Slashback: Slammer, Frames, Pop-Ups

Slashback tonight with more on SBC's claim to own patents covering basic Web navigation techniques, an eyebrow-raising look at Slammer's spread, bad news for Ogg streams from the BBC, and more. Read on for the details. Update: 02/04 00:13 GMT by T : And late-breaking good news from SDF regarding its Public Access UNIX System.

FedEx should take notes. nweaver writes "We have completed our preliminary analysis of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide, scanning at a peak rate of over 55 million IP addresses per second, making it by far the fastest worm to date and nearly two orders of magnitude faster than Code Red. It infected at least 75,000 victims and possibly considerably more. The remarkable speed was due to the use of a bandwidth-limited scanner. There were also two bugs in the random number generator. Copies of our analysis are available from CAIDA, Silicon Defense, and UC Berkeley."

"Sir, this patent application needs to filled out in ink. Not Crayon." We recently posted that the company SBC was calling in the chips on patents it holds which the company claim cover certain types of navigation links found on many web pages. Dan Gillmor writes "Noticed the link to Cringley's piece. Well, I did ask readers for prior art and got quite a bit, some of which I've posted..."

Speaking of SBC, theodp writes "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."

I wonder how much they'd feel justified in writing off if they donated their web patent portfolio to the FSF.

Can we call this an on-again, off-again relationship? Albanach writes "It seems the BBC who had pioneered Ogg Vorbis broadcasting on a serious scale have abandoned Ogg indefinitely. They say other work commitments make Ogg support no longer a priority. Their statement can be read here"

What, and let all my pigeons escape? FedeTXF writes "We already love pop-up blocking in Mozilla and some other related browsers, now Blogzilla is reporting a great trick to get rid of embedded ads (banners and iframes) using plain CCS and the always amazing Mozilla flexibility and openness. Go check this page if you are anxious to see how to set it up."

Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ""For anyone who has recorded video or taken photos that they believe may be of aid in the investigation of the Space Shuttle Columbia accident, NASA has established a special location on the Web where Internet users may upload their media files to be reviewed by NASA." Although sad news all around, thanks to pleasant for the link."

Here's the late-breaker. fonixmunkee writes "looks like SDF will return soon. a message stating that they negotiated a new contract graced the single page in the "members area" of the temporary www.lonestar.org, but did not cite who specifically with. a few different ideas were tossed around for hosting, so only time will tell with who. i also just today got an e-mail from the Washington State Attorney General's Office that offered a small ray (read: none) of hope for assistance with SDF's run-in with NWLink. (NWLink breached SDF's contract.) hope all is well soon." This is good news, especially so soon after SDF got the rug yanked from under them.

Valid CSS?

[interiot]

Is that Mozilla trick valid CSS syntax? I've never seen anything like it before.

Re:Valid CSS?

[interiot]

Nope, it doesn't validate with the w3c's CSS validator. Do we get to start making up random syntax like MSIE now?

Re:Valid CSS?

[CrocOS]

Yup, this sure is valid!

The bits in square-brackets are attribute-matching: 'SRC' and 'HREF' are valid attributes, and the way that these are loaded is it is using a partial-match, which is why this works.

Unfortunately, this does NOT save the bandwidth wasted by loading these sites: you are just telling 'zilla not to display them, but they are still downloaded and loaded, and any javascript (eg in the IFRAMEs) is still run, and so on.

Still, it tidys things up nicely =)
-Trav

Re:Valid CSS?

[SweetAndSourJesus]

The validator complains about using the *= combinator between selectors, but as far as I know, that's actually valid.

Similarly, the validator bitches about things like a:hover:visited, which is accepted in most browsers that support CSS.

The validator isn't all knowing, I guess.

Re:Valid CSS?

[KnightStalker]

That's valid CSS3. I've been using this trick for months. One addition they don't have is selecting:

*[action*="doubleclick"] * { display: none!important; }

to turn off Doubleclick HTML ads.

Re:Valid CSS?

[Platinum+Dragon]

Not only is it not valid, it's not for mozilla either. the 'trick' only works on Netscape7... as mozilla doesn't use 'user' profiles. (there is only a default system profile, which doesn't read any local .css files, for security reasons)

Wrong, wrong, wrong.

I've been using a UserContent.css file since M17 that displays links italicized with no underlines. Under Unices, the file goes in $HOME/.galeon/mozilla/galeon/chrome. In Mozilla, the file goes into .mozilla/*.slt/chrome

Maybe under Win9x, user profiles aren't used, in which case the file would just go into the default chrome directory. There may already be a UserContent.css file there; edit that.

