Y'know, that could be the next copycat e-mail worm... the title, from, etc. is randomly one of about 5 options. The function is to send an e-mail to everyone in the user's outlook address book, one to ebay and one to Micro$oft. The main virus part is VB script for maximum virus coverage, but it will also contain a VB for appications (VBA) version that ammends data to your normal.dot so it carries on infecting. To be nice, there would be a 'Stop remailing after RTC says it's Thursday (or whatever)'.
Not that I'm suggesting people should do this. Hell, no. It would just be funny to see ebay/microsoft's mail servers die inder the weight of all the e-mails, like a DDOS but bigger.
Disclaimer: Don't qoute me on any of that, by the way. I don't plan on doing it, nor do I endorse doing it.
Hey, But the OS (if you can call winders a OS) cds that come with most OEM systems say on the "for sale with a new pc only" now is selling those on ebay a violation of that clause? How binding is that clause? Hey, if Microsoft started stamping all thier CDs with "Give your amputated arms and legs to Commandant Gates" would you be bound by that too? That would suck! As well as sucking totally, it wouldn't be legally binding (would it?). How is "for sale with a new pc only" any different from that? You havn't signed anything. You havn't broken any seals. You havn't clicked 'I agree'. Why should you be bound by it? it's just writing on a CD. Well, that's my opinion. Justice and the law aren't the same things. Michael Tandy
All one has to do is realize that the pads numbers can not be purely random. Look at The Hotbits RNG, Genuine random numbers, generated by radioactive decay. Government agencies' budjets are in billions of pounds/dollars. I think they could stretch to something like this. Or they could be using a dice. They could gave a guy throw a dice and read out the number that comes up. Or they micht have a big bucket of numbered balls they shake about and then they take a ball out of at random. If you can project that, you chould have no trouble telling me next week's lottery numbers. When you factor in the observation that if a random data set contains less numbers than it has possible combinations it will not show a pattern, if is fair to assume the data is random, or at least the Real pads are random. Just my thoughts. Michael Tandy
If you want my opinion, even with the entire of distributed.net's computing power, cracking this message would be impossible. Distributed.net is looking for a known message with a known algorithm at low - 64-bit - encryption. They are, at the current rate, looking at roughly 2,000 days total at the current rate. If the encryption is simply algorithmic, the keyspace of about 5 algorithms would have to be exhausted, asuming it's a publically-availiable algorithm. That would be over 10,000 days, assuming the encryption is only 64-bit. If I was doing top-secret spy communications, I would use at least 256-bit key, maybe more. That would involve literally millions of keys. Then, of course, there's the book cryptography method. That would be near-unbreakable, even if we had quickly downloadable copies of every book in existance. Or maybe it's a vernam-cipher (one-time pad) system. I doubt an entire country's inteligence budget would flinch at the cost of a hardware RNG.
So, let's recap:
1) We barely have the facility to crack a 64-bit message. 2) This message could have any strength of encryption. 3) This message could use any of a wide range of algorithms. 4) This message could use an algorithm we don't know of. 5) We have no way of knowing if we have managed to crack a message as we don't know the content. 6) There could be multiple layers of encryption using varying, unknown algorithms. 7) They may well use one-time pads. 8) Said one-time pads cound be totaly random.
In conclusion, cracking number-station messages could and probably would be emmensely close to impossible using today's technology, assuming the security is good, which it would almost certainly be.
You're welcome to try, but I don't think it's possible.
They say that Larry Wall wrote some perl code to turn the lights in his house on and off . Something I've been thinking about doing is turning a 486 into a web-enabled thermostat. I want to be able to sit at the laptop in my room and nip over to thermostat.michael-tandy.com and turn on my house's heating systems. It could be ultra-functional... who wouldn't want a heating timeswitch that automatically reflects daylight-saving time, your summer/winter heating preferences and things? It's only an idea currently. Don't be supprised if it never gets off the ground. Michael Tandy
My wild speculation on the future goes something like this:
1) Everyone will have a computer. 2) Everyone will have a hardwired, always-on, broadband internet connection. 3) All home electronics devices will have radio ethernet interfaces on. 4) All computers will have compatible interfaces, unless the user has a hardwired network already, in which case they'll get an ethernet bridge thingumy. 5) Content:ads ratios will increase exponentially. 6) Privacy will decrease exponentially. 7) Techie nerds will form Virtual Private Network communities where people trust each other. 8) All software will attempt to register over the internet to prevent piracy. 9) Microsoft will abandon all guise of caring about consumers and reveal the Microsoft Murdering Robot Millenium Edition. You will have to buy it or Windows Millenium Edition won't work and you will have to buy a $500 license every month for life. If you don't, it will strangle you in your sleep. It will have no other functions.
