We're getting pretty close with Gtrace, which apparently was shown at the Usenix Lisa '99 conference, which would put it about 2-3 years ahead of the McAfee application. Now, granted: It's attached to traceroute (outbound), rather than firewall (inbound) connections. On the other hand, it's designed as a front end to traceroute, I'd say that it's a pretty obvious modification to attach it to a firewall output instead, and may even be mentioned in their paper (haven't had time to read it).
This was found with a 10 minute search on the 'net. I remembered having something similar on RedHat 5.2. Interesting thing is that it was added to freshmeat.net about 10 days after McAfee patent application was filed.
The complaint is not about inbound spam -- it's about outbound spam, and the people doing it. It's about companies selling services to ROKSO list spammers and/or being slow to respond when it's clear that they've got a hard-core spammer on their hands.
The attitude of 'if I didn't do this someone else would' is part of the problem. If everybody stopped saying that, the spammers wouldn't have anywhere to go for web services and outbound pipes to either send the spam directly or control zombie spam boxes. If there were only a few sites willing to service spammers, they would be easy enough to block, and that would provide them with incentive enough to not do so.
Patents and copyrights are designated to prevent certain kinds of competition, not encourage it. They only work as promoters of competition, in the larger scale, if they're carefully crafted and monitored -- which is certainly not the case right now.
In the current run-amok situation, with patents and copyrights is probably producing something much closer to a centraly-organized communist system than anything that the FOSS community can generate.
(i.e. only members of the central elite will be allowed to create).
I think I'll stop preaching to the converted now...
Probably the more accurate way to put it would be to say something like:
Generally, litigation just sucks money out of pretty much everybody involved (other than the lawyers) and provides little net value to either the litigants or society.
Like any generalizations, there are exceptions, but they're just that -- exceptions. Nonetheless, the exceptions may provide enough value to society in general to make it unwise to scrap the entire system without at least designing a more productive altenative.
I stopped by to watch one night when they were filming a scene in Vancouver... Where Ben first (re)introduces his, uhm, new and improved self to his girlfriend. ( a somewhat delicate affair for someone with fingers the size of a baby's arm ).
At the end of the CTV article is a quote from Josh Wolf, the venture capitalist, that "When the Internet was created nobody envisioned that the killer app (application) would be e-mail or instant messaging."
I would beg to differ with that... I remember singing the praises of email back in 1985, telling people that, although it was text-only at the time, all that was needed was a standard and efficient way to encode images, and email would be able to replace faxes for images, and still keep the advantages of simple text mode for pure text messages.
I didn't forsee IM applications, but I never came up with idea of Instant Messaging, but it wasn't much of a push from people being able to exchange email messages on a 1-minute turnaround basis.
Actually, now that I think of it, Unix had IM since the 80s with 'talk' which had a network-capable version. Plato also had a similar system, and I remember online chatting with people around the world via the 'net long before ICQ and AIM were even a twinkling in the eyes of their designers... -- the big difference being that the UNIX and Plato variants allowed character-based transmissions rather than line-based, so you got to watch your counterpart try to figure out how to spell prestidigitate.
I guess that that's why I didn't see ICQ as such a hot thing when my roommate glomed onto it. It just seemed so... passé.
Every once in a while I get someone begging me to clean up their infested Windows box. I really hate having to do a clean and install, so I now use knoppix and
ClamAV to do the initial scan, and deleted the infected files (except for the mail folder). I then booted into Windows and used Their built-in anti-virus,
AdAware and SpyBotS&D to do the rest of the cleaning. So far it seems to have worked (although one person subsequently got re-infected with an email virus).
I'm starting to ask people for permission to set up their boxes to dual-boot to Linux. Linux is so usable now that, unless there's a specific application that they can't get an equivalent on Linux. I really don't see much need for most home users to stay with MS Windows.
I had a bit more luck. My roommate moved in with an NT-2000 box, that she couldn't remember the password to (It'd been in storage for a while). I resized the partition, and installed Knoppix... It was months later that I found a tool to replace the NT passwords, but by that time she had gotten used to knoppix.
This weekend she asked me to toast the NT partition alltogether (once we replace her fried power supply). I'm sooo proud of her!
For your sister, ask her for permission to set aside about 5GB for a knoppix partition, Tell her it's a backup for the next time windows gets virus-infected, so she has SOMETHING to work with no matter what... then encourage her to play with it so that she's accustomed to the system in the case of an emergency.
