Heh. Well, being assigned as the sole CA (Computer Assistant) for the freshman girls' dorm was both good and bad. I mean, nubile young things giving me massages or sitting in my lap wasn't all that bad, but eventually some of them progressed to full-blown (no pun, really) sexual harassment.
Oh, the work? Nah. "I really have no idea how to fix this" worked well in plenty of cases. I would just pass it on to another CA, who might or might not get around to it. We weren't the most efficient organization, really...
Scene: A crowded room...
on
Mob Software
·
· Score: 5, Funny
... no lights but for the sickly glow of hundreds of monitors... a mob of coders, all hunched over their various workstations.
Suddenly, a burly, unshaven brute of a coder stands up, thrusts an accusing finger towards another man across the room, and shouts "He's using global variables!... GET HIM!"
Pipes, chains, and two-by-fours appear out of nowhere as the entire mass of geeks converge on the poor victim, now bleating plaintively, pathetically trying to shield himself with his keyboard...
...
Yeah, I see how that could work out pretty well, actually!
Nah, there's no way to get them to deliver to anywhere but the registered address (unless you can snag the password, too), anyway.
But if you just feel like being a malicious little bastard, you can order all sorts of interesting things for *them*. This, for instance, was obviously a couple. They might have liked "Jay Wiseman's Erotic Bondage Handbook" or something similar. Or I could have headed over to the Tools&Hardware section and sent a $2900 table saw their way...
(You do realize that we're talking about South Korea here, right? The one that *isn't* communist?)
And actually, communism seems to be doing "better" in terms of this sort of thing. I've seen far more sites openly hosting (i.e., not just abusing free webspace providers) copyrighted materials in communist countries (Russia, China, and Viet Nam, that I've seen) than in any others. I'm told that in Viet Nam, you can buy all the latest software packages, cracked for your convenience, for about US$2 each at regular stores. And then there's the widely publicized (here on slashdot, anyway) fact that reverse engineering is legal in Russia... etc, etc, etc...
Fishing. Massive fleets use massive amounts of light at night to attract fish.
In the Falklands, they don't fish it themselves, but they make hellalotta money off the licenses. It's a rich area (fish-wise).
Nice job on the "post without reading or thinking" maneuver, mate!
See, it's a *watermark*. Now, what does "watermark" mean? Well, in this case, a watermark is data embedded in an audio signal that can do such things as identify the copyright holder of that signal.
Re-record the signal and guess what? The watermark is still there!
Joy!
Well, with your skills, maybe you can join the Slashdot Special Olympics! Start working on your crapflooding, and maybe you can win multiple medals!
Geeze. I guess I should blame the Snood guy more, though. Yeah, he has to make a penny, but somehow I doubt he's very heartbroken over bundling that crap...
I guess I'm glad I'm no longer the compulsive downloader I once was. Back in the day (and I'm talking *years* ago), you downloaded something, and that's what you got. You used to be able to download Snood and get (surprise!) Snood.
Um, I think he meant that it sends massive files to random people, regardless of their OS. Thus, Joe Linux gets as much crap in his box as Jim Windoze.
Will these programs be run in a sandbox? They're accepting user-submitted binaries, so I would hope so. To be completely fair, the submitted programs should be able to do nothing but read and write from stdin/stdout, otherwise they may do any number of things. Even if they are restricted like that, the judging program had better not having any buffer overflow vulnerabilities.;-)
Somehow, I don't get the feeling that these people have planned this very thoroughly. There are other little things that don't quite seem right, too...
Kiddies wouldn't bother with the IIS exploit, though, it's already been done for them. They would go straight for/scripts/root.exe. So if you just hit every host that sends the default.ida vulnerability, it's a pretty safe bet they're all compromised.
Each time a host scans you, inform the user/operator/whatever of that machine that he/she is infected. How? Use the backdoor. Send a single request to the backdoor that opens up their browser to http://www.digitalisland.net/codered/ or a similar page. Just have the backdoor run "start http://whatever.url.you.choose/".
It's easy, and it can be automated. Even easier would be to just write/run a script that goes through your logs and does that for each host that attempted a scan.
