Even if the code has the same holes (maybe, maybe not, there are significant code base differences in the Mac version, though the back end stuff is probably the same) it is extremely unlikely the payload would work. Remember, this is not a script virus (with the same script lang on Mac and PC), but a buffer overflow that has to gork the stack. The payload is essentially assembler, so it works on only one chip/ABI. Probably not enough Mac folks to make it worth spreading the bug.
Also, (AFAIK) gopher protocol has no concept of "User-Agent" so a malicious server wouldn't know what platform the client is on, so you might as well target the most common (IA32) one.
A couple questions: IE technically uses Spyglass code, Spyglass being the company the half of the Mosiac folks who weren't in Netscape founded to do browser parts instead of whole browser. Does Andreeson get a cut of this? I'm a U of I alum, and I know students don't automatically get a cut of anything they did as undergrad research, so unless he made a deal with U of I, Andreeson doesn't get cash.
And if he does get money, how much is this? I know there are a lot of companies that use IE parts: (Yahoo! messenger, AOL, even Morpheus KaZaa/FastTrack client) but how much money is this? I heard Spyglass got f**ked when they signed the code sharing agreement, Microsoft agreed to give them a cut of browser sales (not part sales), which was of course $0.
Don't need one OS just to get drivers working everywhere.
Check out Project UDI, device drivers source compatible everywhere, binary compatible on platforms with the same ABI. This is what OpenUNIX 8 uses under the hood. Microsoft will never join, because everyone targets them anyway, and its to their advantage for stuff not to work on other systems.
Damn, I was just going to post this, you beat me to it, bastard....
Due to the limits of only being able to address of 64Kb of RAM, they played some cool tricks with the architecture. It had a few different chips that read from the address bus, including the SID (sound) chip and the graphics controller. You could hit a couple hardware registers and use some memory overlays, say overlay 16Kb of graphics memory in one of a few locations. If you set memory in an overlaid area, say for graphics, you'd set the overlaid graphics memory, and the graphics controller would read from there. But the CPU would read from the normal, non-overlaid RAM underneath. You'd never be able to read what you just set. Yeah, you couldn't use the area underneath the overlay for data, but you could use it as your text segment.
To the comments on "Die XENIX Die", OpenUNIX is NOT tho old SCO code base.
OpenUNIX 8 is basically UnixWare with Linux binary support and some new driver stuff in it - SCO has been a supporter of Project UDI since the beginning, and this is there new kernel Device Driver Interface.
The old SCO 5, SVR3 based, file system symlinked to an ounce of it's life code base is called OpenServer. Still being sold, though I bet it's had a fork stuck in it for quite some time.
Even better would be to publish all of it as GPL code, but that will probably not happen because part of the code might be licensed from third parties.
UNIX has been around for such a long time, and there are so many cooks with a hand in that stew... I think gettting all the folks together to relicense it will be a serious undertaking. Just think, Microsoft's XENIX is a part of it now, so now you have to (possibly) ask Billy Boy to relicense under the GPL. Hmm, how likely is that?
Why chose Star Wars, why not chose movies that really need it?
* Lets remove Paulie Shore from all movies. Change him with an actor. A real one.
* Remove Keanu Reaves from all movies except Bill & Ted I and II, Speed, and maybe the Matrix (Keanu only is good if he's playing someone confused, he was in the Matrix).
* Go back to the Terminator movies, change Arnold's voice so you don't have to explain why a Robot designed by the Robots from an American firm has a strong Australian accent.
I was lucky enough to hit Paris once, in the Musee d'Orsay I hit a tour. The painter was named Courbet, and he had this one painting with a bunch of folks attending a funeral. In the background, there was a hazy image of a woman. Some liken her to a ghost, but he wasn't a religious man and doubtful if he believed in ghosts. Rather it was a paintover. He had a figure in the background, didn't like it, so he painted it over. Later, the image begane to show through the paintover, creating a ghost image.
I found it interesting. It didn't kill the painting, the meaning was still there. But it showed the technique, showed the decisions.
Sure, Lucas screwed up parts of the story, his talent isn't really in written storytelling. But that's cool, I accept that. And I see value in seeing where the story goes, and the mistakes he made.
