I recently bought myself a Siemens C1020 Lifebook, and noticed a funny thing in the manual. It gave instructions on how to turn off the notebook for both windows and linux operating systems, and also provided the following link: http://www.fujitsu-siemens.com/Linux I didn't pay too much attention to it, as I was more interested in running FreeBSD on my Fujitsu-Siemens C1020
But since you asked, I've just had a look at the site.
To quote: "Linux is the dominant operating system for Internet service providers (ISPs) and, for example, its use by public administrations is increasing. The co-ordinating and consulting office for information technology of the federal government of Germany recommended to use open source software in government bureaus. It was suggested that open software such as the operating systems Linux or FreeBSD could be used on servers as well as on desktop PCs."
I'm not sure if you can actually buy them without windows yet, but they are certainly moving in the right direction, so if you can't find a winfree supplier, maybe support them. And, heh, just noticed as checking the links, you can download a desktop background with Tux on a surfboard.
Okay, possibly not the most subversive, but a properly stocked, compact first-aid kit she can dump in the bottom of here bag may just be the best thing to have.
And she might even then sign-up for a first-aid class to learn to use the thing...
Heh, when you mention the medical 'problems' I have this image in my head of Mission Control relaying instructions on how to remove an appendix, with duct tape instead of surgical clamps and so on...
Being forced to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...
Err not in mine...
IANAL, but if police have a search warrant, and you have documents in a safe, you'd be required to give them the combination. It's the same thing here.
If you state "these are all mine, and nobody else could possibly have planted them there" then yeah, you're testifying against yourself.
But if you claim that the files aren't yours, or say nothing, the prosecution would have the burden of proof, and the fact that you provided passwords would be inadmissable, as you had been compelled to do so.
If you're interested in NASA, NASAwatch should by your first port of call. They tend to get all the leaks etc. way before the rest of them.
This one was noted on it back in September:
Word has it that Ron Dittemore, Space Shuttle Program Manager at JSC, will be holding an all-hands meeting today to discuss "shuttle commercialization".
According to NASA sources, Dittemore will be discussing an NGO (Non-Governmental Organization) concept that has been developed that would operate the Space Shuttle program. This concept has been under development for the last 9 months. Dittemore will reportedly pitch this concept as being seamless as far as civil servants are concerned with equivalent benefits, significant sign-up bonuses, and guaranteed job security. Dittemore has reportedly expressed personal interest in heading this new organization.
Behind the scenes there is little interest among Dittemore's crowd in actually saving the government money. Rather, this is simply seen as a way to lower the number of federal employees involved in America's civil space program.
Update: Note from someone@jsc.nasa.gov:
"Mr. Dittemore spoke about a "concept" where a private company would run the Space Shuttle Program. It was not commercialization, but "privatization". It has nothing to do with saving money. It will probably cost the government more money. He said it was in the interest of safety.
Since NASA cannot hire new people and grow them to be managers/engineers, there is no one to run the program safely in the future. That is true since most of the shuttle program folks came from MOD which is mostly all contractors now. This "concept" will work only if all the right people
with the right job skills needed to run the program safely, accept the offer to move over. Highly unlikely. We are talking about mission operations, flight design, flight directors, astronauts, program/project managers, ground operations, aircraft operations, launch operations, etc. Only the civil servants in the Engineering Directorates appear to be spared from this excercise in futility. He said it would happen in 2 years. That's unbelievable, the way the government works!"
Why put up with the threat of 404 errors with long timeouts How on earth does google save you here? If the original server is dead, you're going to get *longer* timeouts, as it tries to load *each* image from the original server. If you'd gone direct to the site, you'd only get one timeout.
obnoxious javascript, and pop-up ads The javascript is still there. The fact that the page is now in a frame shouldn't prevent the javascript from runnning. Kinda a key point of client side scripting, you know... it shouldn't depend on the page's location.
To some extent the Google cache threatens the ability of a site operator to gauge the site's popularity That depends on his ability to read his logs.
Each google-cache hit will generate plenty of image requests. All his advertising banners will still be viewed, except if he's using frames badly. If he is, that's his problem.