When I had a laptop (haven't replaced the last one since it got stolen), I'd pack it with one of those 6' extension cords with 3 plugs at the end. It provided two values:
1: A longer reach... Between the extension cord and the laptop's cord, I could almost always find a seat 'close' enough at airports etc.
2: No need to deal with the plug count rule. I can power one or two of my own units and still have room to feed someone else. If all the plugs are full, I can still often negotiate to stick my cord in the stack (and add a spare plug to the pool)
Cell phones, on the other hand are an entirely different matter. Makers go so much for small size that you can barely get a full day's use out of their batteries if you do any talking. I solved that by hunting down a used battery, ripping it apart and putting in a voltage regulator and a long spiral cord. The other end gets a 12V car accessory plug that goes into a side carry pouch with a (5 pound) jell cell. With my old motorola analog cell phone, I calculated 2 days standy plus 8 hours talk time.
Digital phones take so little power that I could probably go more than a week withoug recharging (I usually do nightly).
However, I haven't even tried to take that kit on a flight since 9/11. They worried about my jeweler screwdriver, so I figure they'd have a coronary over a 5 pound X-ray proof (lead acid Jell cells) brick with wires sticking out of it.
My signature quickly evolved into something unique that no longer represented the individual letters in my name. I still use that format to this day.
Back around 1981, I worked for the Department of Computer Science helping with Registration week. It consisted of Sitting at a terminal wher the next student would walk up. I'd type a bit into the computer, make sure all was kosher, and sign their sheet. I was probably doing something over 30 signatures an hour.
My signature went from reasonably readable to an unrecognizable scrawl.
A week later, when I went to cash my paycheque, my bank made me provide secondary identification, sign my cheque the old way and then re-sign my signature card (this was back when they actually verified your signature).
As an aside: My grandfather's comment on signatures was that the signature you use for signing contracts should be different than the one you use for signing cheques. I never got around to asking him why, but I'm guessing that someone could gather a lot of examples of your cheque signature and use that to figure out what's unique and invariant about it, then produce a good forgery on a contract. You coud get a lot of money out of one good forged contract.
A forged cheque signature would also require that you print an almost perfect fake cheque, guess a good cheque number (in proper order and not used elsewhere), etc.
In my practice (and it apparently not as limited as yours) linux software goes through a lot more stringent control than windows counter parts (say adobe or winamp or even the microsoft products).
Try rereading
my post, and then doing some math. I never said that open source had more buffer overflows, just a higher proportion.
0.5N/X1 >> N/X2 as X1 -> zero
Nonetheless, my point was that most of the windows vulnerabilities have more to do with bad system design than with errors in the implemtation.
Given that Linux and the BSDs are far better designed, this means that a greater proportion of the errors that are reported are of the programmer error kind, rather than the system design kind (this also applies to OpenBSD's record of 2 remote's in 5 years).
I'm not saying that there are more (or less) buffer exploits for OS boxes than for Windows (I suspect that OS has less Than MS does, but I'm not gonna go hunting stats because it's irrelevantto my argument)...
I"m just saying that of the bugs reported for Windows, the number of bugs that are due to what I diagnose as Windows being designed by their marketing department, rather than their enginering department swamps the number of bugs due to things like buffer overflows.
As an example: BSD's (!massive) two remote exploits were both (I believe) buffer overflow-type errors (( dunno if NX would have saved us, though )). Compare this to the percentage of MS errors that are due to things like effectively makeing active-X part of the core operating system, and my point is proven.
For Linux and BSD systems this is a major boon, because it helps protect users from programmers with sloppy programming practices.
With Windows, however, the problem is sloppy system design. the NX bit does little to protect users from an OS that is designed insecurely. That's not to say that MS doesn't also have it's share of programmers who make mistakes that allow buffer overflows, etc. -- but that problem just gets lost in the systemic noise.
I just want to know what the hell I'm gonna do with all these "I survived 2004 MN4" T-shirts I bought to resell on ebay...
No problem.. Now you can sell them immediately instead of waiting foe a couple of decades.
However, just in case somebody made a mistake, I suggest that you make them reversable with a tiny sign saying 'oops' on the inside. That way you can continue to resell them even if the odds are recalculated again.
