I haven't thought long or hard about this, and I'm no librarian, but I don't mind so much that my library segregates the scifi.
My reasoning: When I was a kid, say, from 4th to 9th grade, I think I read every book on the shelf in my hometown library's scifi section. I certainly read a lot more because of that classification than I would have if I'd no way to find out that Asimov, Dick, and Zelzany were worth my time.
Actually, I've never read anything by Zelzany, but I had to pick a scifi author with a Z name to make my point that the Fiction stacks were too long.
The and the previous review The Confusion really brought out the haters of Quicksilver.
I appear to be a somewhat atypical Stephenson reader. I've read Zodiac, Snow Crash, Cryptonomicon, and Quicksilver. Of those I thought Snow Crash was the weakest - many readers seem to think that was his pinnacle. I enjoyed the pulpy Cryptonomicon; I thought Quicksilver was a great book.
So, I'm running up a quick list of what's good about Quicksilver. Be clear that I don't own the book, I returned the library's copy 6 months ago, and I have a poor memory. Mild spoilers inside.
- How about Papa (Drake) Waterhouse? The guy has most of his facial features removed but lives on for years, successfully, to go on and die in a glorious explosion?
- And more gross outs: Newton coming to understand lenses by sticking a rod into his socket and changing the shape of his eye; The live dog dissections; the ever-present 'Barber-Surgeons' with their quick amputations.
- I found the opening scene, in Boston, to be captivating. I know I'm a sucker for anything set in that city, but I loved the description, the revealing of characters, Daniel's internal dialog (like his risk assessment of when to reveal his weapons), and the goofy Harvard boys.
- So many of the characters had interesting backstories. How about the Shaftoe boy's childhood occupation of execution acceleration? How about 'Half-cocked'?
- One more aside that sticks in my head - when Jack realizes that farrier and the french for horseshoe share a common root, meaning that somehow english and England had been influenced by french and the French.
And on a grander scale, he accomplishes two literary feats: first, the slow merging of two stories that start out totally separate; second, the illustration of commonalities between his characters of several hundred years ago and his modern readers.
A common complaint of the book seems to be its length. So what? It could be shorter, but nearly any fiction can be abridged. Its length allows it to, as I stated above, slowly merge two seperate stories, develop at least 5 main characters (so far), and cover at least 50 years.
Maybe all the dislike will mean fewer people will be in line ahead of me to borrow The Confusion at the library....
Re:Given Uganda's high AIDS infection rates...
on
Computers for Uganda?
·
· Score: 2, Informative
Some info about HIV treatment in Uganda (a good friend is a US MD who is in a program that runs an HIV clinic there).
o Uganda is one of the few (and I believe the first in Africa) to DECREASE the spread of HIV.
o Heterosexual sex was responsible for a majority of the spread of HIV in Uganda.
o The HIV infection rate in Uganda is now around 5% - it's decreasing, it was 8% before 2000.
o Uganda is about 15% Muslim (only passingly relevant)
o Uganda brought the HIV infection rate under control by education (safer sex, which certainly includes abstinance) funded by the World Bank, which isn't Christian (or Masonic, no matter what the tin foil hat tells you).
So, HIV is not a 'gay disease' in Uganda, and it was brought under control by state, not religious, programs.
Although I think it blows when taxes finance the stadiums, at least with baseball it'll get about 70 uses a year. The worst is tax-finaced football stadiums - 8 games a year??!
Anyway, the umps make a decent amount, but two points: 1) Their job is difficult, in that they travel for half the year and have thousands of people screaming bloody murder at them every night 2) Although their salaries are nowhere near basball players, if they aren't at least making above the median for an USian/Canadian professional they'd get even less respect from the players and coaches.
And 3), it's MLB's money. Better to an ump than that jackass from Milwaukee.
Who is this 'someone'? And how can they take something that another entity owns? These class A assignments came well before IANA and whoever doled out/24s to whoever could figure out a SWIP.
Class A and B owners shouldn't have to move to 'private' (RFC1918) address space. 1918 space used in a one-to-many NAT is a hack that breaks end-to-end. IPv6 maintains e2e and is preferable. I'm sitting on a huge network numbered out of RFC1918 right now, which is a pain in the balls.
