If they don't post a lot of minor stuff the activity percentile drops like a rock on sourceforge. I don't agree with this, I feel that a CVS ci should have a reasonable chance at running on a typical machine. I'm not saying that every command combination needs to be checked, but it should reasonably work.
Everday people get realy turned off if they co the latest and greatest from CVS and the program doesn't even compile, or segfaults on first try. It makes OSs developers look real unprofessional.
It used to be that a even minor number on the kernal was considered stable, and at least was in beta status. I guess that that is out-the-window now. I can't figure out why both Linus and AC are working on 2.4, I thought Linus was supossed to jump from 2.3 to 2.5, when 2.3 was stable enough to become 2.4, then 2.4 versions increments were little details that turned up during more widespread usage, and features from 2.5 that became stable enough.
Actualy High Frontier proposed a weapon, the Thor system composed of 250KG iron impactors that would strike the surface of the Earth at 17,500 MPH with devistating results similar to a tactical Nuc. These space-borne weapons are of course illeagal, and never worked on. You realy wouldn't wish that kind of devistation on the Afgans, most of wish just wish to be left alone would you?
The rest of their proposals became the Stratigic Defense Initiative, which arguably was part of the reason that the Soviet Union collapsed.
Several people have suggested that we post the licenses that we have turned down, and explain just why they don't comply with the Open Source Definition. We don't want to discourage people from submitting licenses, knowing that their license might be held up for public notice.
Why not hold them up to public inspection, show why a license was turned down, and what the implications of the offending clauses were.
If they archive the communications with the license authors, it may be usefull to show what the real intent of the authors was down the road in case of disputes. In a world where the shrink-wrapped you gotta agree to it before you even see it license reins supreme, I'd find this refreshing
Just before a physics test my TI crapped out so the instructor, a MIT grad lent me his HP (model numbers evade me right now), after a slow start I got the hang of it and passed the test.
Much of what we think is cool is because of the calculators wars, without them the TI wouldn't be as good as they are today, and your PC might not exisist. Intel's 8008 was designed to be a calculator chip to replace the 4004. HP was designed for scientists and engineers, and personaly I think that much of their sucess in computers, was based on their reputation started with calculators and instrumentaion. They may rue the day they killed the calculators yet.
RPN does grow on you, but then I think LISP is cool too.
Maybe I'm a dunderhead but I didn't see anything funny at MSN.com using netscape 4.77 in linux. The head page came up OK, looked like crap, it's IE optimized but it's their world. I didn't try to sign in, don't know my passworld or UID do to passport signin years ago. Guess that one bit'em in the kester.
I use and like KDE but they can get political and huffy themselves. I'm sure that their's more to than we know.
The FT site is kind of lame, it self-certified for SSL in products, kinda feels like a "blue smoke and mirrors" biz plan as they have no products for sale under products, not even get you free soft-ware CD for $15.95 shipping and handeling!
my crystal ball says' Daniel M. Duley got in a tiff and the boot over some silly political/ego thing. Afterwards though "OMG I gotta eat, pay rent ect." and took the first thing that came by and didn't even do basic research on the hiring company'.
I guess this is a natural progression, of the dotCOM BS biz plan; know that the VC's are to smart for'em, they start working on programmers; weaqther this applies to Future Technologies remains to be seen.
Its gotten to the point in Linux that there are too many file systems, how many jornalizing file systems are necessary. Actualy I think one is enough, there comes a time when its best for all to take the best features of the herd and start integrating them.
1 I want to Work not run exotic diagnostic programs on other peoples software.
2 I concidered the disk writing dialog disapearing after the program finished writting to the Disk buffer but before the floppy was written to, to be the first indication that Windows 95® had a problem.
This is exactly the kind of thing that the topic is talking about error and exception handling, if you can't anticipate a common user error and make your software robust enough to handle it, then your reputation is going to suffer.
you should at least be able to hit cancel, cleanout a couple 100Mb of GoatPorn and resave with out lossing anything except your patience.
If the program crashes, losses all of your work and corrupts the OS, at least others can use your program as an bad example.Actualy I remember when a 1.44 MB floppy was big and fast compared to a 1500 baud cassette tape for storage.
