The older DAV and co viruses from the late 90-es were polymorphic and changed their code from time to time.
In fact as far as underlying technology the current viruses have regressed back to simple non-polymorphic code. Not entirely surprising considering that they are written in a high level language nowdays. If you look at the recent crop there is anything including Delphi and VB used to write them with some EXE compression at the end applied to get the size down to a reasonable value.
Second - what in particular do you have against.cx domains? While they have been used for pranks like the goatse.cx their SPAM usage is way lower than.biz.
Third - as far as Telstra is concerned what do you expect? They are possibly the only ISP/Telco in the entire world which puts Winh0ze knowledge related to their internal servers ahead of internet protocol knowledge and internet server/services knowledge when hiring _Internet_ server specialists. I am not joking. This was in the job specs they posted when they were filling places post-acquisition of PSI UK.
If this was true anyone working in a UPS environment would be a sick nutter. Just take an oscilloscope and see the crap some "branded" dual conversion models spit out.
They started with a fork of the NetBSD codebase and maintained compatibility for a long while. Many drivers in the Net/OpenBSD tree used to be ifdef-ed for specific OS related parts. In fact one of the reason for OpenBSD to survive for so long especially on obscure architectures has been the fact that it used to rely heavily on Net for low level hardware specific code (disclaimer - I do not know if this is still the case as I have not looked at their source since 3.3).
As a result GPL-ing is not an option. Your codebase is heavily dependant on somebody's else's codebase which is BSD.
As far as the financial difficulties, all business and businesslike entities using GPL rely on support, custom code and consulting for their day to day living expenses. You do not get that money if you have this attitude: http://www.securityfocus.com/archive/1/428749/30/9 0/threaded. This is just one fresh example (this week).
Another essential factor is that if you write software in the real world you have to go out of your ivory tower on a daily basis and check what your competitors doing. OpenBSD tends to believe its own PR about their security prowess and does not follow Linux, FreeBSD and other OS development as much as it should. One example for this is how it missed the appearance of hardware RNG in AMD hardware for several years. They simply did not know it is there (I actually pointed it to Theo myself a year ago). I bet that they have missed other stuff in a similar fashion as well.
Frankly, the days when Open Source OS projects were PFY jobs and flaming each other out of existence on mailing lists was business as usual are long gone.
Time to grow up or face the dark stairway down down and down towards oblivion.
That was a different virus which infected humans. Based on genetic analysis done at the CDC using corpses dug out from the Arctic it looks like it has freshly jumped from birds, but it was a human flu strain. Not a bird flu strain.
Dealing with lusers who have been quarantined costs much more than the actual cost of the uplink bandwidth of a DSL line. In addition to that in an ISP which does not do significant amounts of colocation the overall balance of traffic is towards incoming. As a result extra outgoing traffic is usually outright ignored.
So the economic driver to quarantine Typhoid Marries is simply not there. As a result the Telcos and access ISPs will continue not to care until the rest of the industry (banks, e-commerce, etc) buy enough congress(or MP)critters to force a regulatory regime through.
Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays. Same for DDOS, so on so fourth. And anyone who does not want to be subjected to this regime should simply pay an extra for not having it.
The "And" is that you are least likely to be infected even if you handle infected blood and meat. Now, dung from infected birds is a completely different matter.
yeah, somewhere in the Far East a handful of people died who pretty much washed their hands in infected bird blood
Incorrect - nearly all of them cleaned up after live or dead birds. The flu virus in birds is secreted out in bird urine/feces and infects by getting back into the respiratory pathways soon after that (both in birds and humans). Birds pecking in "dung" get infected from other birds. People who are cleaning after them (and you have to clean a henhouse quite regularly) get infected as well.
This is also the reason why the infection is most common in chickens and waterfowl as they feed where they drop.
The answer is one word - Tarkovski. It is the same as with the Strugacki brothers. They have around 30 books better and better over the years and the only thing they are know for in the West is one Chapter from "Picnic by the Road". The chapter which was used as a storyline for Tarkovski's "Stalker".
