If this is your position on such issues, I suppose you don't care about the latest ASCI supercomputer--I mean, nothing new is happening, people are just spending money.
Personally, I think the ability to simulate a cubic foot of reality in real time at the subatomic level is pretty impressive. And I think the ability to run UT 2003 with only one fan is pretty impressive, too.
iMacs, the old ones without fans, are no longer in production. I'm not sure if iLamps have fans or not. In either... case..., they don't have OC'd video cards and are much more expensive than the solution in this story.
Your link was previously featured on/., but, IIRC, it runs at 200 MHz--hardly the kind of speed you'd get when ordering a brand-new Dell.
My story, on the other hand, highlights the possibilities for extensive, passive cooling in a modern machine (in fact, its specs are well above those of the two-month-old Dell on which I am typing this).
The reason the story is impressive is that he managed to take a machine that any of us would be proud to have next to our desks, and reduce it to ONE FAN. Putting tons of foam around an MMX/200 doesn't exactly compare.
I don't feel like defending my intelligence, so let's just ignore that comment.
If you are able to decode the phrase, and those who are less intelligent can, as well, it would actually make sense to choose that phrase to ensure the maximum number of people would understand what I was trying to communicate.
I'd like to note that my story was submitted sans spelling errors, and my comments are always properly capitalized and always use appropriate punctuation. How many/.'ers do you know that follow those rules, let alone others?
"Twenty times quieter" is a generally-accepted shortening of "one-twentieth of the volume".
Congratulations, I'm sure your penis has been lengthened by this incredible postscript; I can't wait to meet your superior progeny some day when handing them change--the correct amount, of course.
I would be working at a computer company making exorbitant sums of money and buying myself a brand new Camaro convertible, but, alas, I went through public school, so I guess I have to quit tomorrow and go apply for a job at WalMart.
If you get a chance, please remind your children to remember to tip well when my public school-educated boss (one of the best sysadmins I know) brings by their pizza.
Math skills are deteriorating, but not because I post a mathematically-incorrect colloquialism to/.. Math skills are deteriorating because those with a very high-level understanding of math created tools to remove the tedium of math of less complexity, and then those without the high-level understanding adopted these tools. Eliminate calculators from the world, make them available only to those that have "earned" them, and you'll have done something about deteriorating math skills.
As for my personal math skills, I can out-bitwise-manipulate anyone who cares to challenge me, and I have a decent understanding of single-variable calculus and an extensive understanding of theoretical physics.
As for my wording: you may, if you wish, lambast a poorly-written program for uninformative variable names or lack of comments. You may even note that the program takes an extra run through the compiler before producing machine code. But the reality is that, in human language and in computers, it is the final, parsed data that counts. So long as your parser is capable of handling the statement, which it obviously is based on your comment, the difference in the "source code" is completely unimportant.
All that said, thanks for calling me on it. I'm is always; trying to improve my's gRamerr, after all.
Er, perhaps, but wouldn't it be a wee bit stilted to say "one-twentieth as loud"? Not to mention that, instead of this discussion, we'd get one on whether "one-twentieth" is hyphenated or not.
Well, I use a diskless, ROMless, fanless TexTronix X Terminal. Admittedly, it's terribly vulnerable to hacking (in fact, it's the same model Mitnick SYN-flooded when he hacked Shinomura), but if you keep it all on a separate network from your net connection, you're fine.
And meantime, you get to learn how to configure NFS so it can load its OS on boot! Ooh, pretty!
My personal box is an T-Bird 1.2 bought when the 1.4 had just come out, and I run it downclocked to 900 MHz, with 768 MB of PC 133 CAS3 downclocked to PC100 CAS2.
Of course, I did this for the heat, not for the noise. It's incredible what happens to a dorm room over the course of even one night processing {d.net,UD,Prime95} WU's with the door closed.
but the truth is in one fell swoop I've made it fiendishly difficult to exploit the smtp daemon
Even though you hand-picked SMTP as an example to illustrate your argument, it even breaks down there. If I can acquire this privilege set you think of as so restrictive, for example by compromising the SMTP daemon, all of a sudden, I can intercept any mail message and deliver it to myself. That is very likely enough to break into someone's account because either passwords or information useful for social engineering get sent through the mail system.