Re:Valid CSS?

[rworne]

This is cool. So does this mean I can:

1. Block their crap by not seeing it displayed
2. Waste advertisers' money by not having a pair of eyeballs see the ad
3. Block it without anyone being able to tell I'm blocking

All this for a small price of a bit of my bandwidth? Sign me up!

And in other news..

[jo_ham]

SBC patents patents.

Other well noted SBC patents include:

Oxegenating blood by inhalation of atmosphere. Secreting water onto the surface of the skin when hot/tired to assist in heat loss.
Excretion of urea in solution via a hose type device.

They'd better clear that last one up quick. I'm dying for a piss but I don't have any change for the SBC lawyer.

Re:And in other news..

[Autonymous+Toaster]

Nothing important then. As long as they don't have a patent on "method of modifying carbohydrate chains by application of dry heat", I think we're gonna be OK.

Re:And in other news..

[Dr.Dubious+DDQ]

That sounds like the ultimate bathroom key, only instead of a hunk of metal, there are a few lawyers attached to it.

Ah...and the results when the IP lawyers delay things too long...

"Oops. Sorry about that. Guess I don't need to get into the bathroom any more. Here's a quarter for the laundry."

Though afterwards, think what the "what are you in for" conversation the poor guy will have with his cellmate will sound like...

Re:And in other news..

[jo_ham]

so females aren't covered?

There's no way even SBC would have the balls to attempt to patent the female genitals and associated plumbing. It's far too beautiful.

Re:And in other news..

[angst_ridden_hipster]

Oh...

So izzat why they call 'em IP lawyers?

Ah, yes

[The+Bungi]

Mozilla flexibility and openness

Well, personally I use IE, and thanks to a well-maintained boffo hosts file I've yet to see an ad in just about any commercial website, including those that use iframes (no page, no ad). That includes Slashdot.

The popunders or popups I don't really care about so long as I know no revenue is going to anyone for the page hit (since the browser window comes up with a 404 anyway).

99% effective, in my experience. No openness needed, just a little bit of common sense and some network know-how. Not that openness is not good and all.

Re:Ah, yes

[mrjive]

Seems like it would be a lot easier just to use a popup stopper instead. This is what I did with IE until I installed mozilla.

Panicware has a good one that's freely downloadable. I still have it installed at home but just leave it disabled now (since Mozilla catches them all).

Re:Ah, yes

A serious question ... do you feel the internet should be a free experience? Do you experience any feelings at all concerning the revenue impacting mode in which you operate?

Re:Ah, yes

[sqlrob]

Do you go to the bathroom during commercials? Do you experience any feelings at all concerning the revenue impacting mode in which you operate?

Re:Ah, yes

[teetam]

I use IE and Mozilla and honestly, Mozilla kicks butt. Even with a 404, your desktop will still be cluttered with too many windows (pop ups, unders etc.)

With Mozilla, not only do I get no popups, but I also have only one window open when I navigate multiple websites using tabbed browsing.

Try it out.

Re:Ah, yes

[The+Bungi]

Try it out

I do. I think it's a great browser, and it's better at rendering CSS than IE is in some cases (scrolling overflow anyone?)

But it's waaaaaay too slow to load. IE6 loads in about 1/4th of a second, where Mozilla 1.2 takes about 6-7 seconds. That's really my only beef with it - other than that I like it a lot.

Re:Ah, yes

[Anonvmous+Coward]

"Seems like it would be a lot easier just to use a popup stopper instead. This is what I did with IE until I installed mozilla."

One neat thing you can do with IE is call it as an ActiveX control in Visual Basic. I'm by no means a programmer, but I was able to download the HTML into a text buffer, edit the buffer, and then display it in the IE/ActiveX Window. The idea was (eventually) to write a parser that had a few rules about omitting certain lines of HTML. Something along the lines of "remove any line that refers to opening windows on page load or on aexit."

So why didn't I complete it? I didn't know how! Heh. Seriously, I'm not much of a programmer, and I didn't have the drive to write the parser necessary to do that. The main problem is that I would have had to have re-written a lot of IE's interface. I probably had a month or so (at my ameteurish pace) to go before I could get that in workable shape. And then what?

I do hope somebody comes along and implements a feature simmilar to what I described in a browser. (Preferably Opera.) I'd rather filter out HTML than wait for new features to pop up every time somebody discovers a new way to be annoying.

Re:Ah, yes

[pla]

Why would you want to look at a website that has been sanitized?