And while I'm soapboxing, although 'security' (broken e2e) is a side-effect of NAT it's not a reason for NAT. One could be just as secure with a properly configured firewall, and (all together now) not break e2e.
Wow, I can't cut or copy out of the reporting client. Anyway, a list of domains to block should include what I have below. I haven't modified this for a couple months, so I'm sure there are new offenders.
Ideally, you don't do this on your PIX, but on your web proxy (you don't allow unauthenticated unproxied web browsing do you?) - a lot of DNS lookups could seriously impair your firewall. Also, I got better performance by noting and including all the subdomains below (like http://hotbar.com and http://www.hotbar.com) BEFORE anything with a wildcard. If it matches on an explicited domain and doesn't drop down to one of the wildcards you save processor work.
I asked myself the same question a few months ago - creating a blacklist for squid - and couldn't find a good resource. I grabbed the hostfile that came with spybot and started with that - I found that about 10 domain names account for 90% of the spyware out there.
The list itself is at the office, but maybe I'll reply to myself tomorrow.
_This_ explains why RHN has been so crappy today. The sendmail update is available through RHN up2date today, and the servers have been slammed, it's been cutting off my connection. It seems likely that it's from the RH9 load. Crap!
A-ha! More info posted to NTBugtraq (after my original posting..)
Quote: Just to clarify, Microsoft's bulletin states that this vulnerability could have been prevented using URLScan and/or IISLockdown, but it isn't really specific on how to do this. Several people have asked me how this can be done.
The following steps can be used to block the attack:
1. Completely disable WebDAV by setting the HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\ Param eters\DisableWebDAV registry key to 1
2. Limit the length of requests (the url and any headers) by setting the HKLM\SYSTEM\CurrentControlSet\Services\w3svc\param eters MaxClientRequestBuffer to something like 16k
3. Block the following WebDAV HTTP verbs using URLScan (either by specifically blocking them or by not listing them as allowed): OPTIONS, PROPFIND, PROPPATCH, MKCOL, DELETE, PUT, COPY, MOVE, LOCK, UNLOCK, OPTIONS, and SEARCH. Note that FrontPage does require the OPTIONS method to work properly.
4. Block the following WebDAV-related headers using the [DenyHeaders] section of URLScan.ini: [DenyHeaders] DAV: Depth: Destina tion: If: Label: Lock-Token: Overwrite: TimeO ut: TimeType: DAVTimeOutVal: Other:
5. If you require WebDAV, you can limit the length of each individual header with these entries in the [RequestLimits] section (The exact values are obviously pretty generic and may need to be increased or decreased based on your particular configuration): [RequestLimits] Max-DAV=250 Max -Depth=250 Max-Destination=250 Max-If=250 Max-L abel=250 Max-Lock-Token=250 Max-Overwrite=250 M ax-TimeOut=250 Max-TimeType=250 Max-DAVTimeOutVa l=250 Max-Other=250
Microsoft does not specifically state which HTTP Verb and/or header is affected, but it does say that it is related to WebDAV. I would therefore assume that setting ACLs on httpext.dll would still be effective in blocking the attack. The PUT and DELETE methods are still available in IIS, but only as part of the original HTTP spec, not part of WebDAV.
I've asked this everywhere, maybe someone will answer.
The MS advisory states that a 'default' URLScan will protect against this. Well... We don't run the default config. We've customized it, as have many shops. I can't find information on _which_ aspects of URLScan provide the protection - I'd like to know if our customizations have left us out in the breeze.
Slashdot Mirror
I've stopped reading cnn.com for that reason.
Ya know, carrying a bumwad into the restroom with you at the office might be a nice way to get the point across.
Wouldn't that paragraph make a good tattoo?
I haven't thought long or hard about this, and I'm no librarian, but I don't mind so much that my library segregates the scifi.
My reasoning: When I was a kid, say, from 4th to 9th grade, I think I read every book on the shelf in my hometown library's scifi section. I certainly read a lot more because of that classification than I would have if I'd no way to find out that Asimov, Dick, and Zelzany were worth my time.
Actually, I've never read anything by Zelzany, but I had to pick a scifi author with a Z name to make my point that the Fiction stacks were too long.
The and the previous review The Confusion really brought out the haters of Quicksilver.
