Slashback: Regalia, Godseye, Undetection

Slashback tonight with a round of updates and clarifications on Yahoo! v. France, William Gibson's new book(tour), lowish-tech helping to solve the Columbia mystery, searchable utra-localized information and more. Read on for the details.

How very magnanimous. Amazing Quantum Man writes "ZDNet reports that Timothy Koogle and Yahoo were acquitted of condoning war crimes by selling Nazi memorabilia. The article is rather sketchy, so that's all I have. Here are some background articles from Slashdot history."

He doesn't sign anything, just sprinkles on some invisible nanobots. shawn writes "The Penguin Group's site has a schedule of upcoming book signing events for Willam Gibson's Pattern Recognition . The new book was mentioned on Slashdot earlier."

And now Gisbon's new book has been reviewed, as well. Look out for a review of the No Maps For These Territories DVD (with extras) soon too.

Aren't you glad some people are realistic enough to be paranoid? For everyone worried about your ISP suddenly deciding to detect and crack down on everyone who's taken advantage of the currently ubiquitous, simple-to-use NAT hardware (here's the post we ran about the means to snoop behind your NAT box, which links to the Bellovin paper mentioned below), an anonymous reader writes with one way to foil detection efforts: "Good news coming from OpenBSD camp! Read CVS log message (mail archive): 'Add scrub option 'random-id', which replaces IP IDs with random values for outgoing packets that are not fragmented (after reassembly), to compensate for predictable IDs generated by some hosts, and defeat fingerprinting and NAT detection as described in the Bellovin paper.'"

Right place at the right time when the wrong thing happens. fonixmunkee writes "an 11-year-old Mac and a COTS (commercial-of-the-self) telescope may have captured a very helpful image in solving the shuttle Columbia tragedy. this article here at CNN tells the story of how some self-proclaimed 'geeks,' working on an Air Force project aimed at watching satellites & incoming missiles, whipped up a contraption with some simple parts that captured an image of the shuttle on descent that may offer some light on what happened. also interesting is how many news sources mistook the image as a capture from the high-tech cameras that the people *actually* worked on."

Just a scratch in the historical record. truthsearch writes "In response to a leaked Sun memo complaining of Sun's Java implementation on Solaris, News.com has Sun's response. Many posters doubted its authenticity (myself included due to missing dates), but 'Sun confirmed the memo's authenticity, but said that the document is two years old and that the problems it describes have been fixed.'"

GPS, free databases -- these are a few of my favorite things ... Tony Pryor writes: "In April 2001, while there at arsDigita University, I developed a web interface called the Godseye Project, designed to enable 'grassroots cartography,' allowing individuals with web access to add subjective knowledge details about their surroundings to closeup satellite images. Although I wrote Godseye over a year and a half ago, it isn't currently online- I'll spare you the gory details of the events between then and now.

I just wrote two new pieces which *are* live. The first is a script that dynamically adds geolocation pages using Movable Type, and automatically registers each of them with http://www.geourl.org. The second part is a geolocation-based search centered upon any one of these geopages. The search aggregates the results of consecutive google queries on each of the sites (or geopages) within a given radius."

Visit the still-growing Godseye Project to test out this cool geographic search capability; Tony promises that the functionality will improve with lots of visitors and suggestions.

Columbia Picture

[sparkhead]

also interesting is how many news sources mistook the image as a capture from the high-tech cameras that the people *actually* worked on."

Yes, that is interesting. Interesting in a way that might make one wonder if this story is total fabrication to conceal the existence of higher-quality images from the "professional" scopes at that site.

Not saying I believe that's the case, but it is simply more fodder for the anti-NASA conspiracists

Gibson chokes in Boulder, CO

[GrendelAlex]

No really! He quite literally coughed up a lung in front of us after some water went down the wrong pipe. The Father of Cyberspace was at the Boulder Bookstore this past Tuesday night reading from pR. A very cool guy and extremely modest in person given his fame and prestige amongst the gadget adorned attendees.

I asked him for some pearl of wisdom. He offered: "Never eat anything bigger than your head!" Should have thought *a head* and gotten a few extra signed books for eBay... ;) - Alex

Gibson reading at UW

[lucasw]

I saw Gibson do a reading at the University of Washington about a week ago. The lecture hall was packed- I get the feeling he isn't quite mainstream but having comparative literature courses that feature Neuromancer and occasional media references to the 'inventor of cyberspace' probably help with that.

Gibson mentioned the book started coming together after he was sent by Wired to meet with a lot of music video directors at a festival a few years back- He even fictionalized the Bjork video with the sexy female robots into background material for one of the main characters.

Sun's JVM Woes

[IanBevan]

'Sun confirmed the memo's authenticity, but said that the document is two years old and that the problems it describes have been fixed

The problem is that many of these issues are not fixed in the 1.3 JVM, which is still the one that most enterprise systems ship with (WebLogic for example). I've just done a six month contract performance testing a WebLogic 6.1 J2EE application on Solaris and I can tell you now that performance of their JVM is less than stellar. Memory requirements, for example, are insane.

Re:they missed the obvious way

[sigwinch]

Its not foolproof but its a pretty good bet that if you're getting more than one OS string from the browser ID within say 10 seconds from each other from the same IP there's more than one computer there.

How many people use VMWare?

Re:they missed the obvious way

[rabidcow]

Its not foolproof but its a pretty good bet that if you're getting more than one OS string from the browser ID within say 10 seconds from each other from the same IP there's more than one computer there.

There's 4 computers on our network with the exact same OS on them.

You might as well throw darts at a board and read the score as the number of computers behind the firewall.

Not 'Yahoo v. France', dammit -- RTFA!

Read the freaking article. It's Jewish groups that happen to be based in France who sued, not the French government. Actually, from what I know, most French people don't even approve this pointless lawsuit.

get the same funtionality on Linux with grsecurity

Just take a look at this wonderful kernel enhancement for Linux.

Moreover is has something on lines of "systrace" from Niels Provos. Basically you create ACLs for what applications may or may not do, including an autolearn-mode.

PS: I know that PaX can be circumvented, but there is much more than PaX included in this project.

PS2: I am aware that parts of this patch is based on SolarDesigner's OWL patches. Although you can get OWL for 2.4 kernels (finally), they lack a lot of the cool protection functions included in grsecurity.