While Solaris isn't open source, and x86 Solaris software and support isn't as readily available as it is with Linux or even BSD, Solaris is *big iron* even if it's running on your little Pentium. 2 year old hardware is well supported, and it's a good taste of UNIX, too. It's *free* to download at www.sun.com! And it's Solaris!:)
Though, I still think that a bash shell is best for a newbie, and Solaris 8 doesn't come with that.
(If you're having problems burning Solaris 8 binaries CDs, there's a workaround, e-mail me.)
I think a good question is, What is best for a user from windows to do? learn a distro that is easier to use or to learn the distro that is more hardcore, and shed any windows-likeness in the process?
I look at it this way. We don't want the guy to get discouraged and go back to what seems easy (Windows). And, the way I look at it, Red Hat is a good taste, because it's so well supported. He can get hard core once he's learned how to get the box to do what he wants through the point-and-drool stuff. He's got enough to learn with just the new UNIX terminology and the basic architecture.... ("Where's my C drive? How do I save my work if I don't have a C drive?!").
I'll tell you, I had an e-mail address in 1988. It was a UUCP account, through a dial-up shell on a Sun box, and I was familiar with being a UNIX user back then. I walked away from it, and eventually moved to my Amiga systems, then finally to a 486 with Windows 95. Getting sick of Windows and going back to UNIX (Linux) was tough enough, especially when you've got root access for the first time.:)
Go gently, get a popular distro, and don't get discouraged.
Oh, and by the way, welcome to the world of real operating systems. You know you're there once you type "ls" by accident when you sit down at a DOS box. Or when you try to open CONFIG.SYS with vi.:)
You'll never look back. Windows is such a cumbersome toy in comparison.
For your first Linux distro, I recommend Red Hat Linux. While I think it's unquestionable that it's not the best Linux, especially from a security standpoint, it's very well supported. Almost every Linux FAQ you'll find on the 'Net treats Red Hat as the defacto standard.
Coming from NT/2000, for the first little while, everything is going to feel really foreign and strange. Don't lose your way. Relax and read the docs which are all over the 'Net. And don't be afraid to experiment with the system.
Red Hat has (don't flame me, this is from memory) an installed base of about 50% of the Linux market; you can't beat the support. And even if it's not the most secure or stable Linux, it blows NT/2000 out of the water in security and stability.
Specific version? Find a Red Hat 6.2 distro; make sure you turn off un-needed daemons ("services" in Windows parlance) and do the BIND upgrade, since most older Linux/UNIX distros ship with a fairly dangerous DNS server vulnerability.
I'd stay away from x.0 versions, especially RH 7.0, which, to be blunt, sucked. I like the greater maturity of the 6.2 distro over RH 7.1 because, well, RH 6.1 wasn't nearly as good as 6.2. Note that the kernel that ships with 6.x and 7.0 is a 2.2 series kernel, and a more modern distro has a 2.4 series kernel, which means better built-in firewalling, SMP support and a few other goodies.
Once you're comfy with it, consider moving up to Debian or Slackware - but that's a matter of opinion.
eh? 240 watta/sq. meter is a lot. either way, i believe that is on the very high end of possible energy capture, i.e. assuming a very very efficient panel. however, A)240 W/sq m means a small roof could provide 20kW or so, way more then a regular house needs. even assuming a low efficiency, the numbers are still pretty nice.
Yeah. And maybe 20 years or so from now when the technology moves out of the laboratory and into Home Depot, we'll see it powering peltier junction air conditioners.
Also, how do you collect the power from the solar cells? Anything capable of dumping 20kW of power would be...troubling, since a paint-on coating isn't terrifically easy to which to make a low-resistance high-current connection. Anything less than a perfect connection to the surface would result in voltage drop due to the resistance of the connection. There would be a *lot* of heat.
B) you don't need batteries, just hook the system up to the power grid, and during the time you make more than you use, the power company pays you for the excess.
Typically, electrical demand in a city increases as the sun sets. Batteries *would* be required, and current (and horizon) technology isn't especially efficient.
20kW of power, per house, trying to be put back into the grid would mean that all the pole transformers and stuff would have to be retrofitted for it. Much of the grid in my area was installed over 40 years ago, and is unlikely to be changed in the near future - it's built to last.
Finally, household power is 60Hz (in North America) AC. Syncing the inverter to convert the DC from the solar cells into AC with the grid is a non-trivial exercise. If the power from the grid and the power from the inverter are off by even one degree in phase, bizarre problems which would look like a lagging load (power factor) issue will ensue. Very nasty.
I see something like this as, in the future, being a great way to power air conditioners on sunny days (but what about hot and cloudy days) but beyond that, I think it's a neat idea that will remain essentially impractical.
I threw together a script a few nights ago that sends such a popup to every CodeRed2-infected server that's contacted my server. It's available at http://salfter.dyndns.org/codered.shtml if anyone's interested. I also have live log info available there...got only about two dozen hits from the original CodeRed, but CodeRed2 is at 3500 hits and climbing.