Try explaining the code to the receptionist at you Dentist's office, can you do it? if not maybe you don't realy understand it your self. Many problems in personal programming projects of mine were solved by explaining it to my wife. People like these tend to ask stupid questions, which generaly point out your stupid assumptions.
If the code is too hard to explain, its probably too complicated. If its too complicated its probably slow and buggy to. One thing I hate is a lot of OSS projects require certain libraries that are un available. After developement it helps to test them on a plain vanilla distro w/o a bunch of develoment libs just to see if they still work and if the required libs can be installed without breaking the rest of the system.
cool, the only other thing I've ever heard it used in is ratheon's Patriot missile. I all ways wondered what new capabilites could be added if they upgraded the msl to a 386, those 80186's must be getting hard to purchase anyways.
My Wife was absolutely terrified of wiping out something important when using Windows 95® click something in the wrong combination and the whole thing crashes corrupted files and all of that sort of thing. In Linux after telling her, that she was insultated from my stuff and important system files she actualy got brave enough to use the system.
It didn't take long for her to learn her way around enough to use it as well as most windows users ever learn to use Windows. You should see her reaction now when she has to wait for checkfile in windows after a crash, knowing that in Linux she can just punch the power button and ReiserFS just mounts next time like nothing strange happened.
Also I've noticed that I have less trouble installing new hardware and getting it working in Linux than I do in Windows 95.
each step was somewhat a logical progression. Now we have Pentium's pentium II, Pentium III and Pentium IV; mix in MMX in some, and Xeon branchings in the Pentium series. So do we say at least a plain Pentium, or Pentium MMX? How about a Pentium II?
Actualy I think Intel should rot in hell for putting the CPU vectors at the top of memory space at 1 Meg and working down instead of the more logical bottom working up.
as a ps the only reason I have a windows partion is to run one win16 application.
No Real Info but my hunch is yes. If I was in charge of NSA/CIA/DoD you'd be able to bet your bottom dollar that I'd have a whole shit pile of zombies in 'puters all around the world, just sleeping like moles in the KGB waiting for the day when a "response in kind" was called for. And with what has been shown by the s'kiddies, it wouldn't be hard to do.
Remember back to Desert Storm, DoD planted a virus in some Iraqi printers. I don't think the USG forgot that one, and that's just what we know about. How hard would it be, especialy if SSSCA is passed to plant a back-door in everything conntected to the net?
Also I think the other guys are doing the same, and the worst is yet to come.If your a NSA agent and you guys aren't already doing this, get a clue and start As far as using my computer "I'd rather be pissed off than pissed on" at least you retain "plausable denialability" using mine. I can't even imagine how many vulnerable machines are in Asia because you don't want to go to Microsoft to get patches when you're running a bootleg copy of Windows.
I'd guess that someone in USG,Unites States Government, is realy pissed that so much DDoS's are going on, they're more interested in collecting information than blocking it right know. Haven't you found some spooky stuff in your server logs? I know the Islamic terrorist hate the internet, as well as TV and radio, it lets people see/hear other view points. Other view points are dangerous to them, errodes their brain-washing. An effective DDoS attack would serve them just find, and if they destroy Microsoft along the way some much the better in their point of veiw.
Of course maybe I'm just paranoid, but being parnoid doesn't mean that everyone isn't out to get you.
I'll bet if an American airline and an el Al airlines flew the same routes at comparable prices, the American airline would be at a serious competative disadvantage right now. Because of past events the el Al takes security matters much more seriously, they go beyond the minimum legislated standards, or they don't fly there.
This is a much fairer analogy to the problem than compairing airlines to bus lines as Microsoft's PR is trying to do. Same minimum standards diferent implimentation
IIS Vs. Apache?
Outlook Vs. Eurdora?
Windows NT/ 2K Security Vs. Unix/Linux Security
Sure Linux/unix isn't perfect, but there is constant improvement, What happens to Microsoft when things like the secure Linux thing the NSA started, starts to come online. I'll tell you what Microsoft have to dump legacy support, the legacy is unsecurable and hamstrings any attempt to provide real security.
Excuse me but I must disagree the NSA/CIA certainly does care about who you slept with, what recreational drugs you do and how you cheated/push a deduction to the limit on your taxes, these are among the many things that make you vulnerable. Both the bad guys and now again the good guys have used blackmail to compromise people and what has worked since history began probalby will continue to do so. Maybe the knowedge, wouldn't be used today, but wait until they think you might be useful to them. Good Guys and Bad Guys are completely interchangable here.