Nope, it works. I just checked. It would be *amazingly* trivial to wipe this poor bastard's hard drive right now... Golly, the power is making me dizzy.:)
The deal is that it's running the root.exe (actually cmd.exe) as a cgi process. Look it up for specifics.
Now, I wonder if I should bother at least finding a way to alert these people. For example, I could probably do something like run IE and have it go to a page about Code Red. Assuming the machine has a monitor and is in use by people (probably the case for most of the DSL IPs, anyway), the person will come back to their machine to find info ready for them. Or it might just pop up while they're using it!:)
"Code red algorithm"??? It's called a random ip scan. In this variation, it's called a scan of the local subnet with a random ip thrown in every now and then. There's nothing special about it.
It's fast because that's how exponential growth works.
So here we basically have thousands of boxes with open backdoors, _broadcasting_ their presence to the world.
And with people so nicely distributing their logs here in this forum, the collection of ips is easier than ever!
Now that they have the backdoors, though, how hard would it be to patch them remotely? I'm thinking that if you put up a single exe on any old webserver, you could tell each infected host to just download and execute it. The only problems are writing the exe (not too hard), and figuring out how to get the host to download it, using the backdoor (probably trivial).
In my experience, these end up as underused novelty items, brought out once a year to show to each new class.
The problem is that they aren't worth it. Yes, it often helps to see various principles in action, but the expense is very large. First, the equipment itself is rather expensive, then you have to train the teachers (who often require much more training than the students), and then it takes a ton of time in class to set it all up, get it running, and do one stupid little experiment.
Every single example of such toys I remember from school was used rarely, and when it was used it accomplished next to nothing.
Schools should try to spend their limited resources on good teachers instead of overpriced gimmicks. A good teacher can teach far better than a bad teacher with expensive toys.
Note that he didn't come up with the idea of the game, though. He mentions its roots in this file.
Also note that I am proud to have addicted a large portion of my high school to it. It is a *schweet* game, in terms of its time-wasting abilities. I may not have survived my time in high school without it...
Why would any sane human being use a desktop operating system in something like this? The machine will be routing data, no more, so why not use a stripped down *nix? Low cost is one of his objectives, too, isn't it?
"But, dude, it's got antialiased text! And 3D acceleration!"
I work for a company that has no sense of fun whatsoever!
I get up regularly to stretch, and I look out across the top of the cubes, and there's nothing... I expect, with all the times I've looked, that I would at least see someone else looking out across as well, but no! It's a barren wasteland of... productivity? Perhaps...
The "director of web communications" or whatnot *does* have a decent little collection of nerf weaponry, however... I have yet to see any in action, though.
My one consolation is bagel day... On thursdays we get free bagels and muffins. I tend to average two bagels and two muffins. I think most people only take one item, which is strange to me...
I don't understand my coworkers! They don't look around over the cubes and they don't take full advantage of the free food! Ah well, it's nothing more than a time-filler for me, right now. When I get a real job, I'll be sure it's fun...
I've always wondered why this isn't done for other products as well.
Why don't they sell cheap, but *solid* desktops? With the number of products available for a nice socket 7 solution, you can easily pick the most reliable ones and make a very good machine, for little money.
The only cheap machines you can get now are substandard crap. I want a cheap machine that's cheap because it's tech is old, not because it's bad...
And yes, dammit. I *love* my P90! And it was cheap!... I guess. I mean, it's really a Frankenstein('s monster... to be correct;) of a machine... but I digress.
Give me cheap, old, *solid* tech!
Slashdot Mirror
'Nuff said? ;-)
Heh. Well, being assigned as the sole CA (Computer Assistant) for the freshman girls' dorm was both good and bad. I mean, nubile young things giving me massages or sitting in my lap wasn't all that bad, but eventually some of them progressed to full-blown (no pun, really) sexual harassment.
Oh, the work? Nah. "I really have no idea how to fix this" worked well in plenty of cases. I would just pass it on to another CA, who might or might not get around to it. We weren't the most efficient organization, really...
... no lights but for the sickly glow of hundreds of monitors... a mob of coders, all hunched over their various workstations.