Kudos for making your point (nice and sharp... I approve), but ads do not count as part of the artistic merit of a movie/website/landscape. Usually the director/author/wildlife don't even know what ads will end up appearing in their creation, so unless the intent of a work involves making fun of ads, the ads just detract from it. Skipping commercials does not mean "sanitizing".

Re:Ah, yes

[morningstar8]

Hmph. If IE didn't autoload with Windows, I bet it'd load a lot slower.

Personally, I've set up Mozilla on my Windows box to enable Quick Launch. That way, part of Mozilla starts up with Windows, so launches are faster. On my box, Mozilla loads in about half a second.

Under Windows, in Mozilla's preferences dialog, go to the top-level of Advanced, then choose "Quick Launch".

Re:Ah, yes

[GimmeFuel]

Most pop-up and ad blockers use a method similiar to this, except they use a proxy server. When the webserver sends whatever page I requested to me, the proxy parses the HTML and kills any IMG tags for ads, etc., then passes the HTML back to the browser. BTW, the best such program I've found is Privoxy

Re:Ah, yes

[afidel]

The best popup killer for IE is crazy browser at Here. It does smart popup filtering, tabbed browsing and some other nifty features, all with the IE engine. Small download too since it just wraps around the IE core. Best demonstration of object reuse I've seen =)

Re:Ah, yes

[The+Bungi]

You are a wanker [slashdot.org] for looking at censored websites. Why would you want to look at a website that has been sanitized?

d00d, if ads make up content for you, may I suggest something different?

:P

Ah, I get it. No, I do =)

However, you are stealing

Are you a subscriber?.

Re:Ah, yes

[aaza]

It just happens to be loaded with the OS

Proof?

1. Load IE (a fraction of a second)
2. Load local page (a few more seconds)
3. Open a new window, which loads the same page (5 - 10 seconds, disk grinding like anything)
4. ???
5. profit

OK, how the hell did steps 4 and 5 get in there? This is a serious post!

Re:Ah, yes

[The+Bungi]

Well, explorer shell = IE. It's handled a bit differently, but the engine is still loaded.

I don't think so. The shell and IE use some shared components that are loaded with the shell itself (the Windows common controls). Unless you have Active Desktop enabled (and I don't), the HTML parsing engine is not yet loaded when the shell itself initializes. And I know that because I've profiled it.

IE is basically three things: the common controls, the HTML parsing engine and a few shell extensions (which you can turn off). The EXE is just a stub.

Now, some people consider the whole common controls thing to one of the Evil Monopolistic Practices, when it really is an excellent alternative to having 18 different "widget" sets to choose from and having two thirds of them double over and die because glibc happens to be an older (or newer) version.

In fact, if you've ever run an alternative shell you'll see why this "loads with the OS" is just FUD, because IE runs at the same speed. And no other process in the entire system uses the HTML parser.

I understand "loads with the OS" to be something like a WDM driver, a kernel-space service or something like that. But that's just me.

Re:Ah, yes

[Gantoris]

This works in WinXP should work with 2k as well.

1. Open the task manager, and view the running proceses.
2. Start IE, notice that there is now an IEXPLORE.exe item in the task list, close IE.
3. Start windows explorer, notice that there is no new process in the task manager.
4. Feed a web address into the "location bar" in windows explorer, suddenly you're using IE. But there is no IEXPLORE.exe in the task manager. This is because the whole thing is wrapped up in explorer.exe, which is the desktop shell process, which is loaded with the OS.

Re:Ah, yes

[The+Bungi]

Who the heck said I like Slashdot??

Re:Ah, yes

[The+Bungi]

Quick Launch

Quick, yes. And only 24MB of memory consumed!

Re:Ah, yes

[nahdude812]

That's a neat but very dangerous way to manage that. The danger is that you have to be very careful what zone of security you're executing in, it's very easy to run that in the "Local Computer" zone, which opens you up to countless highly dangerous attacks. So if you play with IE as an ActiveX, and spoon feed it HTML at all, be very very careful!

Re:Ah, yes

[slick_rick]

A serious question ... do you feel the internet should be a free experience?

The internet experience is not free. I pay $50 a month for my DSL service. Even if you don't count my quasi-fixed investment in the computer itself and the network that it operates on the internet is in no way "free".

Do you experience any feelings at all concerning the revenue impacting mode in which you operate?

There were web sites before there was an ad supported revenue model, and there will still be web sites after all the ad supported sites are dead and gone (RIP).

BBC Support

[jdh28]

Check out the detail the BBC provide about their servers and network.

john

Slammer 1.1

[Lu+Xun]

There were also two bugs in the random number generator

Does that mean someone's going to release a patch for it then?

