Two problems with the headline Palin Email Hacker Found:
This news came out days ago. Slashdot is now as timely as the dead-tree old media?
As the subject line says, the guessing involved to gain access to this email account required no technical skill so shouldn't be called hacking or cracking.
A better headline would have been Legal punishment options for Palin email thief.
After evaluating several options, one approach was clear -- and, I must admit, somewhat embarassing to Paul [Vixie, primary architect of BIND].
DJB was right. All those years ago, Dan J. Bernstein was right: Source Port Randomization should be standard on every name server in production use.
There is a fantastic quote that guides a lot of the work I do: Luck is the residue of design. Dan Bernstein is a notably lucky programmer, and that's no accident. The professor lives and breathes systems engineering in a way that my hackish code aspires to one day experience. DJB got âoeluckyâ here â" he ended up defending himself against an attack he almost certainly never encountered.
Note the weasel words here, that DJB got lucky and ended up defending against an attack he never encountered. Even while crediting him for being right, Kaminsky won't admit that Bernstein anticipated these attacks several years ago, documented them clearly, and designed djbdns to deal with them as best the broken protocol allows.
In all of Kaminsky's self-congratulatory hype about finding the bug and coordinating the patch effort, he never once suggests the obvious -- that people at least consider using the most secure DNS software available by switching to djbdns.
One nameserver is notable for having gotten both the query-id and source-port randomness right from the start: DJBDNS by the legendary Daniel J. Bernstein.
Though long a lightning rod for controversy, he's clearly walked the walk on security: there's never been a security vulnerability in DJBDNS.
The notion that Bernstein drives people crazy and has been a lightning rod for controversy stems from his appropriately harsh and blunt assessments of poorly designed software, particularly Sendmail and BIND. But Bernstein's critics are essentially admitting that for them, correctness is less important than not having one's feelings hurt.
This item probably shouldn't be tagged with Beowulf.
Most Beowulf clusters run parallel codes written to use the Message_Passing_Interface (MPI). MPI programs really don't want to be migrated to different nodes while they're running, so load management is achived through schedulers such as Grid Engine, TORQUE, and others. These schedulers avoid the need for process migration by preallocating the resources (compute nodes) in advance, and prevent the load imbalance from happening in the first place. openMosix waits for the imbalance to slow down the computation before it migrates a process to relieve the problem.
The press release submitted by eldavojohn was issued on September 28, 2005! The media briefing hadn't even started when this posting was approved!
Attention slashdot "editors" -- the reason why you're losing mindshare to digg and other sites is for editing like this -- only a novice or clueless "editor" would get taken in by a bogus submission about a real event ocurring because they didn't trivally check its contents.
It's far too easy to slip things past slashdot's "editors", since a single "editor" can have the wool pulled over his eyes. Thus the surge in popularity of sites like digg, since (to build on esr's quote) Given enough eyeballs, all scams are transparent.
Chartered Semiconductor has warned that due to weaker than expected demand for end product devices in the second quarter, its customers are being cautious on committing to any increases in production runs. The foundry now expects business to be flat for the third quarter.
[snip]
More worryingly, Thomas noted that the foundry was seeing particular weakness in the consumer video gaming market, referring it is assumed to the demand for Microsoft's Xbox 360 microprocessors.
Nowhere in that article does he say "Linux is for losers" or use that label. The headline of the story rhetorically asks that question, way to generate flamebait, Forbes & Slashdot editors!
From the second paragraph of the Wired article on virtual trade:
...the secondary market for virtual goods is estimated at $880 million annually.
Don't you love how the reporter slips that in without offering any source or supportive information?
Let's see, a look at mmogchart.com shows that there are barely 8.8 million total MMOG subscribers.
Are we to believe that MMOG subscribers spend an average of $100 annually on virtual trade after the cost of the subscriptions themselves? No way.
Perhaps 10 percent of subscribers play intensely enough in games with viable virtual markets to spend $100 annually on virtual trade, which works out to $88 million annually.
The quoted estimate is junk, off by an order of magnitude. When such obvious garbage is highlighted at the top of an article it's a good sign that there's little point in reading the rest of the piece.
These comments treating DJB like any other professor and complaining to the administration make me laugh.
Can you take a class taught by Linus Torvalds? Larry Wall? Other open-source luminaries?
DJB has written some incredibly good software: qmail and djbdns being the prime examples. As a long-time qmail and djbdns user, I think the opportunity to take a class taught by DJB would be an incredibly stimulating learning experience, regardless of grade.
But I thought Saddam and Osama were like.. you know.. an item.
You are more correct than you know. Material that recently came to light showing Saddam and Osama are now intimately involved was published earlier this fall in an obscure periodical.
I have the issue and the photographs are incredible.
Slashdot Mirror
A better headline would have been Legal punishment options for Palin email thief.
You aren't misinterpreting -- from Dan Kaminsky's blog:
Note the weasel words here, that DJB got lucky and ended up defending against an attack he never encountered. Even while crediting him for being right, Kaminsky won't admit that Bernstein anticipated these attacks several years ago, documented them clearly, and designed djbdns to deal with them as best the broken protocol allows.