Very, very, very cool. Thank you for sharing it. I'm going to hack it to tail a standard Apache log file and alert the luser directly.
I live in Charlottesville, Virginia. There are a number of things that make our tech scene great.
Oh, I love Charlottesville. I used to work for Litton, and they offered me a transfer there a couple of years ago. I turned it down, in the end, because I didn't like the position.
But, ah, Charlottesville. Friendly people, beautiful Virginia countryside all around, low real estate prices (compared to Toronto), low taxes (compared to what the Canadian government does to me every two weeks), and FedEx doesn't have to go through hell to try to get my rust-free Arizona car parts to me. My 1976 Dodge Ram fit in perfectly there.
[sigh]
Re:More information?
on
Code Red III
·
· Score: 4, Funny
We can do it for them...
GET/script/root.exe?+%2fc+format+c:
Okay. So, I'll put up a disclaimer on www.glowingplate.com that any connection attempts by machines infected with Code Red will be met with an HTTP request to $HOSTNAME/script/root.exe?+%2fc+format+c.
Set up Lynx into a little script, log the confirmed kills to my log printer, and all is good legally because of the disclaimer. One would hope.
Moderators!
on
Code Red III
·
· Score: -1, Offtopic
Just write a new version that infects IIS, shuts it off, installs a better web server, and voilà, the world is a better place! It would be even better to uninstall IIS, but we all know it's impossible to uninstall Windows software.
Why is that moderated to 0, Troll? That was both funny as hell, and a good idea!
Did a Windows zealot actually manage to gain enough karma here to be moderating?
My, my. MCSEs in positions of power. What is Slashdot coming to?
Public Logfile - for *Educational* Purposes Only
on
Code Red III
·
· Score: 5, Informative
I'm still wondering what I should do with the hundreds of IPs in my desktop's apache log should we set up a site somewhere of ip addrs?
Already got one! Remember, the list, including fully-qualified hostnames, is for _educational_ purposes only. I've made it available so that we can study how this thing moves, not for such purposes as mass-spamming postmaster@$IIS-INFECTED-HOSTNAME with flames reminding him that he is a bliterhing idiot, nor for other untoward activities which may be performed on a machine with a shell in a webserver's public directory.
Well, of course it is. I was building up to it, and revealing the name in the color of the box was rather self-defeating to the melodrama inherent in later naming it an Indy.
I've had exactly two epiphanies in my life. One was the first time I saw an Amiga, back in 1985. I knew I would have one.
The other time, it was 1993 or 1994. I was installing a video projection system into a hotel meeting room. The computer to which I had to connect the video projector was a funky little purplish pizza-box with the name "Indy".
I fell in love.
I still don't have an old Indy or Indigo - or even any UNIX workstations - so far, I've kept my cravings in check with Solaris 8 x86, FreeBSD and Linux.
There was something running on that Indigo that day. I don't remember it very well, but I remember the name: Music Box. In the window, there was a picture of a woman, and cartoon musical notes would fall out of her mouth as eerie but beautiful music played in the background. For several hours while I aligned the video projectors in the room, it was on the screens, 10.5x17 foot image of an IRIX X session, with that eerie and hypnotic image and sound. It freaked out my boss, too.:)
It looked like something you'd just leave on the screen of your computer to amuse passers-by. Anyone have any idea what it was, or whether it's available for anything but MIPS/IRIX? A Google search didn't prove too helpful.
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:.. At our Comdex booth
Have him spray the booth in herring oil, then release the penguins...
Oh, that would be messy.:)
Lowest Common Denominator: AOL on Windows 95
on
PDF Virus Spotted
·
· Score: 2
Adobe, will you please make it so our forms can be filled out with typewritten information by our users before they print it? Sure. Adobe Acrobat forms are born. Then the agencies start to notice that when the form requires the same information in several different places, people are mistyping it in one or more. Hence the Javascript in PDF.
That's all relevent, and I would stop just short of calling it a feature creep.
But, on the other hand, on a government webpage, the mandate of which being to bring make government services more accessible, shouldn't they stay with simpler, more reliable, and better supported mechanisms?
Maybe I'm unclear, but how does Acrobat get the information back to the PA gov't? Do you *fax* the form back, meaning that the unemployed dude has to have both a fax and a computer (or at least a computer and a scanner)? Remember, unemployment services will have a broad sector of people using it - not all of 'em will be computer geeks who have a scanner/fax handy.
The other option: does Acrobat have the mechanisms to send the information back to the server? Is it encrypted? That'd be fairly personal information to be going across the wire.
Acrobat isn't supported in a default Windows install. And, let's face facts, the lowest common denominator is AOL on Windows 95. While my mother has a real dial-up connection, she's at brower and e-mail only sophistication. She called me because someone sent her a PDF file, and had no idea what it was. I led her through downloading Acrobat Reader, but she got so frightened by all the installation options that she gave up, despite me telling her, "Mom, just click OK".