I can easily understand pilots' squeamishness about thie. Pulling the 'chute is sn extremely non-reversable event that is, in any but the most miraculous of circumstances, going to result in thousands of dollars damage to the aircraft and serious inconvenience (if not some injury) to the occupants. Although a less disasterous event than firing the ejection seat of a fighter, it is probably an equally traumatic choice for your average pilot.
The other thing that comes to mind is that most fatal aircraft incidents occur around takeoff and landing (( I can see this occuring for two reasons: One is that during takeoff and landing, your aircraft is going thru the most (and most rapid) changes -- both mechanical and aerodynamic. If anything is going to break, it's probably going to be then. The second reason (somewhat linked) is that if something does go wrong the pilot has precious little time for recovery)).
At the lowest (and most dangerous) altitudes of takeoff and landing, the most that a chute is going to do is dissapate some of the horizontal kinetic energy (not an inconsequential result), but at the cost of ensuring a crash.
My last fears would be accidental, spontanious and/or partial deployment.
All that having been said, if I owned a small aircraft, I'd certainly take a serious look at installing a chute on it.
This is especially usefull for things like Mortage sites.
Give them info that at least looks real.
If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.
Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.
If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.
For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.
It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.
Thanks.. The site was slashed, so I had to guess how long the deployment took. Under the circumstances I was conservative. I couldn't see any way the deployment could take more than a couple of tens of seconds, but I'm not surprised it's as fast as five.
In comparison, I can't see passengers being able to consistently bail as fast as 5 seconds, even if they're allready wearing their suits. (Of course, having everyone wear parachutes during flight 'just in case' is gonna do nasty things to passenger morale.)
I don't see this being more practical in small planes than simply having individual passenger parachutes in small planes, and letting them bail.
Chute deployment: perhaps 20-30 seconds.
Passengers (and pilot) putting on parachute (while strapped into their seat in a spiraling plane) then bailing out under uncontrolled conditions and not getting hit by plane parts, and then.....
splat.
Then of course, there's the problem of teaching your 5-year old kid how to properly deploy a parachute (not to mention ensuring that you have
the right sized parachute for him and that he's in the right seat, and.........
If MS manages to patent huge chunks of.net (which they were claiming to do), then you could end up paying 50% royalties just to distribute your own code (even if it's done in mono)
Granted that's a worst case, but you never know with Microsot.
For some people, letting their kids play with real guns isn't a problem either -- until somebody ends up with a bullet lodged in their skull.
For another analogy, consider seatbelts. If you wait until there's a really good and obvious reason to use them, it's far too late.
BTW: I don't tell people that IE is bad. I just tell them that it has some severe security problems that make it very possible for nasty greeblies to take over their computer and cause them problems. That usually gets their ears perked. If they don't do an install then, most will do it after their next run-in with virus/spy/add ware.
I then tell them that there are only a very few sites that absolutely require IE, and that they should seriously think about whether it's worth starting up IE to go to those sites (those kinds of sitea are also most likely to get taken over by MS-script kiddies).
Like others have said... Once people start using firefox, very few look back.
Just about any half-decent defensive driving course will tell you that being legally (and even morally) in the right won't do you a rat's tail worth of good if you end up getting run over by a truck.
Like the parent said: Legally there's no big deal as long as the resulting code is GPL. Code shareing is what the GPL is about. Morally, pretty much ditto... His project has gained from the work of many others, so why not the other way round?
On a personal and social footing, however, if you've got an angry 'contributor' then you've got a problem on your hands. If it gets to the point where he's obfuscating his change logs, it's going to hurt his project and the bad blood can't do you any good.
I'm guessing that he's upset about something else to do with the split (i.e. he may feel seriously unacknowledged for the work that he put into the project pre-split or dissed as a side-effect or something like that), and seeing 'his' code being 'lifted' into your fork is just re-opening old wounds for him.
I think you're gonna have to do something to diagnose and heal that old wound, or the whole thing's just gonna end up an infected stinky mess.
Slashdot Mirror
This was found with a 10 minute search on the 'net. I remembered having something similar on RedHat 5.2. Interesting thing is that it was added to freshmeat.net about 10 days after McAfee patent application was filed.
The attitude of 'if I didn't do this someone else would' is part of the problem. If everybody stopped saying that, the spammers wouldn't have anywhere to go for web services and outbound pipes to either send the spam directly or control zombie spam boxes. If there were only a few sites willing to service spammers, they would be easy enough to block, and that would provide them with incentive enough to not do so.