Re:Slammer 1.1

[AndroidCat]

Yeah don't people know enough not to get infected by version 1.0 software?

Finally?

[GuyMannDude]

Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ...

What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?

GMD

Re:Finally?

[Zillatron]

What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?

Um... Since the item after it is listed as late-breaking, I'm guessing that at one point the item in question was the final item...

So you want a "structured document browser"?

[Pac]

I will give you a "structured document browser". Its name was Gopher and it was the structured document browser" before fancy graphics and godammed blinking text took the servers by storm. Will you have a coke with that prior art, sir?

What is /. thinking?

[Eros]

Did they just seriously link to a page that easily allows the blocking of all banners on Slashdot and other sites?

If you can't call this website sucide, I don't know what you can call it.

BTW, for Galeon users, check your preferences under "Rendering" to add a CSS and check the box "Apply by Default" to use the adblocking CSS.

Re:What is /. thinking?

[KalvinB]

Since many sites are too dense to use ads in a non visitor annoying fashion and many visitors are too stupid/ignorant to accept the fact that it costs money to run a quality web-site and passivly help offset the costs by putting up with the ads on their favorite sites, many major web-sites are forcing visitors to take an active role in paying for costs or forcing them away. The method of choice seems to be subscriptions of some form or another with a crippled free service.

Pick your poison: suck up the ads or start getting used to paying up.

I switched IcarusIndie.com over to a subscription model at the beginning of the year for the most bandwidth intensive sections and it was probably the best thing I could have done for the site. My Alexa ranking is up, bandwidth costs are being offset significantly, bandwidth usage has been drastically reduced.

If a significant number of users stop viewing the ads on Slashdot I wouldn't be surprised if you had to start paying the membership fee to see everything.

Ben

SBC and Money

[Valiss]

"The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."

SBC should seriously consider burning in hell. I mean how low can they go? Is M$ thier model company? First off, thier whole Frames(tm)(r)(c) is complete bull, and we all know it. I doubt that will win, and they must know this, so why do it? What do they have to gain?

Now seeminly random donations to the of Texas (nothing against U of T). Perhaps they should just focus on having the DSL lines up 24/7 and not persuing meaningless lawsuits and then attempting to cover them up with some bs donation. Someone want to explain to me what "patent donations" are? If it's what I think then I'm calling shenanagens on them.

It may be.

[Carme]

It actually looks like valid CSS v.3 to me, but that would mean that yeah, it wouldn't validate yet.

I'm not expert on the v.3 spec, so don't quote me, but I believe Mozilla has partial support already. That would explain why it works in Moz and not IE/others. Bloody brilliant idea, though.

Re:It may be.

[interiot]

Ahh, yeah, you're right. See CSS3 spec, "Selectors" recommendation, section 2. Nifty stuff coming. For some reason this CSS makes me excited every time I learn new things about it, and I'm not that hardcore of a geek...

And we can play with this stuff in Mozilla. Oh happy day. :)

Re:It may be.

[CrocOS]

The reason that this works in Mozilla is the filename and location: that's the proprietary part. There is no reason that you cannot include similar code to this on your page for, eg, hiding that pesky Geocities banner. True, not all browsers support this, but it should work for all Moz-based browsers and (I think) IE 5.5+ - though I havn't tried it with IE =) -Trav

Re:It may be.

[Iffy+Bonzoolie]

My question is, why not use XPath instead of coming up with a chinsy alternate-but-similar notation for selecting nodes in HTML? XPath is a w3 property... why not be consistent? They are trying to retrofit HTML to XML anyway, and IE lets you select nodes in scripts using XPath. (I thought it was part of the DOM standard, but I can't find it - I guess it's an MS extension.)

I guess it would cause some of the CSS syntax to be incompatible with new versions. But that should be solvable by having a well defined way of specifying which version of CSS a CSS file or section is, like you can with javascript. You can specify language="JavaScript1.0" or "Javascript1.2" or whatever to load a JS engine that conforms to that version's specifications (which, unfortunately, conflict in some cases).

I often think that these web standards have all evolved in the wrong order. HTML came before XML and DOM. CSS came before XSL. Bleah.

-If

Re:It may be.

[Xiadix]

Try adding this to your host file:

127.0.0.1 us.adserver.yahoo.com

It shows, but it is empty.

KevG

Re:It may be.

[9jack9]

. . . CSS makes me excited every time I learn new things about it, and I'm not that hardcore of a geek...