I appear to be a somewhat atypical Stephenson reader. I've read Zodiac, Snow Crash, Cryptonomicon, and Quicksilver. Of those I thought Snow Crash was the weakest - many readers seem to think that was his pinnacle. I enjoyed the pulpy Cryptonomicon; I thought Quicksilver was a great book.
So, I'm running up a quick list of what's good about Quicksilver. Be clear that I don't own the book, I returned the library's copy 6 months ago, and I have a poor memory. Mild spoilers inside.
- How about Papa (Drake) Waterhouse? The guy has most of his facial features removed but lives on for years, successfully, to go on and die in a glorious explosion?
- And more gross outs: Newton coming to understand lenses by sticking a rod into his socket and changing the shape of his eye; The live dog dissections; the ever-present 'Barber-Surgeons' with their quick amputations.
- I found the opening scene, in Boston, to be captivating. I know I'm a sucker for anything set in that city, but I loved the description, the revealing of characters, Daniel's internal dialog (like his risk assessment of when to reveal his weapons), and the goofy Harvard boys.
- So many of the characters had interesting backstories. How about the Shaftoe boy's childhood occupation of execution acceleration? How about 'Half-cocked'?
- One more aside that sticks in my head - when Jack realizes that farrier and the french for horseshoe share a common root, meaning that somehow english and England had been influenced by french and the French.
And on a grander scale, he accomplishes two literary feats: first, the slow merging of two stories that start out totally separate; second, the illustration of commonalities between his characters of several hundred years ago and his modern readers.
A common complaint of the book seems to be its length. So what? It could be shorter, but nearly any fiction can be abridged. Its length allows it to, as I stated above, slowly merge two seperate stories, develop at least 5 main characters (so far), and cover at least 50 years.
Maybe all the dislike will mean fewer people will be in line ahead of me to borrow The Confusion at the library....
Cleveland Heights.
I voted today in greater Cleveland. We had punchcard ballots, which was good, since the power was flickering all afternoon.
More Californians got cancer this year than Rhode Islanders.
Reed -
Please stop trying to spend my money.
Thanks,
-Matt
The computer is not a typewriter.
Some info about HIV treatment in Uganda (a good friend is a US MD who is in a program that runs an HIV clinic there).
o Uganda is one of the few (and I believe the first in Africa) to DECREASE the spread of HIV.
o Heterosexual sex was responsible for a majority of the spread of HIV in Uganda.
o The HIV infection rate in Uganda is now around 5% - it's decreasing, it was 8% before 2000.
o Uganda is about 15% Muslim (only passingly relevant)
o Uganda brought the HIV infection rate under control by education (safer sex, which certainly includes abstinance) funded by the World Bank, which isn't Christian (or Masonic, no matter what the tin foil hat tells you).
So, HIV is not a 'gay disease' in Uganda, and it was brought under control by state, not religious, programs.
Better make sure your buddy's not gay or an atheist first.
Don't give them install rights.
He said 'shake up', but he meant 'shake down', like, "We're going to try to shake down IBM and its customers for some cash".
Although I think it blows when taxes finance the stadiums, at least with baseball it'll get about 70 uses a year. The worst is tax-finaced football stadiums - 8 games a year??!
Anyway, the umps make a decent amount, but two points:
1) Their job is difficult, in that they travel for half the year and have thousands of people screaming bloody murder at them every night
2) Although their salaries are nowhere near basball players, if they aren't at least making above the median for an USian/Canadian professional they'd get even less respect from the players and coaches.
And 3), it's MLB's money. Better to an ump than that jackass from Milwaukee.
But; if you set up snort correctly (on a listening only un-numbered interface in a jail) you weren't vulnerable to either of these vulnerabilities.
Who is this 'someone'? And how can they take something that another entity owns? These class A assignments came well before IANA and whoever doled out /24s to whoever could figure out a SWIP.
Class A and B owners shouldn't have to move to 'private' (RFC1918) address space. 1918 space used in a one-to-many NAT is a hack that breaks end-to-end. IPv6 maintains e2e and is preferable. I'm sitting on a huge network numbered out of RFC1918 right now, which is a pain in the balls.
And while I'm soapboxing, although 'security' (broken e2e) is a side-effect of NAT it's not a reason for NAT. One could be just as secure with a properly configured firewall, and (all together now) not break e2e.