I'd be tempted to turn the cache into a key part of the company's business You think it's not?!? A search engine kinda needs to keep a cache to, you know, exist. Google just posts links to theirs, that's all
offer webmasters a "cache hosting" agreement. The only sites who would care enough are the bigger content providers who have regular updates - read news sites. If you're looking for current news, you're going to visit the site anyway, to ensure data is fresh. And if it's older news, it'll be cached anyway, so why should they pay?
Otherwise, webmasters are going to become tempted to disable caching of their content to avoid lost page hits and ad revenue Doesn't matter, google caches it anyway when it is indexed, regardless of nocache headers.
And Google is going to get tired of... a giant free hosting provider. Don't you mean free content provider?
That's not a good argument against releasing exploit binaries. Sure, crackers who know what they are doing may be able to reverse engineer it, but the not-so-hot kiddies won't be able to. This would at least delay the appearance of exploits in the wild.
However, disclosing source is better because it allows users to test their own systems for vulnerability. I sure as hell won't test for an exploit using code I didn't inspect and compile myself.
It'd be an interesting new virus vector - security lists being hit with 'I send you this exploit example for your review':)
I'm just after the karma now... Nasawatch has a rumour about shuttle commercialisation too... no background there so here's the text:
Word has it that Ron Dittemore, Space Shuttle Program Manager at JSC, will be holding an all-hands meeting today to discuss "shuttle commercialization". According to NASA sources, Dittemore will be discussing an NGO (Non-Governmental Organization) concept that has
been developed that would operate the Space Shuttle program. This concept has been under development for the last 9 months. Dittemore will
reportedly pitch this concept as being seamless as far as civil servants are concerned with equivalent benefits, significant sign-up bonuses, and guaranteed job security. Dittemore has reportedly expressed personal interest in heading this new organization.
Behind the scenes there is little interest among Dittemore's crowd in actually saving the government money. Rather, this is simply seen as a way to lower the number of federal employees involved in America's civil space program.
Update: Note from someone@jsc.nasa.gov:
"Mr. Dittemore spoke about a "concept" where a private company would run the Space Shuttle Program. It was not commercialization, but "privatization". It has nothing to do with saving money. It will probably cost the government more money. He said it was in the interest of safety.
Since NASA cannot hire new people and grow them to be managers/engineers, there is no one to run the program safely in the future. That is true since most of the shuttle program folks came from MOD which is mostly all contractors now. This "concept" will work only if all the right people
with the right job skills needed to run the program safely, accept the offer to move over. Highly unlikely. We are talking about mission operations, flight design, flight directors, astronauts, program/project managers, ground operations, aircraft operations, launch operations, etc. Only the civil servants in the Engineering Directorates appear to be spared from this excercise in futility. He said it would happen in 2 years. That's unbelievable, the way the government works!"
The question I want an answer to is: how could that be allowed to happen? Surely someone knew what was happening -- why didn't we intervene
to stop what was otherwise inevitable?!
Because nobody gave a damn. It wasn't important, therefore it wasn't happening. U.S. news coverage of international events has died down to mere dribbles in the last twenty years. According to media commentators, this is because ratings usually drop off during international pieces.
As the man once said, "Go back to sleep, America, your gevernment is in control. Here, watch American Gladiators! You are safe."
a) What general level of understanding does the average politician have of the different technologies of the internet?
For example, scoring between 1-5, how much understanding do they generally have on the roots of the following issues:
Script-kiddies, Worms and Viruses;
Corporate security, protection of customer information, professional crackers & industrial espionage, encryption.
Personal security, privacy rights, safety of personal information, security of off-the-shelf products (responsibilties of vendors)
Internet infrastructue - bandwidth costs, redundancy, reliance on international parties
Internet politics - ICANN & IANA, IP and tradmark rights, accountability & responsibility of overseeing bodies,;
Pros and cons of open source vs closed source for business, for government, for education, for consumer;
ISP's and telco's legal and ethical responsibilities, spam.
And so on...
b) How are their decisions on technology issues affected by foreign countries? Are there some areas where policy is home grown, and others where they look for others to lead? How can non-US people affect US policy? How do the international organisations such as the World Trade Body affect policy?
c) How important is the role of non-elected state employees and consultants. Are there maybe some policy areas that, due to technical copmlexity, the politicians will just do what they're told. If so, how do lobbyists take this into account?
d) Only if you're really bored... run through a Geekcode generator, and imagine how the average politician would answer.
