Bloody site's been down for a day now
on
Uplink
·
· Score: 2
Does anyone know what's up with Introversion's website? I've been itching to buy this game since I finished the demo, but no avenue of purchase is forthcoming. The suspicious "You don't have permission to access [any path] on this server" suggests that either Introversion got slashdotted and are trying to cope..or some script kiddy thought it would be a cute prank to take them out of service.
Nobody is talking about stripping, and it'd damn well better stay that way! The world is already crazy enough; no need for loonies to go running around the Slashdot forums in the buff. There are other websites for that sort of thing!
If we want to talk about RAID striping, on the other hand, it might be somewhat more on topic. And much easier to handle, for the prudish and faint-of-heart among the readership. =]
I haven't done any digging yet, but it is my assumption that as head of security he will be in charge of physical security policy at Microsoft installations: who has access to which rooms, and at what times of day. How many cameras to put in the bathroom stalls. How many parabolic surveilance microphones to hide in the trees. How many pits full of punji stakes, vipers and bear traps to place around the Redmond campus.
In other words, Big Brother stuff. Spook stuff.
That is what a chief security officer does in the traditional corporate environment. He will have an underling (or several) who handle electronic security for him. If he knows what's good for him he'll realize that he shouldn't try and play a game he knows nothing about, and he'll let his underlings have free reign.
Not that it will do any good, of course. As long as Microsoft uses its own software, it will always be vulnerable to the same exploits with which it burdens the rest of the world.
I've been using XOSL for 18 months now; XOSL itself is installed on a DR-DOS 7 partition which is also the first primary partition on my drive. The MBR of the drive contains XOSL. I quad-boot DOS, Windows 2000, Linux and BeOS and have never had any troubles doing so. XOSL really is an amazing tool. I'm glad to see it finally get recognition!
I've done small projects with plexiglass before, and had great success cutting the stuff with a Dremel tool. I use a cutting wheel and very patiently cut along a line which I have previously drawn on the plexiglass. It's cumbersome, and very hard to make straight cuts longer than a couple inches, but it works. You might have success using the Dremel's jigsaw adapter. Using a couple C clamps and some scrap lumber, you may even be able to fashion yourself a mill which you can use to make straight cuts.
Be VERY careful about clamping the Dremel tool to a table, however. Make sure it's secure as hell and there's no possible way for it to slip. Zip ties might be useful for this.
As far as bonding plexiglass goes, I've never done it with glue, but aquarium glue works pretty darned well. If you're not too picky about how the finished product looks, epoxy should work well too.
We could always establish a spacegoing equivalent of the FAA: some administrative agency whose laws and regulations govern space travel. Any electronic equipment that wants to go up, must be first approved by the National Spacecraft Testing Labs. NSTL, what a flashy acronym! Too bad it's already used...
And these tiny microsats are our forebears. They are letting us do the research that will someday make it cost-effective to send people into space on a large scale.
I should like to think that machines (such as these sats) will someday be our companions up there, the spaceborne equivalent of the civil infrastructure of water lines, power grids, streets and highways that we all take for granted.
Now there's an amusing thought: astronauts waking in the middle of the ship's night to the clunking of dozens of microsats on the hull. Like a hailstorm in an automobile. *thump thump clunk thump* "What's that noise?" "Aww, just a couple GPS birds. Nothing to worry about."
In actuality, it's pretty hard to hit anything in orbit. There's a whole lot of space out there, and not a very large volume of space junk. And, at least for spacecraft which are still in the middle of their useful mission lives, the orbit of everything up there is calculated. I'm sure there is even a repository or tracking agency for random space debris. Collision avoidance has got to be largely a planning matter (adjusting the Shuttle's flight plan so its orbit never intersects with known random space crap).
I wonder...does the Shuttle even have a search radar operating, to watch the space around it for navigational hazards? I've never heard of such a thing...
I consider myself a staunch libertarian when it comes to the Bill of Rights, and to personal freedoms in general. So I can hardly believe I'm saying this! But hear me out. I propose a few rules for a national identity card system that would provide us with all the benefits of nearly unforgeable proof-of-identity without compromising our right to privacy or any other right which we currently enjoy.
1) Central to the identity card system is a suite of protocols for digital signature operations; key signing, verification and exchange; and key revocation. The principals of public-key cryptography form the basis of the system and can be used to implement rest of the features, which I outline below. The system is designed to facilitate cryptographically secure communication between private citizens, thereby giving us rights that we practically don't have today!
2) Nobody can ever be compelled (forced) to show his card. Similarly to the right of a business to refuse service if you don't wish to furnish your social security number, organizations may choose not to talk to you if you won't furnish some proof of identity, but proof of identity can never be required by a government agency, or in relation to the fulfillment of certain human needs (food, water, air, clothing, shelter, communication).