On the other hand, if the SMTP daemon runs as root, the threat analysis for a user of it is much simplified. If the SMTP daemon is already compromised and runs as root, it doesn't matter whether I send information through it that might give an attacker root privileges on this machine.
You've got to be kidding me.
Are you honestly suggesting that it is worse to expose a small portion of the system than to expose the whole system in one monolithic chunk, simply because it would make it harder for you to write threat analysis reports?
Anything a malicious user could do under a privilege elevation system could be done "better" (so to speak), faster and easier under a setuid system.
Most of your comments are platitudes that show little actual experience in how systems are skillfully broken into. Beyond script kiddies exploring spectacularly gaping holes in poorly written C programs that just give them root shells, systems are compromised carefully and incrementally, exploring one subtle flaw after another.
Two things:
Most malicious users are script kiddies. Learn to deal, modify your security policy accordingly, and you'll eliminate 99.9% of security-related incidents. If a real hacker wants in, on the other hand, your only hope is closely watching logs and hoping you're good enough to notice the subtle signs of an elite's exploit.
Having broken into my fair share of systems and analysed dozens more intrusions, I can say that most non-script-kiddie exploits occur in one or two steps, the traces of each of which are covered by the triggering of the next. A hacker once abused an incorrect MySQL installation to put an exploit in place that waited for someone to "su - " into a tape backup account. It sent out a single UDP packet (yes, UDP, and no, he didn't check for loss--the second mistake he made) to let him know the system had been compromised. The first mistake he made was a mispelled "rm" (he put "rn") when trying to cover his tracks, which showed up on the screen of our backup user and caused a call to my office. Later, when playing with the executable--which, by looking at backups, we dated as being from six months previous--I triggered its UDP send, just to see what would happen. Within seconds, a flurry of UDP datagrams occured, and I was flooded with a hundred UDP requests to ports over 32768. The UDP packets synced a random number generator seed that was used to determine the ports the exploit would listen on. The instant it received a datagram on a port, it would close that port and listen on the next one. Thus, to our very sensitive IDS, what would otherwise have shown up as an elevated level of activity showed up as a relatively harmless port scan, albeit odd insofar as it used UDP. The data sent was in the form of DNS queries, with the hostname containing sixteen nibbles of hex followed by ".google.com"--no responses were sent. The hundredth port was reserved for communicating a new random seed for port numbers. From looking at the data that was sent, it appeared he was auto-updating the executable to the latest version. In my summary of the incident, I noted that, if we ever found this guy, I wanted to hire him and all his friends.
Conclusion: Yes, incremental, subtle attacks are much harder to detect and prevent than other attacks, but I've investigated three dozen or so "real" attacks, and probably half a million port scans and script kiddies running the latest 'sploit from BugTraq against a Class A at a time. Your guess as to who I spend most of my time fighting.
I tried quite a few nbtstat tricks before I gave up reverse-mapping by NetBIOS name and determined they were external and not from a zombie host inside the firewall.
The tricky part is that they use UDP, since many firewalls "forget" to filter it unless you remind them with a CLI, sledgehammer, and repeated threats to use an etherkiller.
There's no reason to let UDP ports below 1024 in from outside your network, except for the specific services you're running, to the specific servers you're running them on.
The reason I saved it with Mozilla is that that is how I viewed it.
I figured there was a better chance I'd get in before slashdotting took its toll if I clicked the link than if I connected to my Linux box, remembered the syntax (specifically, the -r part), and serially downloaded all the files.
Plus, I had a better chance of getting all the support files with Mozilla, since I knew it was downloading all of them, whereas I don't know how powerful wget's parsing capabilities are.
That said, all you really need to do is uncompress one of my zipped up files into your mirror directory. True, it won't be a precise mirror insofar as it won't map all the semantic attributes like directory names, but it will be perfectly viewable, which is all/. cares about.
As I am merely reposting the content that appears on his site without deriving any benefit therefrom, no court in its right mind would prosecute me.
That said, if the gentleman wishes to contact me, he may do so at my phone number here, (540) 432-6166 x3666. I will happily take down any material that he feels I should not be providing.
Note that I blithely ignore the fact that you're a troll. Nice tactic, eh?
I'm going to grab ahaning's mirror's copy of the first page, since he has all the images, and roll that into mine.
