Slashdot Mirror
Slashback: Slammer, Frames, Pop-Ups
FedEx should take notes. nweaver writes "We have completed our preliminary analysis of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide, scanning at a peak rate of over 55 million IP addresses per second, making it by far the fastest worm to date and nearly two orders of magnitude faster than Code Red. It infected at least 75,000 victims and possibly considerably more. The remarkable speed was due to the use of a bandwidth-limited scanner. There were also two bugs in the random number generator. Copies of our analysis are available from CAIDA, Silicon Defense, and UC Berkeley."
"Sir, this patent application needs to filled out in ink. Not Crayon." We recently posted that the company SBC was calling in the chips on patents it holds which the company claim cover certain types of navigation links found on many web pages. Dan Gillmor writes "Noticed the link to Cringley's piece. Well, I did ask readers for prior art and got quite a bit, some of which I've posted..."
Speaking of SBC, theodp writes "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."
I wonder how much they'd feel justified in writing off if they donated their web patent portfolio to the FSF.
Can we call this an on-again, off-again relationship? Albanach writes "It seems the BBC who had pioneered Ogg Vorbis broadcasting on a serious scale have abandoned Ogg indefinitely. They say other work commitments make Ogg support no longer a priority. Their statement can be read here"
What, and let all my pigeons escape? FedeTXF writes "We already love pop-up blocking in Mozilla and some other related browsers, now Blogzilla is reporting a great trick to get rid of embedded ads (banners and iframes) using plain CCS and the always amazing Mozilla flexibility and openness. Go check this page if you are anxious to see how to set it up."
Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ""For anyone who has recorded video or taken photos that they believe may be of aid in the investigation of the Space Shuttle Columbia accident, NASA has established a special location on the Web where Internet users may upload their media files to be reviewed by NASA." Although sad news all around, thanks to pleasant for the link."
Here's the late-breaker. fonixmunkee writes "looks like SDF will return soon. a message stating that they negotiated a new contract graced the single page in the "members area" of the temporary www.lonestar.org, but did not cite who specifically with. a few different ideas were tossed around for hosting, so only time will tell with who. i also just today got an e-mail from the Washington State Attorney General's Office that offered a small ray (read: none) of hope for assistance with SDF's run-in with NWLink. (NWLink breached SDF's contract.) hope all is well soon." This is good news, especially so soon after SDF got the rug yanked from under them.
SBC patents patents.
Other well noted SBC patents include:
Oxegenating blood by inhalation of atmosphere. Secreting water onto the surface of the skin when hot/tired to assist in heat loss.
Excretion of urea in solution via a hose type device.
They'd better clear that last one up quick. I'm dying for a piss but I don't have any change for the SBC lawyer.
Nope, it doesn't validate with the w3c's CSS validator. Do we get to start making up random syntax like MSIE now?
Well, personally I use IE, and thanks to a well-maintained boffo hosts file I've yet to see an ad in just about any commercial website, including those that use iframes (no page, no ad). That includes Slashdot.
The popunders or popups I don't really care about so long as I know no revenue is going to anyone for the page hit (since the browser window comes up with a 404 anyway).
99% effective, in my experience. No openness needed, just a little bit of common sense and some network know-how. Not that openness is not good and all.
Check out the detail the BBC provide about their servers and network.
john
There were also two bugs in the random number generator
Does that mean someone's going to release a patch for it then?
That's not a soda... it's a caffeine delivery device!
Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ...
What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?
GMD
watch this
I will give you a "structured document browser". Its name was Gopher and it was the structured document browser" before fancy graphics and godammed blinking text took the servers by storm. Will you have a coke with that prior art, sir?
Did they just seriously link to a page that easily allows the blocking of all banners on Slashdot and other sites?
If you can't call this website sucide, I don't know what you can call it.
BTW, for Galeon users, check your preferences under "Rendering" to add a CSS and check the box "Apply by Default" to use the adblocking CSS.
"The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."
SBC should seriously consider burning in hell. I mean how low can they go? Is M$ thier model company? First off, thier whole Frames(tm)(r)(c) is complete bull, and we all know it. I doubt that will win, and they must know this, so why do it? What do they have to gain?
Now seeminly random donations to the of Texas (nothing against U of T). Perhaps they should just focus on having the DSL lines up 24/7 and not persuing meaningless lawsuits and then attempting to cover them up with some bs donation. Someone want to explain to me what "patent donations" are? If it's what I think then I'm calling shenanagens on them.
-Valiss
It actually looks like valid CSS v.3 to me, but that would mean that yeah, it wouldn't validate yet.