Also in case you haven't noticed, this is a war on terrorism, not a war on a certain group of terrorists, and increasingly they are finding behind all of the terrorists is money and a lot of the money is generated from illegal drugs. Drug cartels work the same way as terrorist orgs, they frequently interact with each other, they have the same infrastuctures, techniques, and sometimes personnel.
Think about this, how do you enumerate a terrorist organisation? Just follow the money, work your way up the food-chain far enough and its difficult to move it as cash. Then the money get laundered and is transferred electronicaly. This is where knowing your vices comes in handy, getting started with the bottom-feeders. Personaly I'd worry more about my banking privacy than my GoatPorn.
I think this change is more a way to legitamize info sharing between the agencies. Once the FBI is officialy in the business, who is going to care which agency actualy installed the box and long as the data slurped up goes to the right place?
The text book answer is to charge up a realy big capacitor, you can get 1 Farad caps now for car stereos. Once its chargege up the Cap is imploded by an explosive charge to give it a realy big boast and when its compressed enough you just throw the switch. The water shoots up pretty good.
The hydrogen/chlorine gas quickly recombines to HydroChloric acid giving a little more propulsion also. BTW the SWAT team ususaly arrives before you get to do it again!
Seriously see Tom Clancy's The Hunt For Red October the sub used magnetoHydrodynamic propulsion
which features? like easy remote bruteforce hacking of user ID's/Passwords and almost trivial escalation to admin privalages?
Maybe Microsoft is starting to pull its head back out into the sunshine. Legacy support often purpetuates legacy bugs/exploits. Personaly, if someone is spending $500K on hardware/software system, the life-blood of the corp isn't have a competant admin on site pretty cheap insurance?
I think that cost had a lot to do with it, but not the costs of hardware, the costs of admin. After hearing the horror stories about how one sales weenie brought NIMDA into a corp network, causing $60K of damage, do you realy think they want an entire plants worth of'em sending babe-of-the-day Emails to each other through the company network?
Who gets sued when some UAW member's kid wants to play Hard^corE^Haxor, an assemby line worker or Ford Motor Companies deep pockets that originaly bought the machine?
And about the lay-off's, my wife work for a Ford Sub, and she gets laid-off regularly. Files for unemp for 3 days to a week then they work tens for a week to get caught back up! Effectively she's laid-off for a week but only misses 4 hours pay, actualy it pretty sweet. Don't know how they count this stuff statisticaly, does this count as a New Un-Employment Claim for the month, once it happened twice in one month.
Most security exploits are local exploits!
on
Linux Kernel Bugs
·
· Score: 2
discounting windows® 9X, which have no security, most exploits are local.
wardial to find the number, peirce firewall ect
bruteforce a user login/password, (OK sometimes thing exploit a localy running server, but most isn't that sexy)
escalate perms to root or admin using the exploit
leave a backdoor for later and cover=tracks on the way out
Maybe this is a little over simplifed, but still its a local exploit, either a login or a server running localy. whats the difference between telnet/ssh over a machine loop, a serial cable/modem dialup, a ethernet, or from the internet, it's still a executing the shell localy.
Actualy NASA uses/used a form of core memory involving plated wires, for non-volatile memory in spacecraft. Seems resonable that fullereens would be stronger than the ferrite materials used in standard core memory, making it easier to make smaller arrays of core.
I agree with you, the exploit code is needed, scientific method demands that experimental results be repeatable. the only question is who needs the code?
If only "certified security professionals" are alowed to see the code and not "hackers" then how is the pro going to know what the "hackers are up to? Getting that information involves blending into that social structure by a little give and take.
Imagine for example a "hacker" discovers an exploit in a popular system and only notifies the software vendor. The patch get posted but without any hackers exploiting it the admins are going to sit on their hands with it rather than risk upseting their production servers. The result is only people who use the exploit will be the software vendors (just protecting their IP) and possibly the Gov (just protecting us from the current set of bad-guys).
