. This is like if smallnlimp put in a "feature" that caused the weapon to go off anytime it detected a certain audio pattern. Then some whacko discovers if a specific other signal is sent immediately after, the guns will repeat both signals loudly--thereby causing other guns to go off too. The result? Millions of Smallnlimp's guns fire unexpectedly injuring and killing people as this signal is spread over open air and through telephone lines. Is Smallnlimp responsible for the guns going off? Maybe not directly...
IIRC Microsoft patched this problem by not allowing Outlook Express to run executables directly, however IMO they have been very careless and irresponsible in how they've produced software--their whole objective seems to be to take over the world instead of producing quality software. The types of "viri" that require opening an attachment are only the tip of the iceburg. Code Red and Nimda are just two examples of real worms/viri that Microsoft has allowed to spawn. I dare someone to show me a security exploit in Apache/NFS/etc that would allow such a program to spread. In additon to bugs, their default settings and all the stuff they try to hide from the user (such as file extentions and the network settings) have allowed script kiddies to go freestyle on Winboxen. Between Microsoft and Redhat, more internet worms are probably on the way...
The moderators can mod this as flamebait all they want, however it doesn't change the fact that this is an honest assessment of the MS by a person who has used their software for at least a decade.
ends at my nose.
it roughly means that your right to free speech is allowed until it hurts someone else.
Photos.
Oh, bah. There are plenty of ways to pass data around securely. Here's one suggestion:
/cc-handler-private/{OneWayHash($SHARED_SECR ET, $NEXT_RANDOM_VALUE)}, and put $NEXT_RANDOM_VALUE in the URL you give the customer. Wallah! You're now putting a handle to the info you need to pass out in plain sight -- but they can't do anything useful modifying it; and even someone who knows the requests customers are making (their pseudorandom values) and who can circumvent your authentication checks on the retrieval side *still* can't get to the customer data unless they know the shared secret.
Both you and your CC handler agree on a shared secret and a shared PRNG seed. Every time you refer a customer to them, you pull a bunch of random data out of the PRNG, and create an address from which the CC provider (and nobody else -- use SSL client certificates to authenticate them, as well as IP address checks) can pull data. Every time a customer puts in their data, you make it available under
And that's something I just made up on the spur of the moment. If your credit card handling service can't hire someone actually competant (read: better than me) to come up with a system for doing this, they shouldn't be in the business.