In the current run-amok situation, with patents and copyrights is probably producing something much closer to a centraly-organized communist system than anything that the FOSS community can generate. (i.e. only members of the central elite will be allowed to create).
I think I'll stop preaching to the converted now...
The first (and second) law of robotics could NOT apply (at least not unmodified) to a robot soldier...
First law:
Or having soldiers from both sides telling a robot what to do...Second Law
It kinda makes me think of what you'd get if you crossed SED with SQL.
I won't say much more for fear of spoilers.
Heres the link to the GrokLaw story. Very informative reading (as always).
I would beg to differ with that... I remember singing the praises of email back in 1985, telling people that, although it was text-only at the time, all that was needed was a standard and efficient way to encode images, and email would be able to replace faxes for images, and still keep the advantages of simple text mode for pure text messages.
I didn't forsee IM applications, but I never came up with idea of Instant Messaging, but it wasn't much of a push from people being able to exchange email messages on a 1-minute turnaround basis.
Actually, now that I think of it, Unix had IM since the 80s with 'talk' which had a network-capable version. Plato also had a similar system, and I remember online chatting with people around the world via the 'net long before ICQ and AIM were even a twinkling in the eyes of their designers... -- the big difference being that the UNIX and Plato variants allowed character-based transmissions rather than line-based, so you got to watch your counterpart try to figure out how to spell prestidigitate.
I guess that that's why I didn't see ICQ as such a hot thing when my roommate glomed onto it. It just seemed so... passé.
I'm starting to ask people for permission to set up their boxes to dual-boot to Linux. Linux is so usable now that, unless there's a specific application that they can't get an equivalent on Linux. I really don't see much need for most home users to stay with MS Windows.
This weekend she asked me to toast the NT partition alltogether (once we replace her fried power supply). I'm sooo proud of her!
For your sister, ask her for permission to set aside about 5GB for a knoppix partition, Tell her it's a backup for the next time windows gets virus-infected, so she has SOMETHING to work with no matter what... then encourage her to play with it so that she's accustomed to the system in the case of an emergency.
1: A longer reach... Between the extension cord and the laptop's cord, I could almost always find a seat 'close' enough at airports etc.
2: No need to deal with the plug count rule. I can power one or two of my own units and still have room to feed someone else. If all the plugs are full, I can still often negotiate to stick my cord in the stack (and add a spare plug to the pool)
Cell phones, on the other hand are an entirely different matter. Makers go so much for small size that you can barely get a full day's use out of their batteries if you do any talking. I solved that by hunting down a used battery, ripping it apart and putting in a voltage regulator and a long spiral cord. The other end gets a 12V car accessory plug that goes into a side carry pouch with a (5 pound) jell cell. With my old motorola analog cell phone, I calculated 2 days standy plus 8 hours talk time.
Digital phones take so little power that I could probably go more than a week withoug recharging (I usually do nightly).
However, I haven't even tried to take that kit on a flight since 9/11. They worried about my jeweler screwdriver, so I figure they'd have a coronary over a 5 pound X-ray proof (lead acid Jell cells) brick with wires sticking out of it.
Back around 1981, I worked for the Department of Computer Science helping with Registration week. It consisted of Sitting at a terminal wher the next student would walk up. I'd type a bit into the computer, make sure all was kosher, and sign their sheet. I was probably doing something over 30 signatures an hour.
My signature went from reasonably readable to an unrecognizable scrawl.
A week later, when I went to cash my paycheque, my bank made me provide secondary identification, sign my cheque the old way and then re-sign my signature card (this was back when they actually verified your signature).
As an aside: My grandfather's comment on signatures was that the signature you use for signing contracts should be different than the one you use for signing cheques. I never got around to asking him why, but I'm guessing that someone could gather a lot of examples of your cheque signature and use that to figure out what's unique and invariant about it, then produce a good forgery on a contract. You coud get a lot of money out of one good forged contract.
A forged cheque signature would also require that you print an almost perfect fake cheque, guess a good cheque number (in proper order and not used elsewhere), etc.
Makes perfect sense to me -- Who's gonna file charges over a couple pieces of pizza???? ..... doh!
I mean, it's not like I'm stealing a laptop, or
Try rereading my post, and then doing some math. I never said that open source had more buffer overflows, just a higher proportion.