Or let everyone know, with every script-kiddy using the exploit the servers get patched a lot quicker, which locks out everyone including Industrial spies, Gov agents foriegn and domestic, the serious hackers and script-kiddies.
Seems like a no brainer, who do you want to hack your system, a kiddy that only wants bragging rights or a real dangerous type like a spy? About a third of these "exploits" are legit networking tools slightly modified anyways. The worms are only the crude highly visible stuff the tip of the iceberg, not as dangerous as the stealthy stuff you don't hear alot about.
What most of these hackers want is respect anyways, like the respect that was conspicously absent by Scott Culp's placing Linux® without the registered Tm between Windows® and Solaris®; both with their registered Tm symbols.
All tho I only complied my own kernal, I still made my own Linux so when Linux is insulted like this I still take it personaly. I was going to tell them about it to, but guess what, their stupid web sites contact page is BROKEN! Yeah right we trust you to fix things without the ability to independently verify it. (I realy tried not to go on a rant honest)
The incomming traffic is mainly getting a directory listings and requesting files, this is by nature small stuff. Look at the top of your web browser you send maybe 100 bytes to request most webpage and the server sends back about 100K.
With file sharing Joe Luser is the server, the RIAA-enforcer program sends Luser a couple hundred bytes and he sends back a couple meg. Blocking them at the firewall doesn't stop the couple 100 from slowing down the pipe, but the effect is minimal unless thousands of requests are made a second. Stoping the couple of Meg going back upstream however has a big effect on speed, especialy considering that most pipes are optimised for download not up load.
Since Joe Luser is probably using Windows, and not going to have a real firewall, he's going to get real angry in no time at all. Windows users typicaly expect their 'puter to respond right now, when the computer is servicing a request that he's not aware of and doesn't respond immediatly to his keyboard or mouse, he thinks it's broken. Sooner or later they are going to realise that its the RIAA that "broke" their mmachine and feel attacked.
In order for them to DDoS your 'puter they are going to have to use a whole bunch of IP addresses "attacking". It doesn't take a rocket scientist to figure out that the next-generation file sharing programs are going to include a throtling mechanism to keep them from sucking up to much bandwidth upstream making the RIAA stratagy un-workable.
Also there is nothing to keep people from putting a small garbage file to attract the RIAA that's only 1 K long, and naming it as if it was a copyright protected work just to confuse them.
that take Poloroid film. real popular with the pro because they can test light and composistion before burning up a lot of expensive 220 film and model time at $100-150 an hour. Immagine trying to rebook some super-model to reshoot because the lighting wasn't right
If they don't post a lot of minor stuff the activity percentile drops like a rock on sourceforge. I don't agree with this, I feel that a CVS ci should have a reasonable chance at running on a typical machine. I'm not saying that every command combination needs to be checked, but it should reasonably work.
Everday people get realy turned off if they co the latest and greatest from CVS and the program doesn't even compile, or segfaults on first try. It makes OSs developers look real unprofessional.
It used to be that a even minor number on the kernal was considered stable, and at least was in beta status. I guess that that is out-the-window now. I can't figure out why both Linus and AC are working on 2.4, I thought Linus was supossed to jump from 2.3 to 2.5, when 2.3 was stable enough to become 2.4, then 2.4 versions increments were little details that turned up during more widespread usage, and features from 2.5 that became stable enough.
Actualy High Frontier proposed a weapon, the Thor system composed of 250KG iron impactors that would strike the surface of the Earth at 17,500 MPH with devistating results similar to a tactical Nuc. These space-borne weapons are of course illeagal, and never worked on. You realy wouldn't wish that kind of devistation on the Afgans, most of wish just wish to be left alone would you?
The rest of their proposals became the Stratigic Defense Initiative, which arguably was part of the reason that the Soviet Union collapsed.
Why not hold them up to public inspection, show why a license was turned down, and what the implications of the offending clauses were. If they archive the communications with the license authors, it may be usefull to show what the real intent of the authors was down the road in case of disputes. In a world where the shrink-wrapped you gotta agree to it before you even see it license reins supreme, I'd find this refreshing
Just before a physics test my TI crapped out so the instructor, a MIT grad lent me his HP (model numbers evade me right now), after a slow start I got the hang of it and passed the test.