Lots of people posting comments about 'free-movement' gesture reading systems replacing keyboards, and being used as part of our day-to-day operation of computers. I beg to differ...
I believe such a system to be unsuitable for non-specialised input.
By this, I mean I can't see keyboards being replaced with 'free-movement' gesture readers.
The reason for this is that, as human beings, we make a hell of a lot of unconscious gestures. It is very difficult to exert total self-control over your body - ask any cop who's been trained to spot lies. We tend to make the smallest gestures without thinking or realinsing it.
For example, when you are typing an email, you probably pause between words, thinking of how to phrase a sentence, or even checking spelling in your head. As you pause, your fingers may tap lightly on the keyboard. The actual movements between 'thinking' on a key, and depressing the key, vary only in force and depth. If you were 'air-typing', the difference in depth would be negligible, and it could be very difficult to spot the force difference.
The ability to obtain the high levels of self control required to avoid such a scenario would be, I fear, beyond the ability of most. It is true that surgeons, pilots, artists etc. all develop such a level of self-control or steady-handedness, but this is generally limited to the key moments when precision is called for.
Have a look at the scrawl on your next doctor's prescription if you doubt me.
One possibility would be to have a control gesture - one which toggles 'input mode' on and off. a control gesture would have to be complex, to avoid it's accidental execution. However, we would then have to train ourselves to wrap a and around all our subconscious movements. Which I think may require the skills of a few KGB hypnotists. Even in the best case, I think that most people would not put the effort in. Look at the decline of true touch-typists since the development of photocopiers and printers.
When speculating on future technology, *sometimes* it's interesting to see what the science-fiction authors think about it. Most don't seem to go beyond the concept of 'touch screen' consoles, coupled with voice recognition. Earth: Final conflict, is about the most intersting. First, they do have those trendy holo-consoles, but still the operators have to 'touch' particular areas to do particular things. Secondly, one of the characteristics developed to make the Taelons appear alien is the high levels of self-control they display. Yet even they, with their peculiar gestures don't appear to apply this to input devices. This of course, doesn't prove anything, but it is interesting that nobody seems to have considered it viable.
Anyway, I suspect that gesture based HCI systems are only really suited for specialist cases, generally when the gestures translate into another motion of some kind. Such systems will never be in general use as input devices.
"you can bet we'd all (even/.'ers) be talking about linux worms."
You're missing the point!! This article is about two particular worms.
The platform is irrelevant, the software is irrelevant, the exploits are irrelevant, and the effects on the hosts are largely irrelevant.
This only thing about them that is relevant is the manner in which they spread - lot's of small, probing requests, mostly within the same subnet.
In this discussion, the *only* relevance platform has is that it happens to be a pretty common one. But there's lots of other common platforms that the same thing could happen to. Say... cisco?
I'm not attempting to obscure the fact that Microsoft make crap software. That fact is irrelevant in the context of this discussion. An apache worm could strike tomorrow, with the same effect. If it does, then at least we know more about how the internet may react to it.
The point is, this was a scientific paper, not a WSJ article.
A tobacco virus attacks tobacco plants, sure, but if I was examing how two similar tobacco viruses worked, I wouldn't refer to them as tobacco viruses, I'd refer to their particular classification.
I can give you a list of worms that attack Microsoft products, but only Nimda and CodeRedII have displayed this behaviour. Hence the need for proper classification.
Calling it a Microsoft worm is really a distortion
I agree, and I must say, it surprised me too. When choosing a term under which to classify something, it should describe a characteristic common to members of that category. Given that Roach and co. are examining the correlation between unusual arp traffic and the worm's attack vector, then deciding to classify it based on who wrote such shoddy software is a bit odd. Though if the media want to it as their new buzzword, that's fine by me.
My first thought would be to call them 'surge worms', based on the explosiveness of their propagation. Doing some proper classification, here's the main characteristics of the two worms:
Characteristics of CodeRedII: OS: Windows 2000 only. Vector:
Scans random IP-addresses via HTTP/GET for IIS servers open to the.ida buffer overflow.