3) Every individual can create new, anonymous identities at will. These pseudonyms can be nothing more than a keypair and a globally unique identifier (and perhaps some optional contact information). The private key of each pseudonym is only stored in encrypted form, having been encrypted with the public key of the person who uses the pseudonym. Thus, the owner of the pseudonym can prove that he "is" the pseudonym, but only with his consent, and only under circumstances that he controls.
4) When a citizen's keypair is created, the private key is split using a keysharing algorithm into a large number of shares (~10,000 should do, or fewer for pseudonymous keypairs). The keyshares are distributed (in secret) to randomly chosen individuals. We perform the keyshare operation such that 60% of the shares must be recovered in order to recover the key. In a situation where some person, organization or government needs to crack the identity, he can appeal to these 10,000 people as a sort of "jury of peers" to see if he can convince them to divulge their keyshares. Once an identity has been cracked, private communications to that identity can be decrypted.
5) In order to protect against algorithmic attacks, a number of various symmetric and asymmetric cryptographic algorithms are supported by the system. Communications between agents in the system take place using algorithms and keylengths agreed upon by the participants.
One caveat: This all assumes that the identity cards are perfectly secure automomous computer systems. That is: the identity card is solely responsible for performing all the cryptographic operations, and information can never be read from an identity card without the consent of its owner. This daydream is probably the biggest flaw in my plan.
Regardless of whether the message was a pissing contest, you can clearly see from the wording of the message that it was not an incitement to terrorism.
If I happened to be discussing this terrible incident in a restaurant, and just to make a point, as part of my conversation, I happened to utter the words "I am a terrorist...I am planning to attack a large target," would that instantaneously make me into a terrorist? Of course not. I would simply be invoking the hypothetical situation wherein I was a terrorist. I would be invoking this hypothetical situation in order to expound some (anti-terrorist) point I wanted to make.
I should point out that, as of this day, the words "I am a terrorist" are forever emblazoned in the Slashdot discussion archives. Perhaps in a few days, someone will come across my comment and report it to the US government, saying simply that terrorist elements are operating on Slashdot, hiding encrypted messages in the comments. And that will be the end of slashdot.
After hearing what everybody has to say, I've decided that this sort of script is probably not a good idea. To those of you who replied to me via email, I'll send you a link to a webpage where I'll be putting up the script, once I get hold of it. You'll be able to reach it after clicking through a disclaimer.
I would still advise against anyone using this in "production" (i.e. to combat live code red attacks on the open Internet.) Think about it:
If, for some reason, your copy of the script mis-performs and corrupts IIS DLLs or executables on the attacking host, you will be liable.
If the federales are monitoring traffic and see your box actively exploiting the Code Red hole, you're in trouble.
If your ISP notices your box "propagating" Code Red, then you are likely to be denied service (in the most literal manner) and your account might be terminated.
So, in the final analysis, it's probably better just to put up a default.ida that does a "net stop w3svc" (as someone else here recommended) or does a reboot.
I've been there a few times within the past few years. The persnicketiness on the web page is mainly directed at vendors; they want to make sure that no monster-truck-and-computer-rally style retailers make it into their swap meet. They're trying to keep it strictly amateur--they are hams, after all. =]
Thing with computer items is that pretty much all of them are radio-related. Computers, radios, they're all electronic, and most hams dabble in computers. I dunno if you'll find that many old *nix workstations, but you're bound to find a few legacy components.
I've bought old hard drives at the swap meet; I've bought memory and I once bought an 80387 math coprocessor, back in the days when hardware floating-point support was still considered optional!
There is a largish swap meet that happens near the TRW building in the Manhattan Beach area on the last Saturday of every month. It's free admission, with effectively unlimited parking. It's located on the Northwest corner of Aviation and Marine.
It's frequented by a lot of amateur radio operators and hardcore electronics specialists, so don't expect to find helpful salesmen ready to sell you a system fresh off the boat from China. Expect vaccum tubes, used parts, legacy hard drive controllers and random electronic components you've never heard of.
I thought of doing this a few days ago and I started coding. I got as far as a script to automatically reboot attacking machines, to help slow the spread of Code Red.
I had begun work on a worm called Code Blue that would infect Code Red machines and clean them of Code Red. This kind of work is very laborious since it involves writing Intel assembly code that uses the Win32 API and runs in a Windows environment.
Before I could finish, my best friend (who is a security consultant) informed me that somebody has already done this. There is a perl CGI script going around that you can put into your root directory and name "default.ida" so that infected machines will cause it to execute.
