It is not as hard as you might think. One click on an advertisting link, one visit to an infected web site (and if you were using IE a year ago I would be VERY surprised if you didn't have at least the DSO Exploit registry keys installed on your system; every system I have looked at does), one browser plug-in is all it takes.
Here are 3 parts of a 4-part article from SANS with detailed explanations of how it happens:
Part I - http://isc.sans.org/diary.php?date=2004-07-23 Par t II - http://isc.sans.org/diary.php?date=2004-08-23 Par t III - http://isc.sans.org/diary.php?date=2004-11-04
And that doesn't include any e-mail or graphics exploits.
Ah, one thing I forgot to mention: working with the Registry (at least through W2K) usually requires using both REGEDIT and REGEDT32 - the former for searching and reading the contents of keys, the latter for doing the actual manipulating and changing of security. And REGEDT32 usually works when malware has deliberately malformed the key so REGEDIT can't find it.
Why Microsoft hasn't merged these two apps I don't know. Probably to keep the guru factor high.
Unfortunately, it is a matter of Google + experience (not to say intuition). I have been mucking around with the Windows registry since the REG.DAT file appeared in Windows 3.1 and screwed up all our carefully planned network software deployments.
But the biggest factor is that I am not afraid so screw around with anything, as our employees have been told "if it isn't stored on the server, it isn't being backed up and it is YOUR responsibility". If worse comes to worst I know I can always scrub off the machine and reinstall from scratch in about 3 hours.
Go buy yourself a $200 PIII machine at your local used dealer and practice screwing it up, reinstalling (XP and Windows 2000), and screwing it up again until you are confident. Microsoft systems are not deterministic, in my experience, but they can be understood with practice.
In my opinion, most spyware is easy enough to get rid of using tools like Spybot-S&D, SpySweeper and AdAware. The one category that I've found harder to remove are the ones that embed themselves into the Winsock chain and redirect network features.
Just finished a 3-day trip to disinfect a remote office. My findings were a combination of Ad-Aware, Spybot, and Hijack This would find most spyware, but to actually remove it required multiple reboots into safe mode and manual deletion of registry keys, EXEs, and DLLs. The malware seems to be watching for the scanners to run and spawning new copies of itself whenever you try to remove it.
hat SCO does not own is the intelectual property or the copyright for Unix, as a matter of fact Novell still owns these according to the APA (Asset Prurchase Agreement)>Ohat SCO does not own is the intelectual property or the copyright for Unix, as a matter of fact Novell still owns these according to the APA (Asset Prurchase Agreement)
Actually, I believe that Novell transferred the trademark UNIX(tm) to The Open Group, and that not even TSG has tried to dispute this.
What you see are people very poorly trained in the use of their basic office tools. Yes you can do it in 1/4 of the time it takes *them* to do it in Excel. That's not a limitation of Excel, however. They need to take a class.
I disagree, actually. My post included (although of course you have no way of knowing so) some very sophisticated users of Excel. There are just fundamental limitations of the product - no reflection on Excel or its users, just reality.
That seems somewhat arrogant. I work on the business side of a startup and I don't have time to run SQL queries on my data in order to get at actionable information. Pivot tables are very useful - if for no other reason than I use Excel for data analysis and not a SQL database.
That is funny, because when I seen Finance struggling with pivot tables I can usually take their data, upload it into Oracle, query out the answer they need, and give them the results back for formatting in about 1/4 the time it would take them to calculate the answer in Excel.
Excel is a great tool for certain tasks. Since it is the only data manipulation tool many people know, it gets used for things it really shouldn't.
Funny how the Republicans campaign against "Godless Hollywood which is corrupting our values", and then when elected immediatly rush through legislation which will greatly increase the cultural power of Hollywood and Nashville.
That said, this one is a lock. Expect it to be on the President's desk the week after Thanksgiving.
Again, I don't doubt that there was Microsoft perfidity involved. And that may very well have been the point where Microsoft switched from industry-standard "coopetition" to all-out, go for the jugular brutality.