Just look at Russia, it has the largest hydro deployment in the world now and the results are not pretty. River deltas are drying, there are massive changes to the environment, climate which was as healthy as a climate can get 100 years ago has become practically lethal in many places. A big hydroelectric tends to keep the river right after it open all winter. As a result the humidity goes into the 100% condensing range which when the outside temperature is around -40 is outright deadly. It is not pretty when the outside temperature is above 25 either.
There are very few places in the world where a hydroelectric is environmentally safe and economically sound.
Can't really say anything about that, but a quick investigation of their DNS shows that it is not geographically distributed (RFC3258). OK, I do not have the tools to do it properly, but it does not look like.
On top of that they do not look like they have their own connectivity to peering points in EU.
So frankly, they look like they are ripe for the picking. It is utterly trivial to run a domain registrar out of several diverse locations using RFC 3258. A registrar that is not doing it is in clear need of a cluebat on the head several times. I hope that this DDOS finally delivers it.
Wild salmon as most oceanic top predators accumulates all the flame retardants, dioxins, etc we dump in the Arctic nowdays. I would seriously think twice before eating it unless it is from the North Pacific. Same for any Arctic and North Atlantic fish.
Farmed salmon is not much better either. It is stuffed with antibiotics and has dioxin levels way above what should be considered normal.
If you want to eat non-carcinogenic and antibiotic free omega-rich fish eat white trout (in Russian "Sig") which is nowdays farmed across most of EU. It has much better disease resistance compared to salmon so they do not stuff it with so much antibiotics. It also tastes better.
Alternatively - Antarctic fish. It is still reasonably clean from pollution and tastes better than salmon anyway.
What you are missing is that damage control in a warship usually leads to extra loss of life. You damage control by filling with water sections of the hull which are calculated to counterbalance your damage so far. Initially these are corridors, utility sections, etc. WWII experience showed that after a point you bite the bullet and start filling sections with lives in it. As a result your ship stays afloat, level and continues firing. If you do not do that you capsize.
So having less "lives" on board and more automation actually is better for at least some forms of damage control. It is much easier to decide to fill a few empty corridors with water compared to filling a few rooms full of people. Especially during combat.
Their ship losses in the Falklands were mostly due to lack of long range aerial radar coverage and lack of training in the command staff to use the newer AAA systems. If you are referring to the destroyer they lost there it was lost because it went into the line of fire between the other ship which had suitable AAA for low altitude engagement and the attacking planes. As a result noone engaged them until they dropped the bombs. If you are referring to Atlantic Conveyor, that was dead meat. It was neither even armed, nor properly protected by AAA armed vessels so it did not stand a chance against an Exoset. In either case long range radar coverage from an airplane would have prevented both.
Even if you do that, you are likely to get better results with optimised recompilation of system libraries instead of the software itself. Unless the application is written by an idiot with a fancy hobby of rewriting libc (or Dan Bernstein which according to some people is the same) your main constraints are silly things like the malloc family, IO, libm function, etc. Most of these are safe to recompile with CPU specific optimisations. In fact large part of them can take -O6 -march (on x86) while plenty of applications break if you use a mere -O.
Overall, all of this is usually unnecessary. I have found that optimising the system design, data layout and optimising the kernel for the correct CPU usually yields much more than any compiler optimisations of libraries and applications.
The more interesting part of the writeup is that MI5-6, FBI, CIA and NSA are so effing inept that they could not catch him for 2 years and the only reason why his hacker identity was revealed was that someone correlated the fact that he was behind bars with the lack of messages.
Considering that he was arrested and the police had all the grounds to get logs from his ISP as well as run proper forensics on his equipment we are talking about incompetence of truly biblical proportions here.
This is a classic example why they should take their proposals about RIP act extensions as well as the new Anti-Terrorism act and shovel it where sun does not shine. There is no point providing someone who cannot use a rifle with an grenade launcher. With a rifle he will just shoot himself in the foot. With a grenade launcher he will make 3m crater killing a few innocent bystanders.
