"Low code quality keeps haunting our entire industry. That, and sloppy programmers who don't understand the frameworks they work within. They're like plumbers high on glue," Mr. de Raadt said.
BTW, anyone else notice the article was actually from The Globe and Mail?
at the comparison page attached to the article that lets you run the same test on images that the researchers tried. In a startling discovery that is sure to earn me a Nobel Prize for Physics, Chemistry, Biology and Marital Relations, I was told the following:
"Answer: Image 1 [the Mars image](1.43702451394759 % compression) has a higher complexity measure than image 2[the image of my wife] (0.773501341151519 % compression), and thus image 1 is more probably biogenic."
Not only does this prove that there was once life on Mars, but it also proves that my wife is some sort of robot. Further research will be undertaken pending receipt of my prize money.
I can confirm that -- bought a 486 w/8MB of RAM and a 120 MB hd a while back and successfully installed slackware 7.0 (30MB free, as I recall, and a 20MB swap partition). Slackware, for these purposes (and so many others), rox. Really, I think you'd have a hard time going wrong.
Where have you got a crapload of RJ45 cables? That's right, an office.
What's the biggest driving force behind Internet technologies? That's right, pr0n.
So just imagine the HUGE surge in live secretary upskirt cam websites this product will enable.
Hell, there'll be so many, it'll simultaneously turn around the tech slump AND drive us all to IPv6.
Until, of course, someone mistakenly installs 10,000 of these babies in the server room. All those geeks...<shudder>
You can sign up for the mailing list here:
on
IETF to Look at Spam
·
· Score: 3, Informative
Among many, many others, I saw Vernon Schryver, the guy behind Distributed Checksum Clearinghouse, on the list. It's been pretty high volume, though, and I haven't had a chance to really spend some time reading it yet.
I just totaled up the logs for the spam graph I keep for our mail server. In maybe a year and a half, we've caught approx. 1.6 million spams. I thought we were doing well.
But Jesus Christ! Who here wants to start a pool? We'll bet on how long it'll take before AOL has stopped a googol of spam, total. I bet two and a half years; three tops.
I work for a a small ISP. I took over abuse duties about a year and a half ago.
It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.
As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop, who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.
There are two big reasons for any ISP to respond aggressively to complaints about spam:
First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).
Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.
So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.
Melissa clogged SMTP, a service; traffic as a whole was relatively unaffected (you could still get to a website, or chat on IRC). Code Red did send out a lot of traffic, but again other services (uninfected web servers, or mail, or ftp, or DNS queries) relatively unaffected. Posted to the BugTraq list in the middle of Slammer was a message complaining about 95% packet loss to great swaths of the Internet. At that point, nothing gets through.
DOS isn't particularly new, you're right. But this seems to have been the first to have been this successful over such a wide range of the Internet, affecting all services.
Posted to Bugtraq yesterday was a quick summary of a study of the Slammer worm and its effects. Quote:
This worm required rougly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early
stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second.
It infected at least 75,000 victims and probably considerably more.
I read that and my jaw just dropped.
This worm, from what I've read (these aren't my conclusions; I'm not that smart), did two very interesting things. The first is that it used one UDP to spread: no waiting around for the three-way TCP handshake, no hanging waiting for a reply, just send and move on to the next one. From what I understand, that's pretty new. Second, it caused most of its damage not by trashing filesystems or anything like that, but just by spewing *huge* amounts of traffic.
The first is interesting because as a tactic, it'll almost certainly be copied. The second is interesting because it probably won't be copied.
Well worth your time; it's fascinating -- and frightening -- reading. Get it here:
"Our goal here was to actually increase the amount of information available to customers."--Kent Roberts, executive vice president and general counsel for Network Associates.
Well, yes -- but for a beginner, go with one of the Learning books.
Something I meant to put in my first comment re: Learning up above -- the most important thing, I would say, is to make sure you give 'em a book with the distro on CD. Those poor saps on d/u will appreciate it.
I agree...the Unleashed series are pretty good, if a little thin in their coverage sometimes. (That said, that last complaint is from a book in the series I bought in '97, so it may well have changed by now.)
I'd also recommend the O'Reilly Learning Linux/Redhat/Debian set. Well worth the money, and they deserve the endorsement.
Here here. Got it installed on the mail server at the ISP where I work, and boy does it rock: 40-50k messages per day caught. Check my journal if you need details.