But I think there was something else involved also: arrogance, self-satisfaction, and lack of responsiveness. By both WordPerfect and Lotus.
Which I think will make it very difficult for Novell to win this one.
I worked for WordPerfect as a Software Tester (Software Quality Engineer) between 1992 and 1994 so I have first-hand knowledge of how slimy Microsoft's competitive tactics were.
Whereas I worked for a company that signed an 8000 seat site license with WordPerfect for the very first version of WordPerfect for Windows (5.1 iirc - we definately had at least one and maybe two releases before the first really widespread one (5.2 again iirc)).
I will grant you that Microsoft probably wasn't playing fair with the APIs, and we suspected as much at the time. But that didn't excuse the utter arrogance combined with total lack of performance that was the WordPerfect corporate sales and support team.
Did I mention that we signed an 8000 seat license? Fairly big in those days, no? And we tested/prototyped it for more than a year. We fed hunderds, if not thousands, of detailed bug reports back to WordPerfect. We asked, pleaded, and begged our sales team to get someone, anyone to look at our bug reports and fix just a few of them.
Maybe QA and development were overwhelmed by Microsoft perfidity, I dunno. I do know that company dumped WordPerfect (and Lotus 1-2-3, which performed similarly) for Microsoft Word and Excel as soon as it could. And most of us who had backed the choice of WordPerfect lost our jobs when the Microsoft-lovers took control.
> Hmm.. they had alot of help from the alpha > design they bought.. however, they managed to > cripple it beyond recognition....
The Itanium and its grandparents at HP were already in production by the time HP bought Compaq (which had previously bought DEC, the creator of the Alpha). HP did reassign many Alpha engineers to Itanium work, but that was widely believed to be a move to no-compete-prevent them from going to Fujitsu and continuing their work on Alpha.
> Alpha? I though you wanted "next generation" > chips, not chips from yesteryear.
The Alpha architecture was 2 to 3 generations ahead of its competitors when it was released. Lack of volume hindered development of its ultimate potential. I suspect that from a standpoint of design philosophy it is still ahead of anything else on the market (ducks while Power advocates throw parts from scrapped PC-RTs).
Intel always claims that Superchip X is built for a niche market - "servers and workstations only" - then crushes the competition by shipping 50,000,000 units to Dell for PCs.
That this strategy didn't work for the Itanium is bad news for Intel.
Does that leave us with ANY next generation chip? Or are we stuck with the x86 architecture until 2020?
Too bad HP killed off the Alpha architecture in favor of Itanium. Maybe they could restart it...
sPh
If you are going to do the big honking announce...
on
Firefox 1.0 Released
·
· Score: 1
If you are going to do the big honking announcement thing you REALLY need to have bandwidth and/or an Akami contract in place ahead of time. Nothing kills enthusiasm like a timeout error, particularly among newcomers and non-technical types.
And if you can't afford that bandwidth, perhaps a staged rollout would have been better? Registered users first, then Slashdotters, then the big "announcement"?
I stayed with Netscape through the disaster years, started using Mozilla at 0.7, and do my best to implement Mozilla (and perhaps soon Firefox) in the corporate environments where I work.
But - until I see some significant donations to The Mozilla Foundations, including some substantial in lieu payments from corps that are using Mozilla or Mozilla technology, I will have serious doubts that Mozilla will last in the long run. Serious cash is needed to fund a serious development effort.
I'm still trying to figure out why the Apollo formula of contractors with Nasa oversight doesn't seem to work anymore.
Two reasons. First, outsourcing requires more and better project managers and technical managers than insourcing. Many organizations learned this to their sorrow in the 1980s; many more are going to learn it around 2006.
Second, the stable of competent contractors that existed in the 1940-1960 time frame is gone. North American, Grumman, McDonnell, dozens of others that could be named have been absorbed into 2-3 borg-like entities. The result is less competition, less choice, less innovation, few places for maverick employees to go, and in the end worse results from outsourcing.