Even in this case it can still be annuled by their supreme court which is known to have principles and guts. After all they are the only ones in the world who remembered that the people on board of a plane in a hostage situation have as much of a right to live as the people on the ground and threw out a law that allowed shooting them down.
They have strict privacy laws. As strict as it gets. Possibly one of the strictest in the world. Last time I looked you cannot even get a phone bill for a company phone without it being anonymised. Last numbers used to be deliberately scrambled so that the employer can see what is the call pricing category but without being able to see who has been called. So on so fourth.
TFA does not answer the most interesting question. AFAIK in germany you can copy a copyrighted work as much as you want within your household under fair use provisions. This is supported by an extra levy on CD writers, blank media, etc. Does the new law change any of these provisions in favour of the plutocrats or not?
In fact this is the approach taken by Turbo pascal. 255 byte strings in the beginning followed by a different type with 32768 bytes from sometimes in the mid-90-es. This is also the approach many script languages take.
OK, fine, when it will hit http://www.linitx.com/ or http://www.icp-epia.co.uk/ or some other place where I can actually buy it. Or this is expoware same as their SMP Eden platform. I have been waiting for them to ship it for god knows how long now as it is exactly what I need to build a cost/power effective SMP development/testing rig for the developers where I work now.
As an ex-computer security professional I would not bang the fundamentals under a "mechanics" heading.
In theory part of the job of a security engineer is to treat the work of the people around him with respect and ensure that it succeeds in its projected goals.
Unfortunately, in practice, the majority of the industry follows the exact opposite. Either the security engineer comes at the end, dismisses the system design as "mechanics" and goes to jerk off in a threat FUDfest or signs off the system due to "business pressures".
Frankly, anyone who wants to be a security professional should read some BUGTRAQ and FULLDISCLOSURE archives first and decide - "Do I want to be one of these". I would not.
Slashdot Mirror
The older DAV and co viruses from the late 90-es were polymorphic and changed their code from time to time.
In fact as far as underlying technology the current viruses have regressed back to simple non-polymorphic code. Not entirely surprising considering that they are written in a high level language nowdays. If you look at the recent crop there is anything including Delphi and VB used to write them with some EXE compression at the end applied to get the size down to a reasonable value.
You are late.
El president Antonio Bliar has p4wn3d it before you.
Err... First - the article is a dupe
.cx domains? While they have been used for pranks like the goatse.cx their SPAM usage is way lower than .biz.
Second - what in particular do you have against
Third - as far as Telstra is concerned what do you expect? They are possibly the only ISP/Telco in the entire world which puts Winh0ze knowledge related to their internal servers ahead of internet protocol knowledge and internet server/services knowledge when hiring _Internet_ server specialists. I am not joking. This was in the job specs they posted when they were filling places post-acquisition of PSI UK.
Looking at the mirror:
;-)
Not lately, no, at least not for the last 5 milliseconds...
Fair point though
Quite likely.
If this was true anyone working in a UPS environment would be a sick nutter. Just take an oscilloscope and see the crap some "branded" dual conversion models spit out.
Not really applicable.
9 0/threaded. This is just one fresh example (this week).
They started with a fork of the NetBSD codebase and maintained compatibility for a long while. Many drivers in the Net/OpenBSD tree used to be ifdef-ed for specific OS related parts. In fact one of the reason for OpenBSD to survive for so long especially on obscure architectures has been the fact that it used to rely heavily on Net for low level hardware specific code (disclaimer - I do not know if this is still the case as I have not looked at their source since 3.3).
As a result GPL-ing is not an option. Your codebase is heavily dependant on somebody's else's codebase which is BSD.
As far as the financial difficulties, all business and businesslike entities using GPL rely on support, custom code and consulting for their day to day living expenses. You do not get that money if you have this attitude:
http://www.securityfocus.com/archive/1/428749/30/
Another essential factor is that if you write software in the real world you have to go out of your ivory tower on a daily basis and check what your competitors doing. OpenBSD tends to believe its own PR about their security prowess and does not follow Linux, FreeBSD and other OS development as much as it should. One example for this is how it missed the appearance of hardware RNG in AMD hardware for several years. They simply did not know it is there (I actually pointed it to Theo myself a year ago). I bet that they have missed other stuff in a similar fashion as well.
