...You could flood an [X] application with fake messages and see how it responds; you could send it corrupt messages and see how it responds. Chances are, it would cope just fine, since it'll choose what to do with the messages and process the flood one at a time.
Someone tried this... sorry, I have no idea what the link is, but I think it was on Slashdot a few months ago. Generate a bunch of random Xor Win32 messages, maybe well-formed, maybe not, and fire them at the app of your choice. Most apps on both platforms died quickly and spectacularly.
So pretty much everyone can see from this that there are still people who have no fscking clue about maintaining security, yes?
And yet, just a few discussions down the/. front page, there's this massive collective rant, questioning the gov't's motive in releasing something that they claim is designed to help secure people's boxen. If the gov't software were just to stop code red and nimda from moving so fast, wouldn't that qualify as "public interest" enough for them to do that, just out of the goodness of their hearts?
Apologies for twisted grammar of preceding para./me needs sleep, badly!
If you ever want to have a lot of fun, I recommend that you go off and program an imbedded system. The salient characteristic of an imbedded system is that it cannot be allowed to get into a state from which only direct intervention will suffice to remove it. An imbedded system can't permanently trust anything it hears from the outside world. It must sniff around, adapt, consider, sniff around, and adapt again. I'm not talking about ordinary modular programming
carefulness here. No. Programming an imbedded system calls for undiluted raging maniacal paranoia. For example, our ethernet front ends eed to know what network number they are on so hat they can address and route PUPs properly. How do you find out what your network number is? asy, you ask a gateway. Gateways are required by efinition to know their correct network numbers. Once you've got your network number, you start sing it and before you can blink you've got it wired into fifteen different sockets spread all
over creation. Now what happens when the panic-stricken operator realizes he was running the wrong version of the gateway which was giving out the wrong network number? Never supposed to happen. Tough. Supposing that your software discovers that the gateway is now giving out a different network number than before, what's it supposed to do about it? This is not discussed
in the protocol document. Never supposed to happen. Tough. I think you get my drift.
...according to knowledgeable sources, driving with just a cell phone in play (even a hands-free one) is enough of a distraction to make you drive like you're drunk. What is all this gadgetry going to do to a driver??
Seriously, though, all those warnings are good (as long as false positives don't cause boy-who-cried-wolf syndrome in the driver) but being able to watch the back seat? I think this is going too far...
Stock in Lawrence Berkeley National Laboratory plummeted in afternoon trading, while the head researcher vigorously denied rumors that Arthur Andersen had provided proofreading services for the paper in question...
Someone at the U of MN Geometry Center created a proof that if the S and Z shapes alternate for long enough (the ceiling he gave was something like 70,000 pieces) you absolutely must lose (depending, of course, on the exact geometry of the well). Even had a Java applet that allowed you to try it yourself...
Blindingly obvious? Probably. Just the sort of blinding obviousness that makes this country great...
You can see the applet and a link to the paper here.
IIRC, Napster did this a while ago, while they were still being dealt with piecemeal (eg, everything Metallica must go). Someone wrote a plugin or something (never used it, not sure what it did) that munged filenames in some reversible way. I think the counter-solution was to ban files based on ID3 tags.
In the battle between better warhead and better shielding, the warhead always wins. But who's got which here?
If a police officer goes through your room and finds a bomb, without a warrant, he can't do anything with it, until he gets one from a judge.
True, but if he sees one through the window, or is just dropping by to chat and spies a few dozen sticks of TNT and schematics of the Hoover Dam, he doesn't need a warrant, any more than an arrest warrant is needed when the cop sees you stick up the 7-11. (Ok, IANAL, but I did read up on this a while ago, and I believe this to be true...)
So they go on Gnutella like everyone else and see something (something anyone could see) that you shouldn't be sharing. And they ask your ISP to ask you to stop. I don't thin this is IoP.
Whether they should is another question entirely. But if you are sharing something for the whole internet to see, you should expect everyone on the internet to see it. Even the ones you don't want to.
Right. You're going something that looks cool, something that geeks are going to be interested in.... in sort, something that's begging to get slashdotted... and you think "Gee, I want to put up some big fat sound files so that visitors can suck up even more bandwidth!"
Yes, the bandwidth is horrific, so I've shrunk all the images to a much smaller size (160 wide) instead of their usual 640 and 320. If you want to see this and actually make out the pictures (and read the text in them), come back in a week or so when the traffic has dropped and I've put the full-res ones back. Assuming I don't get firewalled off first:)
"2) This is a pointless exercise and serves no useful purpose."