I'm not expert on the v.3 spec, so don't quote me, but I believe Mozilla has partial support already. That would explain why it works in Moz and not IE/others. Bloody brilliant idea, though.
Read the paper, it's good, short, well written, and has some important insights. The most amazing statistic from the paper is that the doubling time for the virus was about 8 seconds. Within ten minutes it had covered the entire 'net.
I'm still waiting for the paper describing why systems like Bank of America's ATM's were shut down. Whatever the case, we are sure to see more worms like this in the future, with the possibility of serious damage.
thad
I love Mondays. On a Monday, anything is possible.
Yup, this sure is valid!
The bits in square-brackets are attribute-matching: 'SRC' and 'HREF' are valid attributes, and the way that these are loaded is it is using a partial-match, which is why this works.
Unfortunately, this does NOT save the bandwidth wasted by loading these sites: you are just telling 'zilla not to display them, but they are still downloaded and loaded, and any javascript (eg in the IFRAMEs) is still run, and so on.
Still, it tidys things up nicely =)
-Trav
I should really get around to creating a sig.... Nah - too lazy =)
Actually, I'd be really interested in seeing some stats on browsers that hit slashdot. Granted a large percentage of regular posters are running mozilla, opera, netscape, whatever, I bet there is a very high percentage of MSIE users hitting slashdot.
Anybody got any numbers?
I can't stand ads with noise. I listen to music really loudly on headphones. Then all of a sudden I hear "BUY A TOYATA" and blow an eardrum. Thank god I switched to Opera - no more pop ups, but some banner flash ads still get to me.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
last time Slashdot mentioned any browser stats, IE's dominance was very similar to it's position for websites generally - ie, IE was over 90%.
That was classic intercourse!
Any sign of the Zentraedi following them?
One line blog. I hear that they're called Twitters now.
If you don't feel like maintaining a userContent.css file, check out Adblock over on mozdev. Bannerblind also kicked ass, but it seems abandoned.
In case you haven't seen it, here's a story running on the San Francisco Chronicle site about an amateur astronomer who photographed the shuttle during re-entry.
From the story:
'Photos show odd images near shuttle'
"The pictures, taken with a Nikon-880 digital camera on a tripod, reveal what appear to be bright electrical phenomena flashing around the track of the shuttle's passage, but the photographer, who asked not to be identified, will not make them public immediately.
"They clearly record an electrical discharge like a lightning bolt flashing past, and I was snapping the pictures almost exactly . . . when the Columbia may have begun breaking up during re-entry," he said..."
One scary though was the comment that most of the previous fast propagating worms are latency limited, since they have to wait for a response from each scan they attempt. They speed things up by spawning multiple threads, but that's inefficient. Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload. I'm sort of worried about a worm using advanced techniques such as scanrand. As mentioned in a previous slashdot article, it was able to scan an entire class B network in just 4 seconds. With that kind of performance, you could have a similar speed of spread even with a large, sophisticated, and malicious worm.
There's no point in questioning authority if you aren't going to listen to the answers.
"404 fscking bytes! No wonder it clogged the Internet!"
I'm new to Linux, but how does checking the file system clog the internet?
The concept of CSS-based ad blocking has been previously covered here, and here. I've been using it to make my Slashdot ad-free for some time now.
I have a positive modifier on Troll. When I mod someone Troll their karma should go UP!
Opera, Opera, Opera, and the chant goes on.
If you hate popups, AND enjoy a fast browsing experience (esp load times!), it can't be said enough times: give Opera a whirl.
I know the concept of paying for decent software seems foreign to some here, and your favourite new Flash site of the week may not display 100%, but for everything you say you don't like about IE and Moz, Opera has them beat pants down.
It's gotten so bad at work that I'm regularly screaming at my machines every time I'm forced to surf the web (stupid default IE installs).
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I can't say directly, but indirectly the people that come to my site *ahem*OnRoad a great place for Automotive Engineering discussion *ahem* from slashdot shows that only 20% of them use IE. Opera is only slightly less (15%), with links/linx getting 5%, Netscape getting 20% and Mozilla getting 30%, Pheonix and Galeon get 10%.
From other sites (like ezboards and Yahoo mailing lists) I get a high percentage of IE and AOL users (50%, 35% respectively) and most of the rest are netscape at 10%.
-----------------
OnRoad: It gets you there and back again.
I find tasteful or site specific banners helpful rather than hurtful to my browsing experiance. Plus, I think the user can help keep the ad supported web alive if they don't kill all ads.
I believe that the model is failing because websites are too indiscriminate in chosing ads to run.
Yawn.
