Look, it's one thing to find a vulnerability, and another thing to say "oh look, let's see how far this goes and play with it before we tell anyone."
It's like discovering that there's a loose brick in the wall between the boys' locker room and the girls' shower room at school: getting an eyeful before reporting is still wrong.
They probably got searched to see if they did the equivalent of "taking pictures."
After the presidential elections in 2000, I tried to get my name off the mailing list at "echampions2000.com," where I had subscribed just to be entered for some sweepstakes. However, none of the "you will be removed if you do this" URLs or email addresses worked, over a couple of months.
Finally, in October of last year, I sent email out to gopteamleader@gopteamleader.com, dns@rnchq.org, ipadmin@gblx.net, abuse@rnchq.org, abuse@gopteamleader.com, abuse@gblx.net, abuse@rncmail.org, abuse@verio.net, postmaster@rnchq.org, postmaster@gopteamleader.com, postmaster@rncmail.org, abuse@onr.com, abuse@texasgop.org, postmaster@texasgop.org, and some individuals and consultants who I found through SOA searches and whois records, complaining about the situation, and asking each company hosting servers or IP for these guys to look into this.
I did finally get a message back from one of the webmasters, who promised me that my name would be removed. He was from the Texas GOP site, though, so I wondered if he really could remove me after the fact from the national organizations he had shared my name with. None of the carriers, of course, bothered to answer; having seen from the ISP side how these complaints get handled, I added them only to show the spammers I meant business.
Everything was fine until March or April, when I started getting spam again. I've been Spamcopping it since then, though now that I'm playing with SpamNet, I'll probably just filter and forget, until the point I kill the account to which they are sending, anyway.
(can't you Americans bloody go metric like the rest of the planet)
Some engineers tried to go metric before, but remember what happened? =)
Asking us to go metric is like asking us to upgrade the MFM hard drives in the shuttle to IDE or SCSI - we have an obsolete system, but we have to trust it.
I predict that we're going to see cases of husbands giving their unfaithful wives beautiful jewelry, shortly after their lovers disappear. And crimelords giving their wives and hookers jewelry made from their enemies.
And some stupid, greedy son of a famous sports player is going to be sued by his sister to stop him from turning his hall-of-famer dad into a "baseball diamond."
One baseball diamond, of course, already appears in a muppet movie.
Since you can't do DNA analysis to determine if the diamond is actually the person, what's to stop them from just doing that???
Well, there's the fact that probably every diamond that large is documented and etched, etc., etc. You wouldn't have any kind of etching on a "man-made" diamond, at least not one that points to DeBeers.
This in not meant to be a troll. However, I sure as hell don't trust "sneak preview" tech specs full of typos in a article written by rumor-mongering hardware freaks half a page down from a picture of someone hitting a CPU with a giant green inflatable hammer.
Why not? The specs are cribbed from the PR kit, so they're about as trustworthy as what the company itself says.
Remember, "sneak previews" on hardware sites are like trailers in movie theaters. They're there to get you interested in the product, not to critique it.
After crushing a couple of AMD chips, I became very weary of removing the heat sink after a successful mounting.
No doubt. Actually, that worked to my advantage, when I was trying to get Fry's to take back an Athlon XP that had gone bad... when they told me they had to test it, I was worried, because their idea of a testbed is another customer's board hooked up to crappy "PC Doctor" software, and has rarely caught transient errors in the past.
Wouldn't you know it, though, they cracked it during mounting, so of course it became "oops, let's get you credit for that chip" instead of "we can't find a problem in 30 minutes of running crappy test software so it must not be bad."
Why don't the personal telco people rent out space on the dual T1s to Starbucks. Everyone wins that way.
They may not actually be paying for the T1s that they use, or the T1s may be provided by the ISP on the condition that they only be used for the free node. Reselling IP would give them problems, if either scenario was true.
Also, T-Mobile probably didn't think to make the system easily reconfigurable with landlines, if they use satellite as part of their package to Starbucks.
I think an apple is a bad example, because unlike a book, you can 'use' an apple only one time. Once it is consumed, you can't resell it to someone else. (At least not very easily.)
