The front-end one I'm familiar with (for a Progress database running in Unix) is a one-floppy disk 5-minute install
Yeah, we use Progress here, too. Run a custom app written in Progress/4GL (or however they write it) within the database engine. We use two primary front ends to the database on the user workstations, both of which are part of most Linux distributions: telnet and ssh.
Or is that too far from your idea of a "database client" to count? (If so, we've got 50 people using a Progress-based app without any "database clients" installed...)
Nonsense. Sending an HTTP request is trivial and every person reading this is capable of it. (How do I know? Because you sent an HTTP request to get this page.) Manually sending a command to any infected machine that probes you would be trivial, using only information which is within post #12 above.
Automating it would be a little trickier, but still well within the grasp of anyone who has done a little CGI programming. Just drop in a script named/default.ida which sends an appropriate series of commands via HTTP to the requesting host.
So much for your ability argument.
The ethics side of it is, admittedly open for more debate, but I disagree with both your (a) and (b) statements. I have no ethical problem whatsoever with using an existing back door to de-root a box. On the contrary, I believe that it would be a good thing to do. If you're walking across a parking lot and see an unattended car with one door not-quite-closed, is it unethical to close it? Why is it OK to secure someone else's car, but not their computer?
I have the ability and the belief that disabling the infection is the right thing to do. The only reason that I haven't set up a script to clean up infected servers is because I believe that the legal system would frown upon such activity and I don't want to waste my time rotting in a prison cell.
Based on last month's coverage, I expect that Code Red would probably run within the IIS process, not be killable without rebooting (unless you know enough black magic to kill a thread in another process without bringing the whole thing down), and vulnerable servers are susceptible to multiple infection.
If this incarnation of the worm were really malicious, it would try more than 100 addresses.
It always has tried more than 100 addresses. It uses 100 threads to try addresses. Each thread keeps itself quite busy scanning large numbers of addresses.
I believe you are correct. I've received two sircam messages, one claiming its attachment was a.doc, the other a.xls, and running strings against them made it quite clear that they were win32 executables created using Delphi or C++ Builder, not Office documents.
What does the EFF do that could be construed as bribery?
I read the 'plutocrats' comment not as an indictment of the EFF, but rather of The System and as an acknowledgement that when major industries start buying laws, the most effective way to counter them is to throw some money at the lawmakers yourself. (Not necessarily the best way, mind you. Just the most effective.)
I should've mentioned earlier that the current Tivo software has a workaround for this (the original version didn't): They've added a facility to specify offsets to the start and stop times for scheduled recordings. Unfortunately, this only applies to specific scheduled shows (and season passes); AFAICT, there's no way to set a global offset for a channel that runs everything a minute early or to compensate for drift on shows that the box records on its own initiative.
Yes, because some stations either have their clocks set wrong or just don't care that much about start/end times, so they either start the show earlier or end it later than it's scheduled for.
Or do you have problems even with shows that actually do run when the TV listings say they will?
Q: Elcomsoft claims that it developed the software in order to let users copy the eBooks they purchased onto multiple computers. Doesn't
the Acrobat eBook Reader violate the Fair Use Act?
A: Adobe engineered the Acrobat eBook Reader to exchange eBooks like printed books. The Acrobat eBook Reader does allow customers to move the eBooks they purchase between computers through its lending and giving features. If the publishers enable these features, the buyer of an eBook can loan or transfer to another Acrobat eBook Reader on the network.
No, they didn't. Protests were already being discussed on the free-sklyarov list before EFF showed its face. EFF may have thrown their support behind the protests, but they were not the initiators.
Keep in mind that reusing the same dummy account all over the place may undermine the inherent security and other benefits of using that user. Each service should have its own dummy user (typically named after the service) so that cracking one service doesn't allow the intruder to affect other services. (Historical note: 'nobody' and 'nogroup' were created specifically to handle unrecognized uids/gids encountered by NFS-using systems. They were never intended to actually own any files or processes.)
Don't rush in and make a broken, inferior.NET implementation or people will think only MS can do.NET properly.
Unfortunately, as they have demonstrated with samba, MS has no qualms with making minor changes so that the version which worked with the last release of their protocols doesn't work with the new version. It may take only a few of these sorts of modifications to.NET before people start thinking that, regardless of how well-implemented the open version is.