> Doesn't sound like you even read my post. > It doesn't matter how many telecom cables there > are:
Um, I was around when the entire 'net was abuzz due to the release of the USR 2400 baud modem. 100% throughput increase for UUCP! We were in heaven!
And while the alternative links you mention sound nice, they would not and could not replace high-speed telecomm backbones. That is why the backbones came into existance in the first place.
I remember laughing out loud the first time I read that "routes around it" quote. Transatlantic cables don't just appear out of nowhere. The original design of the net was a mesh, but it rapidly got collapsed down to a backbone architecture. There are at most a dozen telecommuncation providers with global connectivity, and governments keep an iron hand around their throats.
That is the problem with Neil Stephenson's "data haven" by the way: what happens when the US sends it cable-cutting submarine over and cuts all the lines leading into that island?
Anyone who didn't see this coming is naive at best.
I am aware of the technical definition of a circuit vs. an IP connection. I am also aware of the saying that every mistake ever made in computing has been made three times: once on mainframes, once on minicomputers, and once on PCs. The entire VoIP industry strikes me as being run by people who not only haven't read the Bell Systems Technical Journal back issues from the 1940s but don't even know those documents (and other Bell technical histories back to the 1900s) even exist.
You must be aware that some of your fans are disappointed with the way you consistently flake out at the end of a really good story. Can you shed some light on your process for ending a novel?
This is not in any way shape or form "flamebait", and the parent should be modded up just to fix that abuse of moderation.
This is in fact a question that many who read Stephenson's work have.
Slashdot Mirror
It is not as hard as you might think. One click on an advertisting link, one visit to an infected web site (and if you were using IE a year ago I would be VERY surprised if you didn't have at least the DSO Exploit registry keys installed on your system; every system I have looked at does), one browser plug-in is all it takes.
r t II - http://isc.sans.org/diary.php?date=2004-08-23r t III - http://isc.sans.org/diary.php?date=2004-11-04
Here are 3 parts of a 4-part article from SANS with detailed explanations of how it happens:
Part I - http://isc.sans.org/diary.php?date=2004-07-23
Pa
Pa
And that doesn't include any e-mail or graphics exploits.
sPh
Ah, one thing I forgot to mention: working with the Registry (at least through W2K) usually requires using both REGEDIT and REGEDT32 - the former for searching and reading the contents of keys, the latter for doing the actual manipulating and changing of security. And REGEDT32 usually works when malware has deliberately malformed the key so REGEDIT can't find it.
Why Microsoft hasn't merged these two apps I don't know. Probably to keep the guru factor high.
sPh
Unfortunately, it is a matter of Google + experience (not to say intuition). I have been mucking around with the Windows registry since the REG.DAT file appeared in Windows 3.1 and screwed up all our carefully planned network software deployments.
But the biggest factor is that I am not afraid so screw around with anything, as our employees have been told "if it isn't stored on the server, it isn't being backed up and it is YOUR responsibility". If worse comes to worst I know I can always scrub off the machine and reinstall from scratch in about 3 hours.
Go buy yourself a $200 PIII machine at your local used dealer and practice screwing it up, reinstalling (XP and Windows 2000), and screwing it up again until you are confident. Microsoft systems are not deterministic, in my experience, but they can be understood with practice.
sPh
sPh
sPh
sPh
Excel is a great tool for certain tasks. Since it is the only data manipulation tool many people know, it gets used for things it really shouldn't.
sPh
Funny how the Republicans campaign against "Godless Hollywood which is corrupting our values", and then when elected immediatly rush through legislation which will greatly increase the cultural power of Hollywood and Nashville.
That said, this one is a lock. Expect it to be on the President's desk the week after Thanksgiving.
sPh
Again, I don't doubt that there was Microsoft perfidity involved. And that may very well have been the point where Microsoft switched from industry-standard "coopetition" to all-out, go for the jugular brutality.