The only thing I can think of to provide that level of functionality would be a good old HTML form. IE 2.0, which shipped with NT 4.0, supports it. The biggest hurdle is at least 56 bit encryption - what generation of browser started to include that by default?
Bells and whistles are good, when they work. But, again, the cross-section of users *who are paying to use this service* (after all, it's *their* tax money) should be able to make use of it. Truck Driver Joe might not know anything outside of his small, clearly-defined AOL prison cell.
Why stop there? Why not sue gun makers cause they make something that is only good for killing people? Oh wait, a bunch of idiots already tried to pull that shit and lost.
Guns have a lot of benign uses. Ever shot clay pigeons? Ever shoot cans off a fencepost? It's fun!
In the midwest, there is the Dayton Ohio Hamfest. Which is a huge (as in takes all day to walk around literally) place to buy/sell/trade all forms of geek gear. If you know your stuff, you can find some computers and parts that havent been seen for years.
MmMMMmm... Dayton Hamfest. I went down there (from Toronto) with a friend of mine in my old Dodge pickup truck. Half-ton truck, went down with nothing but a spare tire under the bed and our suitcases behind the seat. Came back so badly overloaded that the cops made me put it on the weigh scale. (I was, like, three pounds below my limit. Good thing the fuel tank was almost empty at the time.) Crossing the border with that stuff confused Kanada Kustoms. They tried to charge me duty on a 50 year old TV set, for one thing.
I loved the Dayton Hamfest. But, never again. Ever. It was bad.
Re:A K5 USer has published an anti-CodeRed virus
on
Fight Virus With Virus?
·
· Score: 4, Interesting
The legal implications of this are a bis issue, but it's certainly an interesting code example.
Yeah, it's a great idea. It would be wonderful to see someone do it, but at the same time, if you did, you're as bad as the virus writers, since this would propagate everywhere and make changes on their systems without their consent.
For me to even academically consider such a virus, it would also have to have automatically e-mail the (l)user whose machine has just been patched, and state "You are an idiot. You've been negligent in the maintenance of your webserver. A benevolent UNIX/Linux geek wrote a virus which propagates by the same method as Code Red and it has now fixed this vulnerability on your machine. To learn about real webservers, go to www.apache.org."
But based on what I'm seeing from the description (I haven't unzipped/untarred it yet), I suspect it's more along the lines of what I've been wanting to do. If I get a request from a IIS-infected machine, why not have it force a reboot of that machine? Through the negligence of the system's owner, it attacked me. Why can't I merely force a reboot, clear the virus from the memory, and hopefully alert the imbecile involved that he's got a problem?
Take a look at my webserver log (link from my sig). I seem to be getting hit by the same IIS-infected hosts over and over. I'm sure the IIS-infected machines are getting hit by the same other machines over and over. If I were to force a reboot of those machines which attempt to infect my Apache server, then they'd promptly be reinfected, and since Code Red II scans within a tighter range of IP addresses, I'd probably take that machine down again. Of course, the cycle would repeat, and infected machines where I'm within their scanning range would be coming up and going down all day. Surely the owner would eventually realize something was wrong?
I'd love to do this, but I still don't like the legal implications. Stealing a car to prevent someone driving while drunk is still illegal, and this is a lot less clear-cut.
I agree. This past monday when i first login, my W2K told me it shut down in 2 minutes because it just installed an anti-code-red. this is itself exactly a virus: executing something without owner's consent...
This past Monday? Wow. I see your administrators take their time, don't they? Or did they wait until they'd been infected to decide that it might be time to take preventative measures?
I know that/.ers have a rep for staying out of the sunlight, but really...step outside during daylight hours sometime. See that big bright round thing in the sky? Gravity not only holds it together, but induces the fusion that powers all life on this planet.
But what percentage of the gas in Sol is involved in fusion at any given nanosecond? This candle's been lit for billions of years and still has a lot more to go. The popular theory, as I understood it, is that the sun is primarily composed of superheated gases. The plasma is involved only in the fusion reaction which powers it; beyond that, it's gas, which remains affected by its own gravity.
Which, unfortunately, blows a hole in your claim that gravity will one day be manipulated the way the electromagnetic force is today. The gravitational force between two protons is on the order of 10^-36 times the electrical force. That's what people mean when they say that gravity is weak.
Yet the gravity occuring on a subatomic level is sufficient to hold two protons together, in holy matrimony, despite their obvious lack of electrical... uhhh... chemistry.
Bollocks. The fact that the Sun is a sphere, and not a cloud of atoms evenly dissipated across the universe, is pretty strong evidence that plasma is affected by gravity.
For sure. But what percentage of the gas in Sol is involved in fusion at any given nanosecond? This candle's been lit for billions of years and still has a lot more to go. The popular theory, as I understood it, is that the sun is primarily composed of superheated gases. The plasma is involved only in the fusion reaction which powers it; beyond that, it's gas, which remains affected by its own gravity.