Sure many of us here probably build our own machines, but if you do plan on buying one of these, do it on the phone. Ask the salesperson if they can ship it with Linux (or your favorite OSOS).
They probably would have some awkwardness about mass installing distros that they ought to be paying for, lessening their profit margin.
However, you could ask them to ship it with BeOS. Remember, towards the end, they said that any vendor could pre-install BeOS for free on machines. Granted, the OS is dead now, but there's the big poke in the eye - some dead OS getting preference over a Windoze.
Yah, well. I could probably scrape up enough, but then the question is, why waste the utility of the P3 I've already got idle? Remember, the original question was what the heck would people use Slowlaris x86 for? Well, let's see, I have x86 hardware that is fast, that is not being used. I want to learn Slowlaris. Hmmmm sounds like a good fit, even if it's not "real" Slowlaris or "real" Sun hardware. Heck, even if I did have money, wouldn't I be better off getting a Ross or something? That's another thing - I don't know enough about the hardware to go make buying decisions, whereas I've been building x86s for ages.
By the way, this "POS" used to be considered enough of a workhorse to handle DNS, web, mail, even news functions for ISPs back in the good old days. In fact, this used to be a very active "production" box before being given to me.
Now I'm running OpenBSD on it, but that's mainly because I didn't have a mouse for it until someone gave me one recently, and I still haven't gotten around to making this extra scsi CD drive I have work with it, so I can try installing stuff from the CD (I chose OpenBSD mostly because I could get everything to install over ftp from my fileserver after the initial boot floppy). Still, you know, to learn basic concepts (like the open bios, naming conventions for scsi devices, etc) the box is fine, and if I ever permanently break it, I'm going to feel sentimental, but that's it.
p.s. a friend of mine is holding an old Indigo for me, and I'm hoping to get some NeXT hardware someday, too. Why? Because they're cool. I don't care that now they're crap for speed. My "real" box is an Athlon 2GHz, which I use for everything from daily apps to off-air recording, NLE, and DVD authoring, so it's not like I'm hurting for cycles to get my "necessary" stuff done - not to mention that being laid off has given me plenty of time to wait, and to think about certifications, etc. =) p.p.s. that being said, anyone reading this is more than welcome to let me know if they have old stuff like this to give away. I live in Oregon, but can drive to California, Washington, etc. =)
I wonder why, since a Sun IPX machine runs at ~40mhz (microsparc no less), versus the P3-733mhz x86.
You missed the part at the beginning, where I said I had limited resources, didn't you? =)
You can get an Ultra 2 (Dual compatible), Ultra 5, and even sometimes Ultra 10 hardware for under $500 on ebay, and these use newer generation UltraSparc chips (Versus your 4th generation+ removed microsparc system), and at 270mhz+. You can get Ultra 2 dual 300mhz (2mb cache), UltraSparc II boxes for a little over $500 on ebay.
Thanks for the info. If I had that kind of money to throw at yet another box right now, I would be tempted. But I don't. I do, however, have the p3/733, and can afford to buy a copy of the software (I'd go for the admin pack, with manuals, for $95). Which, by the way, I would probably have to buy anyway for whatever old system I could come up with on Ebay.
Um, Sun said it had to stop the Slowlaris port to Itanium because Intel stopped giving them needed documentation, etc. I'm sure AMD could exploit this to offer Sun some handholding with the Opteron.
It's all spelled out in a Register article or two - I just don't have the time to find those URLs again.
Other than the OS and the very few applications that came with it, there was nothing else I could do. So what good is an OS on any hardware if it doesn't come with any real world applications to run on it, be it for free for for $$$.
If this is really true, then it should be a simple matter for you to certify for Slowlaris admin - and then get paid to do "nothing", right?
I have a poor, dejected Cobalt Qube that I don't even use anymore because the software on it is so full of holes that it would be suicide to use it as a server.
I'd be happy to take that off your hands, if you really can't use it. I certainly could =)
As a geek with limited resources, I must say that running any version of Slowlaris on my spare P3/733 (or even my old P/200) is considerably faster than running OpenBSD 3.0 on my Sun IPX, and yet there are several people here who would rather have "real" Sun gear, even extremely lame and out of date gear, to train on.