I have begun broadcasting in the Ogg media format recently.. I am using it to replace the Real Media stream from my radio show. At its smallest setting, the sound quality is pretty good, and Win Amp has a plug in for Ogg, so it made it an easy bet to go Ogg instead of Real. Whose advertising methods with its free player drive me nuts, I have been looking for a replacement for Real for a while, and Ogg is it. Ogg joins Win Media as my two formats for the Show.
badger
It would probably have taken very little extra work to add an arbitrarily large payload to it, built as a second module. Leave the original scanner blasting away with the small packets, since most of them won't succeed in infecting a machine, but have a newly-infected machine contact the machine that infected it to fetch the second payload (and then forget where that one came from, to make later back-tracing harder).
I doubt you'll see a detailed white paper about Bank of America's system; most big companies would consider that kind of thing proprietary, though almost any large financial company would have put together a large team to spend several days of argument, wrangling, and recrimination to find out what happened and make sure it doesn't happen again, but you'll only see a technical explanation if they decide that's the best public-relations move. Most of the guesses I've seen on the net (or at least the ones that sounded plausible to me :-) are that they were probably just using internet-based VPNs to support those ATMs, and got flooded out by the worm's volume, but didn't actually get infected. Hard to say whether the parts that got flooded were the little ends near each ATM, the big end near the bank, or somewhere in the middle like some ATM network service provider. Remember that 10-15000 IP addresses makes a much bigger target than a single IP address, so if there's anywhere that their connections are all visible, the traffic flood could be pretty heavy.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Great, first NASA had to watch the Colombia be destroyed...
Now, countless copies of goatse.cx are going to be uploaded to their server, blinding many of our nations finest...
My heart is extended to the families of the (soon-to-be) victims.
Aside from the no-immediate-use stuff like "How do ants behave in space?" (answer: they dig like crazy), sooner or later we are going to have to send humans off-planet on a permanent/extended trip. Maybe we decide to start mining asteroids, or whatever, but it will most certainly require a human to be present.
There is only so much that a probe can do. A human geologist on-site could learn more about Mars' geology in a short while than a probe could over the course of its entire mission. You're forgetting that if you landed a probe on Mars, it would be extremely difficult to maneuver it, because of things like a 20 minute communications lag, the fact that you can only communicate with the probe for part of the day, and the limited computing power of the probe's computer.
The onboard computer is limited because it has to not only be extremly reliable, but it also has to be rad-hardened (maybe not once on Mars, but to survive the trip), which means using slower technology (it's slower because, in order to decrease the odds of cosmic radiation flipping bits, the gates and transistors have to be larger).
Besides all that, there is the "being there" aspect of it. Seeing what the earth looks like from the moon, school children communicating with astronauts (and even thinking up experiments to try in space, like the ants thing I mentioned above), and things like that, which may not have a direct and immediate scientific value, are no less important.
Or we could listen to you and just sit here, think small, look up at the stars and planets, but never visit them, because you think it's too expensive and dangerous.
Your post reminded me of something someone once said:
"We choose to do these things, not because they are easy, but because they are hard."
-John F. Kennedy
The Internet is more than just the web and email. UDP does have it's uses. Some types of networking will just work better with it. How would you do multicasting with TCP? What about video games? I doubt they'd work as well with TCP. If you think games are useless, you are wrong. FPS are early generation virtual reality systems. I think the Internet will be a better place if the VR dream comes true.
This problem happened because Microsoft is made up of idiots. This port was open because of thier "easy to use" bullshit. There is no need to open a second fixed port you are unable to disable so that other systems can figure out which port the database server is on, and they had a buffer overflow in this code too! There is a reason there are both default ports and places you can specify ports in URLs and such. Why have a discovery service in the first place? Bad judgment.
The user style sheet I use does the following:
- Link styles:
- Links to Slashdot are bold and Slashdot-green.
- Links to mozilla.org have a 16x16 red-dino logo next to them.
- Links to goatse.cx are brown and crossed out.
- javascript: links are green.
- mailto: links have an envolope icon next to them.
- Borders for image links. Solid blue for unvisited links, dashed purple for visited links.
- Hide all reset buttons.
- Before each named anchor, display the name in the format [#foo], but make it 80% transparent so it doesn't get in the way of the actual text of the page.
- Ignore the effects of blink and marquee tags
The CSS code for most of these is on http://www.squarefree.com/userstyles/.I also use the "test styles" bookmarklet to create temporary, site-specific user style sheets. My most common temporary user style sheets hide visited links (useful on sites that serve random image links every time you load them), make all text lowercase (useful for reading all-caps text), and change the color of visited links (useful for sites that use the same color for unvisited links).
The shareholder is always right.