The script connects to the IP of the attacking machine, uses the Code Red II backdoor to clean the system of trojanned files. Then it uses the very same buffer overflow exploit used by Code Red to send a binary to the server that patches IIS, removes Code Red-related registry entries and reboots the machine.
There's always the anecdote about a company that was giving a demonstration of speech recognition in MS-DOS. (In one version I've heard it was Creative Labs; in another it was Microsoft.)
The marketing flack giving the presentation arrives at the most dramatic and impressive bit, where he demonstrates the system's capability to recognize a set of related commands. He keys the mike, preparing to speak a command, and someone in the front row of the audience shouts "FORMAT C COLON! ENTER!" Someone in the row behind him shouts "YES! ENTER!" and history is made.
In all fairness I have no source for the story, but I once used a DOS-based Creative Labs product that would easily have been capable of such a feat. I believe it was called Voice Commander, and I trained it to recognize the letters of the alphabet, plus some punctuation and DOS command words.
My own spam problem started in the dark and forlorn days of 1995. It all started because of a name.
Due to an unfortunate accident of ancestry, my initials happen to be ADS. When I got my first dialup shell account, I chose to use my initials for my login name in the style of one of my then-heroes, Robert Tappan Morris (of RTM Worm fame). Thus did I become ads@netcom.com.
You can imagine the sort of traffic this generated for me, from day one! Every yokel with a half-brained scheme and a university mail account decided that this miraculous 'ads' address must be a special mailing list for thousands of Netcom customers who sat with baited breath, waiting to learn how they could lose weight fast, get rich quick or get rid of debt.
I fought this torrent of spam for almost 5 years before I finally had the technical proficiency and computing resources to come up with a solution. The solution I finally found is elegant and simple. It keeps the spam down to three or four messages per day. More importantly, it lets me know who is distributing my name to whom, and when.
I have a host alias tracker.xeger.net. Mail sent to any address @tracker.xeger.net is subjected to extra-bitchy filters, and mail that makes the cut is forwarded to one of my normal mail accounts, address intact.
Whenever I go to a new web site, or give my email address out to anyone, I give them an address of the form 'domain_dom@tracker.xeger.net'. CNN gets 'cnn_com@tracker.xeger.net'; Amazon gets 'amazon_com@tracker.xeger.net' and so forth. When the spam comes rolling in, I know from whence it came. I know how they got my mail address. And I know who to hunt down and disembowel.
To this date, I have been solely responsible for more than 200 cancelled accounts and at least two blacklistings. The count goes up daily.
Herley-Metraplex has this to say about their fine orange-boxed Hybrid Data Measurement System:
"Integrates signal conditioning, calibration, analog and digital multiplexing, avionics bus monitoring, PCM encoding, and many other functions into one compact rugged package."
What we have here is a box that will sample a number of analog signals (up to 32 of them) and encode them into PCM digital signals.
Together with a commutator, the orange box would have been used to relay telemetry signals via radio from an ICBM, aircraft, kayak, bicycle or other craft, to patient listeners. A decommutator such as yours would decode the telemetry stream and some sort of display hardware (such as a computer) would interpret the telemetry, and produce photogenic graphs and charts for the pleasure of onlooking engineers with buzzcuts and pocket protectors.
Although it's distinctly possible that your boxes could have been used in an ICBM, they could also have been used in any other vehicle that incorporates electronics or cybernetic control systems. Aerospace is, however, the field where you'll find most of these vehicles. Have you checked to see if the boxes glow in the dark? That's always a good tell-tale sign of ICBM involvement. =]
PCM, as many Slashdotters know, stands for "pulse code modulation" and is the encoding technique used natively by your sound card. Your sound card is a fancy digital-to-analog converter whose job is to take PCM waveforms and convert them back into an analog signal which drives a speaker. The speaker vibrates, and out comes music, or speech, or whatnot.
On a somewhat related note--have you ever (by accident or on purpose) conducted a websearch for something that doesn't *really* exist...and found it anyway?
I discovered this phenomenon the other morning. Here are some examples of things I've found that don't exist:
The Birtish Isles (14 hits), seat of the much-renowned Birtish Empire (4 hits) which flourished during the 18th and 19th centuries. Some 60,000,000 Birtish (573 hits) make their home on the Birtish Isles.
The Federal Republic of Gremany (866 hits), fatherland of the boisterous Greman people (1,110 hits). Gremans are famous for their unique Greman beer (44 hits).
Candada (1,580 hits). The Land of the Great White North; gentlemanly, nonthreatening northern neighbor of the somewhat Orwellian Untied States of America (600 hits). Candadians (1,540 hits) do enjoy their maple sryup (62 hits).