Suddenly, a burly, unshaven brute of a coder stands up, thrusts an accusing finger towards another man across the room, and shouts "He's using global variables!... GET HIM!"
Pipes, chains, and two-by-fours appear out of nowhere as the entire mass of geeks converge on the poor victim, now bleating plaintively, pathetically trying to shield himself with his keyboard...
...
Yeah, I see how that could work out pretty well, actually!
Nah, there's no way to get them to deliver to anywhere but the registered address (unless you can snag the password, too), anyway.
But if you just feel like being a malicious little bastard, you can order all sorts of interesting things for *them*. This, for instance, was obviously a couple. They might have liked "Jay Wiseman's Erotic Bondage Handbook" or something similar. Or I could have headed over to the Tools&Hardware section and sent a $2900 table saw their way...
(You do realize that we're talking about South Korea here, right? The one that *isn't* communist?)
And actually, communism seems to be doing "better" in terms of this sort of thing. I've seen far more sites openly hosting (i.e., not just abusing free webspace providers) copyrighted materials in communist countries (Russia, China, and Viet Nam, that I've seen) than in any others. I'm told that in Viet Nam, you can buy all the latest software packages, cracked for your convenience, for about US$2 each at regular stores. And then there's the widely publicized (here on slashdot, anyway) fact that reverse engineering is legal in Russia... etc, etc, etc...
Go commies, go!
You're forgetting the movies.
;)
And the occasional app or game.
And sometimes people's cookies.txt. (I found one with Amazon one-click shopping once!
Hey, I think we might be able to make a case for the legality of downloading someone else's cookies.txt! Score one for p2p!
All about Buran:
http://dmoz.org/Science/Technology/Spa ce/Space_Shuttle/Buran,_Russian_Space_Shuttle/
And a *real* one for sale! (Er, my Russian is a little rusty, but it says "For Sale" in English...)
http://www.buran.ru/htm/forsale.htm
And apparently, the program isn't dead, anymore:
http://www.spacedaily.com/news/russia- space-general-01m.html
Fishing. Massive fleets use massive amounts of light at night to attract fish. In the Falklands, they don't fish it themselves, but they make hellalotta money off the licenses. It's a rich area (fish-wise).
"Monkey-boy," eh? Yeah, I kinda like that...
Well, sorry if I was slightly too harsh in that post, but you now appear to have more than proven my point.
Please, do read the article before posting... Or at *least* read it after being told you got it wrong.
Nice job on the "post without reading or thinking" maneuver, mate!
See, it's a *watermark*. Now, what does "watermark" mean? Well, in this case, a watermark is data embedded in an audio signal that can do such things as identify the copyright holder of that signal.
Re-record the signal and guess what? The watermark is still there!
Joy!
Well, with your skills, maybe you can join the Slashdot Special Olympics! Start working on your crapflooding, and maybe you can win multiple medals!
Geeze. I guess I should blame the Snood guy more, though. Yeah, he has to make a penny, but somehow I doubt he's very heartbroken over bundling that crap...
I guess I'm glad I'm no longer the compulsive downloader I once was. Back in the day (and I'm talking *years* ago), you downloaded something, and that's what you got. You used to be able to download Snood and get (surprise!) Snood.
Um, I think he meant that it sends massive files to random people, regardless of their OS. Thus, Joe Linux gets as much crap in his box as Jim Windoze.
Will these programs be run in a sandbox? They're accepting user-submitted binaries, so I would hope so. To be completely fair, the submitted programs should be able to do nothing but read and write from stdin/stdout, otherwise they may do any number of things. Even if they are restricted like that, the judging program had better not having any buffer overflow vulnerabilities. ;-)
Somehow, I don't get the feeling that these people have planned this very thoroughly. There are other little things that don't quite seem right, too...
Kiddies wouldn't bother with the IIS exploit, though, it's already been done for them. They would go straight for /scripts/root.exe. So if you just hit every host that sends the default.ida vulnerability, it's a pretty safe bet they're all compromised.
For those getting scanned and logging it:
Each time a host scans you, inform the user/operator/whatever of that machine that he/she is infected. How? Use the backdoor. Send a single request to the backdoor that opens up their browser to http://www.digitalisland.net/codered/ or a similar page. Just have the backdoor run "start http://whatever.url.you.choose/".