And we can play with this stuff in Mozilla. Oh happy day. :)

Uhhh, if CSS makes you excited then, yeah, you're a geek. If it makes you excited over and over, then that makes you a hardcore geek. If you are unsure, use the "random unknown female test". Walk up to some random unknown female and say, "CSS makes me excited every time I learn new things about it. Does that make me a geek?". If she says, "Oh, I saw CSS on TV last night! That's so cool!", then you aren't a geek. Otherwise you are. Welcome to the brotherhood. ;)

That Slammer analysis paper is quite interesting.

[Thagg]

Read the paper, it's good, short, well written, and has some important insights. The most amazing statistic from the paper is that the doubling time for the virus was about 8 seconds. Within ten minutes it had covered the entire 'net.

I'm still waiting for the paper describing why systems like Bank of America's ATM's were shut down. Whatever the case, we are sure to see more worms like this in the future, with the possibility of serious damage.

thad

Re:What is /. using?

[The+Notorious+ASP]

Actually, I'd be really interested in seeing some stats on browsers that hit slashdot. Granted a large percentage of regular posters are running mozilla, opera, netscape, whatever, I bet there is a very high percentage of MSIE users hitting slashdot.

Anybody got any numbers?

Ads with noise

[EverStoned]

I can't stand ads with noise. I listen to music really loudly on headphones. Then all of a sudden I hear "BUY A TOYATA" and blow an eardrum. Thank god I switched to Opera - no more pop ups, but some banner flash ads still get to me.

Re:What is /. using?

[Alan+Partridge]

last time Slashdot mentioned any browser stats, IE's dominance was very similar to it's position for websites generally - ie, IE was over 90%.

Here's the late-breaker

[AndroidCat]

"looks like SDF will return soon.

Any sign of the Zentraedi following them?

Ad-Blocker plugin

[alanjstr]

If you don't feel like maintaining a userContent.css file, check out Adblock over on mozdev. Bannerblind also kicked ass, but it seems abandoned.

'Photos Show Odd Images Near Shuttle'

[KernelSanders]

In case you haven't seen it, here's a story running on the San Francisco Chronicle site about an amateur astronomer who photographed the shuttle during re-entry.

From the story:

'Photos show odd images near shuttle'

"The pictures, taken with a Nikon-880 digital camera on a tripod, reveal what appear to be bright electrical phenomena flashing around the track of the shuttle's passage, but the photographer, who asked not to be identified, will not make them public immediately.

"They clearly record an electrical discharge like a lightning bolt flashing past, and I was snapping the pictures almost exactly . . . when the Columbia may have begun breaking up during re-entry," he said..."

Re:'Photos Show Odd Images Near Shuttle'

[uhoreg]

"...taken with a Nikon-880 digital camera..."

"...but it showed up clear and bright on the film when I developed it..."

Huh?

Re:'Photos Show Odd Images Near Shuttle'

[AndroidCat]

Throw the camera into the developer solution for three minutes, transfer to the stopbath, and then after a while, move it to the fixer. By golly, I bet a digital camera would show some weird images after that!

Re:'Photos Show Odd Images Near Shuttle'

[ctar]

"...taken with a Nikon-880 digital camera..."

"...but it showed up clear and bright on the film when I developed it..."

Huh?

Maybe thats why he has orange and electrical looking streaks on the images.

Nasty worm!

[AndroidCat]

That Slammer/Sapphire was a really nasty worm! It fired a 404 byte UDP packet to infect a target, and it didn't even have to wait for a response, bang, on to the next attempt. (I'm not certain, but that could also mean that the packets with forged IP addresses, making tracking a lot harder.)

404 fscking bytes! No wonder it clogged the Internet!

Re:Nasty worm!

[Anonvmous+Coward]

"404 fscking bytes! No wonder it clogged the Internet!"

I'm new to Linux, but how does checking the file system clog the internet?

Re:Nasty worm!

[AndroidCat]

It's not checking the file system. (And it's a MS SQL Server bug, not Linux.) Each infected machine is suddenly using its maximum bandwidth to send 404 byte packets to randomish targets -- and each unpatched SQL Server machine that it hits instantly is also infected and uses it's max bandwidth. And at 404 bytes, it can hit a lot of targets in a short period of time.

If you have a company with a number of machines infected, they're going sending over a 100BaseT LAN to the company pipe to the Internet, which will clog it pretty bad.

Re:That Slammer analysis paper is quite interestin

[rgmoore]

One scary though was the comment that most of the previous fast propagating worms are latency limited, since they have to wait for a response from each scan they attempt. They speed things up by spawning multiple threads, but that's inefficient. Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload. I'm sort of worried about a worm using advanced techniques such as scanrand. As mentioned in a previous slashdot article, it was able to scan an entire class B network in just 4 seconds. With that kind of performance, you could have a similar speed of spread even with a large, sophisticated, and malicious worm.