We used to barely understand magnetism, but now we manipulate it all the time.
I suspect that we don't actually understand magnetism, we simply harness it to our own ends. 200 years ago, we didn't do that.
We now barely understand gravity, but in the future we will manipulate it all the time.
I suspect that probably, yes, we will.
Uh, no. Perhaps the law of gravity can be defied near black holes or in some other bizarre frame of reference. This does not mean that we will ever be able to do it. There is no "probably" about it. We might just as probably discover the true nature of gravity and find that it is completely impossible to defy.
Sure. And that's entirely possible. But on the other hand, we can be fairly certain that the fundamental forces of nature occur on a subatomic level. We've only really been able to harness and understand fission for 50 years; we're still reading the table of contents on the book of subatomic phenomena. And it looks like it's a big, thick book, full of incredibly juicy stuff, but there's a lot of hard work ahead. Kinda like flipping through your first book on machine language programming.
What I'm merely suggesting is that I grew up in an age of scientific enlightenment - as did you. I trust and believe in science, if not just to make my life better, but at the least to make it more interesting. Now, since the fundamental forces seem to be more or less inter-related, I have faith in science. If we can harness two of the fundamental forces, why not the third?
Interestingly enough, plasma is widely held to be a fourth state of matter (solid, liquid, gas, plasma). And, while it's clearly affected by magnetism and electrostatic forces, it also seems to be unaffected by gravity. Now, I can convert water to ice or steam relatively effortlessly with technology; maybe one day I'll convert it to plasma? (Today, August 2001, I can convert argon to plasma at the flip of a switch in my bedroom. That's almost as cool as your website.)
Have faith in science. The best minds in the world are working on this one. I believe some sort of answer will come during out lifetimes.
When my father was my age, the first transistorized computers were shipping, but they still didn't fit on your desk. Think about it.
Gravity is the weakest form of energy, it needs an incredible amount of mass to create a noticable amount of effect.
Sure, that's easy to say now, but not 200 years ago. 200 years ago, a lodestone was *the* magnet. It was a piece of rock that attracted iron filings.
A couple of weeks ago while I was out at a wrecking yard digging up parts for one of my cool old cars, I watched an electromagnet lifting cars. That's a lot of iron filings.
Similarly, 200 years ago, an ebony rod attracted grains of pepper. Now, we harness electrostatic attraction and replusion for all sorts of things, ranging from TV sets and computer monitors to Van de Graaf generators which power linear accelerators at nuclear research facilities.
Consider that, to my knowledge, we've still got no higher understanding of why two positively charged ions repel, or why a positively charged ion attracts a negatively charged ion. Nor do we really understand anything more about magnetism's lines of force than the pretty little lines of iron filings on the paper when we rest it over a bar magnet. Like gravity, they're fundamental forces. We know a little bit about how to use them - the variables involved. Mass, materials which maintain an electrostatic charge well, and ferrous metals. We know they're inter-related. But how do the forces themselves work?
With our present knowledge, we're at about the level of proficiency of a secretary who is good with Excel and yet still refers to her computer as a "hard drive". We can make two of these forces do the things we want them to do, but we don't have any higher knowledge of how they work.
Gravity is, of course, the most difficult of the fundamental forces to research, because it would require either huge masses that you can manipulate at will or incredibly accurate measuring instruments. 200 years from now - maybe even sooner, who knows - we'll probably be able to manipulate gravity at will. Maybe not around the Earth, but maybe around a space ship which we wish to launch from the surface.
Certainly, there's a huge motivation to studying it, especially if it can be harnessed as easily as magnetism. How much does a Space Shuttle booster tank cost to fill?
Yes, I know it's inelegant... but there's a reason
on
Code Redux
·
· Score: 2
You might have more chance to get hired if you changed cat file | grep pattern into grep pattern file
[grin] That's actually what it's running; I'm not crazy and I don't want to melt down my server with the extra command and the pipe overhead. I took a little...uhh... artistic license and used cat and then grep on the page because, based on the number of Slashdot visitors who are still running Windows, it seems more self-explanatory.
My reasoning? I don't know what percentage of those people are actually running Linux/UNIX servers. Most UNIX newbies could figure out what the cat does, and the pipe is the same as from DOS. And then, in that context, I don't think it would take a rocket scientist to see what grep does. However, grep on its own would look a little unclear.
My focus group was my two roommates, both reasonably conversant with Windows and DOS (one of them has an original copy of DOS 3.3 still sealed in the box), no previous experience with UNIX of any sort, or the allegedly mind-blowing command prompts. The closest they've ever come to a shell is configuring a POP mail client. [grin]
Yes, it appears to be inelegant. On one hand, the display version is in the very traditional UNIX model of a small, specialized and portable tool for each task, so in that sense, it's the preferable way, it's elegant in context. But, anyone who has ever written a script and watched top would cringe at it because it's a brute-force programming technique, almost as bad as a bubble sort. I don't claim to be a programmer, let alone an inspired one, but I certainly value efficiency.
