Coarse permissions for files, and extremely coarse permissions for ports.
Files: this is one thing Windows has right. There should be all sorts of capabilities built in to Unix: append-only files, append-only by user, unchangeable permissions, and so on. FreeBSD's flags are the way to go, but like I said: they should be built in to Unix, not an extra add-on.
And a subset of that is coarse permissions of files. Why in God's name do we still enforce root-only opening for ports built in to Unix, not an optional add on. Something like "chgrp www/dev/tcp/80; chmod 600/dev/tcp/80", rather than having to open as root then drop privileges (hope you did that right!), would be amazing.
In this article some of the heroic myths we geeks tell each other (see
The Cathedral and The Bazaar) are turned on their heads: the
companies that did the good things that give us what we have lost,
and they lost precisely because they were not aggressively
proprietary like Microsoft. For example:
I argued that if it was to survive, Netscape needed to imitate
Microsoft's strategy: the creation and control of proprietary industry
standards. Serenely, Barksdale explained that Netscape actually invited
Microsoft to imitate its products, because they would never catch up. The
Internet, he said, rewarded openness and nonproprietary standards.
I suspect the characterization of Netscape is a little starry-eyed, but
I can't be the only one who thought, "No, that Netscape executive was
right!" His point (someone else can argue about how accurate it
is), though, is that rewards for "openness and nonproprietary standards"
did not go to Netscape: MS trashed them, and in the business world
Netscape lost horribly. We (as in the users of the Internet) may have
won, but we won at Netscape's expense.
And then:
In contrast, the losers in these contests have usually
made one or more common mistakes. They fail to deliver architectures
that cover the entire market, to provide products that work on multiple
platforms from multiple companies, to release well-engineered products,
or to create barriers against cloning. For example, IBM failed to retain
proprietary control over its PC architecture and then, in belatedly
attempting to recover it, fatally broke with established industry
standards. Apple and Sun restricted their operating systems to their own
hardware, alienating other hardware vendors. Netscape declined to create
proprietary APIs because it thought Microsoft would never catch up.
IBM's opening of the PC architecture is thought of by geeks as A Good
Thing: by letting go, they created the market we have today, even
though they didn't benefit from it. TFA says IBM lost market dominance
as a result. It's interesting that he doesn't address the question of
whether the PC architecture would have taken such hold of the market if
it had not been opened up to competitors in the first place...but
again, what we see as a win for PC users, he presents as a loss for
the people who came up with the PC.
It's also interesting that he doesn't explain the contradiction between
failing to "create barriers against cloning", and Apple and Sun's
"alienating other vendors" by making their OS only work on their own
hardware. He needs to pick a side on this one...
Anyhow, no grand point -- just some things that stuck out for me in TFA.
Just donated $200 (ha! take that!:-). Tried submitting it to the front page before I realized this had made it here...I suppose it's a good thing there wasn't YAD.
I agree, $(n)00 is nothing -- I've been paying my rent for almost four years now by administering FreeBSD systems, and loving the hell out of it. This is the least I can do. (Well, that and becoming a FSF member...and that's next on the list.)
More than the religious custom, fasting has a scientific reason behind it: It detoxifies whole internal system by a) giving the body some much-needed rest and b) by cleansing the traces of toxins (as there's no fresh inflow, the bodily processes work on the left-over inventory and makes sure that it is digested properly and taken care of to give a fresh start the day after the fast).
I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org:
It can be terrifying to believe that one's body is being poisoned by toxins from within. But if this were true, the human race would not have survived, says Vincent F. Cordaro, M.D., an FDA medical officer. "A person who retained wastes and toxins would be very ill and could die if not treated. The whole concept is irrational and unscientific."
Best link I could come up with on short notice.
That said, this anti-spam method sounds interesting. I've been Greylisting on my mailserver for a while now, and it's certainly helped. It would be interesting to compare & contrast and get some hard numbers on how well these (and other) approaches work.
Hey Ryan -- congrats on the story. I'm curious if you saw (or allowed) any behaviour on the compromised machines besides joining IRC or scanning for other machines; TFA didn't seem to mention this, and as you said the article itself is slashdotted.
Re:Consequences of destroying a comet
on
NASA's Deep Impact
·
· Score: 4, Interesting
Ha! Check out the Engines of Light from Ken MacLeod, who is one of the best goddamned SciFi authors since Heinlein or Gibson. The series is about Gods -- vastly intelligent, hugely complex colonies of bacteria that live in comets -- and what happens when they allow themselves to be discovered by humans.
I can't possibly do justice to the series here, but I will say that he namechecks Slashdot.
Check him out -- his books are absolutely incredible.