Re:That Slammer analysis paper is quite interestin

[AndroidCat]

The fact that each infected machine suddenly switched to max bandwidth sending was bad enough. The ATMs, 911, etc probably failed due to congestion at bottlenecks.

At least "wormy" was nice (for small values of nice) enough to launch it over a weekend. What if the next one gets launched during something like 9/11 or Desert Storm II?

More on the Shuttle

[Zeinfeld]

Turns out that NASA fired people on the safety committee who made noise about safety.

It will be interesting to see how 'independent' the investigation ends up being. If its like the 9/11 investigation we will know there is something they need to hide.

My top pick to head the committee would be Ted Postol of MIT. I doubt he is the administrations pick. Although the Democrats in Congress might possibly get a clue and select him as one of their picks.

Re:More on the Shuttle

[anubi]

I think they hit the nail on the head.

"Faster, Better, Cheaper."

I think the pizza driver who is coerced into unsafe practices to deliver $10 worth of pizza knows it firsthand. If he doesn't deliver, they will find someone else who says they will.

NASA was forced to "cut corners" to save "costs". But maintain "productivity".

We did not allocate enough resources to do it right. Now we will have to do it over.

Its a lesson we have to learn over and over.

This trick is two and a half years old

[plastik55]

The concept of CSS-based ad blocking has been previously covered here, and here. I've been using it to make my Slashdot ad-free for some time now.

Opera

[freeweed]

Opera, Opera, Opera, and the chant goes on.

If you hate popups, AND enjoy a fast browsing experience (esp load times!), it can't be said enough times: give Opera a whirl.

I know the concept of paying for decent software seems foreign to some here, and your favourite new Flash site of the week may not display 100%, but for everything you say you don't like about IE and Moz, Opera has them beat pants down.

It's gotten so bad at work that I'm regularly screaming at my machines every time I'm forced to surf the web (stupid default IE installs).

Re:What is /. using?

[On+Lawn]

I can't say directly, but indirectly the people that come to my site *ahem*OnRoad a great place for Automotive Engineering discussion *ahem* from slashdot shows that only 20% of them use IE. Opera is only slightly less (15%), with links/linx getting 5%, Netscape getting 20% and Mozilla getting 30%, Pheonix and Galeon get 10%.

From other sites (like ezboards and Yahoo mailing lists) I get a high percentage of IE and AOL users (50%, 35% respectively) and most of the rest are netscape at 10%.

-----------------
OnRoad: It gets you there and back again.

I must be alone but...

[Stigmata669]

Sometimes I like banner adds if they aren't insane flashing gifs. I visit thinkgeek from slashdot banners sometimes when I see something cool, and often use banners on PC hardward sites to find good online vendors for 'specialized' parts.

I find tasteful or site specific banners helpful rather than hurtful to my browsing experiance. Plus, I think the user can help keep the ad supported web alive if they don't kill all ads.

I believe that the model is failing because websites are too indiscriminate in chosing ads to run.

I made the move to Ogg

[djsable]

I have begun broadcasting in the Ogg media format recently.. I am using it to replace the Real Media stream from my radio show. At its smallest setting, the sound quality is pretty good, and Win Amp has a plug in for Ogg, so it made it an easy bet to go Ogg instead of Real. Whose advertising methods with its free player drive me nuts, I have been looking for a replacement for Real for a while, and Ogg is it. Ogg joins Win Media as my two formats for the Show.

badger

Re:That Slammer analysis paper is quite interestin

[freeweed]

Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload.

Slammer was under 400 bytes as it was. Now, won't most IP networks pass 1500 or so byte packets without fragmenting? That's a lot of extra room to toss in a nasty payload. Maybe all we need to do is convince MS to force their buffer overflows to require at least 1500 bytes :)

Thought of CSS before...

[Jezral]

I thought of the CSS trick before, since it's a pretty "nice" way of not showing ads.

The hit still gets counted, the ad still gets downloaded, but nobody views it.

Even made a small proxy program in PHP to test it, just going by my hosts file and adding style="display: none;" to the tags of the ads.
That way, it works with any browser.
Bloody ate my CPU, though. RegExp is a hog...

-- Tino Didriksen / ProjectJJ.dk

RE: Mozilla CSS Trick - I hate to say it, but...