Much of what we think is cool is because of the calculators wars, without them the TI wouldn't be as good as they are today, and your PC might not exisist. Intel's 8008 was designed to be a calculator chip to replace the 4004. HP was designed for scientists and engineers, and personaly I think that much of their sucess in computers, was based on their reputation started with calculators and instrumentaion. They may rue the day they killed the calculators yet.
RPN does grow on you, but then I think LISP is cool too.
Maybe I'm a dunderhead but I didn't see anything funny at MSN.com using netscape 4.77 in linux. The head page came up OK, looked like crap, it's IE optimized but it's their world. I didn't try to sign in, don't know my passworld or UID do to passport signin years ago. Guess that one bit'em in the kester.
I use and like KDE but they can get political and huffy themselves. I'm sure that their's more to than we know.
The FT site is kind of lame, it self-certified for SSL in products, kinda feels like a "blue smoke and mirrors" biz plan as they have no products for sale under products, not even get you free soft-ware CD for $15.95 shipping and handeling!
my crystal ball says' Daniel M. Duley got in a tiff and the boot over some silly political/ego thing. Afterwards though "OMG I gotta eat, pay rent ect." and took the first thing that came by and didn't even do basic research on the hiring company'.
I guess this is a natural progression, of the dotCOM BS biz plan; know that the VC's are to smart for'em, they start working on programmers; weaqther this applies to Future Technologies remains to be seen.
Its gotten to the point in Linux that there are too many file systems, how many jornalizing file systems are necessary. Actualy I think one is enough, there comes a time when its best for all to take the best features of the herd and start integrating them.
1 I want to Work not run exotic diagnostic programs on other peoples software.
2 I concidered the disk writing dialog disapearing after the program finished writting to the Disk buffer but before the floppy was written to, to be the first indication that Windows 95® had a problem.
This is exactly the kind of thing that the topic is talking about error and exception handling, if you can't anticipate a common user error and make your software robust enough to handle it, then your reputation is going to suffer.
you should at least be able to hit cancel, cleanout a couple 100Mb of GoatPorn and resave with out lossing anything except your patience.
If the program crashes, losses all of your work and corrupts the OS, at least others can use your program as an bad example.Actualy I remember when a 1.44 MB floppy was big and fast compared to a 1500 baud cassette tape for storage.
Try explaining the code to the receptionist at you Dentist's office, can you do it? if not maybe you don't realy understand it your self. Many problems in personal programming projects of mine were solved by explaining it to my wife. People like these tend to ask stupid questions, which generaly point out your stupid assumptions.
If the code is too hard to explain, its probably too complicated. If its too complicated its probably slow and buggy to. One thing I hate is a lot of OSS projects require certain libraries that are un available. After developement it helps to test them on a plain vanilla distro w/o a bunch of develoment libs just to see if they still work and if the required libs can be installed without breaking the rest of the system.
cool, the only other thing I've ever heard it used in is ratheon's Patriot missile. I all ways wondered what new capabilites could be added if they upgraded the msl to a 386, those 80186's must be getting hard to purchase anyways.
My Wife was absolutely terrified of wiping out something important when using Windows 95® click something in the wrong combination and the whole thing crashes corrupted files and all of that sort of thing. In Linux after telling her, that she was insultated from my stuff and important system files she actualy got brave enough to use the system.
It didn't take long for her to learn her way around enough to use it as well as most windows users ever learn to use Windows. You should see her reaction now when she has to wait for checkfile in windows after a crash, knowing that in Linux she can just punch the power button and ReiserFS just mounts next time like nothing strange happened.
Also I've noticed that I have less trouble installing new hardware and getting it working in Linux than I do in Windows 95.
- 4004 [4 bit word]
- 8008 [8 bit word]
- 8080 [8 bit word]
- 8085/8086/8087 and 8088
- 80186 (Loser)
- 80286
- 80386/80387
- 80486 sx/dx
each step was somewhat a logical progression. Now we have Pentium's pentium II, Pentium III and Pentium IV; mix in MMX in some, and Xeon branchings in the Pentium series. So do we say at least a plain Pentium, or Pentium MMX? How about a Pentium II?Actualy I think Intel should rot in hell for putting the CPU vectors at the top of memory space at 1 Meg and working down instead of the more logical bottom working up.
as a ps the only reason I have a windows partion is to run one win16 application.