From what I understand, the display is a flat-panel LCD which spins rapidly. Assuming this is so, this display has a major limitation: it can't be viewed from overhead! As you move your head from the horizontal (head-on) aspect, the display will become increasingly distorted, until you're looking directly down at the display, at which point it won't be showing much of anything. Yech!
An interesting idea. In fact, one might propose that we simply create a hemispherically-shaped LCD display with the pixels on the outside, and then use it to display graphics with a 360 degree field of view.
This would be a perfect application of lumigraph technology. A lumigraph is a departure from traditional 3D rendering techniques. It can be thought of as a function which perfectly encodes the light transfer characteristics of an object. Once you have computed the lumigraph function for an object (or a scene), you can say "Give me the color I will see if I'm looking at it from such-and-such vantage point, at such-and-such distance." So, refreshing our hypothetical hemispherical LCD would be as simple as evaluating the lumigraph function for the scene across its surface.
There are a lot of mathematical and engineering problems for this approach--it's damned hard to compute those functions to begin with, and probably not feasible to express a changing scene in terms of its lumigraph function.
Ah, yes, I was waiting for someone to make the connection.:)
IMO, that's actually the way to go. We're getting closer all the time to understanding the visual cortex, and it seems a dreadful waste of resources to use a brute-force mechanical display solution when you could simply render an entire scene directly into someone's field of vision by talking to his optic nerve.
Unfortunately, the technology to do that safely and cheaply is probably 70-100 years distant, and there will always be people who don't feel comfortable with it, are allergic to whatever implants they develop, etc.
Unless someone figures out a noninvasive method for doing it, like in Gibson's short, there will probably always be a market for volumetric displays, just as there will always be a market for 2D displays. The two types of display are as fundamentally different as pencils and calligraphy pens.
The main drawback of Actuality's approach is the rapidly spinning screen. It occurs to me that this same technology isn't all too far from being implemented with immobile, solid-state electronics.
Picture this: a hemisphere of acrylic, crystal or some other clear material, impregnated with millions tiny triplets of red/green/blue light-emitting polymer. The control circuitry for the LEP "pixels" runs vertically throughout the display and is made of the thinnest wires possible, to avoid obscuring any light from escaping the display. (Perhaps the control circuitry is fiber optic, or perhaps it's made of some sort of electrically conductive crystal.)
The display works on the same principal as an Actuality display--only instead of a rotating screen, we do everything logically, sweeping radially around the display and illuminating all the pixels that lie on a given plane or "slice" at the same time, with the proper colors.
This approach would use far less energy than an Actuality display, would have a beautifully high refresh rate, and would have better brightness and clarity.
It might even be possible to get the light-emitting polymer to emit light of a certain polarity, and coat the surface of the display with a material that is polarized so that at any point on the display's outer surface, the only light allowed to pass directly through that point is light that was emitted in phase with the "slice" which runs approximately parallel to the tangent of that point. Don't despair if this sounds like gibberish. What it comes down to is an ultra-crisp display and ludicrously high refresh rates.
The polarized-light technology is probably impractical, but we should have the manufacturing technology for the basic display within 20 years, maybe sooner if this nanotechnology hype ever goes anywhere.
All 2-dimensional and most 3-dimensional display technologies are designed with a single user in mind, viewing the display from one vantage point. While this is fine as long as the user (or small group of users) are performing first-person tasks such as writing a paper, browsing the web, or running around killing people with a rocket launcher.
The moment one tries to bring more than one vantage point into perspective, however, the limitations of a flat display make themselves known. Ever noticed how hard it is to achieve really good results with a 3D modelling package? Ever tried to visualize a complex relationship between dozens or hundreds of objects in 3 dimensional space? It's damned hard using today's display technology.
While demand for these displays will be small at first, it will rapidly grow as they become bigger and cheaper. The first widescale application might well be a third-person an arcade, for example a "model flight sim" where two players sit at a table and dogfight with miniature planes flying in the airspace above the table.
From there, the possibilities are limitless: interactive digital theater in the round; architecture, interior design; and landscaping; there are hundreds of awesome applications for this new toy!
It's only disadvantage is the fact that it is, at heart, a giant moving part. So it will tend to be bulky, power hungry, break down frequently and not like vibrations or drops.
Keep in mind that even on an ordinary monitor, the "polygon-style display" you see is really composed of millions of little pixels. A volumetric display uses the same raster scan methodology, only in 3 dimensions, hence we get voxels instead of pixels. In terms of how the voxel display is rendered, I imagine it undergoes a process analogous to 2D rendering. The difference is that once the polygons have been transformed into camera space, instead of projecting them into 2-dimensional screen space and then rasterizing them into a 2-dimensional memory buffer, the polygons are simply rasterized into a 3-dimensional memory buffer which is used to drive the volumetric display's refresh.