Randomness is weighted to stat within local subnet.
Delivers payload via HTTP.
Uses multiple (300/600) threads to scan for vulnerable servers.
Doesn't reinfect self
Limited propagation lifespan (Oct 2001)
Effects:
Places trojan backdoor on system
Isn't memory-resident, reboot doesn't clear
Doesn't deface infected websites.
Doesn't launch targeted DOS attack.
Characteristics of Nimda: OS: Any windows OS Vector:
Uses 4 distinct methods of propagation:
Scans for multiple IIS vulnerabilites via HTTP/GET requests to 'random' IP addresses. Randomness is weighted to stay within local subnet. Payload delivered via TFTP. Uses multiple (200) threads to perform network scanning.
Self propagates via email sent to addresses stored on infected servers.
Delivered via HTTP-responses to clients of infected IIS servers
via open network file shares
Doesn't reinfect self
Effects:
Places trojan backdoor on system
Isn't memory-resident, reboot doesn't clear
Doesn't deface infected websites.
Doesn't launch targeted DOS attack.
It's clear that the commonality between them lies in
a) The random, multi-threaded propagation via HTTP/GET, which tends to remain localised
b) The installation of a trojan backdoor on infected hosts.
Hence a formal classifcation should be something like "multi-threaded, locally biased trojan worms". The effect of the virus on the host isn't even that important in this case, so "multi-threaded, locally biased worms" would do too.
Slashdot Mirror
I recently bought myself a Siemens C1020 Lifebook, and noticed a funny thing in the manual. It gave instructions on how to turn off the notebook for both windows and linux operating systems, and also provided the following link: http://www.fujitsu-siemens.com/Linux
e r.shtm
I didn't pay too much attention to it, as I was more interested in running FreeBSD on my Fujitsu-Siemens C1020
But since you asked, I've just had a look at the site.
To quote: "Linux is the dominant operating system for Internet service providers (ISPs) and, for example, its use by public administrations is increasing. The co-ordinating and consulting office for information technology of the federal government of Germany recommended to use open source software in government bureaus. It was suggested that open software such as the operating systems Linux or FreeBSD could be used on servers as well as on desktop PCs."
Having a poke around it now, I've just discovered http://www.fujitsu-siemens.com/partner/linux/serv
which provides a list of machines, including laptops, which are certified Red Hat and SuSe hardware.
I'm not sure if you can actually buy them without windows yet, but they are certainly moving in the right direction, so if you can't find a winfree supplier, maybe support them. And, heh, just noticed as checking the links, you can download a desktop background with Tux on a surfboard.
Not +1 Insightful.
The Reg isn't about to be slashdotted, nor is bostom.com. Posting the text of a link is just wasteful, and makes my reading time slower.
I will of course lose karma now, but at least I didn't +1 myself.
Okay, possibly not the most subversive, but a properly stocked, compact first-aid kit she can dump in the bottom of here bag may just be the best thing to have.
And she might even then sign-up for a first-aid class to learn to use the thing...
Heh, when you mention the medical 'problems' I have this image in my head of Mission Control relaying instructions on how to remove an appendix, with duct tape instead of surgical clamps and so on...
Could moderators actually logout from nytimes, then test the link, instead of assuming that it works. It doesn't.
I could karma whore, but I won't.
Someone should renew fent.net... it expires on Saturday...
Whatever way it turns out, I think Mr Myers should add a new character called 'Emgi M. Sucks' :)
I wonder if they have to allow for signal loss caused by bits of space junk floating by...
Okay, the odds are probably pretty damn small, just a thought.
Besides, slashdot seems screwed, I'm curious to see if I can still post...
Being forced to disclose passwords to authorities, IMHO, would be equivalent to testifying agaist yourself...
Err not in mine...
IANAL, but if police have a search warrant, and you have documents in a safe, you'd be required to give them the combination. It's the same thing here.
If you state "these are all mine, and nobody else could possibly have planted them there" then yeah, you're testifying against yourself.
But if you claim that the files aren't yours, or say nothing, the prosecution would have the burden of proof, and the fact that you provided passwords would be inadmissable, as you had been compelled to do so.