No, MS isn't producing "a CLI" (which I assumed you parsed as meaning "command-line interface") for BSD/XP. They are working on an implementation of CLI, their new Common Language Infrastructure. It's something completely different.
What about things which are built into the kernel? No modprobe there, but they could still break. The code would have to check whether it's part of the kernel or a module and either print or suppress messages accordingly, plus an additional mechanism may be needed to pass messages from a module to modprobe.
Much simpler for the code to just do the printing itself. (Simpler is often, but not always, better. I'm not sure whether it is in this case or not.)
Not quite. Most GPLed code that I've seen contains language to the effect that derivatives must be licensed under GPL v2 or any later version, so I could freely take v2 code to v3. Where you would need consent of all contributors would be to retroactively change all existing code to v3, which would be of questionable value anyhow. (If I accepted the code under v2, you're going to have a hard time forcing v3 on me if I don't like the changes.)
I am convinced that video-on-demand will fail in the market regardless of convenience, privacy, technology, or any of the other reasons that I've seen thrown around. I honestly believe that, as great as it sounds in theory, people don't want it in practice.
Why? It goes back to scarcity. If everything is available at all times, there's no incentive to either decide that something is specifically worth watching or taking the time to actually watch it.
For example, a few years back, I taped Monty Python. All of it. I have every episode on tape and I've never watched them - half the time I forget that they're even there. But when I see that Python is on TV, what do I do? Tune it in. Same thing with Babylon 5. And just about everything else I have on tape or DVD. It rarely gets watched unless either I have friends over or something external (such as it being on a current broadcast schedule) reminds me that it's there.
There's also the "I can just watch it later" aspect. I've got the anime series Bastard!! on tape and I've been meaning to watch it again for probably two months now, but whenever I have some time, I face the choice of doing something else now and watching Bastard!! later, or watching it now and skipping the other thing.
VOD will fail for the simple reason that we are more driven by scarcity than most of us realize.
Although I agree with you, I suspect that, in saying "the only reason there is a copyright at all is to promote more production of art through compensation", you have unwittingly supported the current system. Inaccessibility of discontinued work promotes increased production by creating an artificially inflated demand for new work. Compensation even ties into this - if an author is no longer paid for books that are out of print, he has to write new stuff if he wants to continue receiving checks.
Frohike/El Lobo was a tango dancer, not flamenco. Related, but very different. (And I'd have to say that that episode was the best treatment of (Argentine-style, not ballroom) tango I've seen in mainstream U.S. media, bar none.)
I think something that a lot of people miss is the fact that the average computer user is very different from the average Slashdot reader
or Linux user.
Absolutely true. Which is why I cannot agree with Raskin's assertion that there should only be one way to do something. (Or at least the reviewer claims that he makes such an assertion. I haven't read the book myself.)
Slashdot Mirror
Yeah, we use Progress here, too. Run a custom app written in Progress/4GL (or however they write it) within the database engine. We use two primary front ends to the database on the user workstations, both of which are part of most Linux distributions: telnet and ssh.
Or is that too far from your idea of a "database client" to count? (If so, we've got 50 people using a Progress-based app without any "database clients" installed...)
Automating it would be a little trickier, but still well within the grasp of anyone who has done a little CGI programming. Just drop in a script named /default.ida which sends an appropriate series of commands via HTTP to the requesting host.
So much for your ability argument.
The ethics side of it is, admittedly open for more debate, but I disagree with both your (a) and (b) statements. I have no ethical problem whatsoever with using an existing back door to de-root a box. On the contrary, I believe that it would be a good thing to do. If you're walking across a parking lot and see an unattended car with one door not-quite-closed, is it unethical to close it? Why is it OK to secure someone else's car, but not their computer?
I have the ability and the belief that disabling the infection is the right thing to do. The only reason that I haven't set up a script to clean up infected servers is because I believe that the legal system would frown upon such activity and I don't want to waste my time rotting in a prison cell.
Based on last month's coverage, I expect that Code Red would probably run within the IIS process, not be killable without rebooting (unless you know enough black magic to kill a thread in another process without bringing the whole thing down), and vulnerable servers are susceptible to multiple infection.
It always has tried more than 100 addresses. It uses 100 threads to try addresses. Each thread keeps itself quite busy scanning large numbers of addresses.
d) SirCam scans through your browser's document cache for mailto: links. Taco admins a high-traffic site, you don't.