Playing Quake in multi-player mode can show the strength and quality of an Internet connection, says Barry Straub, network system administrator for the University of Leith. By tracking the number of times a player is "fragged", or killed by an opposing player, he's able to track the latency in a given path over the Internet -- and this will be of great use for virtual surgeons of the future.
"It's pretty simple, really," says Straub. "We just set up a couple standard gaming stations: one in the operating theatre with the patient, and one by the chief surgeon. They play against each other and report whenever they've been fragged. By tracking the frag rate, we can get a surprisingly accurate picture of the quality of the connection."
Because the gaming and surgical computers use entirely different protocols, there is no way for the two signals to get confused.
Straub admits that there is one thing that needs to be overcome before his method sees widespread use. "We've had a couple complaints from the surgeons about distractions from the gamer. And I can see their point. When you're chest-deep in someone half a continent away, you don't really want someone yelling '34t h0t l34d, suxx0rZ!' in your ear."
"But we're thinking of maybe removing the larynx of gamers for this. It's probably the simplest solution."
Open-source figurehead and programming guru Richard Stallman was unavailable for comment at press time. "He's having a gall-bladder operation right now," said a source close to the FSF founder. "He's going to be a few weeks recovering from the plasma burns."
You'll see "View their sample issue." Click on that, then click on the link for Volume 20, Issue 1. Go there. Then you'll see "A geographic perspective on commercial Internet survivability", and you can download the PDF there.
Looks like it's meant to give you only one chance at the free issue, so I think giving the direct link would be pretty useless. Whatever; you're only three clicks away from greatness.:-)
Slashdot Mirror
BTW, anyone else notice the article was actually from The Globe and Mail?
What if the artist encourages it?
What if the artist is pissed off by it?
Is violating the license less morally wrong if it's easy?
What about if the copy is of a lesser quality than the original?
What if it's a license that you like?
ftp://alien.ssl.berkeley.edu/pub/setiathome-3.08.i 686-pc-linux-gnu.tar
ftp://alien.ssl.berkeley.edu/pub/setiathome-3.08.s parc-sun-solaris2.6.tar
Can't seem to find 'em on wcarchive.cdrom.com, the other mirror site -- anyone got a link?
at the comparison page attached to the article that lets you run the same test on images that the researchers tried. In a startling discovery that is sure to earn me a Nobel Prize for Physics, Chemistry, Biology and Marital Relations, I was told the following:
"Answer: Image 1 [the Mars image](1.43702451394759 % compression) has a higher complexity measure than image 2[the image of my wife] (0.773501341151519 % compression), and thus image 1 is more probably biogenic."
Not only does this prove that there was once life on Mars, but it also proves that my wife is some sort of robot. Further research will be undertaken pending receipt of my prize money.
I can confirm that -- bought a 486 w/8MB of RAM and a 120 MB hd a while back and successfully installed slackware 7.0 (30MB free, as I recall, and a 20MB swap partition). Slackware, for these purposes (and so many others), rox. Really, I think you'd have a hard time going wrong.
Hell, there'll be so many, it'll simultaneously turn around the tech slump AND drive us all to IPv6.
Until, of course, someone mistakenly installs 10,000 of these babies in the server room. All those geeks...<shudder>
Among many, many others, I saw Vernon Schryver, the guy behind Distributed Checksum Clearinghouse, on the list. It's been pretty high volume, though, and I haven't had a chance to really spend some time reading it yet.
LOL...now that's just hilarious. Thanks for the laugh.
I just totaled up the logs for the spam graph I keep for our mail server. In maybe a year and a half, we've caught approx. 1.6 million spams. I thought we were doing well.
But Jesus Christ! Who here wants to start a pool? We'll bet on how long it'll take before AOL has stopped a googol of spam, total. I bet two and a half years; three tops.
It hasn't happened in a while, but any time I got a complaint about a customer spamming that checked out, I cut off the account immediately. This was happening about once a month for a while -- people signing up for throwaway accounts and spamming the hell out of them until they were cut off. One morning I checked my email and found spam that was sent from one of these accounts. I was able to log in, lock the account and kick 'em off our modems. That made me feel good.
As for responses to complaints: we'd get a lot of complaints when one of these episodes happened (usually through the good offices of SpamCop, who Truly Rock), and it was impossible to reply individually to each one. I took the initiative and installed Linux (had been W98) so that I could use Mutt, with all the automation that implied, to send canned responses to let people know that someone's listening.