Sorry, that link should be http://www.nasawatch.com
If you're interested in NASA, NASAwatch should by your first port of call. They tend to get all the leaks etc. way before the rest of them.
This one was noted on it back in September:
Word has it that Ron Dittemore, Space Shuttle Program Manager at JSC, will be holding an all-hands meeting today to discuss "shuttle commercialization".
According to NASA sources, Dittemore will be discussing an NGO (Non-Governmental Organization) concept that has been developed that would operate the Space Shuttle program. This concept has been under development for the last 9 months. Dittemore will reportedly pitch this concept as being seamless as far as civil servants are concerned with equivalent benefits, significant sign-up bonuses, and guaranteed job security. Dittemore has reportedly expressed personal interest in heading this new organization.
Behind the scenes there is little interest among Dittemore's crowd in actually saving the government money. Rather, this is simply seen as a way to lower the number of federal employees involved in America's civil space program.
Update: Note from someone@jsc.nasa.gov:
"Mr. Dittemore spoke about a "concept" where a private company would run the Space Shuttle Program. It was not commercialization, but "privatization". It has nothing to do with saving money. It will probably cost the government more money. He said it was in the interest of safety.
Since NASA cannot hire new people and grow them to be managers/engineers, there is no one to run the program safely in the future. That is true since most of the shuttle program folks came from MOD which is mostly all contractors now. This "concept" will work only if all the right people
with the right job skills needed to run the program safely, accept the offer to move over. Highly unlikely. We are talking about mission operations, flight design, flight directors, astronauts, program/project managers, ground operations, aircraft operations, launch operations, etc. Only the civil servants in the Engineering Directorates appear to be spared from this excercise in futility. He said it would happen in 2 years. That's unbelievable, the way the government works!"
Yeah, for those who haven't tried Opera, they have a right-click toolbar option 'Validate HTML' which runs the current page through the w3c validator.
Sweet, for when you're designing pages.
What *are* you talking about?
... a giant free hosting provider.
Why put up with the threat of 404 errors with long timeouts
How on earth does google save you here? If the original server is dead, you're going to get *longer* timeouts, as it tries to load *each* image from the original server. If you'd gone direct to the site, you'd only get one timeout.
obnoxious javascript, and pop-up ads
The javascript is still there. The fact that the page is now in a frame shouldn't prevent the javascript from runnning. Kinda a key point of client side scripting, you know... it shouldn't depend on the page's location.
To some extent the Google cache threatens the ability of a site operator to gauge the site's popularity
That depends on his ability to read his logs.
Each google-cache hit will generate plenty of image requests. All his advertising banners will still be viewed, except if he's using frames badly. If he is, that's his problem.
I'd be tempted to turn the cache into a key part of the company's business
You think it's not?!? A search engine kinda needs to keep a cache to, you know, exist. Google just posts links to theirs, that's all
offer webmasters a "cache hosting" agreement.
The only sites who would care enough are the bigger content providers who have regular updates - read news sites. If you're looking for current news, you're going to visit the site anyway, to ensure data is fresh. And if it's older news, it'll be cached anyway, so why should they pay?
Otherwise, webmasters are going to become tempted to disable caching of their content to avoid lost page hits and ad revenue
Doesn't matter, google caches it anyway when it is indexed, regardless of nocache headers.
And Google is going to get tired of
Don't you mean free content provider?
Now there's a frood who knows where his towel is.
Interesting to read all the stuff he's done.
Reverse Engineering
:)
That's not a good argument against releasing exploit binaries. Sure, crackers who know what they are doing may be able to reverse engineer it, but the not-so-hot kiddies won't be able to. This would at least delay the appearance of exploits in the wild.
However, disclosing source is better because it allows users to test their own systems for vulnerability. I sure as hell won't test for an exploit using code I didn't inspect and compile myself.