Okay, am I out to lunch? Does it work? I thought it through; after all, this is a first impression of me. Maybe I'll put a link off it with an explanation of why I chose to display the command that way.
Slashdot Mirror
OpenBSD.
While Solaris isn't open source, and x86 Solaris software and support isn't as readily available as it is with Linux or even BSD, Solaris is *big iron* even if it's running on your little Pentium. 2 year old hardware is well supported, and it's a good taste of UNIX, too. It's *free* to download at www.sun.com! And it's Solaris! :)
Though, I still think that a bash shell is best for a newbie, and Solaris 8 doesn't come with that.
(If you're having problems burning Solaris 8 binaries CDs, there's a workaround, e-mail me.)
I think a good question is, What is best for a user from windows to do? learn a distro that is easier to use or to learn the distro that is more hardcore, and shed any windows-likeness in the process?
I look at it this way. We don't want the guy to get discouraged and go back to what seems easy (Windows). And, the way I look at it, Red Hat is a good taste, because it's so well supported. He can get hard core once he's learned how to get the box to do what he wants through the point-and-drool stuff. He's got enough to learn with just the new UNIX terminology and the basic architecture.... ("Where's my C drive? How do I save my work if I don't have a C drive?!").
I'll tell you, I had an e-mail address in 1988. It was a UUCP account, through a dial-up shell on a Sun box, and I was familiar with being a UNIX user back then. I walked away from it, and eventually moved to my Amiga systems, then finally to a 486 with Windows 95. Getting sick of Windows and going back to UNIX (Linux) was tough enough, especially when you've got root access for the first time. :)
Go gently, get a popular distro, and don't get discouraged.
Oh, and by the way, welcome to the world of real operating systems. You know you're there once you type "ls" by accident when you sit down at a DOS box. Or when you try to open CONFIG.SYS with vi. :)
You'll never look back. Windows is such a cumbersome toy in comparison.
For your first Linux distro, I recommend Red Hat Linux. While I think it's unquestionable that it's not the best Linux, especially from a security standpoint, it's very well supported. Almost every Linux FAQ you'll find on the 'Net treats Red Hat as the defacto standard.
Coming from NT/2000, for the first little while, everything is going to feel really foreign and strange. Don't lose your way. Relax and read the docs which are all over the 'Net. And don't be afraid to experiment with the system.
Red Hat has (don't flame me, this is from memory) an installed base of about 50% of the Linux market; you can't beat the support. And even if it's not the most secure or stable Linux, it blows NT/2000 out of the water in security and stability.
Specific version? Find a Red Hat 6.2 distro; make sure you turn off un-needed daemons ("services" in Windows parlance) and do the BIND upgrade, since most older Linux/UNIX distros ship with a fairly dangerous DNS server vulnerability.
I'd stay away from x.0 versions, especially RH 7.0, which, to be blunt, sucked. I like the greater maturity of the 6.2 distro over RH 7.1 because, well, RH 6.1 wasn't nearly as good as 6.2. Note that the kernel that ships with 6.x and 7.0 is a 2.2 series kernel, and a more modern distro has a 2.4 series kernel, which means better built-in firewalling, SMP support and a few other goodies.
Once you're comfy with it, consider moving up to Debian or Slackware - but that's a matter of opinion.
eh? 240 watta/sq. meter is a lot. either way, i believe that is on the very high end of possible energy capture, i.e. assuming a very very efficient panel. however, A)240 W/sq m means a small roof could provide 20kW or so, way more then a regular house needs. even assuming a low efficiency, the numbers are still pretty nice.
Yeah. And maybe 20 years or so from now when the technology moves out of the laboratory and into Home Depot, we'll see it powering peltier junction air conditioners.
Also, how do you collect the power from the solar cells? Anything capable of dumping 20kW of power would be ...troubling, since a paint-on coating isn't terrifically easy to which to make a low-resistance high-current connection. Anything less than a perfect connection to the surface would result in voltage drop due to the resistance of the connection. There would be a *lot* of heat.
B) you don't need batteries, just hook the system up to the power grid, and during the time you make more than you use, the power company pays you for the excess.Typically, electrical demand in a city increases as the sun sets. Batteries *would* be required, and current (and horizon) technology isn't especially efficient.
20kW of power, per house, trying to be put back into the grid would mean that all the pole transformers and stuff would have to be retrofitted for it. Much of the grid in my area was installed over 40 years ago, and is unlikely to be changed in the near future - it's built to last.
Finally, household power is 60Hz (in North America) AC. Syncing the inverter to convert the DC from the solar cells into AC with the grid is a non-trivial exercise. If the power from the grid and the power from the inverter are off by even one degree in phase, bizarre problems which would look like a lagging load (power factor) issue will ensue. Very nasty.
I see something like this as, in the future, being a great way to power air conditioners on sunny days (but what about hot and cloudy days) but beyond that, I think it's a neat idea that will remain essentially impractical.