Frankly, the days when Open Source OS projects were PFY jobs and flaming each other out of existence on mailing lists was business as usual are long gone.
Time to grow up or face the dark stairway down down and down towards oblivion.
That was a different virus which infected humans. Based on genetic analysis done at the CDC using corpses dug out from the Arctic it looks like it has freshly jumped from birds, but it was a human flu strain. Not a bird flu strain.
0 28/qid=1143573179/sr=1-8/ref=sr_1_3_8/203-3200871- 8807110] you will have shivers for a very very very long time.
By the way if you compare what the CDC did and "The First Horseman" [http://www.amazon.co.uk/exec/obidos/ASIN/0099184
So the economic driver to quarantine Typhoid Marries is simply not there. As a result the Telcos and access ISPs will continue not to care until the rest of the industry (banks, e-commerce, etc) buy enough congress(or MP)critters to force a regulatory regime through.
Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays. Same for DDOS, so on so fourth. And anyone who does not want to be subjected to this regime should simply pay an extra for not having it.
The "And" is that you are least likely to be infected even if you handle infected blood and meat. Now, dung from infected birds is a completely different matter.
Incorrect - nearly all of them cleaned up after live or dead birds. The flu virus in birds is secreted out in bird urine/feces and infects by getting back into the respiratory pathways soon after that (both in birds and humans). Birds pecking in "dung" get infected from other birds. People who are cleaning after them (and you have to clean a henhouse quite regularly) get infected as well.
This is also the reason why the infection is most common in chickens and waterfowl as they feed where they drop.
With all due respect "Return from the Stars" is better. If you are new to Lem start with it.
The answer is one word - Tarkovski. It is the same as with the Strugacki brothers. They have around 30 books better and better over the years and the only thing they are know for in the West is one Chapter from "Picnic by the Road". The chapter which was used as a storyline for Tarkovski's "Stalker".
I would second that.
Just look at Russia, it has the largest hydro deployment in the world now and the results are not pretty. River deltas are drying, there are massive changes to the environment, climate which was as healthy as a climate can get 100 years ago has become practically lethal in many places. A big hydroelectric tends to keep the river right after it open all winter. As a result the humidity goes into the 100% condensing range which when the outside temperature is around -40 is outright deadly. It is not pretty when the outside temperature is above 25 either.
There are very few places in the world where a hydroelectric is environmentally safe and economically sound.
Can't really say anything about that, but a quick investigation of their DNS shows that it is not geographically distributed (RFC3258). OK, I do not have the tools to do it properly, but it does not look like.
On top of that they do not look like they have their own connectivity to peering points in EU.
So frankly, they look like they are ripe for the picking. It is utterly trivial to run a domain registrar out of several diverse locations using RFC 3258. A registrar that is not doing it is in clear need of a cluebat on the head several times. I hope that this DDOS finally delivers it.
Salmon?
Wild salmon as most oceanic top predators accumulates all the flame retardants, dioxins, etc we dump in the Arctic nowdays. I would seriously think twice before eating it unless it is from the North Pacific. Same for any Arctic and North Atlantic fish.
Farmed salmon is not much better either. It is stuffed with antibiotics and has dioxin levels way above what should be considered normal.
If you want to eat non-carcinogenic and antibiotic free omega-rich fish eat white trout (in Russian "Sig") which is nowdays farmed across most of EU. It has much better disease resistance compared to salmon so they do not stuff it with so much antibiotics. It also tastes better.
Alternatively - Antarctic fish. It is still reasonably clean from pollution and tastes better than salmon anyway.
What you are missing is that damage control in a warship usually leads to extra loss of life. You damage control by filling with water sections of the hull which are calculated to counterbalance your damage so far. Initially these are corridors, utility sections, etc. WWII experience showed that after a point you bite the bullet and start filling sections with lives in it. As a result your ship stays afloat, level and continues firing. If you do not do that you capsize.