I thought it was great the way Jabba was added to A New Hope
For story continuity reasons, maybe. But the way they physically did it was awfully clunky. They had shot a scene of Han walking around a big fat guy wearing a weird costume. Not "Jabba" enough I guess. So later when they CG add Jabba, the body sizes are off. So Han has to walk on Jabba's tail to walk around him. Bad, clunky. OK, this guy wants to kill me, let me walk on him, but then again the CG Jabba doesn't have a reaction at all anyway to this guy walking on him, so what the hell. Worse, they have to CG elevate Han, so all of a sudden, he just pops up maybe 2 feet, then pops down, no natural ovement at all. Very clunky.
I also remember, maybe in a comic, that Luke and Leia kissed. Kinda icky since they're brother and sister. Just shows that Lucas never really thought the whole thing out, kinda shooting from the hip. That's not a bad thing, just don't confuse him with a story visionary.
Stallman says Linux should be GNU/Linux because a subset of the user level tools are from the GNU project....
If I have a mac with Office on it, does that make it Microsoft/MacOS?
Also, yes, Linux gets play from having GNU tools available, but so does GNU. How many people have downloaded and installed the Hurd? How many people would be exposed to GNU tools without Linux? gcc probably, but gcc isn't under direct FSF control anymore anyway. It was stagnating so much that they forked it into egcs, then egcs became the mainline branch.
Hmmm, I don't remember that source code releases caused Nimda. Someone just probed with a long URL, caused a core dump (err, fault) realized this was from an unchecked buffer, and wrote the worm. No source needed to write the virus.
Melissa? A combination of knowing about a way too scriptable mail client, knowing that most folks don't have extensions showing (another great MSism, don't show people what they get from unknown, untrusted folks in the mail), even though most would probably click on a.vbs file anyway. Pick up a VB book, write a virus. No source needed to write the virus.
MS Word & Excel virii? Way too scriptable applications. Also from a VB book. No source needed to write the virus.
Besides, the errors need to be fixed. Secuurity through obscurity hasn't really worked so far.
Incredible software quality story - from a recent New York Times.
It took the European Space Agency 10 years and $7 billion to produce Ariane 5, a giant rocket capable of hurling a pair of three-ton satellites into orbit with each launch and intended to give Europe overwhelming supremacy in the commercial space business.
All it took to explode that rocket less than a minute into its maiden voyage last June, scattering fiery rubble across the mangrove swamps of French Guiana, was a small computer program trying to stuff a 64-bit number into a 16-bit space.
One bug, one crash. Of all the careless lines of code recorded in the annals of computer science, this one may stand as the most devastatingly efficient. From interviews with rocketry experts and an analysis prepared for the space agency, a clear path from an arithmetic error to total destruction emerges.
To play the tape backward:
At 39 seconds after launch, as the rocket reached an altitude of two and a half miles, a self-destruct mechanism finished off Ariane 5, along with its payload of four expensive and uninsured scientific satellites. Self-destruction was triggered automatically because aerodynamic forces were ripping the boosters from the rocket.
This disintegration had begun instantaneously when the spacecraft swerved off course under the pressure of the three powerful nozzles in its boosters and main engine. The rocket was making an abrupt course correction that was not needed, compensating for a wrong turn that had not taken place.
Steering was controlled by the on-board computer, which mistakenly thought the rocket needed a course change because of numbers coming from the inertial guidance system. That device uses gyroscopes and accelerometers to track motion. The numbers looked like flight data -- bizarre and impossible flight data -- but were actually a diagnostic error message. The guidance system had in fact shut down. This shutdown occurred 36.7 seconds after launch, when the guidance system's own computer tried to convert one piece of data -- the sideways velocity of the rocket -- from a 64-bit format to a 16-bit format. The number was too big, and an overflow error resulted.
When the guidance system shut down, it passed control to an identical, redundant unit, which was there to provide backup in case of just such a failure. But the second unit had failed in the identical manner a few milliseconds before. It was running the same software.
This bug belongs to a species that has existed since the first computer programmers realized they could store numbers as sequences of bits, atoms of data, ones and zeroes: 1001010001101001. . . . A bug like this might crash a spreadsheet or word processor on a bad day.