I think mine is now the only source of page 2. (You didn't know there was a page 2? Look at the bottom of the page.) If someone could grab my distribution and combine it with a google cache and google thumbnails from page three, that'd be heavenly. Just post it as a reply to this thread so there's just one "mirror" thread.
Slashdot Mirror
If this is your position on such issues, I suppose you don't care about the latest ASCI supercomputer--I mean, nothing new is happening, people are just spending money.
Personally, I think the ability to simulate a cubic foot of reality in real time at the subatomic level is pretty impressive. And I think the ability to run UT 2003 with only one fan is pretty impressive, too.
Jouster
(Story Author)
iMacs, the old ones without fans, are no longer in production. I'm not sure if iLamps have fans or not. In either... case..., they don't have OC'd video cards and are much more expensive than the solution in this story.
/., but, IIRC, it runs at 200 MHz--hardly the kind of speed you'd get when ordering a brand-new Dell.
Your link was previously featured on
My story, on the other hand, highlights the possibilities for extensive, passive cooling in a modern machine (in fact, its specs are well above those of the two-month-old Dell on which I am typing this).
The reason the story is impressive is that he managed to take a machine that any of us would be proud to have next to our desks, and reduce it to ONE FAN. Putting tons of foam around an MMX/200 doesn't exactly compare.
Jouster
NFS on a private network is the definition of secure. ANYTHING on a private network is.
And I haven't experienced any "flaking", despite it being run on a RedHat 7.3 box. Have you had bad experiences you can share?
Jouster
(Story Author)
I don't feel like defending my intelligence, so let's just ignore that comment.
If you are able to decode the phrase, and those who are less intelligent can, as well, it would actually make sense to choose that phrase to ensure the maximum number of people would understand what I was trying to communicate.
Jouster
I'd like to note that my story was submitted sans spelling errors, and my comments are always properly capitalized and always use appropriate punctuation. How many /.'ers do you know that follow those rules, let alone others?
"Twenty times quieter" is a generally-accepted shortening of "one-twentieth of the volume".
Jouster
(Story Author)
Congratulations, I'm sure your penis has been lengthened by this incredible postscript; I can't wait to meet your superior progeny some day when handing them change--the correct amount, of course.
I would be working at a computer company making exorbitant sums of money and buying myself a brand new Camaro convertible, but, alas, I went through public school, so I guess I have to quit tomorrow and go apply for a job at WalMart.
If you get a chance, please remind your children to remember to tip well when my public school-educated boss (one of the best sysadmins I know) brings by their pizza.
Jouster
(Story Author)
Math skills are deteriorating, but not because I post a mathematically-incorrect colloquialism to /.. Math skills are deteriorating because those with a very high-level understanding of math created tools to remove the tedium of math of less complexity, and then those without the high-level understanding adopted these tools. Eliminate calculators from the world, make them available only to those that have "earned" them, and you'll have done something about deteriorating math skills.
As for my personal math skills, I can out-bitwise-manipulate anyone who cares to challenge me, and I have a decent understanding of single-variable calculus and an extensive understanding of theoretical physics.
As for my wording: you may, if you wish, lambast a poorly-written program for uninformative variable names or lack of comments. You may even note that the program takes an extra run through the compiler before producing machine code. But the reality is that, in human language and in computers, it is the final, parsed data that counts. So long as your parser is capable of handling the statement, which it obviously is based on your comment, the difference in the "source code" is completely unimportant.
All that said, thanks for calling me on it. I'm is always; trying to improve my's gRamerr, after all.
Jouster
(Story Author)
Er, perhaps, but wouldn't it be a wee bit stilted to say "one-twentieth as loud"? Not to mention that, instead of this discussion, we'd get one on whether "one-twentieth" is hyphenated or not.
Ah well.
Jouster
(Story Author)
The 20x came from a mixing of the "+10 dB = twice as loud to the ear" and "+10 dB = twice the pressure".
:^P Ah well.
It was late. Sorry.
I meant to say, "over 100 times quieter" (since that sounds more impressive), but I can't even get get away with that.
Jouster
Actually, laptop hard drives run at 4200 RPMs.
:)
Except for mine, that is!