Is it possible you accidentally left your sense of humour and response to irony in your other pants?
He probably hates me because he's not circumcised. [grin] With my .sig, I get irrational stuff like that every now and then.
I threw together a script a few nights ago that sends such a popup to every CodeRed2-infected server that's contacted my server. It's available at http://salfter.dyndns.org/codered.shtml if anyone's interested. I also have live log info available there...got only about two dozen hits from the original CodeRed, but CodeRed2 is at 3500 hits and climbing.
Very, very, very cool. Thank you for sharing it. I'm going to hack it to tail a standard Apache log file and alert the luser directly.
I live in Charlottesville, Virginia. There are a number of things that make our tech scene great.
Oh, I love Charlottesville. I used to work for Litton, and they offered me a transfer there a couple of years ago. I turned it down, in the end, because I didn't like the position.
But, ah, Charlottesville. Friendly people, beautiful Virginia countryside all around, low real estate prices (compared to Toronto), low taxes (compared to what the Canadian government does to me every two weeks), and FedEx doesn't have to go through hell to try to get my rust-free Arizona car parts to me. My 1976 Dodge Ram fit in perfectly there.
[sigh]
We can do it for them...
GET
Okay. So, I'll put up a disclaimer on www.glowingplate.com that any connection attempts by machines infected with Code Red will be met with an HTTP request to $HOSTNAME/script/root.exe?+%2fc+format+c.
Set up Lynx into a little script, log the confirmed kills to my log printer, and all is good legally because of the disclaimer. One would hope.
Just write a new version that infects IIS, shuts it off, installs a better web server, and voilà, the world is a better place! It would be even better to uninstall IIS, but we all know it's impossible to uninstall Windows software.
Why is that moderated to 0, Troll? That was both funny as hell, and a good idea!
Did a Windows zealot actually manage to gain enough karma here to be moderating?
My, my. MCSEs in positions of power. What is Slashdot coming to?
I'm still wondering what I should do with the hundreds of IPs in my desktop's apache log
should we set up a site somewhere of ip addrs?
Already got one! Remember, the list, including fully-qualified hostnames, is for _educational_ purposes only. I've made it available so that we can study how this thing moves, not for such purposes as mass-spamming postmaster@$IIS-INFECTED-HOSTNAME with flames reminding him that he is a bliterhing idiot, nor for other untoward activities which may be performed on a machine with a shell in a webserver's public directory.
IT'S INDIGO FOR FSCK'S SAKE
Well, of course it is. I was building up to it, and revealing the name in the color of the box was rather self-defeating to the melodrama inherent in later naming it an Indy.
Hey everybody,
I've had exactly two epiphanies in my life. One was the first time I saw an Amiga, back in 1985. I knew I would have one.
The other time, it was 1993 or 1994. I was installing a video projection system into a hotel meeting room. The computer to which I had to connect the video projector was a funky little purplish pizza-box with the name "Indy".
I fell in love.
I still don't have an old Indy or Indigo - or even any UNIX workstations - so far, I've kept my cravings in check with Solaris 8 x86, FreeBSD and Linux.
There was something running on that Indigo that day. I don't remember it very well, but I remember the name: Music Box. In the window, there was a picture of a woman, and cartoon musical notes would fall out of her mouth as eerie but beautiful music played in the background. For several hours while I aligned the video projectors in the room, it was on the screens, 10.5x17 foot image of an IRIX X session, with that eerie and hypnotic image and sound. It freaked out my boss, too. :)
It looked like something you'd just leave on the screen of your computer to amuse passers-by. Anyone have any idea what it was, or whether it's available for anything but MIPS/IRIX? A Google search didn't prove too helpful.
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
Have him spray the booth in herring oil, then release the penguins...
Oh, that would be messy. :)
Adobe, will you please make it so our forms can be filled out with typewritten information by our users before they print it? Sure. Adobe Acrobat forms are born. Then the agencies start to notice that when the form requires the same information in several different places, people are mistyping it in one or more. Hence the Javascript in PDF.
That's all relevent, and I would stop just short of calling it a feature creep.
But, on the other hand, on a government webpage, the mandate of which being to bring make government services more accessible, shouldn't they stay with simpler, more reliable, and better supported mechanisms?
Maybe I'm unclear, but how does Acrobat get the information back to the PA gov't? Do you *fax* the form back, meaning that the unemployed dude has to have both a fax and a computer (or at least a computer and a scanner)? Remember, unemployment services will have a broad sector of people using it - not all of 'em will be computer geeks who have a scanner/fax handy.
The other option: does Acrobat have the mechanisms to send the information back to the server? Is it encrypted? That'd be fairly personal information to be going across the wire.
Acrobat isn't supported in a default Windows install. And, let's face facts, the lowest common denominator is AOL on Windows 95. While my mother has a real dial-up connection, she's at brower and e-mail only sophistication. She called me because someone sent her a PDF file, and had no idea what it was. I led her through downloading Acrobat Reader, but she got so frightened by all the installation options that she gave up, despite me telling her, "Mom, just click OK".