Ordinarily, though, when a program converts data from one form to another, the conversions are protected by extra lines of code that watch for errors and recover gracefully. Indeed, many of the data conversions in the guidance system's programming included such protection.
But in this case, the programmers had decided that this particular velocity figure would never be large enough to cause trouble. After all, it never had been before. Unluckily, Ariane 5 was a faster rocket than Ariane 4. One extra absurdity: the calculation containing the bug, which shut down the guidance system, which confused the on-board computer, which forced the rocket off course, actually served no purpose once the rocket was in the air. Its only function was to align the system before launch. So it should have been turned off. But engineers chose long ago, in an earlier version of the Ariane, to leave this function running for the first 40 seconds of flight -- a "special feature" meant to make it easy to restart the system in the event of a brief hold in the countdown.
The Europeans hope to launch a new Ariane 5 next spring, this time with a newly designated "software architect" who will oversee a process of more intensive and, they hope, realistic ground simulation.
Simulation is the great hope of software debuggers everywhere, though it can never anticipate every feature of real life. "Very tiny details can have terrible consequences," says Jacques Durand, head of the project, in Paris. "That's not surprising, especially in a complex software system such as this is."
These days, we have complex software systems everywhere. We have them in our dishwashers and in our wristwatches, though they're not quite so mission-critical. We have computers in our cars -- from 15 to 50 microprocessors, depending how you count: in the engine, the transmission, the suspensions, the steering, the brakes and every other major subsystem. Each runs its own software, thoroughly tested, simulated and debugged, no doubt.
Bill Powers, vice president for research at Ford, says that cars' computing power is increasingly devoted not just to actual control but to diagnostics and contingency planning -- "Should I abort the mission, and if I abort, where would I go?" he says. "We also have what's called a limp-home strategy." That is, in the worst case, the car is supposed to behave more or less normally, like a car of the pre-computer era, instead of, say, taking it upon itself to swerve into the nearest tree.
The European investigators chose not to single out any particular contractor or department for blame. "A decision was taken," they wrote. "It was not analyzed or fully understood." And "the possible implications of allowing it to continue to function during flight were not realized." They did not attempt to calculate how much time or money was saved by omitting the standard error-protection code.
"The board wishes to point out," they added, with the magnificent blandness of many official accident reports, "that software is an expression of a highly detailed design and does not fail in the same sense as a mechanical system." No. It fails in a different sense. Software built up over years from millions of lines of code, branching and unfolding and intertwining, comes to behave more like an organism than a machine.
"There is no life today without software," says Frank Lanza, an executive vice president of the American rocket maker Lockheed Martin. "The world would probably just collapse." Fortunately, he points out, really important software has a reliability of 99.9999999 percent. At least, until it doesn't.
I got this too. The bastards. Odd that they say to update to a "later" browser, such as Netscape 4.08 or IE 4.0. Getting mail works fine though, who knew.
Doonesbury used to really rip on the Newton. Maybe you could find an old strip.
Not quite a Newton, but Newton inspired. Ratbert wanted to be Dilbert's PDA. Write on his tummy, and his handwriting recognition would see the phrase, and he'd remember it. Dilbert picked him up, started scribbling. Ratbert reads it "Weave me a cone, yew cupid bat".
And actually the later Newton's were much better at it, from what I remember.
Internet Explorer was trademarked before MS made IE. They got sued. Microsoft's defense - "Internet Explorer" was too general to be trademarked. Kinda funny from the same folks whose lawyers come down on you like a ton of bricks to anyone who dares play with the airtight and specific "Windows" trademark.
In Chicago, most of the really expensive (cover >= $10) here already videotape all IDs coming into the place. This to help prove everybody was of age. Dunno if the cops can subpeona this or not. Not as bad as automatic reading, but still more than I'd like.
I was young and stupid, and years ago I used my real, work address on Usenet. I answered a lot of newbie questions, so I wanted to make it easier for them to reply. Back then, I got 2 or 3 pieces of SPAM an hour, so didn't seem to cause much damage.
Now I get that in an hour. I got a big spike when Google brought back old posts. We have Netscape Messenger Service as our mail server. I usually use IMAP, though there is a web interface I sometimes am stuck with. Is there a way of filtering this account? Supposedly you can do server based filters in some clients, but our NMS doesn't seem to support this. I'm on a W2K box, so i'm not sure if fetchmail is an option.