[thecampbeln]

... wouldn't "solutions" like this hinder mozilla-esque support adoption amongst major sites? I mean ads are how most web sites pay for the content that we otherwise get for free. Except for the annoying as hell pop-over/iframe and Flash ads, I can't say I mind banners at all. If a lot of users implement this kind of thing (which is virtually undecidable from the web server's POV thanks to it being client-side CSS), what would stop the marketing drones from saying "if Mozilla won't show the ads, lets not allow access from Mozilla browsers"? Or worse implement the click-thru style of advertising that some site have already begun using!?

Do note that I am implementing this CSS on Phoenix as we speak ;) But still, I'm happy with the current paradigm of banner ads, is it a good idea to futz with that paradigm for fear of something even more annoying?

Scarily Warhol-speed propagation

[billstewart]

At its peak, it was scanning about 100 times as many machines as it eventually infected (though the exact number of victims is very hard to determine.) Now, this is partly because the average victim could spray over 100 targets per second, since the infection method required just one amazingly fast packet, so you'd expect this kind of thing to happen ;-) But it felt a lot like A Fire Upon The Deep, where the computer virus found in the old library is becoming self-aware and jumping onto the escaping rocket ship - it was clearly Warhol speed. We don't know how many machines were really infected, because the random number generator was slightly buggy, so any given virus-detection point would only see hits from the numerically-nearby infected machines.

It would probably have taken very little extra work to add an arbitrarily large payload to it, built as a second module. Leave the original scanner blasting away with the small packets, since most of them won't succeed in infecting a machine, but have a newly-infected machine contact the machine that infected it to fetch the second payload (and then forget where that one came from, to make later back-tracing harder).

I doubt you'll see a detailed white paper about Bank of America's system; most big companies would consider that kind of thing proprietary, though almost any large financial company would have put together a large team to spend several days of argument, wrangling, and recrimination to find out what happened and make sure it doesn't happen again, but you'll only see a technical explanation if they decide that's the best public-relations move. Most of the guesses I've seen on the net (or at least the ones that sounded plausible to me :-) are that they were probably just using internet-based VPNs to support those ATMs, and got flooded out by the worm's volume, but didn't actually get infected. Hard to say whether the parts that got flooded were the little ends near each ATM, the big end near the bank, or somewhere in the middle like some ATM network service provider. Remember that 10-15000 IP addresses makes a much bigger target than a single IP address, so if there's anywhere that their connections are all visible, the traffic flood could be pretty heavy.

I see a DDoS coming...

[emc]

Great, first NASA had to watch the Colombia be destroyed...

Now, countless copies of goatse.cx are going to be uploaded to their server, blinding many of our nations finest...

My heart is extended to the families of the (soon-to-be) victims.

To block the IGN flash ads...

[blake213]

I added my own little customization to block IGN's ultra-annoying flash ads:

/* Flash ads */
EMBED[SRC*="ads."] { display: none ! important }
EMBED[SRC*="ad."] { display: none ! important }

Works pretty well.

Re:NASA doesn't need more video

[crhernandez]

From a scientific perspective, perhaps. But we're humans. We do or don't do a lot of things for completely unscientific reasons: art, adventure, beauty.

Isn't there something wondrous about a person floating unsupported? About seeing a sunrise every 90 minutes? About knowing that star you see has a crew?

I think these things are worth billions of dollars, and a proportional share of my income.

Paranoid followup to my own article

[billstewart]

It's even worse than it appears :-) If the percentage of systems vulnerable to Slammer / Sapphire had been much higher, they could still have been infected in the same amount of time or faster, because the infection only depends on the vulnerable machine being hit by the packet, so those 55 million attacks/second at peak could infect 55 million machines just as easily as one machine. (And of course, more infected machines means more attacks getting out, subject to ISP bandwidth bottlenecks, so the peak speed would probably have been even highter.)

The main Warhol Worm / Flash Worm papers were concerned about worms that had some level of efficiency and coordination of their targets - first scan for targets over a long period of time, then take 10,000 zombies and give each one a partial list of targets to attack, and hauling around the list of targets turns out to slow the process significantly, in return for increased efficiency. This one just used random search and let it rip, so it didn't need the overhead of using a list, though it's possible that the perpetrator had some set of targets pre-planned, as opposed to just taking an 0wnzr'd Korean proxy server and spraypainting Korea with it to start off the process.

Re:NASA doesn't need more video

[KewlPC]

Aside from the no-immediate-use stuff like "How do ants behave in space?" (answer: they dig like crazy), sooner or later we are going to have to send humans off-planet on a permanent/extended trip. Maybe we decide to start mining asteroids, or whatever, but it will most certainly require a human to be present.