The only thing I can think of to provide that level of functionality would be a good old HTML form. IE 2.0, which shipped with NT 4.0, supports it. The biggest hurdle is at least 56 bit encryption - what generation of browser started to include that by default?
Bells and whistles are good, when they work. But, again, the cross-section of users *who are paying to use this service* (after all, it's *their* tax money) should be able to make use of it. Truck Driver Joe might not know anything outside of his small, clearly-defined AOL prison cell.
Why stop there? Why not sue gun makers cause they make something that is only good for killing people? Oh wait, a bunch of idiots already tried to pull that shit and lost.
Guns have a lot of benign uses. Ever shot clay pigeons? Ever shoot cans off a fencepost? It's fun!
IIS, however, has no such benign uses.
In the midwest, there is the Dayton Ohio Hamfest. Which is a huge (as in takes all day to walk around literally) place to buy/sell/trade all forms of geek gear. If you know your stuff, you can find some computers and parts that havent been seen for years.
MmMMMmm... Dayton Hamfest. I went down there (from Toronto) with a friend of mine in my old Dodge pickup truck. Half-ton truck, went down with nothing but a spare tire under the bed and our suitcases behind the seat. Came back so badly overloaded that the cops made me put it on the weigh scale. (I was, like, three pounds below my limit. Good thing the fuel tank was almost empty at the time.) Crossing the border with that stuff confused Kanada Kustoms. They tried to charge me duty on a 50 year old TV set, for one thing.
I loved the Dayton Hamfest. But, never again. Ever. It was bad.
The legal implications of this are a bis issue, but it's certainly an interesting code example.
Yeah, it's a great idea. It would be wonderful to see someone do it, but at the same time, if you did, you're as bad as the virus writers, since this would propagate everywhere and make changes on their systems without their consent.
For me to even academically consider such a virus, it would also have to have automatically e-mail the (l)user whose machine has just been patched, and state "You are an idiot. You've been negligent in the maintenance of your webserver. A benevolent UNIX/Linux geek wrote a virus which propagates by the same method as Code Red and it has now fixed this vulnerability on your machine. To learn about real webservers, go to www.apache.org."
But based on what I'm seeing from the description (I haven't unzipped/untarred it yet), I suspect it's more along the lines of what I've been wanting to do. If I get a request from a IIS-infected machine, why not have it force a reboot of that machine? Through the negligence of the system's owner, it attacked me. Why can't I merely force a reboot, clear the virus from the memory, and hopefully alert the imbecile involved that he's got a problem?
Take a look at my webserver log (link from my sig). I seem to be getting hit by the same IIS-infected hosts over and over. I'm sure the IIS-infected machines are getting hit by the same other machines over and over. If I were to force a reboot of those machines which attempt to infect my Apache server, then they'd promptly be reinfected, and since Code Red II scans within a tighter range of IP addresses, I'd probably take that machine down again. Of course, the cycle would repeat, and infected machines where I'm within their scanning range would be coming up and going down all day. Surely the owner would eventually realize something was wrong?
I'd love to do this, but I still don't like the legal implications. Stealing a car to prevent someone driving while drunk is still illegal, and this is a lot less clear-cut.
I agree. This past monday when i first login, my W2K told me it shut down in 2 minutes because it just installed an anti-code-red. this is itself exactly a virus: executing something without owner's consent...
This past Monday? Wow. I see your administrators take their time, don't they? Or did they wait until they'd been infected to decide that it might be time to take preventative measures?
I know that
But what percentage of the gas in Sol is involved in fusion at any given nanosecond? This candle's been lit for billions of years and still has a lot more to go. The popular theory, as I understood it, is that the sun is primarily composed of superheated gases. The plasma is involved only in the fusion reaction which powers it; beyond that, it's gas, which remains affected by its own gravity.
Which, unfortunately, blows a hole in your claim that gravity will one day be manipulated the way the electromagnetic force is today. The gravitational force between two protons is on the order of 10^-36 times the electrical force. That's what people mean when they say that gravity is weak.
Yet the gravity occuring on a subatomic level is sufficient to hold two protons together, in holy matrimony, despite their obvious lack of electrical... uhhh... chemistry.
Bollocks. The fact that the Sun is a sphere, and not a cloud of atoms evenly dissipated across the universe, is pretty strong evidence that plasma is affected by gravity.For sure. But what percentage of the gas in Sol is involved in fusion at any given nanosecond? This candle's been lit for billions of years and still has a lot more to go. The popular theory, as I understood it, is that the sun is primarily composed of superheated gases. The plasma is involved only in the fusion reaction which powers it; beyond that, it's gas, which remains affected by its own gravity.
You're total and complete nimcompoop.
Hey, have you patched your trusty IIS servers yet?
We used to barely understand magnetism, but now we manipulate it all the time.