I believe you are correct. I've received two sircam messages, one claiming its attachment was a .doc, the other a .xls, and running strings against them made it quite clear that they were win32 executables created using Delphi or C++ Builder, not Office documents.
I read the 'plutocrats' comment not as an indictment of the EFF, but rather of The System and as an acknowledgement that when major industries start buying laws, the most effective way to counter them is to throw some money at the lawmakers yourself. (Not necessarily the best way, mind you. Just the most effective.)
I should've mentioned earlier that the current Tivo software has a workaround for this (the original version didn't): They've added a facility to specify offsets to the start and stop times for scheduled recordings. Unfortunately, this only applies to specific scheduled shows (and season passes); AFAICT, there's no way to set a global offset for a channel that runs everything a minute early or to compensate for drift on shows that the box records on its own initiative.
Film at $0.11.
Yes, because some stations either have their clocks set wrong or just don't care that much about start/end times, so they either start the show earlier or end it later than it's scheduled for.
Or do you have problems even with shows that actually do run when the TV listings say they will?
You mean projects like vcr?
And when was the last time you drove a patented car?
No, they didn't. Protests were already being discussed on the free-sklyarov list before EFF showed its face. EFF may have thrown their support behind the protests, but they were not the initiators.
Wouldn't matter anyhow. The code in the URI string is just a bootstrap. The worm itself lives in the request body (which doesn't get logged).
Keep in mind that reusing the same dummy account all over the place may undermine the inherent security and other benefits of using that user. Each service should have its own dummy user (typically named after the service) so that cracking one service doesn't allow the intruder to affect other services. (Historical note: 'nobody' and 'nogroup' were created specifically to handle unrecognized uids/gids encountered by NFS-using systems. They were never intended to actually own any files or processes.)
Unfortunately, as they have demonstrated with samba, MS has no qualms with making minor changes so that the version which worked with the last release of their protocols doesn't work with the new version. It may take only a few of these sorts of modifications to .NET before people start thinking that, regardless of how well-implemented the open version is.
No, MS isn't producing "a CLI" (which I assumed you parsed as meaning "command-line interface") for BSD/XP. They are working on an implementation of CLI, their new Common Language Infrastructure. It's something completely different.
Much simpler for the code to just do the printing itself. (Simpler is often, but not always, better. I'm not sure whether it is in this case or not.)
Not quite. Most GPLed code that I've seen contains language to the effect that derivatives must be licensed under GPL v2 or any later version, so I could freely take v2 code to v3. Where you would need consent of all contributors would be to retroactively change all existing code to v3, which would be of questionable value anyhow. (If I accepted the code under v2, you're going to have a hard time forcing v3 on me if I don't like the changes.)
Why? It goes back to scarcity. If everything is available at all times, there's no incentive to either decide that something is specifically worth watching or taking the time to actually watch it.
For example, a few years back, I taped Monty Python. All of it. I have every episode on tape and I've never watched them - half the time I forget that they're even there. But when I see that Python is on TV, what do I do? Tune it in. Same thing with Babylon 5. And just about everything else I have on tape or DVD. It rarely gets watched unless either I have friends over or something external (such as it being on a current broadcast schedule) reminds me that it's there.
There's also the "I can just watch it later" aspect. I've got the anime series Bastard!! on tape and I've been meaning to watch it again for probably two months now, but whenever I have some time, I face the choice of doing something else now and watching Bastard!! later, or watching it now and skipping the other thing.
VOD will fail for the simple reason that we are more driven by scarcity than most of us realize.
Although I agree with you, I suspect that, in saying "the only reason there is a copyright at all is to promote more production of art through compensation", you have unwittingly supported the current system. Inaccessibility of discontinued work promotes increased production by creating an artificially inflated demand for new work. Compensation even ties into this - if an author is no longer paid for books that are out of print, he has to write new stuff if he wants to continue receiving checks.
NFS. Put the music archive in a different box and either boot diskless or load what you need into a ramdisk and spin the boot drive down.
Frohike/El Lobo was a tango dancer, not flamenco. Related, but very different. (And I'd have to say that that episode was the best treatment of (Argentine-style, not ballroom) tango I've seen in mainstream U.S. media, bar none.)
Absolutely true. Which is why I cannot agree with Raskin's assertion that there should only be one way to do something. (Or at least the reviewer claims that he makes such an assertion. I haven't read the book myself.)