The "Follow the Bouncing Malware" series at ISC's Internet Storm Center has been quite good, too; it looks at what happened to Ordinary Joe's Windows computer when he surfs:
Part 4 is coming Real Soon Now (tm). The ISC handler's diary is required daily reading; always a lot of good stuff to be found. (And every now and then, there's a tale that'll make your blood run cold...)
I used to have a copy of a book of Scientific American's Amateur
Scientist columns that was published some time in the 50s --
back when they would not only give you instructions for making a
cloud chamber, but offer a radioactive speck (!) for the price of
a SASE (!!).
They also had instructions there on building linear accelerators based on Van
der Graaf generators. That wasn't good enough for me, though -- I
wanted a circular accelerator, like they had at CERN. (Somewhere,
between old report cards and essays on democracy, is a reply from
Carlo Rubbia, head of CERN at the time, to a fan letter I wrote
him.)
I got as far as convincing the local welder that he should join
some copper pipe in a circle for me for free. I'm great on ideas,
but follow-through...Kudos to these guys for doing it. That's just cool
beyond belief.
>> 2. Encourages spammers not to spam from SPF-publishing addresses.
>> (And don't forget, this is what AOL and MSN *really* care abo
>ANd it also happens to be what I as a small business and private user care about.
Bingo! Why is it a bad thing that AOL and MSN don't want people faking emails that appear to be from them? Stopping forgery, while it isn't the same as stopping spam, still has a huge benefit.
As TFS, I can tell you I got it from the ISTS news from yesterday, as linked to at the Internet Storm Center. However, if I hadn't caught it there I probably would've seen it later on when I checked Wired directly.
...in Vancouver on the 9th? God almighty, they were great. I'd never realized it before, but Jeff Tweedy has a wicked sense of humour. If they're nearby, treat yourself and go -- it'll be a long, long time before you see another live act this great.
I had a drive die on me at work. The files on it weren't that important,
and I got everything from backups anyway, but I decided to try the freezer
trick so I'd know in the future if it's worth trying.
The OS was Windows; the drive was buggered enough that it'd just
bluescreen when booting. I tried mounting it under a linux box, but it
just gave lots of scary "can't read this sector" errors. So I wrapped it
carefully in ziplock bags and put it in the freezer overnight.
Sure enough, it worked the next morning (in Linux, anyway; didn't try booting
Windows to see if that'd work) for about twenty minutes -- long enough to
get a bunch of files off, if this'd been an emergency. Then the errors
started up again, so I popped it back in the freezer. After another half
hour or so, I tried again and it still worked.
Next trick: I'm going to put some old PC133 RAM in the freezer overnight and
see if it'll work in the spare DDR333 slot I've got on my motherboard. Cross
your fingers...
Bingo! This sort of behaviour on the part of employers is exactly
what kick-started the unionization movement in the US back in the late
19th and early 20th centuries. Let's see what we've got:
Ridiculous working hours -- check
No job security ("Like it or lump it") -- check
Fear of reprisal ("they'll outsource it all to India") -- check
Listen, people, how the hell do you think we came to expect
a weekend in the first place? Or health insurance? Or overtime?
And yet every time I've seen someone suggest unionization of IT people
here, there's a chorus of "unions are corrupt, and anyway I'm too good
to need it".
Corrupt unions: yep, they happen; they're just bunches of people, after
all, and we know what people are like. But what makes you think you
can automatically and always trust the people you're working for? If
you can, great -- I'm not saying it can't happen. But in the immortal
words of Karl Marx^WRonald Reagan, "Trust but verify": have someone
on your side. Neither unions nor management are automatically saints
or devils.
And as for too good to need it -- well, I trust what TFA said about the
quality of the engineers at EA. They sound pretty damned good to me, and
yet they're getting screwed over by their management for no reason
except the profit of EA.
I'm sure that a hundred years ago there was some coal miner in Virginia
saying, "A union is only gonna prop up the slackers, and anyhow the
management'll just come in and bust heads anyway." With the benefit of
hindsight we can shake our heads and wonder how the hell he could've put
up with what he did -- yet we can't see that something similar is going
on right now.
It's a little different from what you're talking about, but check out Daisy.
It's basically an Open Source version of MS' Windows Update program (SUS, I think?) -- it runs
on a Windows computer, and periodically checks an archive you maintain of
patches to apply. It'll do the right thing -- apply 'em at once, reboot, email you the results and so on. I have yet to set it up
at work, but that's lack of time, not not lack of interest.
I'd argue that "saturating the connection" is a red herring; the real purpose of either action: to make the website unavailable to others. (The motive behind that purpose is, of course, very different.)
In any case, it doesn't change the implicit question: who d'you trust when it comes to this sort of thing, and why? Why do I feel more comfortable with AA419, and less comfortable with the editorialist's suggestion?