It'd be an interesting new virus vector - security lists being hit with 'I send you this exploit example for your review'
I'm just after the karma now... Nasawatch has a rumour about shuttle commercialisation too... no background there so here's the text:
Word has it that Ron Dittemore, Space Shuttle Program Manager at JSC, will be holding an all-hands meeting today to discuss "shuttle commercialization". According to NASA sources, Dittemore will be discussing an NGO (Non-Governmental Organization) concept that has
been developed that would operate the Space Shuttle program. This concept has been under development for the last 9 months. Dittemore will
reportedly pitch this concept as being seamless as far as civil servants are concerned with equivalent benefits, significant sign-up bonuses, and guaranteed job security. Dittemore has reportedly expressed personal interest in heading this new organization.
Behind the scenes there is little interest among Dittemore's crowd in actually saving the government money. Rather, this is simply seen as a way to lower the number of federal employees involved in America's civil space program.
Update: Note from someone@jsc.nasa.gov:
"Mr. Dittemore spoke about a "concept" where a private company would run the Space Shuttle Program. It was not commercialization, but "privatization". It has nothing to do with saving money. It will probably cost the government more money. He said it was in the interest of safety.
Since NASA cannot hire new people and grow them to be managers/engineers, there is no one to run the program safely in the future. That is true since most of the shuttle program folks came from MOD which is mostly all contractors now. This "concept" will work only if all the right people
with the right job skills needed to run the program safely, accept the offer to move over. Highly unlikely. We are talking about mission operations, flight design, flight directors, astronauts, program/project managers, ground operations, aircraft operations, launch operations, etc. Only the civil servants in the Engineering Directorates appear to be spared from this excercise in futility. He said it would happen in 2 years. That's unbelievable, the way the government works!"
As per your request, here's the report.
Old news, was released Sep 24, here's Space.com's report from the following day.
Oh, and this would've been posted earlie, but I couldn't log in, what's up with that?
Off topic, but it strikes me that the moderator who modded the above post up, should have really modded the *original* post up instead...
And please, don't mod this up, but rather Douglas's post.
The question I want an answer to is: how could that be allowed to happen? Surely someone knew what was happening -- why didn't we intervene
to stop what was otherwise inevitable?!
Because nobody gave a damn. It wasn't important, therefore it wasn't happening. U.S. news coverage of international events has died down to mere dribbles in the last twenty years. According to media commentators, this is because ratings usually drop off during international pieces.
As the man once said, "Go back to sleep, America, your gevernment is in control. Here, watch American Gladiators! You are safe."
- Script-kiddies, Worms and Viruses;
- Corporate security, protection of customer information, professional crackers & industrial espionage, encryption.
- Personal security, privacy rights, safety of personal information, security of off-the-shelf products (responsibilties of vendors)
- Internet infrastructue - bandwidth costs, redundancy, reliance on international parties
- Internet politics - ICANN & IANA, IP and tradmark rights, accountability & responsibility of overseeing bodies,;
- Pros and cons of open source vs closed source for business, for government, for education, for consumer;
- ISP's and telco's legal and ethical responsibilities, spam.
And so on...b) How are their decisions on technology issues affected by foreign countries? Are there some areas where policy is home grown, and others where they look for others to lead? How can non-US people affect US policy? How do the international organisations such as the World Trade Body affect policy?
c) How important is the role of non-elected state employees and consultants. Are there maybe some policy areas that, due to technical copmlexity, the politicians will just do what they're told. If so, how do lobbyists take this into account?
d) Only if you're really bored... run through a Geekcode generator, and imagine how the average politician would answer.
Lots of people posting comments about 'free-movement' gesture reading systems replacing keyboards, and being used as part of our day-to-day operation of computers. I beg to differ...
:)
I believe such a system to be unsuitable for non-specialised input.
By this, I mean I can't see keyboards being replaced with 'free-movement' gesture readers.
The reason for this is that, as human beings, we make a hell of a lot of unconscious gestures. It is very difficult to exert total self-control over your body - ask any cop who's been trained to spot lies. We tend to make the smallest gestures without thinking or realinsing it.
For example, when you are typing an email, you probably pause between words, thinking of how to phrase a sentence, or even checking spelling in your head. As you pause, your fingers may tap lightly on the keyboard. The actual movements between 'thinking' on a key, and depressing the key, vary only in force and depth. If you were 'air-typing', the difference in depth would be negligible, and it could be very difficult to spot the force difference.