I suspect that we don't actually understand magnetism, we simply harness it to our own ends. 200 years ago, we didn't do that.
We now barely understand gravity, but in the future we will manipulate it all the time.I suspect that probably, yes, we will.
Uh, no. Perhaps the law of gravity can be defied near black holes or in some other bizarre frame of reference. This does not mean that we will ever be able to do it. There is no "probably" about it. We might just as probably discover the true nature of gravity and find that it is completely impossible to defy.Sure. And that's entirely possible. But on the other hand, we can be fairly certain that the fundamental forces of nature occur on a subatomic level. We've only really been able to harness and understand fission for 50 years; we're still reading the table of contents on the book of subatomic phenomena. And it looks like it's a big, thick book, full of incredibly juicy stuff, but there's a lot of hard work ahead. Kinda like flipping through your first book on machine language programming.
What I'm merely suggesting is that I grew up in an age of scientific enlightenment - as did you. I trust and believe in science, if not just to make my life better, but at the least to make it more interesting. Now, since the fundamental forces seem to be more or less inter-related, I have faith in science. If we can harness two of the fundamental forces, why not the third?
Interestingly enough, plasma is widely held to be a fourth state of matter (solid, liquid, gas, plasma). And, while it's clearly affected by magnetism and electrostatic forces, it also seems to be unaffected by gravity. Now, I can convert water to ice or steam relatively effortlessly with technology; maybe one day I'll convert it to plasma? (Today, August 2001, I can convert argon to plasma at the flip of a switch in my bedroom. That's almost as cool as your website.)
Have faith in science. The best minds in the world are working on this one. I believe some sort of answer will come during out lifetimes.
When my father was my age, the first transistorized computers were shipping, but they still didn't fit on your desk. Think about it.
Gravity is the weakest form of energy, it needs an incredible amount of mass to create a noticable amount of effect.
Sure, that's easy to say now, but not 200 years ago. 200 years ago, a lodestone was *the* magnet. It was a piece of rock that attracted iron filings.
A couple of weeks ago while I was out at a wrecking yard digging up parts for one of my cool old cars, I watched an electromagnet lifting cars. That's a lot of iron filings.
Similarly, 200 years ago, an ebony rod attracted grains of pepper. Now, we harness electrostatic attraction and replusion for all sorts of things, ranging from TV sets and computer monitors to Van de Graaf generators which power linear accelerators at nuclear research facilities.
Consider that, to my knowledge, we've still got no higher understanding of why two positively charged ions repel, or why a positively charged ion attracts a negatively charged ion. Nor do we really understand anything more about magnetism's lines of force than the pretty little lines of iron filings on the paper when we rest it over a bar magnet. Like gravity, they're fundamental forces. We know a little bit about how to use them - the variables involved. Mass, materials which maintain an electrostatic charge well, and ferrous metals. We know they're inter-related. But how do the forces themselves work?
With our present knowledge, we're at about the level of proficiency of a secretary who is good with Excel and yet still refers to her computer as a "hard drive". We can make two of these forces do the things we want them to do, but we don't have any higher knowledge of how they work.
Gravity is, of course, the most difficult of the fundamental forces to research, because it would require either huge masses that you can manipulate at will or incredibly accurate measuring instruments. 200 years from now - maybe even sooner, who knows - we'll probably be able to manipulate gravity at will. Maybe not around the Earth, but maybe around a space ship which we wish to launch from the surface.
Certainly, there's a huge motivation to studying it, especially if it can be harnessed as easily as magnetism. How much does a Space Shuttle booster tank cost to fill?
You might have more chance to get hired if you changed
cat file | grep pattern
into
grep pattern file
[grin] That's actually what it's running; I'm not crazy and I don't want to melt down my server with the extra command and the pipe overhead. I took a little ...uhh... artistic license and used cat and then grep on the page because, based on the number of Slashdot visitors who are still running Windows, it seems more self-explanatory.
My reasoning? I don't know what percentage of those people are actually running Linux/UNIX servers. Most UNIX newbies could figure out what the cat does, and the pipe is the same as from DOS. And then, in that context, I don't think it would take a rocket scientist to see what grep does. However, grep on its own would look a little unclear.
My focus group was my two roommates, both reasonably conversant with Windows and DOS (one of them has an original copy of DOS 3.3 still sealed in the box), no previous experience with UNIX of any sort, or the allegedly mind-blowing command prompts. The closest they've ever come to a shell is configuring a POP mail client. [grin]
Yes, it appears to be inelegant. On one hand, the display version is in the very traditional UNIX model of a small, specialized and portable tool for each task, so in that sense, it's the preferable way, it's elegant in context. But, anyone who has ever written a script and watched top would cringe at it because it's a brute-force programming technique, almost as bad as a bubble sort. I don't claim to be a programmer, let alone an inspired one, but I certainly value efficiency.
Okay, am I out to lunch? Does it work? I thought it through; after all, this is a first impression of me. Maybe I'll put a link off it with an explanation of why I chose to display the command that way.