25 million tracks sold ~ $ 8 million for Apple. 1.5 million iPods sold ~ $ 150 million for Apple.
Assumptions: average iPod price = $400, with 25% margin (typical for Apple hardware.) YMMV, but the magnitudes for both the numbers should be in the right ballpark.
In the end, people are just making excuses about why the attack might be kind of hard to pull off.
To be even handed, you should also point out that all OSes that pick up routing info from a DHCP server, have a variant of this "hole". At the very least, a rogue server can act like a proxy and, examine and redirect your TCP packets anywhere.
And even if you do configure Linux to go to a particular DHCP server, how long do you think it'll take to dos the real server and put up a ringer in it's place to spoof all the clients?
This is not hard to pull of, especially when the exploit comes from within your subnet. Starting from scratch, folks with a good knowhow of DHCP, ifconfig, dos exploits, ip-spoofing, and TCP in general could have this setup and start expoiting any DHCP-reliant client in less than a day.
Malicious user sits 2 miles away with laptop and WiFi card and a good antenna pointed at your house.
A good directional antenna (or an omni-directional + extra power) may ensure that the hacker's broadcast gets to your house. For your signals to reach the hacker at 2 miles, a clear line-of-sight and some intel-quality snooping device is required. Not to mention no neighbors using their microwave.
Mac OS X cannot be configured to only accept DHCP responses from one specific server.
For WiFi, you can set it to talk to a specific base station of your choosing.
We are talking R&D in computer technology, not a supply-chain, where, to paraphrase Scott McNealy, the only focus is to ship more bananas at a cheaper price (with a bruise on it.)
One of the umm... foundations of psychohistory is that it works with large groups of people (in this case, the entire galactic empire.) Individuals may seem like indispensable cogs, but they really aren't.
If you are not there to decide the course of history in one way, then some one else will be there to do so. Such is the force of psychohistory.
Only a mutant "mule" (who could not be accounted for in the "equations") could throw a wrench into the system.
Individual actions do not matter in the long run (Asimov's idea, not mine!)
but I must hire anybody other than an American to be inclusive?
Being "inclusive" has nothing to do with it; Money does. When you show reductions in operating costs, it makes Wall St. happy. Which makes the shareholders and the BODs happy. The resulting fat bonus makes the CEO/CFO/CGO... happy. Seems like one big happy family to me!
Every one is bitching about H1-Bs, but no one cares to question the folks who implement these "cost-cutting measures" in the first place. Or the folks who reward them for doing so.
Further, in a Turing Test, it is a human who tries to distinguish between man and machine. I guess a meta-Turing test could be based on a machine trying to make that determination.
Seems like the results on the MSN search are all visually the same. Even the section-titles (Featured, Sponsored, Web Sites...) use a font/color that makes them indistinguishable from some other text, and the titles tend to "hide" in the rest of the information on the page. Just bad design (on purpose to confuse lusers?) - no strong visual cues where one "section" ends and another begins.
Google, otoh, does a better job in seperating the sponsored from the non.
Then again, that 50 number for Mac systems is low if you count historical viruses that would no longer work on modern Mac systems
Depends on how you count them. There were probably less than 20 virus strains targeted specifically at the MacOS. There were also hundreds of MSWord macro viruses which could also do considerable damage (at least one of which was cross-platform.)
Back in 1998, John Norstad's Disinfectant (the best of the breed of AV for the Mac, and free!) checked for about 15 or so signatures. With the advent of MSWORD marco virus, updates to Disinfectant were discontinued. After that, I think (till the switchover to OSX) there were 2 (3?) new ones (non-MSWord macro).
I have a floppy somewhere that incarcerates 8 or 10 of those nasties that came my way (academic curiosity!)
...there does seem to be a link. From the article:
Our investigation so far has shown that Windows systems such as 2000 and XP have an "Internet Time" feature which is usually configured to send SNTP requests to the Microsoft server "time.windows.com", but this server can be changed. I have yet to identify any SNTP client that regularly uses UDP port 23457 as its source port. (Note that that port number seems hand-picked, as the number subsequent to 23456.)
After reading Shell Game article in Computer Word (linked in an earlier thread), who's to say that family (and friends) of Canopy execs are not shorting SCO?
That would be a great scheme. Make money on the way up and down!
Slashdot Mirror
Posted this on another thread. (Approx $ 8 million from iTMS vs. $150 million from iPod).
No easy way to determine how much of the iPod sales is driven by iTMS.
cheers- raga
Back-of-envelope calculations:
25 million tracks sold ~ $ 8 million for Apple.
1.5 million iPods sold ~ $ 150 million for Apple.
Assumptions: average iPod price = $400, with 25% margin (typical for Apple hardware.) YMMV, but the magnitudes for both the numbers should be in the right ballpark.
cheers- raga
True only if "best" = most features. In usability, it is closer to being the worst.
I think that is more a marketing decision so that they can hold their own in the checklist of features provided in the PCRag review.
Also the notion that, regardeless of how stupid the MSWord interface may be, customers will feel more comfortable with a "familiar" look
cheers- raga
Effortless one-handed fast navigation and control of thousands of music files. Also, compact and elegant.
cheers- raga
What was the number one cause of unatural death?
Over 42k traffic fatalities in 2002.
Compare with 3k fatalities in the WTC attack.
cheers- raga
Everybody knows they could have done this faster and cheaper if they were running BSD.
You misspelled OSX again.
cheers- raga
In the end, people are just making excuses about why the attack might be kind of hard to pull off.
To be even handed, you should also point out that all OSes that pick up routing info from a DHCP server, have a variant of this "hole". At the very least, a rogue server can act like a proxy and, examine and redirect your TCP packets anywhere.