Does this mean we could get rid of all of those ugly billboards? No. It means they'd be augmented by short-message-service spam. Every time the trackers find it's a few hours since you ate - interpolated with your eating patterns they have calculated, of course - you would get your mobile phone going off, telling you 'Left at the junction 15 yards ahead, then next right for Burger King!', along with similar messages from every other retailer within a 15-mile radius.
Hey, If I want a new video card, it's specifications, cost and perhaps a little bit of 'their last card didn't suck'. Unfortunately, most consumers aren't as clever or discerning as the average/. reader. Pyramid send-me-$1-and-you'll-get-$1,000,000,000 schemes are the proof of that.
I did a similar job at my house, but it didn't come near $300. Here's my advert-style expense list:
10/100 Netgear hub - £70 10/100 NIC - £12 Cat5 Cabling - 39p/meter (Get at least 20% more than you need. You can't very well solder more on the ends afterwards.) 10 RJ-45 connectors - £2 (Get some spares to learn to crimp.) Techie Girlfriend with RJ-45 crimp tool - Priceless (A cheap RJ-45 crimper will set you back about £40-50. If you want a nice one with cantilever ratchet action, you're looking at more like £90+. I find most IT departments don't mind leanding them to you though.)
If you want cabling conduits, plate-mount sockets and the full works rather than cabling coming direct from under the carpets to the ethernet card, you will need to spend quite a bit more. I'm in the process of replacing some of the NICs with more expensive but linux-compatible ones. You know what? I think I'll throw a webpage of my networking exploits together. Somebody might care.
Hey, who would like to participate in a NAN (neighborhood area network - did I coin a new term?) with perhaps a shared fat-pipe to the Internet? That would be an interesting idea... The only problem I can see is with power phases. If different buildings are on different power phases, this sometimes buggers up wired 100Mbps ethernet. This leaves radio (Slow, short range) and putting in fibre-optics (Expensive). If wired ethernet gives you a problem*, I'd go for fibre-optics, but I have 100Mbps ethernet around my house. Will geeks move buy and move in if such an opportunity arose? If I ever move to the US, I'll have a look at your area. Living in a neighbourhood with other nerds could be cool (But then personal organisers seem cool until you realise you have to spend hours programming in your appointments), if it had a friendly atmosphere... living in a street where people could pool computer gear and knowledge easily could get really nice. Michael *I think the power phases are different over in America
Just to clear up any confusion, I would like to say:
Encryption is processor-intensive. VERY processor-intensive. Client borwsing can easily be done with a normal processor but a server needs more capacity. If you have an emmensely high bandwidth site like/., you need a lot of normal processors or some dedicated processors. Dedicated processors are designed to encrypt only and can do it very fast.
The Intel NetStructure 7180 e-Commerce Director looks nice: http://www.intel.com/netstructure/products/directo r_7180.htm
If/. got one of these and put it online as, say, http://secure.slashdot.org, it would be interesting. Not vital, but interesting.
I would support an optional encrypted slashdot, but then again, I regularly send random encrypted data to my mates just for the sake of it.
If you want to try listining to British radio over the internet, try going to http://www.bbc.co.uk/radio1/ and using the 'Listen' button. You need RealPlayer, and quite good bandwidth if you hope to have any sort of quality but it can't hurt for you to have a look.
As proven in the previous poll on how many cd's the average/.'er owns, the majority owns a large number of cd's.
I think the majority of voters included Computer CDs with thier count. Seen as most people buy CD-Rs in 50-CD boxes, most/.ers probably have a few hundred: I certainly do. No more than 50 of them are brought-new dedicated music CDs. I must say I agree with you on the rest, though.
The media could give programmers credit for averting a disaster, but instead it's much easier for them to be cynical and claim that the whole Y2K thing was hype.
The problem with blaming hype is that much of it is.