I have a small whiteboard and set of markers that I use for this "pointless exercise" practically every time that I code something. Working on a computer, I typically can't see enough of the code to be able to tell if I'm doing something completely stupid or not. So I sketch everything on the whiteboard. Ok, not code per se, but flowcharts, or maybe an API listing, or whatever seems appropriate, and usually enough that the actual coding is trivial. Once I've got it firmly set in my head, then I get going.
Your mileage may vary. It probably does. But IMHO it's a lot easier when zapping out bad code is just a fingerswipe away...
Slashdot Mirror
And yet, just a few discussions down the /. front page, there's this massive collective rant, questioning the gov't's motive in releasing something that they claim is designed to help secure people's boxen. If the gov't software were just to stop code red and nimda from moving so fast, wouldn't that qualify as "public interest" enough for them to do that, just out of the goodness of their hearts?
Apologies for twisted grammar of preceding para. /me needs sleep, badly!
If you ever want to have a lot of fun, I recommend that you go off and program an imbedded system. The salient characteristic of an imbedded system is that it cannot be allowed to get into a state from which only direct intervention will suffice to remove it. An imbedded system can't permanently trust anything it hears from the outside world. It must sniff around, adapt, consider, sniff around, and adapt again. I'm not talking about ordinary modular programming carefulness here. No. Programming an imbedded system calls for undiluted raging maniacal paranoia. For example, our ethernet front ends eed to know what network number they are on so hat they can address and route PUPs properly. How do you find out what your network number is? asy, you ask a gateway. Gateways are required by efinition to know their correct network numbers. Once you've got your network number, you start sing it and before you can blink you've got it wired into fifteen different sockets spread all over creation. Now what happens when the panic-stricken operator realizes he was running the wrong version of the gateway which was giving out the wrong network number? Never supposed to happen. Tough. Supposing that your software discovers that the gateway is now giving out a different network number than before, what's it supposed to do about it? This is not discussed in the protocol document. Never supposed to happen. Tough. I think you get my drift.
Seriously, though, all those warnings are good (as long as false positives don't cause boy-who-cried-wolf syndrome in the driver) but being able to watch the back seat? I think this is going too far...
pardon my general .NET ignorance, but does the thing run on Linux? If it doesn't, then there's your answer for a lot of us here, I think...
- If you get X pieces that alternate S and Z, you will lose, no matter how good you are.
- There is a nonzero probability of this event occurring in any given X-piece string.
- Any event with nonzero probability must occur eventually (assuming randomness and a few other things that probably don't actually apply).
- You will eventually get X pieces that alternate S and Z.
- You will eventually lose, no matter how good you are.
Useless? Probably. But when has that stopped a mathematician who's looking for a grant? (I've been one, I should know!)And if you take the trouble to look at the pictures on the site again, you'll see that 118 is still blank...
Stock in Lawrence Berkeley National Laboratory plummeted in afternoon trading, while the head researcher vigorously denied rumors that Arthur Andersen had provided proofreading services for the paper in question...
Enjoy.
Blindingly obvious? Probably. Just the sort of blinding obviousness that makes this country great...
You can see the applet and a link to the paper here.
Thanks. I knew there was some sort of handy phrase for that, but I couldn't remember what it was...
In the battle between better warhead and better shielding, the warhead always wins. But who's got which here?
So they go on Gnutella like everyone else and see something (something anyone could see) that you shouldn't be sharing. And they ask your ISP to ask you to stop. I don't thin this is IoP.
Whether they should is another question entirely. But if you are sharing something for the whole internet to see, you should expect everyone on the internet to see it. Even the ones you don't want to.
The better to melt your server, my dear...
Though, yes, handyboard would normally imply something C-like...
More likely the site owner submitted it to Slashdot himself, and so knew it was coming...
And I bet it still won't work....
I have a small whiteboard and set of markers that I use for this "pointless exercise" practically every time that I code something. Working on a computer, I typically can't see enough of the code to be able to tell if I'm doing something completely stupid or not. So I sketch everything on the whiteboard. Ok, not code per se, but flowcharts, or maybe an API listing, or whatever seems appropriate, and usually enough that the actual coding is trivial. Once I've got it firmly set in my head, then I get going.
Your mileage may vary. It probably does. But IMHO it's a lot easier when zapping out bad code is just a fingerswipe away...