There is only so much that a probe can do. A human geologist on-site could learn more about Mars' geology in a short while than a probe could over the course of its entire mission. You're forgetting that if you landed a probe on Mars, it would be extremely difficult to maneuver it, because of things like a 20 minute communications lag, the fact that you can only communicate with the probe for part of the day, and the limited computing power of the probe's computer.

The onboard computer is limited because it has to not only be extremly reliable, but it also has to be rad-hardened (maybe not once on Mars, but to survive the trip), which means using slower technology (it's slower because, in order to decrease the odds of cosmic radiation flipping bits, the gates and transistors have to be larger).

Besides all that, there is the "being there" aspect of it. Seeing what the earth looks like from the moon, school children communicating with astronauts (and even thinking up experiments to try in space, like the ants thing I mentioned above), and things like that, which may not have a direct and immediate scientific value, are no less important.

Or we could listen to you and just sit here, think small, look up at the stars and planets, but never visit them, because you think it's too expensive and dangerous.

Your post reminded me of something someone once said:
"We choose to do these things, not because they are easy, but because they are hard."
-John F. Kennedy

UDP should not be banned. It is useful

[moncyb]

The Internet is more than just the web and email. UDP does have it's uses. Some types of networking will just work better with it. How would you do multicasting with TCP? What about video games? I doubt they'd work as well with TCP. If you think games are useless, you are wrong. FPS are early generation virtual reality systems. I think the Internet will be a better place if the VR dream comes true.

This problem happened because Microsoft is made up of idiots. This port was open because of thier "easy to use" bullshit. There is no need to open a second fixed port you are unable to disable so that other systems can figure out which port the database server is on, and they had a buffer overflow in this code too! There is a reason there are both default ports and places you can specify ports in URLs and such. Why have a discovery service in the first place? Bad judgment.

Re:Mozilla Speed [Re:Ah, yes]

[The+Bungi]

Your post was beginning to sound interesting when all of the sudden...

Windoz

... I lost you.

User style sheets

[jesser]

Floppymoose's ad blocking CSS is an example of a user style sheet. User style sheets can do much more than hide parts of pages.

The user style sheet I use does the following:

• Link styles:
  • Links to Slashdot are bold and Slashdot-green.
  • Links to mozilla.org have a 16x16 red-dino logo next to them.
  • Links to goatse.cx are brown and crossed out.
  • javascript: links are green.
  • mailto: links have an envolope icon next to them.
• Borders for image links. Solid blue for unvisited links, dashed purple for visited links.
  
• Hide all reset buttons.
  
• Before each named anchor, display the name in the format [#foo], but make it 80% transparent so it doesn't get in the way of the actual text of the page.
  
• Ignore the effects of blink and marquee tags

The CSS code for most of these is on http://www.squarefree.com/userstyles/.

I also use the "test styles" bookmarklet to create temporary, site-specific user style sheets. My most common temporary user style sheets hide visited links (useful on sites that serve random image links every time you load them), make all text lowercase (useful for reading all-caps text), and change the color of visited links (useful for sites that use the same color for unvisited links).

worm speed/automatic defenses

[stinky+wizzleteats]

From TFA:

Sapphire reached its peak scanning rate of over 55 million scans per second across the Internet in under 3 minutes... worm defenses need to be automatic; there is no conceivable way for system administrators to respond to threats of this speed

That statement borders in irresponsible. There is no reasonable way to deal with a threat like this after the fact, however fast your gee-whiz IDP solution claims to shut down an anomaly incident. Don't even get me started on the estimated response speed of a federal Internet crisis center. The bottom line is that more public thought needs to go into making long term security decisions, starting with what software is selected for a particular purpose and how effectively and strictly that software is managed.

All this statement is going to do is give the executive level FUD meisters at (insert your favorite security/network gear company here) more ammo to shut down the ability of IT administrators to do their job.

Slapper was a variation on an older worm, I think

[sirshannon]

The original actually tried to do something. It logged into SQL Server using the SA account and a blank password (if someone was dumb enough to leave that...) and then emailed the schema (and data, maybe, I didn't actually test it, just read it) to it's author, set up a new account with it's own password, changed the sa account's password to that password, and then looked for any other SQL Server on the net.

unfortunately (or fortunately, depending on how you look at it), this scanning for other servers slowed the server down so much that it was noticable if you were in the room with the machine. It sounds to me like someone saw what a load it was putting on the net and the machines infected and decided to cut out the section that gathered the database information and just let it spread freely, assuming it would lock up the net the way it did.

I'm not completely certain that this is the same worm, but it sounds like it.