Slashdot Mirror
Does anyone know what's up with Introversion's website? I've been itching to buy this game since I finished the demo, but no avenue of purchase is forthcoming. The suspicious "You don't have permission to access [any path] on this server" suggests that either Introversion got slashdotted and are trying to cope..or some script kiddy thought it would be a cute prank to take them out of service.
Nobody is talking about stripping, and it'd damn well better stay that way! The world is already crazy enough; no need for loonies to go running around the Slashdot forums in the buff. There are other websites for that sort of thing!
If we want to talk about RAID striping, on the other hand, it might be somewhat more on topic. And much easier to handle, for the prudish and faint-of-heart among the readership. =]
I haven't done any digging yet, but it is my assumption that as head of security he will be in charge of physical security policy at Microsoft installations: who has access to which rooms, and at what times of day. How many cameras to put in the bathroom stalls. How many parabolic surveilance microphones to hide in the trees. How many pits full of punji stakes, vipers and bear traps to place around the Redmond campus.
In other words, Big Brother stuff. Spook stuff.
That is what a chief security officer does in the traditional corporate environment. He will have an underling (or several) who handle electronic security for him. If he knows what's good for him he'll realize that he shouldn't try and play a game he knows nothing about, and he'll let his underlings have free reign.
Not that it will do any good, of course. As long as Microsoft uses its own software, it will always be vulnerable to the same exploits with which it burdens the rest of the world.
I've been using XOSL for 18 months now; XOSL itself is installed on a DR-DOS 7 partition which is also the first primary partition on my drive. The MBR of the drive contains XOSL. I quad-boot DOS, Windows 2000, Linux and BeOS and have never had any troubles doing so. XOSL really is an amazing tool. I'm glad to see it finally get recognition!
I've done small projects with plexiglass before, and had great success cutting the stuff with a Dremel tool. I use a cutting wheel and very patiently cut along a line which I have previously drawn on the plexiglass. It's cumbersome, and very hard to make straight cuts longer than a couple inches, but it works. You might have success using the Dremel's jigsaw adapter. Using a couple C clamps and some scrap lumber, you may even be able to fashion yourself a mill which you can use to make straight cuts.
Be VERY careful about clamping the Dremel tool to a table, however. Make sure it's secure as hell and there's no possible way for it to slip. Zip ties might be useful for this.
As far as bonding plexiglass goes, I've never done it with glue, but aquarium glue works pretty darned well. If you're not too picky about how the finished product looks, epoxy should work well too.
We could always establish a spacegoing equivalent of the FAA: some administrative agency whose laws and regulations govern space travel. Any electronic equipment that wants to go up, must be first approved by the National Spacecraft Testing Labs. NSTL, what a flashy acronym! Too bad it's already used...
And these tiny microsats are our forebears. They are letting us do the research that will someday make it cost-effective to send people into space on a large scale.
I should like to think that machines (such as these sats) will someday be our companions up there, the spaceborne equivalent of the civil infrastructure of water lines, power grids, streets and highways that we all take for granted.
Now there's an amusing thought: astronauts waking in the middle of the ship's night to the clunking of dozens of microsats on the hull. Like a hailstorm in an automobile. *thump thump clunk thump* "What's that noise?" "Aww, just a couple GPS birds. Nothing to worry about."
In actuality, it's pretty hard to hit anything in orbit. There's a whole lot of space out there, and not a very large volume of space junk. And, at least for spacecraft which are still in the middle of their useful mission lives, the orbit of everything up there is calculated. I'm sure there is even a repository or tracking agency for random space debris. Collision avoidance has got to be largely a planning matter (adjusting the Shuttle's flight plan so its orbit never intersects with known random space crap).
I wonder...does the Shuttle even have a search radar operating, to watch the space around it for navigational hazards? I've never heard of such a thing...
I think a national ID card system is a good idea.
I consider myself a staunch libertarian when it comes to the Bill of Rights, and to personal freedoms in general. So I can hardly believe I'm saying this! But hear me out. I propose a few rules for a national identity card system that would provide us with all the benefits of nearly unforgeable proof-of-identity without compromising our right to privacy or any other right which we currently enjoy.
1) Central to the identity card system is a suite of protocols for digital signature operations; key signing, verification and exchange; and key revocation. The principals of public-key cryptography form the basis of the system and can be used to implement rest of the features, which I outline below. The system is designed to facilitate cryptographically secure communication between private citizens, thereby giving us rights that we practically don't have today!