Slashdot Mirror
Oddly enough, I had tagged bz2 as application/octet stream, and it named everything *.bz2 after that
1) running a substitution on every page would get processor intensive.
2) It would be ineffective anyway, a document.write("A HREF=\"g" + "opher..... would get around your filter.
Even if the code has the same holes (maybe, maybe not, there are significant code base differences in the Mac version, though the back end stuff is probably the same) it is extremely unlikely the payload would work. Remember, this is not a script virus (with the same script lang on Mac and PC), but a buffer overflow that has to gork the stack. The payload is essentially assembler, so it works on only one chip/ABI. Probably not enough Mac folks to make it worth spreading the bug.
Also, (AFAIK) gopher protocol has no concept of "User-Agent" so a malicious server wouldn't know what platform the client is on, so you might as well target the most common (IA32) one.
A couple questions:
IE technically uses Spyglass code, Spyglass being the company the half of the Mosiac folks who weren't in Netscape founded to do browser parts instead of whole browser. Does Andreeson get a cut of this? I'm a U of I alum, and I know students don't automatically get a cut of anything they did as undergrad research, so unless he made a deal with U of I, Andreeson doesn't get cash.
And if he does get money, how much is this? I know there are a lot of companies that use IE parts: (Yahoo! messenger, AOL, even Morpheus KaZaa/FastTrack client) but how much money is this? I heard Spyglass got f**ked when they signed the code sharing agreement, Microsoft agreed to give them a cut of browser sales (not part sales), which was of course $0.
Don't need one OS just to get drivers working everywhere.
Check out Project UDI, device drivers source compatible everywhere, binary compatible on platforms with the same ABI. This is what OpenUNIX 8 uses under the hood. Microsoft will never join, because everyone targets them anyway, and its to their advantage for stuff not to work on other systems.
Run: /dev/zero | /dev/null
cat
and see your kernel CPU usage go to 98% or something. The things I do when I get bored.
Due to the limits of only being able to address of 64Kb of RAM, they played some cool tricks with the architecture. It had a few different chips that read from the address bus, including the SID (sound) chip and the graphics controller. You could hit a couple hardware registers and use some memory overlays, say overlay 16Kb of graphics memory in one of a few locations. If you set memory in an overlaid area, say for graphics, you'd set the overlaid graphics memory, and the graphics controller would read from there. But the CPU would read from the normal, non-overlaid RAM underneath. You'd never be able to read what you just set. Yeah, you couldn't use the area underneath the overlay for data, but you could use it as your text segment.
OpenUNIX 8 is basically UnixWare with Linux binary support and some new driver stuff in it - SCO has been a supporter of Project UDI since the beginning, and this is there new kernel Device Driver Interface.
The old SCO 5, SVR3 based, file system symlinked to an ounce of it's life code base is called OpenServer. Still being sold, though I bet it's had a fork stuck in it for quite some time.
UNIX has been around for such a long time, and there are so many cooks with a hand in that stew... I think gettting all the folks together to relicense it will be a serious undertaking. Just think, Microsoft's XENIX is a part of it now, so now you have to (possibly) ask Billy Boy to relicense under the GPL. Hmm, how likely is that?
* Lets remove Paulie Shore from all movies. Change him with an actor. A real one.
* Remove Keanu Reaves from all movies except Bill & Ted I and II, Speed, and maybe the Matrix (Keanu only is good if he's playing someone confused, he was in the Matrix).
* Go back to the Terminator movies, change Arnold's voice so you don't have to explain why a Robot designed by the Robots from an American firm has a strong Australian accent.
I found it interesting. It didn't kill the painting, the meaning was still there. But it showed the technique, showed the decisions.
Sure, Lucas screwed up parts of the story, his talent isn't really in written storytelling. But that's cool, I accept that. And I see value in seeing where the story goes, and the mistakes he made.
For story continuity reasons, maybe. But the way they physically did it was awfully clunky. They had shot a scene of Han walking around a big fat guy wearing a weird costume. Not "Jabba" enough I guess. So later when they CG add Jabba, the body sizes are off. So Han has to walk on Jabba's tail to walk around him. Bad, clunky. OK, this guy wants to kill me, let me walk on him, but then again the CG Jabba doesn't have a reaction at all anyway to this guy walking on him, so what the hell. Worse, they have to CG elevate Han, so all of a sudden, he just pops up maybe 2 feet, then pops down, no natural ovement at all. Very clunky.