It's easy, and it can be automated. Even easier would be to just write/run a script that goes through your logs and does that for each host that attempted a scan.
Nope, it works. I just checked. It would be *amazingly* trivial to wipe this poor bastard's hard drive right now... Golly, the power is making me dizzy. :)
:)
The deal is that it's running the root.exe (actually cmd.exe) as a cgi process. Look it up for specifics.
Now, I wonder if I should bother at least finding a way to alert these people. For example, I could probably do something like run IE and have it go to a page about Code Red. Assuming the machine has a monitor and is in use by people (probably the case for most of the DSL IPs, anyway), the person will come back to their machine to find info ready for them. Or it might just pop up while they're using it!
"Code red algorithm"??? It's called a random ip scan. In this variation, it's called a scan of the local subnet with a random ip thrown in every now and then. There's nothing special about it.
It's fast because that's how exponential growth works.
So here we basically have thousands of boxes with open backdoors, _broadcasting_ their presence to the world.
And with people so nicely distributing their logs here in this forum, the collection of ips is easier than ever!
Now that they have the backdoors, though, how hard would it be to patch them remotely? I'm thinking that if you put up a single exe on any old webserver, you could tell each infected host to just download and execute it. The only problems are writing the exe (not too hard), and figuring out how to get the host to download it, using the backdoor (probably trivial).
You mean like a museum?
This article really brings out the morons! I love it!
In my experience, these end up as underused novelty items, brought out once a year to show to each new class.
The problem is that they aren't worth it. Yes, it often helps to see various principles in action, but the expense is very large. First, the equipment itself is rather expensive, then you have to train the teachers (who often require much more training than the students), and then it takes a ton of time in class to set it all up, get it running, and do one stupid little experiment.
Every single example of such toys I remember from school was used rarely, and when it was used it accomplished next to nothing.
Schools should try to spend their limited resources on good teachers instead of overpriced gimmicks. A good teacher can teach far better than a bad teacher with expensive toys.
Note that he didn't come up with the idea of the game, though. He mentions its roots in this file.
Also note that I am proud to have addicted a large portion of my high school to it. It is a *schweet* game, in terms of its time-wasting abilities. I may not have survived my time in high school without it...
Why would any sane human being use a desktop operating system in something like this? The machine will be routing data, no more, so why not use a stripped down *nix? Low cost is one of his objectives, too, isn't it?
"But, dude, it's got antialiased text! And 3D acceleration!"
First, it looks through your cookie file.
Then, it logs into any e-commerce sites you have cookies for, and if they're the good kind that saves your cc info it buys all sorts of things!
Hm. That would be interesting. You could easily write a virus that runs around buying stuff... The credit-destroying, economy-enhancing virus.
I'll call it... AMAZONLOVESYOU.
I work for a company that has no sense of fun whatsoever!
I get up regularly to stretch, and I look out across the top of the cubes, and there's nothing... I expect, with all the times I've looked, that I would at least see someone else looking out across as well, but no! It's a barren wasteland of... productivity? Perhaps...
The "director of web communications" or whatnot *does* have a decent little collection of nerf weaponry, however... I have yet to see any in action, though.
My one consolation is bagel day... On thursdays we get free bagels and muffins. I tend to average two bagels and two muffins. I think most people only take one item, which is strange to me...
I don't understand my coworkers! They don't look around over the cubes and they don't take full advantage of the free food! Ah well, it's nothing more than a time-filler for me, right now. When I get a real job, I'll be sure it's fun...
I've always wondered why this isn't done for other products as well. Why don't they sell cheap, but *solid* desktops? With the number of products available for a nice socket 7 solution, you can easily pick the most reliable ones and make a very good machine, for little money. The only cheap machines you can get now are substandard crap. I want a cheap machine that's cheap because it's tech is old, not because it's bad... And yes, dammit. I *love* my P90! And it was cheap! ... I guess. I mean, it's really a Frankenstein('s monster... to be correct ;) of a machine... but I digress.
Give me cheap, old, *solid* tech!