2) Nobody can ever be compelled (forced) to show his card. Similarly to the right of a business to refuse service if you don't wish to furnish your social security number, organizations may choose not to talk to you if you won't furnish some proof of identity, but proof of identity can never be required by a government agency, or in relation to the fulfillment of certain human needs (food, water, air, clothing, shelter, communication).
3) Every individual can create new, anonymous identities at will. These pseudonyms can be nothing more than a keypair and a globally unique identifier (and perhaps some optional contact information). The private key of each pseudonym is only stored in encrypted form, having been encrypted with the public key of the person who uses the pseudonym. Thus, the owner of the pseudonym can prove that he "is" the pseudonym, but only with his consent, and only under circumstances that he controls.
4) When a citizen's keypair is created, the private key is split using a keysharing algorithm into a large number of shares (~10,000 should do, or fewer for pseudonymous keypairs). The keyshares are distributed (in secret) to randomly chosen individuals. We perform the keyshare operation such that 60% of the shares must be recovered in order to recover the key. In a situation where some person, organization or government needs to crack the identity, he can appeal to these 10,000 people as a sort of "jury of peers" to see if he can convince them to divulge their keyshares. Once an identity has been cracked, private communications to that identity can be decrypted.
5) In order to protect against algorithmic attacks, a number of various symmetric and asymmetric cryptographic algorithms are supported by the system. Communications between agents in the system take place using algorithms and keylengths agreed upon by the participants.
One caveat: This all assumes that the identity cards are perfectly secure automomous computer systems. That is: the identity card is solely responsible for performing all the cryptographic operations, and information can never be read from an identity card without the consent of its owner. This daydream is probably the biggest flaw in my plan.
Regardless of whether the message was a pissing contest, you can clearly see from the wording of the message that it was not an incitement to terrorism.
If I happened to be discussing this terrible incident in a restaurant, and just to make a point, as part of my conversation, I happened to utter the words "I am a terrorist...I am planning to attack a large target," would that instantaneously make me into a terrorist? Of course not. I would simply be invoking the hypothetical situation wherein I was a terrorist. I would be invoking this hypothetical situation in order to expound some (anti-terrorist) point I wanted to make.
I should point out that, as of this day, the words "I am a terrorist" are forever emblazoned in the Slashdot discussion archives. Perhaps in a few days, someone will come across my comment and report it to the US government, saying simply that terrorist elements are operating on Slashdot, hiding encrypted messages in the comments. And that will be the end of slashdot.
After hearing what everybody has to say, I've decided that this sort of script is probably not a good idea. To those of you who replied to me via email, I'll send you a link to a webpage where I'll be putting up the script, once I get hold of it. You'll be able to reach it after clicking through a disclaimer.
I would still advise against anyone using this in "production" (i.e. to combat live code red attacks on the open Internet.) Think about it:
If, for some reason, your copy of the script mis-performs and corrupts IIS DLLs or executables on the attacking host, you will be liable.
If the federales are monitoring traffic and see your box actively exploiting the Code Red hole, you're in trouble.
If your ISP notices your box "propagating" Code Red, then you are likely to be denied service (in the most literal manner) and your account might be terminated.
So, in the final analysis, it's probably better just to put up a default.ida that does a "net stop w3svc" (as someone else here recommended) or does a reboot.
I've been there a few times within the past few years. The persnicketiness on the web page is mainly directed at vendors; they want to make sure that no monster-truck-and-computer-rally style retailers make it into their swap meet. They're trying to keep it strictly amateur--they are hams, after all. =]
Thing with computer items is that pretty much all of them are radio-related. Computers, radios, they're all electronic, and most hams dabble in computers. I dunno if you'll find that many old *nix workstations, but you're bound to find a few legacy components.
I've bought old hard drives at the swap meet; I've bought memory and I once bought an 80387 math coprocessor, back in the days when hardware floating-point support was still considered optional!
There is a largish swap meet that happens near the TRW building in the Manhattan Beach area on the last Saturday of every month. It's free admission, with effectively unlimited parking. It's located on the Northwest corner of Aviation and Marine.
It's frequented by a lot of amateur radio operators and hardcore electronics specialists, so don't expect to find helpful salesmen ready to sell you a system fresh off the boat from China. Expect vaccum tubes, used parts, legacy hard drive controllers and random electronic components you've never heard of.
More info at: http://www.csz.com/w6trw/swap.html
I thought of doing this a few days ago and I started coding. I got as far as a script to automatically reboot attacking machines, to help slow the spread of Code Red.