I don't see why, at all. I'm sure, after I get serious and certify for Slowlaris, that I'll be able to play with the "real" stuff later. But in the meantime, I can reboot into SuSE or BeOS or a Windoze whenever I need to.
The only thing that could make this any better is if I could figure out how to get the sattelite feed into my WinTV card so I can watch while I'm "working"
You can buy one of those cablebox/satellite remote-control adapters for your system, like the ones that snapstream (www.snapstream.com) offers to go with their scheduled recording software.
Also, it would be TONS better if TOON would pick up Invader Zim and made new episodes. Except I don't want to see little retarded "guest appearances" on Space Ghost or whatever. I hate it when they do that.
Your reasons are pretty much exactly why I want my next computer to be a mac - and I've been running PCs for 17 years or so.
A Mac with OSX would give me a stable OS with real apps (Photoshop, some office product) and still let me fart around with BSD pretending to know what I'm doing. I don't have to worry about "serious" apps breaking from dependencies on some package that just got updated, but I can still play around with the free stuff if I want to. Plus, I'm not a software developer, and I feel it's pointless for me to have to spend hours tweaking desktops and hardware drivers to get things useful.
I think their engineering is solid, but I am still waiting for them to get up to speed. Macs look pretty, but a 533MHz FSB on a Pentium 4 still makes me drool. And before you complain that I'm comparing things improperly, imagine your G4 with a 533 FSB. Then there would be no doubt that it rules, right?
Slashdot Mirror
Look, it's one thing to find a vulnerability, and another thing to say "oh look, let's see how far this goes and play with it before we tell anyone."
It's like discovering that there's a loose brick in the wall between the boys' locker room and the girls' shower room at school: getting an eyeful before reporting is still wrong.
They probably got searched to see if they did the equivalent of "taking pictures."
What really sucks is that this press release implies that Sigma created the software, and is now giving it away.
There is no notice that they are using previously GPLed code, or where it came from.
So they're still misleading their shareholders and the public.
Then again, if you look at the history if DivX;-), you'll see references to a hacked Microsoft codec, too, and that quite likely was not GPL =)
After the presidential elections in 2000, I tried to get my name off the mailing list at "echampions2000.com," where I had subscribed just to be entered for some sweepstakes. However, none of the "you will be removed if you do this" URLs or email addresses worked, over a couple of months.
Finally, in October of last year, I sent email out to gopteamleader@gopteamleader.com, dns@rnchq.org, ipadmin@gblx.net, abuse@rnchq.org, abuse@gopteamleader.com, abuse@gblx.net, abuse@rncmail.org, abuse@verio.net, postmaster@rnchq.org, postmaster@gopteamleader.com, postmaster@rncmail.org, abuse@onr.com, abuse@texasgop.org, postmaster@texasgop.org, and some individuals and consultants who I found through SOA searches and whois records, complaining about the situation, and asking each company hosting servers or IP for these guys to look into this.
I did finally get a message back from one of the webmasters, who promised me that my name would be removed. He was from the Texas GOP site, though, so I wondered if he really could remove me after the fact from the national organizations he had shared my name with. None of the carriers, of course, bothered to answer; having seen from the ISP side how these complaints get handled, I added them only to show the spammers I meant business.
Everything was fine until March or April, when I started getting spam again. I've been Spamcopping it since then, though now that I'm playing with SpamNet, I'll probably just filter and forget, until the point I kill the account to which they are sending, anyway.
(can't you Americans bloody go metric like the rest of the planet)
Some engineers tried to go metric before, but remember what happened? =)
Asking us to go metric is like asking us to upgrade the MFM hard drives in the shuttle to IDE or SCSI - we have an obsolete system, but we have to trust it.
...and be incredibly frustrated by the great hardware married with crap firmware and software.
Or buy the Zaurus developer edition... and have only yourself to blame if the software is crappy =)
I predict that we're going to see cases of husbands giving their unfaithful wives beautiful jewelry, shortly after their lovers disappear. And crimelords giving their wives and hookers jewelry made from their enemies.
And some stupid, greedy son of a famous sports player is going to be sued by his sister to stop him from turning his hall-of-famer dad into a "baseball diamond."