No Real Info but my hunch is yes. If I was in charge of NSA/CIA/DoD you'd be able to bet your bottom dollar that I'd have a whole shit pile of zombies in 'puters all around the world, just sleeping like moles in the KGB waiting for the day when a "response in kind" was called for. And with what has been shown by the s'kiddies, it wouldn't be hard to do.
Remember back to Desert Storm, DoD planted a virus in some Iraqi printers. I don't think the USG forgot that one, and that's just what we know about. How hard would it be, especialy if SSSCA is passed to plant a back-door in everything conntected to the net?
Also I think the other guys are doing the same, and the worst is yet to come.If your a NSA agent and you guys aren't already doing this, get a clue and start As far as using my computer "I'd rather be pissed off than pissed on" at least you retain "plausable denialability" using mine. I can't even imagine how many vulnerable machines are in Asia because you don't want to go to Microsoft to get patches when you're running a bootleg copy of Windows.
I'd guess that someone in USG,Unites States Government, is realy pissed that so much DDoS's are going on, they're more interested in collecting information than blocking it right know. Haven't you found some spooky stuff in your server logs? I know the Islamic terrorist hate the internet, as well as TV and radio, it lets people see/hear other view points. Other view points are dangerous to them, errodes their brain-washing. An effective DDoS attack would serve them just find, and if they destroy Microsoft along the way some much the better in their point of veiw.
Of course maybe I'm just paranoid, but being parnoid doesn't mean that everyone isn't out to get you.
Just tell them "Shit, wonder who hacked the router, No wonder the pipe was so slow. We want a partial refund for lost bandwith..."
I'll bet if an American airline and an el Al airlines flew the same routes at comparable prices, the American airline would be at a serious competative disadvantage right now. Because of past events the el Al takes security matters much more seriously, they go beyond the minimum legislated standards, or they don't fly there.
This is a much fairer analogy to the problem than compairing airlines to bus lines as Microsoft's PR is trying to do. Same minimum standards diferent implimentation
IIS Vs. Apache?
Outlook Vs. Eurdora?
Windows NT/ 2K Security Vs. Unix/Linux Security
Sure Linux/unix isn't perfect, but there is constant improvement, What happens to Microsoft when things like the secure Linux thing the NSA started, starts to come online. I'll tell you what Microsoft have to dump legacy support, the legacy is unsecurable and hamstrings any attempt to provide real security.
Excuse me but I must disagree the NSA/CIA certainly does care about who you slept with, what recreational drugs you do and how you cheated/push a deduction to the limit on your taxes, these are among the many things that make you vulnerable. Both the bad guys and now again the good guys have used blackmail to compromise people and what has worked since history began probalby will continue to do so. Maybe the knowedge, wouldn't be used today, but wait until they think you might be useful to them. Good Guys and Bad Guys are completely interchangable here.
Also in case you haven't noticed, this is a war on terrorism, not a war on a certain group of terrorists, and increasingly they are finding behind all of the terrorists is money and a lot of the money is generated from illegal drugs. Drug cartels work the same way as terrorist orgs, they frequently interact with each other, they have the same infrastuctures, techniques, and sometimes personnel.
Think about this, how do you enumerate a terrorist organisation? Just follow the money, work your way up the food-chain far enough and its difficult to move it as cash. Then the money get laundered and is transferred electronicaly. This is where knowing your vices comes in handy, getting started with the bottom-feeders. Personaly I'd worry more about my banking privacy than my GoatPorn.
I think this change is more a way to legitamize info sharing between the agencies. Once the FBI is officialy in the business, who is going to care which agency actualy installed the box and long as the data slurped up goes to the right place?
The text book answer is to charge up a realy big capacitor, you can get 1 Farad caps now for car stereos. Once its chargege up the Cap is imploded by an explosive charge to give it a realy big boast and when its compressed enough you just throw the switch. The water shoots up pretty good.
The hydrogen/chlorine gas quickly recombines to HydroChloric acid giving a little more propulsion also. BTW the SWAT team ususaly arrives before you get to do it again!
Seriously see Tom Clancy's The Hunt For Red October the sub used magnetoHydrodynamic propulsion
which features? like easy remote bruteforce hacking of user ID's/Passwords and almost trivial escalation to admin privalages?