So having less "lives" on board and more automation actually is better for at least some forms of damage control. It is much easier to decide to fill a few empty corridors with water compared to filling a few rooms full of people. Especially during combat.
Their ship losses in the Falklands were mostly due to lack of long range aerial radar coverage and lack of training in the command staff to use the newer AAA systems. If you are referring to the destroyer they lost there it was lost because it went into the line of fire between the other ship which had suitable AAA for low altitude engagement and the attacking planes. As a result noone engaged them until they dropped the bombs. If you are referring to Atlantic Conveyor, that was dead meat. It was neither even armed, nor properly protected by AAA armed vessels so it did not stand a chance against an Exoset. In either case long range radar coverage from an airplane would have prevented both.
I would second that.
Even if you do that, you are likely to get better results with optimised recompilation of system libraries instead of the software itself. Unless the application is written by an idiot with a fancy hobby of rewriting libc (or Dan Bernstein which according to some people is the same) your main constraints are silly things like the malloc family, IO, libm function, etc. Most of these are safe to recompile with CPU specific optimisations. In fact large part of them can take -O6 -march (on x86) while plenty of applications break if you use a mere -O.
Overall, all of this is usually unnecessary. I have found that optimising the system design, data layout and optimising the kernel for the correct CPU usually yields much more than any compiler optimisations of libraries and applications.
The more interesting part of the writeup is that MI5-6, FBI, CIA and NSA are so effing inept that they could not catch him for 2 years and the only reason why his hacker identity was revealed was that someone correlated the fact that he was behind bars with the lack of messages.
Considering that he was arrested and the police had all the grounds to get logs from his ISP as well as run proper forensics on his equipment we are talking about incompetence of truly biblical proportions here.
This is a classic example why they should take their proposals about RIP act extensions as well as the new Anti-Terrorism act and shovel it where sun does not shine. There is no point providing someone who cannot use a rifle with an grenade launcher. With a rifle he will just shoot himself in the foot. With a grenade launcher he will make 3m crater killing a few innocent bystanders.
Even in this case it can still be annuled by their supreme court which is known to have principles and guts. After all they are the only ones in the world who remembered that the people on board of a plane in a hostage situation have as much of a right to live as the people on the ground and threw out a law that allowed shooting them down.
They have strict privacy laws. As strict as it gets. Possibly one of the strictest in the world. Last time I looked you cannot even get a phone bill for a company phone without it being anonymised. Last numbers used to be deliberately scrambled so that the employer can see what is the call pricing category but without being able to see who has been called. So on so fourth.
TFA does not answer the most interesting question. AFAIK in germany you can copy a copyrighted work as much as you want within your household under fair use provisions. This is supported by an extra levy on CD writers, blank media, etc. Does the new law change any of these provisions in favour of the plutocrats or not?
I agree with you.
In fact this is the approach taken by Turbo pascal. 255 byte strings in the beginning followed by a different type with 32768 bytes from sometimes in the mid-90-es. This is also the approach many script languages take.
It is about time C/C++ saw the light.
OK, fine, when it will hit http://www.linitx.com/ or http://www.icp-epia.co.uk/ or some other place where I can actually buy it. Or this is expoware same as their SMP Eden platform. I have been waiting for them to ship it for god knows how long now as it is exactly what I need to build a cost/power effective SMP development/testing rig for the developers where I work now.
As an ex-computer security professional I would not bang the fundamentals under a "mechanics" heading.
In theory part of the job of a security engineer is to treat the work of the people around him with respect and ensure that it succeeds in its projected goals.
Unfortunately, in practice, the majority of the industry follows the exact opposite. Either the security engineer comes at the end, dismisses the system design as "mechanics" and goes to jerk off in a threat FUDfest or signs off the system due to "business pressures".
Frankly, anyone who wants to be a security professional should read some BUGTRAQ and FULLDISCLOSURE archives first and decide - "Do I want to be one of these". I would not.