And even if you do configure Linux to go to a particular DHCP server, how long do you think it'll take to dos the real server and put up a ringer in it's place to spoof all the clients?
This is not hard to pull of, especially when the exploit comes from within your subnet. Starting from scratch, folks with a good knowhow of DHCP, ifconfig, dos exploits, ip-spoofing, and TCP in general could have this setup and start expoiting any DHCP-reliant client in less than a day.
cheers- raga
Malicious user sits 2 miles away with laptop and WiFi card and a good antenna pointed at your house.
A good directional antenna (or an omni-directional + extra power) may ensure that the hacker's broadcast gets to your house. For your signals to reach the hacker at 2 miles, a clear line-of-sight and some intel-quality snooping device is required. Not to mention no neighbors using their microwave.
Mac OS X cannot be configured to only accept DHCP responses from one specific server.
For WiFi, you can set it to talk to a specific base station of your choosing.
cheers- raga
So, how many times does the word "evil" appear in his advisory?
cheers- raga
"Personally I don't have a very good sense of direction. I just get lost even if I have a map," she says.
cheers- raga
It was last Thursday on Fresh Air.
.
And don't forget to tune in to the show where the champion of fair and balanced news, Bill O'Reilly, stormed out of his interview because he felt that Terry Gross was doing a "hatchet-job" on him
cheers- raga
It's too soon. They just updated their iPod line.
cheers- raga
The antecedents of ClearType.
cheers- raga
We are talking R&D in computer technology, not a supply-chain, where, to paraphrase Scott McNealy, the only focus is to ship more bananas at a cheaper price (with a bruise on it.)
And here's what your fav R&D company has innovated.
Bull indeed.
cheers- raga
One of the umm... foundations of psychohistory is that it works with large groups of people (in this case, the entire galactic empire.) Individuals may seem like indispensable cogs, but they really aren't.
If you are not there to decide the course of history in one way, then some one else will be there to do so. Such is the force of psychohistory.
Only a mutant "mule" (who could not be accounted for in the "equations") could throw a wrench into the system.
Individual actions do not matter in the long run (Asimov's idea, not mine!)
cheers- raga
Where does that have anything at all to do with that post?
Continuation of a comment to a different thought, my dear.
He was commenting on a social effect, not legalities.
I too am not talking about legalities.
Yes, I am cynical enough to suggest that most social "effects" are driven by money.
When times are good for all, it is fashionable to be "inclusive".
Along comes a downturn and it is "us" vs. "them".
However, because of their lower rates. "them" continue to be in demand (by those who are making the *real* money.)
Go back where you came from.
I see that you, by trying to be rude as an AC, are already where you came from. Was it the view or the fragrance that enticed you back?
cheers- raga
but I must hire anybody other than an American to be inclusive?
Being "inclusive" has nothing to do with it; Money does. When you show reductions in operating costs, it makes Wall St. happy. Which makes the shareholders and the BODs happy. The resulting fat bonus makes the CEO/CFO/CGO... happy. Seems like one big happy family to me!
Every one is bitching about H1-Bs, but no one cares to question the folks who implement these "cost-cutting measures" in the first place. Or the folks who reward them for doing so.
cheers- raga
Further, in a Turing Test, it is a human who tries to distinguish between man and machine. I guess a meta-Turing test could be based on a machine trying to make that determination.
cheers- raga
Microsoft would in effect be trying to compete with a legal monopoly.
Given that MS itself is a "legal monopoly", it's about time it got a dose of it's own medicine.
(Or are you implying that since MS is an "illegal monopoly", it's unfair!?)
cheers- raga
It turns out the virus had been released under a GPL licence. It was open source.
That means SCO owns the IP rights for it.
cheers- raga
Seems like the results on the MSN search are all visually the same. Even the section-titles (Featured, Sponsored, Web Sites...) use a font/color that makes them indistinguishable from some other text, and the titles tend to "hide" in the rest of the information on the page. Just bad design (on purpose to confuse lusers?) - no strong visual cues where one "section" ends and another begins.
Google, otoh, does a better job in seperating the sponsored from the non.
cheers- raga
Then again, that 50 number for Mac systems is low if you count historical viruses that would no longer work on modern Mac systems
Depends on how you count them. There were probably less than 20 virus strains targeted specifically at the MacOS. There were also hundreds of MSWord macro viruses which could also do considerable damage (at least one of which was cross-platform.)
Back in 1998, John Norstad's Disinfectant (the best of the breed of AV for the Mac, and free!) checked for about 15 or so signatures. With the advent of MSWORD marco virus, updates to Disinfectant were discontinued. After that, I think (till the switchover to OSX) there were 2 (3?) new ones (non-MSWord macro).
I have a floppy somewhere that incarcerates 8 or 10 of those nasties that came my way (academic curiosity!)
cheers- raga
...there does seem to be a link. From the article:
Our investigation so far has shown that Windows systems such as 2000 and XP have an "Internet Time" feature which is usually configured to send SNTP requests to the Microsoft server "time.windows.com", but this server can be changed. I have yet to identify any SNTP client that regularly uses UDP port 23457 as its source port. (Note that that port number seems hand-picked, as the number subsequent to 23456.)
Any one find a SCO angle?
cheers- raga
According to the one of the links in the story-line, the DDOS did not come from Blaster-infected machines.
cheers- raga
So the big question; who shorted the stock?
After reading Shell Game article in Computer Word (linked in an earlier thread), who's to say that family (and friends) of Canopy execs are not shorting SCO?
That would be a great scheme. Make money on the way up and down!
cheers- raga