I had begun work on a worm called Code Blue that would infect Code Red machines and clean them of Code Red. This kind of work is very laborious since it involves writing Intel assembly code that uses the Win32 API and runs in a Windows environment.
Before I could finish, my best friend (who is a security consultant) informed me that somebody has already done this. There is a perl CGI script going around that you can put into your root directory and name "default.ida" so that infected machines will cause it to execute.
The script connects to the IP of the attacking machine, uses the Code Red II backdoor to clean the system of trojanned files. Then it uses the very same buffer overflow exploit used by Code Red to send a binary to the server that patches IIS, removes Code Red-related registry entries and reboots the machine.
There's always the anecdote about a company that was giving a demonstration of speech recognition in MS-DOS. (In one version I've heard it was Creative Labs; in another it was Microsoft.)
The marketing flack giving the presentation arrives at the most dramatic and impressive bit, where he demonstrates the system's capability to recognize a set of related commands. He keys the mike, preparing to speak a command, and someone in the front row of the audience shouts "FORMAT C COLON! ENTER!" Someone in the row behind him shouts "YES! ENTER!" and history is made.
In all fairness I have no source for the story, but I once used a DOS-based Creative Labs product that would easily have been capable of such a feat. I believe it was called Voice Commander, and I trained it to recognize the letters of the alphabet, plus some punctuation and DOS command words.
Duly noted. I knew something was fishy about that paragraph.
My own spam problem started in the dark and forlorn days of 1995. It all started because of a name.
Due to an unfortunate accident of ancestry, my initials happen to be ADS. When I got my first dialup shell account, I chose to use my initials for my login name in the style of one of my then-heroes, Robert Tappan Morris (of RTM Worm fame). Thus did I become ads@netcom.com.
You can imagine the sort of traffic this generated for me, from day one! Every yokel with a half-brained scheme and a university mail account decided that this miraculous 'ads' address must be a special mailing list for thousands of Netcom customers who sat with baited breath, waiting to learn how they could lose weight fast, get rich quick or get rid of debt.
I fought this torrent of spam for almost 5 years before I finally had the technical proficiency and computing resources to come up with a solution. The solution I finally found is elegant and simple. It keeps the spam down to three or four messages per day. More importantly, it lets me know who is distributing my name to whom, and when.
I have a host alias tracker.xeger.net. Mail sent to any address @tracker.xeger.net is subjected to extra-bitchy filters, and mail that makes the cut is forwarded to one of my normal mail accounts, address intact.
Whenever I go to a new web site, or give my email address out to anyone, I give them an address of the form 'domain_dom@tracker.xeger.net'. CNN gets 'cnn_com@tracker.xeger.net'; Amazon gets 'amazon_com@tracker.xeger.net' and so forth. When the spam comes rolling in, I know from whence it came. I know how they got my mail address. And I know who to hunt down and disembowel.
To this date, I have been solely responsible for more than 200 cancelled accounts and at least two blacklistings. The count goes up daily.
Herley-Metraplex has this to say about their fine orange-boxed Hybrid Data Measurement System:
"Integrates signal conditioning, calibration, analog and digital multiplexing, avionics bus monitoring, PCM encoding, and many other functions into one compact rugged package."
What we have here is a box that will sample a number of analog signals (up to 32 of them) and encode them into PCM digital signals.
Together with a commutator, the orange box would have been used to relay telemetry signals via radio from an ICBM, aircraft, kayak, bicycle or other craft, to patient listeners. A decommutator such as yours would decode the telemetry stream and some sort of display hardware (such as a computer) would interpret the telemetry, and produce photogenic graphs and charts for the pleasure of onlooking engineers with buzzcuts and pocket protectors.
Although it's distinctly possible that your boxes could have been used in an ICBM, they could also have been used in any other vehicle that incorporates electronics or cybernetic control systems. Aerospace is, however, the field where you'll find most of these vehicles. Have you checked to see if the boxes glow in the dark? That's always a good tell-tale sign of ICBM involvement. =]
PCM, as many Slashdotters know, stands for "pulse code modulation" and is the encoding technique used natively by your sound card. Your sound card is a fancy digital-to-analog converter whose job is to take PCM waveforms and convert them back into an analog signal which drives a speaker. The speaker vibrates, and out comes music, or speech, or whatnot.
On a somewhat related note--have you ever (by accident or on purpose) conducted a websearch for something that doesn't *really* exist...and found it anyway?
I discovered this phenomenon the other morning. Here are some examples of things I've found that don't exist:
From what I understand, the display is a flat-panel LCD which spins rapidly. Assuming this is so, this display has a major limitation: it can't be viewed from overhead! As you move your head from the horizontal (head-on) aspect, the display will become increasingly distorted, until you're looking directly down at the display, at which point it won't be showing much of anything. Yech!