Maybe Microsoft is starting to pull its head back out into the sunshine. Legacy support often purpetuates legacy bugs/exploits. Personaly, if someone is spending $500K on hardware/software system, the life-blood of the corp isn't have a competant admin on site pretty cheap insurance?
I think that cost had a lot to do with it, but not the costs of hardware, the costs of admin. After hearing the horror stories about how one sales weenie brought NIMDA into a corp network, causing $60K of damage, do you realy think they want an entire plants worth of'em sending babe-of-the-day Emails to each other through the company network?
Who gets sued when some UAW member's kid wants to play Hard^corE^Haxor, an assemby line worker or Ford Motor Companies deep pockets that originaly bought the machine?
And about the lay-off's, my wife work for a Ford Sub, and she gets laid-off regularly. Files for unemp for 3 days to a week then they work tens for a week to get caught back up! Effectively she's laid-off for a week but only misses 4 hours pay, actualy it pretty sweet. Don't know how they count this stuff statisticaly, does this count as a New Un-Employment Claim for the month, once it happened twice in one month.
Maybe this is a little over simplifed, but still its a local exploit, either a login or a server running localy. whats the difference between telnet/ssh over a machine loop, a serial cable/modem dialup, a ethernet, or from the internet, it's still a executing the shell localy.
Actualy NASA uses/used a form of core memory involving plated wires, for non-volatile memory in spacecraft. Seems resonable that fullereens would be stronger than the ferrite materials used in standard core memory, making it easier to make smaller arrays of core.
Imagine for example a "hacker" discovers an exploit in a popular system and only notifies the software vendor. The patch get posted but without any hackers exploiting it the admins are going to sit on their hands with it rather than risk upseting their production servers. The result is only people who use the exploit will be the software vendors (just protecting their IP) and possibly the Gov (just protecting us from the current set of bad-guys).
Seems like a no brainer, who do you want to hack your system, a kiddy that only wants bragging rights or a real dangerous type like a spy? About a third of these "exploits" are legit networking tools slightly modified anyways. The worms are only the crude highly visible stuff the tip of the iceberg, not as dangerous as the stealthy stuff you don't hear alot about.
What most of these hackers want is respect anyways, like the respect that was conspicously absent by Scott Culp's placing Linux® without the registered Tm between Windows® and Solaris®; both with their registered Tm symbols.
All tho I only complied my own kernal, I still made my own Linux so when Linux is insulted like this I still take it personaly. I was going to tell them about it to, but guess what, their stupid web sites contact page is BROKEN ! Yeah right we trust you to fix things without the ability to independently verify it. (I realy tried not to go on a rant honest)
The incomming traffic is mainly getting a directory listings and requesting files, this is by nature small stuff. Look at the top of your web browser you send maybe 100 bytes to request most webpage and the server sends back about 100K.
With file sharing Joe Luser is the server, the RIAA-enforcer program sends Luser a couple hundred bytes and he sends back a couple meg. Blocking them at the firewall doesn't stop the couple 100 from slowing down the pipe, but the effect is minimal unless thousands of requests are made a second. Stoping the couple of Meg going back upstream however has a big effect on speed, especialy considering that most pipes are optimised for download not up load.
Since Joe Luser is probably using Windows, and not going to have a real firewall, he's going to get real angry in no time at all. Windows users typicaly expect their 'puter to respond right now, when the computer is servicing a request that he's not aware of and doesn't respond immediatly to his keyboard or mouse, he thinks it's broken. Sooner or later they are going to realise that its the RIAA that "broke" their mmachine and feel attacked.
In order for them to DDoS your 'puter they are going to have to use a whole bunch of IP addresses "attacking". It doesn't take a rocket scientist to figure out that the next-generation file sharing programs are going to include a throtling mechanism to keep them from sucking up to much bandwidth upstream making the RIAA stratagy un-workable.
Also there is nothing to keep people from putting a small garbage file to attract the RIAA that's only 1 K long, and naming it as if it was a copyright protected work just to confuse them.
that take Poloroid film. real popular with the pro because they can test light and composistion before burning up a lot of expensive 220 film and model time at $100-150 an hour. Immagine trying to rebook some super-model to reshoot because the lighting wasn't right