In all of Kaminsky's self-congratulatory hype about finding the bug and coordinating the patch effort, he never once suggests the obvious -- that people at least consider using the most secure DNS software available by switching to djbdns.
Steve Friedl is better at crediting Bernstein -- way down near the bottom of the excellent An Illustrated Guide to the Kaminsky DNS Vulnerability Friedl says this:
The notion that Bernstein drives people crazy and has been a lightning rod for controversy stems from his appropriately harsh and blunt assessments of poorly designed software, particularly Sendmail and BIND. But Bernstein's critics are essentially admitting that for them, correctness is less important than not having one's feelings hurt.
Most Beowulf clusters run parallel codes written to use the Message_Passing_Interface (MPI). MPI programs really don't want to be migrated to different nodes while they're running, so load management is achived through schedulers such as Grid Engine, TORQUE, and others. These schedulers avoid the need for process migration by preallocating the resources (compute nodes) in advance, and prevent the load imbalance from happening in the first place. openMosix waits for the imbalance to slow down the computation before it migrates a process to relieve the problem.
If you check the archives of the Beowulf mailing list, you'll see that while the Beowulf community knows about openMosix, very few Beowulfers use it.
Here are the real links that refer to today's media briefing:
ZDnet blog posting by Garett Rogers.
NASA's media advisory about today's media briefing (link via Gregg's blog post).
Article in New Scientist about Google and NASA's iEarth software (link via Gregg's blog post).
Start rant
The press release submitted by eldavojohn was issued on September 28, 2005! The media briefing hadn't even started when this posting was approved!
Attention slashdot "editors" -- the reason why you're losing mindshare to digg and other sites is for editing like this -- only a novice or clueless "editor" would get taken in by a bogus submission about a real event ocurring because they didn't trivally check its contents.
It's far too easy to slip things past slashdot's "editors", since a single "editor" can have the wool pulled over his eyes. Thus the surge in popularity of sites like digg, since (to build on esr's quote) Given enough eyeballs, all scams are transparent.
-- An unhappy long-time reader.
End rant
After rape a little burglary is nothing!
If you doubt Microsoft was behind this, just ask yourself: Cui bono? Can't have Linux on old hardware outdoing Vista on expensive new boxes.
Next on the agenda: beating up little old ladies for violating Vista's built-in DRM!
(Note to the humor-impaired: Yes, this entire post is a joke.)
- Installed Ubuntu
- Skimmed this Windows XP Install Guide
when it hit me...Linux is now easier to install than Windows!The basic premise underlying the above joke, that Linux is harder to use than Windows, is no longer true -- at least for installing the O/S.
I never thought I'd see this day.
From the article at Semiconductor Fabtech:
Um, the "ATI's new multi-GPU chipset" link actually points to a slashdot article entitled "AMD Athlon 64 Dual Core Chips Released".
How company can make money, if its products are available for free?
Bottled water companies are making money selling a product that everyone already has in abundant quantities right in their own home!
Bottled water is a $4 billion/year market and is still growing.
> perl -e 'foreach (@ARGV) { print pack("B*", $_);} print "\n"; ' 01000001 01101100 01101100 00100000 01111001 01101111 01110101 01110010 00100000 01100010 01100001 01110011 01100101 00100000 01100001 01110010 01100101 00100000 01100010 01100101 01101100 01101111 01101110 01100111 00100000 01110100 01101111 00100000 01110101 01110011 00100001
All your base are belong to us!
>
Let's see, a look at mmogchart.com shows that there are barely 8.8 million total MMOG subscribers. Are we to believe that MMOG subscribers spend an average of $100 annually on virtual trade after the cost of the subscriptions themselves? No way.
Perhaps 10 percent of subscribers play intensely enough in games with viable virtual markets to spend $100 annually on virtual trade, which works out to $88 million annually.
The quoted estimate is junk, off by an order of magnitude. When such obvious garbage is highlighted at the top of an article it's a good sign that there's little point in reading the rest of the piece.
Can you take a class taught by Linus Torvalds? Larry Wall? Other open-source luminaries?
DJB has written some incredibly good software: qmail and djbdns being the prime examples. As a long-time qmail and djbdns user, I think the opportunity to take a class taught by DJB would be an incredibly stimulating learning experience, regardless of grade.
Not P-Code, GCC should compile to Parrot bytecode. Then you just boot into the Parrot VM.
Strike The Root Blog
KarenDeCoster.com Web Log
And as long as you're already surfing, check out the main sites too:
LewRockwell.com
Strike the Root
I have the issue and the photographs are incredible.
There's another option, too:
Bytemark Hosting offers Linux virtual machines via User-mode Linux.
Bytemark supports Open Source with contributions to Debian and discounts for Open Source developers.
Debian is one of the distro options. Primary DNS on Bytemark's DNS servers is included (running djbdns, win win).