An interesting idea. In fact, one might propose that we simply create a hemispherically-shaped LCD display with the pixels on the outside, and then use it to display graphics with a 360 degree field of view.
This would be a perfect application of lumigraph technology. A lumigraph is a departure from traditional 3D rendering techniques. It can be thought of as a function which perfectly encodes the light transfer characteristics of an object. Once you have computed the lumigraph function for an object (or a scene), you can say "Give me the color I will see if I'm looking at it from such-and-such vantage point, at such-and-such distance." So, refreshing our hypothetical hemispherical LCD would be as simple as evaluating the lumigraph function for the scene across its surface.
There are a lot of mathematical and engineering problems for this approach--it's damned hard to compute those functions to begin with, and probably not feasible to express a changing scene in terms of its lumigraph function.
Ah, yes, I was waiting for someone to make the connection. :)
IMO, that's actually the way to go. We're getting closer all the time to understanding the visual cortex, and it seems a dreadful waste of resources to use a brute-force mechanical display solution when you could simply render an entire scene directly into someone's field of vision by talking to his optic nerve.
Unfortunately, the technology to do that safely and cheaply is probably 70-100 years distant, and there will always be people who don't feel comfortable with it, are allergic to whatever implants they develop, etc.
Unless someone figures out a noninvasive method for doing it, like in Gibson's short, there will probably always be a market for volumetric displays, just as there will always be a market for 2D displays. The two types of display are as fundamentally different as pencils and calligraphy pens.
The main drawback of Actuality's approach is the rapidly spinning screen. It occurs to me that this same technology isn't all too far from being implemented with immobile, solid-state electronics.
Picture this: a hemisphere of acrylic, crystal or some other clear material, impregnated with millions tiny triplets of red/green/blue light-emitting polymer. The control circuitry for the LEP "pixels" runs vertically throughout the display and is made of the thinnest wires possible, to avoid obscuring any light from escaping the display. (Perhaps the control circuitry is fiber optic, or perhaps it's made of some sort of electrically conductive crystal.)
The display works on the same principal as an Actuality display--only instead of a rotating screen, we do everything logically, sweeping radially around the display and illuminating all the pixels that lie on a given plane or "slice" at the same time, with the proper colors.
This approach would use far less energy than an Actuality display, would have a beautifully high refresh rate, and would have better brightness and clarity.
It might even be possible to get the light-emitting polymer to emit light of a certain polarity, and coat the surface of the display with a material that is polarized so that at any point on the display's outer surface, the only light allowed to pass directly through that point is light that was emitted in phase with the "slice" which runs approximately parallel to the tangent of that point. Don't despair if this sounds like gibberish. What it comes down to is an ultra-crisp display and ludicrously high refresh rates.
The polarized-light technology is probably impractical, but we should have the manufacturing technology for the basic display within 20 years, maybe sooner if this nanotechnology hype ever goes anywhere.
All 2-dimensional and most 3-dimensional display technologies are designed with a single user in mind, viewing the display from one vantage point. While this is fine as long as the user (or small group of users) are performing first-person tasks such as writing a paper, browsing the web, or running around killing people with a rocket launcher.
The moment one tries to bring more than one vantage point into perspective, however, the limitations of a flat display make themselves known. Ever noticed how hard it is to achieve really good results with a 3D modelling package? Ever tried to visualize a complex relationship between dozens or hundreds of objects in 3 dimensional space? It's damned hard using today's display technology.
While demand for these displays will be small at first, it will rapidly grow as they become bigger and cheaper. The first widescale application might well be a third-person an arcade, for example a "model flight sim" where two players sit at a table and dogfight with miniature planes flying in the airspace above the table.
From there, the possibilities are limitless: interactive digital theater in the round; architecture, interior design; and landscaping; there are hundreds of awesome applications for this new toy!
It's only disadvantage is the fact that it is, at heart, a giant moving part. So it will tend to be bulky, power hungry, break down frequently and not like vibrations or drops.
Keep in mind that even on an ordinary monitor, the "polygon-style display" you see is really composed of millions of little pixels. A volumetric display uses the same raster scan methodology, only in 3 dimensions, hence we get voxels instead of pixels. In terms of how the voxel display is rendered, I imagine it undergoes a process analogous to 2D rendering. The difference is that once the polygons have been transformed into camera space, instead of projecting them into 2-dimensional screen space and then rasterizing them into a 2-dimensional memory buffer, the polygons are simply rasterized into a 3-dimensional memory buffer which is used to drive the volumetric display's refresh.