I also remember, maybe in a comic, that Luke and Leia kissed. Kinda icky since they're brother and sister. Just shows that Lucas never really thought the whole thing out, kinda shooting from the hip. That's not a bad thing, just don't confuse him with a story visionary.
find
still have to remove BSD special ones from this
Geez, it's a good thing Microsoft hasn't released any source code, then we might get a virus or worm in a Microsoft product.
If I have a mac with Office on it, does that make it Microsoft/MacOS?
Also, yes, Linux gets play from having GNU tools available, but so does GNU. How many people have downloaded and installed the Hurd? How many people would be exposed to GNU tools without Linux? gcc probably, but gcc isn't under direct FSF control anymore anyway. It was stagnating so much that they forked it into egcs, then egcs became the mainline branch.
Melissa? A combination of knowing about a way too scriptable mail client, knowing that most folks don't have extensions showing (another great MSism, don't show people what they get from unknown, untrusted folks in the mail), even though most would probably click on a
MS Word & Excel virii? Way too scriptable applications. Also from a VB book. No source needed to write the virus.
Besides, the errors need to be fixed. Secuurity through obscurity hasn't really worked so far.
In depth expl. of Ariane 5 sent to me.
Incredible software quality story - from a recent New York Times.
It took the European Space Agency 10 years and $7 billion to produce
Ariane 5, a giant rocket capable of hurling a pair of three-ton satellites
into orbit with each launch and intended to give Europe overwhelming
supremacy in the commercial space business.
All it took to explode that rocket less than a minute into its maiden
voyage last June, scattering fiery rubble across the mangrove swamps of
French Guiana, was a small computer program trying to stuff a 64-bit
number into a 16-bit space.
One bug, one crash. Of all the careless lines of code recorded in the
annals of computer science, this one may stand as the most devastatingly
efficient. From interviews with rocketry experts and an analysis prepared
for the space agency, a clear path from an arithmetic error to total
destruction emerges.
To play the tape backward:
At 39 seconds after launch, as the rocket reached an altitude of two and a
half miles, a self-destruct mechanism finished off Ariane 5, along with
its payload of four expensive and uninsured scientific satellites.
Self-destruction was triggered automatically because aerodynamic forces
were ripping the boosters from the rocket.
This disintegration had begun instantaneously when the spacecraft swerved
off course under the pressure of the three powerful nozzles in its
boosters and main engine. The rocket was making an abrupt course
correction that was not needed, compensating for a wrong turn that had not
taken place.
Steering was controlled by the on-board computer, which mistakenly thought
the rocket needed a course change because of numbers coming from the
inertial guidance system. That device uses gyroscopes and accelerometers
to track motion. The numbers looked like flight data -- bizarre and
impossible flight data -- but were actually a diagnostic error message.
The guidance system had in fact shut down. This shutdown occurred 36.7
seconds after launch, when the guidance system's own computer tried to
convert one piece of data -- the sideways velocity of the rocket -- from a
64-bit format to a 16-bit format. The number was too big, and an overflow
error resulted.
When the guidance system shut down, it passed control to an identical,
redundant unit, which was there to provide backup in case of just such a
failure. But the second unit had failed in the identical manner a few
milliseconds before. It was running the same software.
This bug belongs to a species that has existed since the first computer
programmers realized they could store numbers as sequences of bits, atoms
of data, ones and zeroes: 1001010001101001. . . . A bug like this might
crash a spreadsheet or word processor on a bad day.
Ordinarily, though, when a program converts data from one form to another,
the conversions are protected by extra lines of code that watch for errors
and recover gracefully. Indeed, many of the data conversions in the
guidance system's programming included such protection.
But in this case, the programmers had decided that this particular
velocity figure would never be large enough to cause trouble. After all,
it never had been before. Unluckily, Ariane 5 was a faster rocket than
Ariane 4. One extra absurdity: the calculation containing the bug, which
shut down the guidance system, which confused the on-board computer, which
forced the rocket off course, actually served no purpose once the rocket
was in the air. Its only function was to align the system before launch.