Jouster
(Story Author)
Well, I use a diskless, ROMless, fanless TexTronix X Terminal. Admittedly, it's terribly vulnerable to hacking (in fact, it's the same model Mitnick SYN-flooded when he hacked Shinomura), but if you keep it all on a separate network from your net connection, you're fine.
And meantime, you get to learn how to configure NFS so it can load its OS on boot! Ooh, pretty!
Jouster
My personal box is an T-Bird 1.2 bought when the 1.4 had just come out, and I run it downclocked to 900 MHz, with 768 MB of PC 133 CAS3 downclocked to PC100 CAS2.
Of course, I did this for the heat, not for the noise. It's incredible what happens to a dorm room over the course of even one night processing {d.net,UD,Prime95} WU's with the door closed.
Jouster
(Story Author)
*phew* I'm glad someone else hears it, too.
It drives me nutty.
Jouster
Jouster
That still falls under "well over twenty times", doesn't it?
Admittedly, I screwed up my math; I meant to claim "well over one hundred times", but it was late.
Jouster
That's easy: because "over twenty times quieter" doesn't sound as stilted as "less than one-twentieth of the former volume". ;),
Jouster
(Story author)
Why? Is one better than the other or something?
Emacs is a wonderful OS, and I hear they're adding a decent text editor to it soon; meantime, I'll stick with vi.
Jouster
You've got to be kidding me.
Are you honestly suggesting that it is worse to expose a small portion of the system than to expose the whole system in one monolithic chunk, simply because it would make it harder for you to write threat analysis reports?
Anything a malicious user could do under a privilege elevation system could be done "better" (so to speak), faster and easier under a setuid system.
Two things:
Conclusion: Yes, incremental, subtle attacks are much harder to detect and prevent than other attacks, but I've investigated three dozen or so "real" attacks, and probably half a million port scans and script kiddies running the latest 'sploit from BugTraq against a Class A at a time. Your guess as to who I spend most of my time fighting.
Jouster
I tried quite a few nbtstat tricks before I gave up reverse-mapping by NetBIOS name and determined they were external and not from a zombie host inside the firewall.
The tricky part is that they use UDP, since many firewalls "forget" to filter it unless you remind them with a CLI, sledgehammer, and repeated threats to use an etherkiller.
There's no reason to let UDP ports below 1024 in from outside your network, except for the specific services you're running, to the specific servers you're running them on.
Jouster
The reason I saved it with Mozilla is that that is how I viewed it.
/. cares about.
I figured there was a better chance I'd get in before slashdotting took its toll if I clicked the link than if I connected to my Linux box, remembered the syntax (specifically, the -r part), and serially downloaded all the files.
Plus, I had a better chance of getting all the support files with Mozilla, since I knew it was downloading all of them, whereas I don't know how powerful wget's parsing capabilities are.
That said, all you really need to do is uncompress one of my zipped up files into your mirror directory. True, it won't be a precise mirror insofar as it won't map all the semantic attributes like directory names, but it will be perfectly viewable, which is all
:),
Jouster
(Ha! If this doesn't convince them I'm not a karma whore, nothing will!)
Ahaning, can you grab my latest files and update your mirror? That way we can expose all of page one and much of page two.
Now if only someone would do this (the second paragraph).
Alternately, if the author of the site could send me a tarball, I'd gladly host it in that form and decompressed, browseable form.
Jouster
As I am merely reposting the content that appears on his site without deriving any benefit therefrom, no court in its right mind would prosecute me.
That said, if the gentleman wishes to contact me, he may do so at my phone number here, (540) 432-6166 x3666. I will happily take down any material that he feels I should not be providing.
Note that I blithely ignore the fact that you're a troll. Nice tactic, eh?
Jouster
Okay, new version, page 1 is complete, page 2 has some pictures missing, and no page 3 (sorry!).
Grab it in ZIP, BZ, or convenient browseable form.
Jouster
I'm going to grab ahaning's mirror's copy of the first page, since he has all the images, and roll that into mine.
I think mine is now the only source of page 2. (You didn't know there was a page 2? Look at the bottom of the page.) If someone could grab my distribution and combine it with a google cache and google thumbnails from page three, that'd be heavenly. Just post it as a reply to this thread so there's just one "mirror" thread.
Jouster
I grabbed what I could, but the site was in the middle of a meltdown.
.ZIP file, or the .BZ file.
Grab the
Jouster