The majority of the public do not know the technical reasons for the y2k problem. Equally, many press writers do not funnly appreciate the problem. Resultantly, the press people assume the worst, because 'Good News is No News', and sensational stories about power cuts, water and food shortages sell more newspapers.
Let's outline the problem for anyone who doesn't:
I am a mojor telecoms company. My billing database records every call like this:
We have to record the date of start and ending in case someone is on the phone over midnight. When it's billing time, we turn the subtract the start date from the end date to get the call length, twenty minutes, then we multiply by the call charge per time unit, which gives us the call cost.
Now, it's five minutes from new year. I decide to make an international call to, say, France, so I can wish my French buddies a happy new millenium as it happens. Here's the entry:
Then we subtract the start date from the end date. Instead of getting positive-20 minutes, we get negative-100 years. Then we multiply our negative-100 years by the international call cost and pop it on someone's bill, and direct-debit it from thier account.
Basically, instead of someone paying for a twenty min. call, they get the money for a 100-year international call. This costs my telephone company a lot of money.
As you can see, this would be a large problem for my telephone company if they didn't notice. And so they update thier databases.
And they tell people about the danger of giving customers big, negative bills. Someone from an industry magazine picks up on it, and 'Billing Database Developer Quaterly' runs an article on the problem. This allows the problem to be fixed on most systems. But it also allows the problem to be read about by people who don't understand the problem. These people tell people, and they tell people, and so on. The technical details don't get passed on, but the "OHMYGOD!! THIS COULD BE A DISASTER!!!" does. Then it gets to partially-knowledgable people, like technology correspondants for major newspapers. They look at the hype, and try to trace it back to the things that cause the problem: two-digit year records. And our journalist attempts to compose a list of things that could be affected, and produces a list of every thing that uses a two-digit date. Video Recorders, for instance.
Yes, there was a risk of date-dependent things going wrong. A telephone system, for example. And resultantly, they were repaired. What there isn't is a risk of date-independent things stopping working. Food delivery systems, for example. And resultantly, they didn't go wrong.
Paranoia, over-emphasis, ignorance and sensationalism over-expanded the problem. In conclusion, I would say that yes, there was a problem, but it was not as bad as non-knowledgable people made out.
Slashdot Mirror
Y'know, that could be the next copycat e-mail worm... the title, from, etc. is randomly one of about 5 options. The function is to send an e-mail to everyone in the user's outlook address book, one to ebay and one to Micro$oft. The main virus part is VB script for maximum virus coverage, but it will also contain a VB for appications (VBA) version that ammends data to your normal.dot so it carries on infecting. To be nice, there would be a 'Stop remailing after RTC says it's Thursday (or whatever)'.
Not that I'm suggesting people should do this. Hell, no. It would just be funny to see ebay/microsoft's mail servers die inder the weight of all the e-mails, like a DDOS but bigger.
Disclaimer: Don't qoute me on any of that, by the way. I don't plan on doing it, nor do I endorse doing it.
Michael Tandy
Good places for non-real e-mail addresses include
http://www.emailaddresses.com/
And http://www.another.com/
Michael
Hey,
But the OS (if you can call winders a OS) cds that come with most OEM systems say on the "for sale with a new pc only" now is selling those on ebay a violation of that clause? How binding is that clause?
Hey, if Microsoft started stamping all thier CDs with "Give your amputated arms and legs to Commandant Gates" would you be bound by that too? That would suck!
As well as sucking totally, it wouldn't be legally binding (would it?). How is "for sale with a new pc only" any different from that? You havn't signed anything. You havn't broken any seals. You havn't clicked 'I agree'. Why should you be bound by it? it's just writing on a CD.
Well, that's my opinion. Justice and the law aren't the same things.
Michael Tandy
All one has to do is realize that the pads numbers can not be purely random.
Look at The Hotbits RNG, Genuine random numbers, generated by radioactive decay. Government agencies' budjets are in billions of pounds/dollars. I think they could stretch to something like this. Or they could be using a dice. They could gave a guy throw a dice and read out the number that comes up. Or they micht have a big bucket of numbered balls they shake about and then they take a ball out of at random. If you can project that, you chould have no trouble telling me next week's lottery numbers.
When you factor in the observation that if a random data set contains less numbers than it has possible combinations it will not show a pattern, if is fair to assume the data is random, or at least the Real pads are random.
Just my thoughts.