Cascading Style Sheets?
Cross Site Scripting?
No, wait, Closed Source Software!
Wow, I can't cut or copy out of the reporting client. Anyway, a list of domains to block should include what I have below. I haven't modified this for a couple months, so I'm sure there are new offenders.
l op.comi ter.comy bersearch.comy stems.coms ors.com. smartpops.com. *
Ideally, you don't do this on your PIX, but on your web proxy (you don't allow unauthenticated unproxied web browsing do you?) - a lot of DNS lookups could seriously impair your firewall. Also, I got better performance by noting and including all the subdomains below (like http://hotbar.com and http://www.hotbar.com) BEFORE anything with a wildcard. If it matches on an explicited domain and doesn't drop down to one of the wildcards you save processor work.
*.clicktilluwin.com
*.brilliantdigital.com
*.
unitedstates.rub.to
xupiter.com
www.xup
*.firstlook.com
*.passthison.com
*.ezc
*.bonzi.com
*.gator.com
*.comets
*.xupiter.com
*.hotbar.com
*.livecur
*.mycometcursor.com
*.purityscan.com
*
*xww.de
*.new.net
*.cometsystems
Just follow the termination procedure. You do have one, right?
This isn't a termination, of course, but should be handled the same way.
I asked myself the same question a few months ago - creating a blacklist for squid - and couldn't find a good resource. I grabbed the hostfile that came with spybot and started with that - I found that about 10 domain names account for 90% of the spyware out there.
The list itself is at the office, but maybe I'll reply to myself tomorrow.
It's fucking midnight on a friday - what else do you expect?
_This_ explains why RHN has been so crappy today. The sendmail update is available through RHN up2date today, and the servers have been slammed, it's been cutting off my connection. It seems likely that it's from the RH9 load. Crap!
A-ha! More info posted to NTBugtraq (after my original posting..)
\ Param eters\DisableWebDAV
m eters
a tion:O ut:
x -Depth=250L abel=250
M ax-TimeOut=250a l=250
Quote:
Just to clarify, Microsoft's bulletin states that this vulnerability
could have been prevented using URLScan and/or IISLockdown, but it
isn't really specific on how to do this. Several people have asked me
how this can be done.
The following steps can be used to block the attack:
1. Completely disable WebDAV by setting the
HKLM\SYSTEM\CurrentControlSet\Services\W3SVC
registry key to 1
2. Limit the length of requests (the url and any headers) by setting
the HKLM\SYSTEM\CurrentControlSet\Services\w3svc\para
MaxClientRequestBuffer to something like 16k
3. Block the following WebDAV HTTP verbs using URLScan (either by
specifically blocking them or by not listing them as allowed):
OPTIONS, PROPFIND, PROPPATCH, MKCOL, DELETE, PUT, COPY, MOVE, LOCK,
UNLOCK, OPTIONS, and SEARCH. Note that FrontPage does require the
OPTIONS method to work properly.
4. Block the following WebDAV-related headers using the [DenyHeaders]
section of URLScan.ini:
[DenyHeaders]
DAV:
Depth:
Destin
If:
Label:
Lock-Token:
Overwrite:
Time
TimeType:
DAVTimeOutVal:
Other:
5. If you require WebDAV, you can limit the
length of each individual header with these entries in the
[RequestLimits] section (The exact values are obviously pretty
generic and may need to be increased or decreased based on your
particular configuration):
[RequestLimits]
Max-DAV=250
Ma
Max-Destination=250
Max-If=250
Max-
Max-Lock-Token=250
Max-Overwrite=250
Max-TimeType=250
Max-DAVTimeOutV
Max-Other=250
Microsoft does not specifically state which HTTP Verb and/or header
is affected, but it does say that it is related to WebDAV. I would
therefore assume that setting ACLs on httpext.dll would still be
effective in blocking the attack. The PUT and DELETE methods are
still available in IIS, but only as part of the original HTTP spec,
not part of WebDAV.
Mark Burnett
www.iissecurity.info
I've asked this everywhere, maybe someone will answer.
... We don't run the default config. We've customized it, as have many shops. I can't find information on _which_ aspects of URLScan provide the protection - I'd like to know if our customizations have left us out in the breeze.
The MS advisory states that a 'default' URLScan will protect against this. Well
Anyone know?