One baseball diamond, of course, already appears in a muppet movie.
Since you can't do DNA analysis to determine if the diamond is actually the person, what's to stop them from just doing that???
Well, there's the fact that probably every diamond that large is documented and etched, etc., etc.
You wouldn't have any kind of etching on a "man-made" diamond, at least not one that points to DeBeers.
This in not meant to be a troll. However, I sure as hell don't trust "sneak preview" tech specs full of typos in a article written by rumor-mongering hardware freaks half a page down from a picture of someone hitting a CPU with a giant green inflatable hammer.
Why not? The specs are cribbed from the PR kit, so they're about as trustworthy as what the company itself says.
Remember, "sneak previews" on hardware sites are like trailers in movie theaters. They're there to get you interested in the product, not to critique it.
After crushing a couple of AMD chips, I became very weary of removing the heat sink after a successful mounting.
No doubt. Actually, that worked to my advantage, when I was trying to get Fry's to take back an Athlon XP that had gone bad... when they told me they had to test it, I was worried, because their idea of a testbed is another customer's board hooked up to crappy "PC Doctor" software, and has rarely caught transient errors in the past.
Wouldn't you know it, though, they cracked it during mounting, so of course it became "oops, let's get you credit for that chip" instead of "we can't find a problem in 30 minutes of running crappy test software so it must not be bad."
Why don't the personal telco people rent out space on the dual T1s to Starbucks. Everyone wins that way.
They may not actually be paying for the T1s that they use, or the T1s may be provided by the ISP on the condition that they only be used for the free node. Reselling IP would give them problems, if either scenario was true.
Also, T-Mobile probably didn't think to make the system easily reconfigurable with landlines, if they use satellite as part of their package to Starbucks.
The editor didn't write that. He was quoting the person who sent in the submission.
Bill Gates has made the cover at least once recently, and probably several times.
I think an apple is a bad example, because unlike a book, you can 'use' an apple only one time. Once it is consumed, you can't resell it to someone else. (At least not very easily.)
But what about the apple's seeds?
Did someone say... Monsanto?
Sure many of us here probably build our own machines, but if you do plan on buying one of these, do it on the phone. Ask the salesperson if they can ship it with Linux (or your favorite OSOS).
They probably would have some awkwardness about mass installing distros that they ought to be paying for, lessening their profit margin.
However, you could ask them to ship it with BeOS. Remember, towards the end, they said that any vendor could pre-install BeOS for free on machines. Granted, the OS is dead now, but there's the big poke in the eye - some dead OS getting preference over a Windoze.
Yeah, and I personally like the diarrhea color scheme of Slashdot better than the register
Oh, you should hang out in the Apple section, where it's minty-fresh, pastel diarrhea!
Okay, enough zilla-ness. (that's what the lawyers said!)
Yah, well. I could probably scrape up enough, but then the question is, why waste the utility of the P3 I've already got idle? Remember, the original question was what the heck would people use Slowlaris x86 for? Well, let's see, I have x86 hardware that is fast, that is not being used. I want to learn Slowlaris. Hmmmm sounds like a good fit, even if it's not "real" Slowlaris or "real" Sun hardware. Heck, even if I did have money, wouldn't I be better off getting a Ross or something? That's another thing - I don't know enough about the hardware to go make buying decisions, whereas I've been building x86s for ages.
By the way, this "POS" used to be considered enough of a workhorse to handle DNS, web, mail, even news functions for ISPs back in the good old days. In fact, this used to be a very active "production" box before being given to me.