Michael Tandy
Hey,
If you want my opinion, even with the entire of distributed.net's computing power, cracking this message would be impossible. Distributed.net is looking for a known message with a known algorithm at low - 64-bit - encryption. They are, at the current rate, looking at roughly 2,000 days total at the current rate. If the encryption is simply algorithmic, the keyspace of about 5 algorithms would have to be exhausted, asuming it's a publically-availiable algorithm. That would be over 10,000 days, assuming the encryption is only 64-bit. If I was doing top-secret spy communications, I would use at least 256-bit key, maybe more. That would involve literally millions of keys. Then, of course, there's the book cryptography method. That would be near-unbreakable, even if we had quickly downloadable copies of every book in existance. Or maybe it's a vernam-cipher (one-time pad) system. I doubt an entire country's inteligence budget would flinch at the cost of a hardware RNG.
So, let's recap:
1) We barely have the facility to crack a 64-bit message.
2) This message could have any strength of encryption.
3) This message could use any of a wide range of algorithms.
4) This message could use an algorithm we don't know of.
5) We have no way of knowing if we have managed to crack a message as we don't know the content.
6) There could be multiple layers of encryption using varying, unknown algorithms.
7) They may well use one-time pads.
8) Said one-time pads cound be totaly random.
In conclusion, cracking number-station messages could and probably would be emmensely close to impossible using today's technology, assuming the security is good, which it would almost certainly be.
You're welcome to try, but I don't think it's possible.
Michael
They say that Larry Wall wrote some perl code to turn the lights in his house on and off . Something I've been thinking about doing is turning a 486 into a web-enabled thermostat. I want to be able to sit at the laptop in my room and nip over to thermostat.michael-tandy.com and turn on my house's heating systems. It could be ultra-functional... who wouldn't want a heating timeswitch that automatically reflects daylight-saving time, your summer/winter heating preferences and things? It's only an idea currently. Don't be supprised if it never gets off the ground. Michael Tandy
My wild speculation on the future goes something like this:
1) Everyone will have a computer.
2) Everyone will have a hardwired, always-on, broadband internet connection.
3) All home electronics devices will have radio ethernet interfaces on.
4) All computers will have compatible interfaces, unless the user has a hardwired network already, in which case they'll get an ethernet bridge thingumy.
5) Content:ads ratios will increase exponentially.
6) Privacy will decrease exponentially.
7) Techie nerds will form Virtual Private Network communities where people trust each other.
8) All software will attempt to register over the internet to prevent piracy.
9) Microsoft will abandon all guise of caring about consumers and reveal the Microsoft Murdering Robot Millenium Edition. You will have to buy it or Windows Millenium Edition won't work and you will have to buy a $500 license every month for life. If you don't, it will strangle you in your sleep. It will have no other functions.
That's my opinion at least.
Michael Tandy
Does this mean we could get rid of all of those ugly billboards? No. It means they'd be augmented by short-message-service spam. Every time the trackers find it's a few hours since you ate - interpolated with your eating patterns they have calculated, of course - you would get your mobile phone going off, telling you 'Left at the junction 15 yards ahead, then next right for Burger King!', along with similar messages from every other retailer within a 15-mile radius.
Hey, If I want a new video card, it's specifications, cost and perhaps a little bit of 'their last card didn't suck'. Unfortunately, most consumers aren't as clever or discerning as the average /. reader. Pyramid send-me-$1-and-you'll-get-$1,000,000,000 schemes are the proof of that.
I did a similar job at my house, but it didn't come near $300. Here's my advert-style expense list:
10/100 Netgear hub - £70
10/100 NIC - £12
Cat5 Cabling - 39p/meter (Get at least 20% more than you need. You can't very well solder more on the ends afterwards.)
10 RJ-45 connectors - £2 (Get some spares to learn to crimp.)
Techie Girlfriend with RJ-45 crimp tool - Priceless (A cheap RJ-45 crimper will set you back about £40-50. If you want a nice one with cantilever ratchet action, you're looking at more like £90+. I find most IT departments don't mind leanding them to you though.)
If you want cabling conduits, plate-mount sockets and the full works rather than cabling coming direct from under the carpets to the ethernet card, you will need to spend quite a bit more. I'm in the process of replacing some of the NICs with more expensive but linux-compatible ones. You know what? I think I'll throw a webpage of my networking exploits together. Somebody might care.