The ability to obtain the high levels of self control required to avoid such a scenario would be, I fear, beyond the ability of most. It is true that surgeons, pilots, artists etc. all develop such a level of self-control or steady-handedness, but this is generally limited to the key moments when precision is called for.
Have a look at the scrawl on your next doctor's prescription if you doubt me.
One possibility would be to have a control gesture - one which toggles 'input mode' on and off. a control gesture would have to be complex, to avoid it's accidental execution. However, we would then have to train ourselves to wrap a and around all our subconscious movements. Which I think may require the skills of a few KGB hypnotists. Even in the best case, I think that most people would not put the effort in. Look at the decline of true touch-typists since the development of photocopiers and printers.
When speculating on future technology, *sometimes* it's interesting to see what the science-fiction authors think about it. Most don't seem to go beyond the concept of 'touch screen' consoles, coupled with voice recognition. Earth: Final conflict, is about the most intersting. First, they do have those trendy holo-consoles, but still the operators have to 'touch' particular areas to do particular things. Secondly, one of the characteristics developed to make the Taelons appear alien is the high levels of self-control they display. Yet even they, with their peculiar gestures don't appear to apply this to input devices. This of course, doesn't prove anything, but it is interesting that nobody seems to have considered it viable.
Anyway, I suspect that gesture based HCI systems are only really suited for specialist cases, generally when the gestures translate into another motion of some kind. Such systems will never be in general use as input devices.
But gimme a Battlemech to control...
well bye-bye to my karma...
/.'ers) be talking about linux worms."
"you can bet we'd all (even
You're missing the point!! This article is about two particular worms.
The platform is irrelevant, the software is irrelevant, the exploits are irrelevant, and the effects on the hosts are largely irrelevant.
This only thing about them that is relevant is the manner in which they spread - lot's of small, probing requests, mostly within the same subnet.
In this discussion, the *only* relevance platform has is that it happens to be a pretty common one. But there's lots of other common platforms that the same thing could happen to. Say... cisco?
Don't be silly.
I'm not attempting to obscure the fact that Microsoft make crap software. That fact is irrelevant in the context of this discussion. An apache worm could strike tomorrow, with the same effect. If it does, then at least we know more about how the internet may react to it.
There's no place for gain-saying in science.
The point is, this was a scientific paper, not a WSJ article.
A tobacco virus attacks tobacco plants, sure, but if I was examing how two similar tobacco viruses worked, I wouldn't refer to them as tobacco viruses, I'd refer to their particular classification.
I can give you a list of worms that attack Microsoft products, but only Nimda and CodeRedII have displayed this behaviour. Hence the need for proper classification.
Calling it a Microsoft worm is really a distortion
I agree, and I must say, it surprised me too. When choosing a term under which to classify something, it should describe a characteristic common to members of that category. Given that Roach and co. are examining the correlation between unusual arp traffic and the worm's attack vector, then deciding to classify it based on who wrote such shoddy software is a bit odd. Though if the media want to it as their new buzzword, that's fine by me.
My first thought would be to call them 'surge worms', based on the explosiveness of their propagation. Doing some proper classification, here's the main characteristics of the two worms:
Characteristics of CodeRedII:
OS: Windows 2000 only.
Vector:
Doesn't reinfect self
Limited propagation lifespan (Oct 2001)
Effects:
Places trojan backdoor on system
Isn't memory-resident, reboot doesn't clear
Doesn't deface infected websites.
Doesn't launch targeted DOS attack.
Characteristics of Nimda:
OS: Any windows OS
Vector: Uses 4 distinct methods of propagation:
Doesn't reinfect self
Effects:
Places trojan backdoor on system
Isn't memory-resident, reboot doesn't clear
Doesn't deface infected websites.
Doesn't launch targeted DOS attack.
It's clear that the commonality between them lies in
a) The random, multi-threaded propagation via HTTP/GET, which tends to remain localised
b) The installation of a trojan backdoor on infected hosts.
Hence a formal classifcation should be something like "multi-threaded, locally biased trojan worms". The effect of the virus on the host isn't even that important in this case, so "multi-threaded, locally biased worms" would do too.
"Surge worms" wasn't too bad a choice then :)