There are two big reasons for any ISP to respond aggressively to complaints about spam:
First, it's death to end up on a blacklist. The number of complaints would be astronomical, and if you're not lucky enough to be dealing w/a blacklist with defined ways of getting off it, you're stuck either waiting for people to decide you're honest/have suffered enough, or living with random chunks of email bouncing. Have a look in news.admin.net-abuse.email (I think that's the right group -- check Google) sometime and read the complaints from people who have been blacklisted. There is no sympathy (or at least very little) in that group for anyone who is blacklisted (whether there should be sympathy is another question).
Second, and arguably more importantly, spam is just plain wrong. There were the comments of the head of an old ISP -- The Well, maybe? -- a while back; he said that for any other entity on the Internet, a DDOS on the scale of spam would be Big News and would result in action. But email, for some reason, just doesn't rate a damn. People are drowning in the stuff, but so are mail servers, and the ISPs that run them, and the admins who take care of them. Check out my journal -- we had to spend $ on getting a new server, plus my time to set it up, just to keep our customer-facing mail server from falling over from the sheer volume of the stuff. That's fucking insane, and the idea of contributing in any degree to someone else's version of that story should make anyone sick to their stomach. It is such a waste of so many resources.
So for me at least, the moral and economic incentives to take action on spam are huge, but the volume of complaints for any episode usually prevents me from replying personally. I can only imagine what it would be like for someone at AOL or Sprint or what have you. YMMV.
Best. Browser. Ever.
DOS isn't particularly new, you're right. But this seems to have been the first to have been this successful over such a wide range of the Internet, affecting all services.
Heh...looks like we both had the same idea. Great minds, eh?
This worm required rougly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.
I read that and my jaw just dropped.
This worm, from what I've read (these aren't my conclusions; I'm not that smart), did two very interesting things. The first is that it used one UDP to spread: no waiting around for the three-way TCP handshake, no hanging waiting for a reply, just send and move on to the next one. From what I understand, that's pretty new. Second, it caused most of its damage not by trashing filesystems or anything like that, but just by spewing *huge* amounts of traffic.
The first is interesting because as a tactic, it'll almost certainly be copied. The second is interesting because it probably won't be copied.
Well worth your time; it's fascinating -- and frightening -- reading. Get it here:
http://www.caida.org/analysis/security/sapphire
w00t! What a gift! I didn't think Lottie Wilkins even knew my name...
"Our goal here was to actually increase the amount of information available to customers."--Kent Roberts, executive vice president and general counsel for Network Associates.
Many good years, you two.
Agreed -- but he was also asking for good examples of Open Source goodness for TV. That's what I had in mind.
Something I meant to put in my first comment re: Learning up above -- the most important thing, I would say, is to make sure you give 'em a book with the distro on CD. Those poor saps on d/u will appreciate it.
I'd also recommend the O'Reilly Learning Linux/Redhat/Debian set. Well worth the money, and they deserve the endorsement.
Very visual, easily understood, and it'll appeal to everyone who's ever had that happen to them before.
http://www.lexum.umontreal.ca/csc-scc/en/rec/html/ harvard.en.html
Here here. Got it installed on the mail server at the ISP where I work, and boy does it rock: 40-50k messages per day caught. Check my journal if you need details.
"It's pretty simple, really," says Straub. "We just set up a couple standard gaming stations: one in the operating theatre with the patient, and one by the chief surgeon. They play against each other and report whenever they've been fragged. By tracking the frag rate, we can get a surprisingly accurate picture of the quality of the connection."
Because the gaming and surgical computers use entirely different protocols, there is no way for the two signals to get confused.
Straub admits that there is one thing that needs to be overcome before his method sees widespread use. "We've had a couple complaints from the surgeons about distractions from the gamer. And I can see their point. When you're chest-deep in someone half a continent away, you don't really want someone yelling '34t h0t l34d, suxx0rZ!' in your ear."
"But we're thinking of maybe removing the larynx of gamers for this. It's probably the simplest solution."
Open-source figurehead and programming guru Richard Stallman was unavailable for comment at press time. "He's having a gall-bladder operation right now," said a source close to the FSF founder. "He's going to be a few weeks recovering from the plasma burns."
http://www.elsevier.com/locate/tele
You'll see "View their sample issue." Click on that, then click on the link for Volume 20, Issue 1. Go there. Then you'll see "A geographic perspective on commercial Internet survivability", and you can download the PDF there.
Looks like it's meant to give you only one chance at the free issue, so I think giving the direct link would be pretty useless. Whatever; you're only three clicks away from greatness. :-)