Compare and contrast with this editorial from The Guardian, which suggests a SETI@Home-like client to DDOS sites that host child porn.
OT discussion follows: My first reaction was, what a stupid idea -- all it takes is one faked entry on the list to turn it into a great weapon against whoever you hate today. Then I remembered Artists Against 419 and its many clones. Funny how I'm willing to trust one but not the other...
Just my two cents: Firefox 1.0-PR on Linux crashed and burned on the mozilla_die1.html page. I'm curious to know if you're using Firefox on Linux or something else.
Mars is an average of 48 million miles from Earth, though the distance can vary greatly depending on where the two planets are in their orbits around the sun. At that distance, a spacecraft traveling 625,000 miles a day would take more than 76 days to get to the red planet. But Winglee is working on ways to devise even greater speeds so the round trip could be accomplished in three months.
[hardesty:~]$ bc -l bc 1.06 Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc. This is free software with ABSOLUTELY NO WARRANTY. For details type `warranty'. 76/30 2.53333333333333333333
Greater speeds...longer trip...I thought it was just because I hadn't had any coffee yet, but no. WTF am I missing?
BTW, there's more information on UW's space research here, and more info on this program here. And for a final bit of karma-whoring, Winglee's page can be found here (he's got movies, too!).
Slashdot Mirror
Files: this is one thing Windows has right. There should be all sorts of capabilities built in to Unix: append-only files, append-only by user, unchangeable permissions, and so on. FreeBSD's flags are the way to go, but like I said: they should be built in to Unix, not an extra add-on.
And a subset of that is coarse permissions of files. Why in God's name do we still enforce root-only opening for ports built in to Unix, not an optional add on. Something like "chgrp www /dev/tcp/80; chmod 600 /dev/tcp/80", rather than having to open as root then drop privileges (hope you did that right!), would be amazing.
I argued that if it was to survive, Netscape needed to imitate Microsoft's strategy: the creation and control of proprietary industry standards. Serenely, Barksdale explained that Netscape actually invited Microsoft to imitate its products, because they would never catch up. The Internet, he said, rewarded openness and nonproprietary standards.
I suspect the characterization of Netscape is a little starry-eyed, but I can't be the only one who thought, "No, that Netscape executive was right!" His point (someone else can argue about how accurate it is), though, is that rewards for "openness and nonproprietary standards" did not go to Netscape: MS trashed them, and in the business world Netscape lost horribly. We (as in the users of the Internet) may have won, but we won at Netscape's expense.
And then:
In contrast, the losers in these contests have usually made one or more common mistakes. They fail to deliver architectures that cover the entire market, to provide products that work on multiple platforms from multiple companies, to release well-engineered products, or to create barriers against cloning. For example, IBM failed to retain proprietary control over its PC architecture and then, in belatedly attempting to recover it, fatally broke with established industry standards. Apple and Sun restricted their operating systems to their own hardware, alienating other hardware vendors. Netscape declined to create proprietary APIs because it thought Microsoft would never catch up.
IBM's opening of the PC architecture is thought of by geeks as A Good Thing: by letting go, they created the market we have today, even though they didn't benefit from it. TFA says IBM lost market dominance as a result. It's interesting that he doesn't address the question of whether the PC architecture would have taken such hold of the market if it had not been opened up to competitors in the first place...but again, what we see as a win for PC users, he presents as a loss for the people who came up with the PC.
It's also interesting that he doesn't explain the contradiction between failing to "create barriers against cloning", and Apple and Sun's "alienating other vendors" by making their OS only work on their own hardware. He needs to pick a side on this one...
Anyhow, no grand point -- just some things that stuck out for me in TFA.
I agree, $(n)00 is nothing -- I've been paying my rent for almost four years now by administering FreeBSD systems, and loving the hell out of it. This is the least I can do. (Well, that and becoming a FSF member...and that's next on the list.)
I heard this all the time when I worked at a natural foods store. I call bullshit. From QuackWatch.org:
It can be terrifying to believe that one's body is being poisoned by toxins from within. But if this were true, the human race would not have survived, says Vincent F. Cordaro, M.D., an FDA medical officer. "A person who retained wastes and toxins would be very ill and could die if not treated. The whole concept is irrational and unscientific."
Best link I could come up with on short notice.
That said, this anti-spam method sounds interesting. I've been Greylisting on my mailserver for a while now, and it's certainly helped. It would be interesting to compare & contrast and get some hard numbers on how well these (and other) approaches work.
I saw that right after I posted...funny.