So it should have been turned off. But engineers chose long ago, in an
earlier version of the Ariane, to leave this function running for the
first 40 seconds of flight -- a "special feature" meant to make it easy to
restart the system in the event of a brief hold in the countdown.
The Europeans hope to launch a new Ariane 5 next spring, this time with a
newly designated "software architect" who will oversee a process of more
intensive and, they hope, realistic ground simulation.
Simulation is the great hope of software debuggers everywhere, though it
can never anticipate every feature of real life. "Very tiny details can
have terrible consequences," says Jacques Durand, head of the project, in
Paris. "That's not surprising, especially in a complex software system
such as this is."
These days, we have complex software systems everywhere. We have them in
our dishwashers and in our wristwatches, though they're not quite so
mission-critical. We have computers in our cars -- from 15 to 50
microprocessors, depending how you count: in the engine, the transmission,
the suspensions, the steering, the brakes and every other major subsystem.
Each runs its own software, thoroughly tested, simulated and debugged, no
doubt.
Bill Powers, vice president for research at Ford, says that cars'
computing power is increasingly devoted not just to actual control but to
diagnostics and contingency planning -- "Should I abort the mission, and
if I abort, where would I go?" he says. "We also have what's called a
limp-home strategy." That is, in the worst case, the car is supposed to
behave more or less normally, like a car of the pre-computer era, instead
of, say, taking it upon itself to swerve into the nearest tree.
The European investigators chose not to single out any particular
contractor or department for blame. "A decision was taken," they wrote.
"It was not analyzed or fully understood." And "the possible implications
of allowing it to continue to function during flight were not realized."
They did not attempt to calculate how much time or money was saved by
omitting the standard error-protection code.
"The board wishes to point out," they added, with the magnificent
blandness of many official accident reports, "that software is an
expression of a highly detailed design and does not fail in the same sense
as a mechanical system." No. It fails in a different sense. Software
built up over years from millions of lines of code, branching and
unfolding and intertwining, comes to behave more like an organism than a
machine.
"There is no life today without software," says Frank Lanza, an executive
vice president of the American rocket maker Lockheed Martin. "The world
would probably just collapse." Fortunately, he points out, really
important software has a reliability of 99.9999999 percent. At least,
until it doesn't.
Hmm, this looked interesting, explains differently from what I learned in physics class.
Urban legends expl. of bridge
I got this too. The bastards. Odd that they say to update to a "later" browser, such as Netscape 4.08 or IE 4.0. Getting mail works fine though, who knew.
Not quite a Newton, but Newton inspired. Ratbert wanted to be Dilbert's PDA. Write on his tummy, and his handwriting recognition would see the phrase, and he'd remember it. Dilbert picked him up, started scribbling. Ratbert reads it "Weave me a cone, yew cupid bat".
And actually the later Newton's were much better at it, from what I remember.
Internet Explorer was trademarked before MS made IE. They got sued. Microsoft's defense - "Internet Explorer" was too general to be trademarked. Kinda funny from the same folks whose lawyers come down on you like a ton of bricks to anyone who dares play with the airtight and specific "Windows" trademark.
In an odd karma thing, maybe 3 seconds after I started reading this comment, the program I'm pseudo watching played Blitzkreig Bop. WEIRD.
How do the digital re-releases, with their (admittedly minor) changes to the plot celebrate the story the way it is?
In Chicago, most of the really expensive (cover >= $10) here already videotape all IDs coming into the place. This to help prove everybody was of age. Dunno if the cops can subpeona this or not. Not as bad as automatic reading, but still more than I'd like.
I was young and stupid, and years ago I used my real, work address on Usenet. I answered a lot of newbie questions, so I wanted to make it easier for them to reply. Back then, I got 2 or 3 pieces of SPAM an hour, so didn't seem to cause much damage.
Now I get that in an hour. I got a big spike when Google brought back old posts. We have Netscape Messenger Service as our mail server. I usually use IMAP, though there is a web interface I sometimes am stuck with. Is there a way of filtering this account? Supposedly you can do server based filters in some clients, but our NMS doesn't seem to support this. I'm on a W2K box, so i'm not sure if fetchmail is an option.