Now I'm running OpenBSD on it, but that's mainly because I didn't have a mouse for it until someone gave me one recently, and I still haven't gotten around to making this extra scsi CD drive I have work with it, so I can try installing stuff from the CD (I chose OpenBSD mostly because I could get everything to install over ftp from my fileserver after the initial boot floppy). Still, you know, to learn basic concepts (like the open bios, naming conventions for scsi devices, etc) the box is fine, and if I ever permanently break it, I'm going to feel sentimental, but that's it.
p.s. a friend of mine is holding an old Indigo for me, and I'm hoping to get some NeXT hardware someday, too. Why? Because they're cool. I don't care that now they're crap for speed. My "real" box is an Athlon 2GHz, which I use for everything from daily apps to off-air recording, NLE, and DVD authoring, so it's not like I'm hurting for cycles to get my "necessary" stuff done - not to mention that being laid off has given me plenty of time to wait, and to think about certifications, etc. =)
p.p.s. that being said, anyone reading this is more than welcome to let me know if they have old stuff like this to give away. I live in Oregon, but can drive to California, Washington, etc. =)
I wonder why, since a Sun IPX machine runs at ~40mhz (microsparc no less), versus the P3-733mhz x86.
You missed the part at the beginning, where I said I had limited resources, didn't you? =)
You can get an Ultra 2 (Dual compatible), Ultra 5, and even sometimes Ultra 10 hardware for under $500 on ebay, and these use newer generation UltraSparc chips (Versus your 4th generation+ removed microsparc system), and at 270mhz+. You can get Ultra 2 dual 300mhz (2mb cache), UltraSparc II boxes for a little over $500 on ebay.
Thanks for the info. If I had that kind of money to throw at yet another box right now, I would be tempted. But I don't. I do, however, have the p3/733, and can afford to buy a copy of the software (I'd go for the admin pack, with manuals, for $95). Which, by the way, I would probably have to buy anyway for whatever old system I could come up with on Ebay.
Um, Sun said it had to stop the Slowlaris port to Itanium because Intel stopped giving them needed documentation, etc.
I'm sure AMD could exploit this to offer Sun some handholding with the Opteron.
It's all spelled out in a Register article or two - I just don't have the time to find those URLs again.
Why would I want to run Solaris x86 over Linux or BSD?
Um, to cross-train and maybe certify, so that you can work effectively with Slowlaris in a production environment if you have to?
What made you choose NetBSD? I currently have OpenBSD installed on my IPX. Even with the Weitek it's extremely slow.
Other than the OS and the very few applications that came with it, there was nothing else I could do. So what good is an OS on any hardware if it doesn't come with any real world applications to run on it, be it for free for for $$$.
If this is really true, then it should be a simple matter for you to certify for Slowlaris admin - and then get paid to do "nothing", right?
I have a poor, dejected Cobalt Qube that I don't even use anymore because the software on it is so full of holes that it would be suicide to use it as a server.
I'd be happy to take that off your hands, if you really can't use it. I certainly could =)
I heartily agree.
As a geek with limited resources, I must say that running any version of Slowlaris on my spare P3/733 (or even my old P/200) is considerably faster than running OpenBSD 3.0 on my Sun IPX, and yet there are several people here who would rather have "real" Sun gear, even extremely lame and out of date gear, to train on.
I don't see why, at all. I'm sure, after I get serious and certify for Slowlaris, that I'll be able to play with the "real" stuff later. But in the meantime, I can reboot into SuSE or BeOS or a Windoze whenever I need to.
The only thing that could make this any better is if I could figure out how to get the sattelite feed into my WinTV card so I can watch while I'm "working"
You can buy one of those cablebox/satellite remote-control adapters for your system, like the ones that snapstream (www.snapstream.com) offers to go with their scheduled recording software.
Also, it would be TONS better if TOON would pick up Invader Zim and made new episodes. Except I don't want to see little retarded "guest appearances" on Space Ghost or whatever. I hate it when they do that.
Your reasons are pretty much exactly why I want my next computer to be a mac - and I've been running PCs for 17 years or so.
A Mac with OSX would give me a stable OS with real apps (Photoshop, some office product) and still let me fart around with BSD pretending to know what I'm doing. I don't have to worry about "serious" apps breaking from dependencies on some package that just got updated, but I can still play around with the free stuff if I want to. Plus, I'm not a software developer, and I feel it's pointless for me to have to spend hours tweaking desktops and hardware drivers to get things useful.
I think their engineering is solid, but I am still waiting for them to get up to speed. Macs look pretty, but a 533MHz FSB on a Pentium 4 still makes me drool. And before you complain that I'm comparing things improperly, imagine your G4 with a 533 FSB. Then there would be no doubt that it rules, right?