Mirror
(Gathers canned goods, candles, heads for cave)
Hey Ryan -- congrats on the story. I'm curious if you saw (or allowed) any behaviour on the compromised machines besides joining IRC or scanning for other machines; TFA didn't seem to mention this, and as you said the article itself is slashdotted.
I can't possibly do justice to the series here, but I will say that he namechecks Slashdot. Check him out -- his books are absolutely incredible.
- Part 1
- Part 2
- Part 3
Part 4 is coming Real Soon Now (tm). The ISC handler's diary is required daily reading; always a lot of good stuff to be found. (And every now and then, there's a tale that'll make your blood run cold...)They also had instructions there on building linear accelerators based on Van der Graaf generators. That wasn't good enough for me, though -- I wanted a circular accelerator, like they had at CERN. (Somewhere, between old report cards and essays on democracy, is a reply from Carlo Rubbia, head of CERN at the time, to a fan letter I wrote him.)
I got as far as convincing the local welder that he should join some copper pipe in a circle for me for free. I'm great on ideas, but follow-through...Kudos to these guys for doing it. That's just cool beyond belief.
>> (And don't forget, this is what AOL and MSN *really* care abo
>ANd it also happens to be what I as a small business and private user care about.
Bingo! Why is it a bad thing that AOL and MSN don't want people faking emails that appear to be from them? Stopping forgery, while it isn't the same as stopping spam, still has a huge benefit.
Yep. Used to listen to those stations when I was a kid and big into SWL.
...in Vancouver on the 9th? God almighty, they were great. I'd never realized it before, but Jeff Tweedy has a wicked sense of humour. If they're nearby, treat yourself and go -- it'll be a long, long time before you see another live act this great.
I had a drive die on me at work. The files on it weren't that important, and I got everything from backups anyway, but I decided to try the freezer trick so I'd know in the future if it's worth trying.
The OS was Windows; the drive was buggered enough that it'd just bluescreen when booting. I tried mounting it under a linux box, but it just gave lots of scary "can't read this sector" errors. So I wrapped it carefully in ziplock bags and put it in the freezer overnight.
Sure enough, it worked the next morning (in Linux, anyway; didn't try booting Windows to see if that'd work) for about twenty minutes -- long enough to get a bunch of files off, if this'd been an emergency. Then the errors started up again, so I popped it back in the freezer. After another half hour or so, I tried again and it still worked.
Next trick: I'm going to put some old PC133 RAM in the freezer overnight and see if it'll work in the spare DDR333 slot I've got on my motherboard. Cross your fingers...
- Ridiculous working hours -- check
- No job security ("Like it or lump it") -- check
- Fear of reprisal ("they'll outsource it all to India") -- check
Listen, people, how the hell do you think we came to expect a weekend in the first place? Or health insurance? Or overtime? And yet every time I've seen someone suggest unionization of IT people here, there's a chorus of "unions are corrupt, and anyway I'm too good to need it".Corrupt unions: yep, they happen; they're just bunches of people, after all, and we know what people are like. But what makes you think you can automatically and always trust the people you're working for? If you can, great -- I'm not saying it can't happen. But in the immortal words of Karl Marx^WRonald Reagan, "Trust but verify": have someone on your side. Neither unions nor management are automatically saints or devils.
And as for too good to need it -- well, I trust what TFA said about the quality of the engineers at EA. They sound pretty damned good to me, and yet they're getting screwed over by their management for no reason except the profit of EA.
I'm sure that a hundred years ago there was some coal miner in Virginia saying, "A union is only gonna prop up the slackers, and anyhow the management'll just come in and bust heads anyway." With the benefit of hindsight we can shake our heads and wonder how the hell he could've put up with what he did -- yet we can't see that something similar is going on right now.
In any case, it doesn't change the implicit question: who d'you trust when it comes to this sort of thing, and why? Why do I feel more comfortable with AA419, and less comfortable with the editorialist's suggestion?
OT discussion follows: My first reaction was, what a stupid idea -- all it takes is one faked entry on the list to turn it into a great weapon against whoever you hate today. Then I remembered Artists Against 419 and its many clones. Funny how I'm willing to trust one but not the other...
http://maps.google.com/q=nuclear+OR+Cbiological+OR +chemical+weapons+-usa+-china%+-uk&sourceid=mozill a-search
Not only the right decision, but one that quotes Lawrence Lessig. How cool is that?
Just my two cents: Firefox 1.0-PR on Linux crashed and burned on the mozilla_die1.html page. I'm curious to know if you're using Firefox on Linux or something else.
Aha...no coffee == no comprehension. Thanks for filling me in. I will now go soak my head in caffeine.
BTW, there's more information on UW's space research here, and more info on this program here. And for a final bit of karma-whoring, Winglee's page can be found here (he's got movies, too!).