0.5N/X1 >> N/X2 as X1 -> zero
Nonetheless, my point was that most of the windows vulnerabilities have more to do with bad system design than with errors in the implemtation.
Given that Linux and the BSDs are far better designed, this means that a greater proportion of the errors that are reported are of the programmer error kind, rather than the system design kind (this also applies to OpenBSD's record of 2 remote's in 5 years).
I'm not saying that there are more (or less) buffer exploits for OS boxes than for Windows (I suspect that OS has less Than MS does, but I'm not gonna go hunting stats because it's irrelevantto my argument)...
I"m just saying that of the bugs reported for Windows, the number of bugs that are due to what I diagnose as Windows being designed by their marketing department, rather than their enginering department swamps the number of bugs due to things like buffer overflows.
As an example: BSD's (!massive) two remote exploits were both (I believe) buffer overflow-type errors (( dunno if NX would have saved us, though )). Compare this to the percentage of MS errors that are due to things like effectively makeing active-X part of the core operating system, and my point is proven.
With Windows, however, the problem is sloppy system design. the NX bit does little to protect users from an OS that is designed insecurely. That's not to say that MS doesn't also have it's share of programmers who make mistakes that allow buffer overflows, etc. -- but that problem just gets lost in the systemic noise.
No problem.. Now you can sell them immediately instead of waiting foe a couple of decades.
However, just in case somebody made a mistake, I suggest that you make them reversable with a tiny sign saying 'oops' on the inside. That way you can continue to resell them even if the odds are recalculated again.
The other thing that comes to mind is that most fatal aircraft incidents occur around takeoff and landing (( I can see this occuring for two reasons: One is that during takeoff and landing, your aircraft is going thru the most (and most rapid) changes -- both mechanical and aerodynamic. If anything is going to break, it's probably going to be then. The second reason (somewhat linked) is that if something does go wrong the pilot has precious little time for recovery)).
At the lowest (and most dangerous) altitudes of takeoff and landing, the most that a chute is going to do is dissapate some of the horizontal kinetic energy (not an inconsequential result), but at the cost of ensuring a crash.
My last fears would be accidental, spontanious and/or partial deployment.
All that having been said, if I owned a small aircraft, I'd certainly take a serious look at installing a chute on it.
Give them info that at least looks real.
If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.
Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.
If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.
For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.
It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.
In comparison, I can't see passengers being able to consistently bail as fast as 5 seconds, even if they're allready wearing their suits. (Of course, having everyone wear parachutes during flight 'just in case' is gonna do nasty things to passenger morale.)
Chute deployment: perhaps 20-30 seconds. .....
Passengers (and pilot) putting on parachute (while strapped into their seat in a spiraling plane) then bailing out under uncontrolled conditions and not getting hit by plane parts, and then
splat.
Then of course, there's the problem of teaching your 5-year old kid how to properly deploy a parachute (not to mention ensuring that you have the right sized parachute for him and that he's in the right seat, and .........
Granted that's a worst case, but you never know with Microsot.
For another analogy, consider seatbelts. If you wait until there's a really good and obvious reason to use them, it's far too late.
BTW: I don't tell people that IE is bad. I just tell them that it has some severe security problems that make it very possible for nasty greeblies to take over their computer and cause them problems. That usually gets their ears perked. If they don't do an install then, most will do it after their next run-in with virus/spy/add ware.
I then tell them that there are only a very few sites that absolutely require IE, and that they should seriously think about whether it's worth starting up IE to go to those sites (those kinds of sitea are also most likely to get taken over by MS-script kiddies).
Like others have said... Once people start using firefox, very few look back.
Just about any half-decent defensive driving course will tell you that being legally (and even morally) in the right won't do you a rat's tail worth of good if you end up getting run over by a truck.
On a personal and social footing, however, if you've got an angry 'contributor' then you've got a problem on your hands. If it gets to the point where he's obfuscating his change logs, it's going to hurt his project and the bad blood can't do you any good.
I'm guessing that he's upset about something else to do with the split (i.e. he may feel seriously unacknowledged for the work that he put into the project pre-split or dissed as a side-effect or something like that), and seeing 'his' code being 'lifted' into your fork is just re-opening old wounds for him.
I think you're gonna have to do something to diagnose and heal that old wound, or the whole thing's just gonna end up an infected stinky mess.