Michael Tandy
Hey, who would like to participate in a NAN (neighborhood area network - did I coin a new term?) with perhaps a shared fat-pipe to the Internet? That would be an interesting idea... The only problem I can see is with power phases. If different buildings are on different power phases, this sometimes buggers up wired 100Mbps ethernet. This leaves radio (Slow, short range) and putting in fibre-optics (Expensive). If wired ethernet gives you a problem*, I'd go for fibre-optics, but I have 100Mbps ethernet around my house. Will geeks move buy and move in if such an opportunity arose? If I ever move to the US, I'll have a look at your area. Living in a neighbourhood with other nerds could be cool (But then personal organisers seem cool until you realise you have to spend hours programming in your appointments), if it had a friendly atmosphere... living in a street where people could pool computer gear and knowledge easily could get really nice. Michael *I think the power phases are different over in America
Hey,
/., you need a lot of normal processors or some dedicated processors. Dedicated processors are designed to encrypt only and can do it very fast.
o r_7180.htm
/. got one of these and put it online as, say, http://secure.slashdot.org, it would be interesting. Not vital, but interesting.
Just to clear up any confusion, I would like to say:
Encryption is processor-intensive. VERY processor-intensive. Client borwsing can easily be done with a normal processor but a server needs more capacity. If you have an emmensely high bandwidth site like
The Intel NetStructure 7180 e-Commerce Director looks nice:
http://www.intel.com/netstructure/products/direct
If
I would support an optional encrypted slashdot, but then again, I regularly send random encrypted data to my mates just for the sake of it.
If you want to try listining to British radio over the internet, try going to http://www.bbc.co.uk/radio1/ and using the 'Listen' button. You need RealPlayer, and quite good bandwidth if you hope to have any sort of quality but it can't hurt for you to have a look.
The media could give programmers credit for averting a disaster, but instead it's much easier for them to be cynical and claim that the whole Y2K thing was hype.
The problem with blaming hype is that much of it is.
The majority of the public do not know the technical reasons for the y2k problem. Equally, many press writers do not funnly appreciate the problem. Resultantly, the press people assume the worst, because 'Good News is No News', and sensational stories about power cuts, water and food shortages sell more newspapers.
Let's outline the problem for anyone who doesn't:
I am a mojor telecoms company. My billing database records every call like this:
We have to record the date of start and ending in case someone is on the phone over midnight. When it's billing time, we turn the subtract the start date from the end date to get the call length, twenty minutes, then we multiply by the call charge per time unit, which gives us the call cost.
Now, it's five minutes from new year. I decide to make an international call to, say, France, so I can wish my French buddies a happy new millenium as it happens. Here's the entry:
Then we subtract the start date from the end date. Instead of getting positive-20 minutes, we get negative-100 years. Then we multiply our negative-100 years by the international call cost and pop it on someone's bill, and direct-debit it from thier account.
Basically, instead of someone paying for a twenty min. call, they get the money for a 100-year international call. This costs my telephone company a lot of money.
As you can see, this would be a large problem for my telephone company if they didn't notice. And so they update thier databases.
And they tell people about the danger of giving customers big, negative bills. Someone from an industry magazine picks up on it, and 'Billing Database Developer Quaterly' runs an article on the problem. This allows the problem to be fixed on most systems. But it also allows the problem to be read about by people who don't understand the problem. These people tell people, and they tell people, and so on. The technical details don't get passed on, but the "OHMYGOD!! THIS COULD BE A DISASTER!!!" does. Then it gets to partially-knowledgable people, like technology correspondants for major newspapers. They look at the hype, and try to trace it back to the things that cause the problem: two-digit year records. And our journalist attempts to compose a list of things that could be affected, and produces a list of every thing that uses a two-digit date. Video Recorders, for instance.
Yes, there was a risk of date-dependent things going wrong. A telephone system, for example. And resultantly, they were repaired. What there isn't is a risk of date-independent things stopping working. Food delivery systems, for example. And resultantly, they didn't go wrong.
Paranoia, over-emphasis, ignorance and sensationalism over-expanded the problem. In conclusion, I would say that yes, there was a problem, but it was not as bad as non-knowledgable people made out.
That's my take, anyway.
Michael
...another comment from Michael Tandy.