But I think there was something else involved also: arrogance, self-satisfaction, and lack of responsiveness. By both WordPerfect and Lotus.
Which I think will make it very difficult for Novell to win this one.
sPh
I will grant you that Microsoft probably wasn't playing fair with the APIs, and we suspected as much at the time. But that didn't excuse the utter arrogance combined with total lack of performance that was the WordPerfect corporate sales and support team.
Did I mention that we signed an 8000 seat license? Fairly big in those days, no? And we tested/prototyped it for more than a year. We fed hunderds, if not thousands, of detailed bug reports back to WordPerfect. We asked, pleaded, and begged our sales team to get someone, anyone to look at our bug reports and fix just a few of them.
Maybe QA and development were overwhelmed by Microsoft perfidity, I dunno. I do know that company dumped WordPerfect (and Lotus 1-2-3, which performed similarly) for Microsoft Word and Excel as soon as it could. And most of us who had backed the choice of WordPerfect lost our jobs when the Microsoft-lovers took control.
Did I mention that was an 8000 seat license?
sPh
> Maybe someone will resurrect Alpha...
> maybe it's not too late yet.
I believe that the Alpha is still manufactured by Fujitsu but I don't know if their license allows improvements or just static manufacturing.
sPh
> Hmm.. they had alot of help from the alpha
> design they bought.. however, they managed to
> cripple it beyond recognition....
The Itanium and its grandparents at HP were already in production by the time HP bought Compaq (which had previously bought DEC, the creator of the Alpha). HP did reassign many Alpha engineers to Itanium work, but that was widely believed to be a move to no-compete-prevent them from going to Fujitsu and continuing their work on Alpha.
sPh
> Alpha? I though you wanted "next generation"
> chips, not chips from yesteryear.
The Alpha architecture was 2 to 3 generations ahead of its competitors when it was released. Lack of volume hindered development of its ultimate potential. I suspect that from a standpoint of design philosophy it is still ahead of anything else on the market (ducks while Power advocates throw parts from scrapped PC-RTs).
You might want to read up on Alpha a bit.
sPh
> The Itanium was built for a niche market.
Intel always claims that Superchip X is built for a niche market - "servers and workstations only" - then crushes the competition by shipping 50,000,000 units to Dell for PCs.
That this strategy didn't work for the Itanium is bad news for Intel.
sPh
Does that leave us with ANY next generation chip? Or are we stuck with the x86 architecture until 2020?
Too bad HP killed off the Alpha architecture in favor of Itanium. Maybe they could restart it...
sPh
If you are going to do the big honking announcement thing you REALLY need to have bandwidth and/or an Akami contract in place ahead of time. Nothing kills enthusiasm like a timeout error, particularly among newcomers and non-technical types.
And if you can't afford that bandwidth, perhaps a staged rollout would have been better? Registered users first, then Slashdotters, then the big "announcement"?
sPh
More Anni more! yes Yes YES!!!
I stayed with Netscape through the disaster years, started using Mozilla at 0.7, and do my best to implement Mozilla (and perhaps soon Firefox) in the corporate environments where I work.
But - until I see some significant donations to The Mozilla Foundations, including some substantial in lieu payments from corps that are using Mozilla or Mozilla technology, I will have serious doubts that Mozilla will last in the long run. Serious cash is needed to fund a serious development effort.
sPh
Second, the stable of competent contractors that existed in the 1940-1960 time frame is gone. North American, Grumman, McDonnell, dozens of others that could be named have been absorbed into 2-3 borg-like entities. The result is less competition, less choice, less innovation, few places for maverick employees to go, and in the end worse results from outsourcing.
sPh
> Doesn't sound like you even read my post.
> It doesn't matter how many telecom cables there
> are:
Um, I was around when the entire 'net was abuzz due to the release of the USR 2400 baud modem. 100% throughput increase for UUCP! We were in heaven!
And while the alternative links you mention sound nice, they would not and could not replace high-speed telecomm backbones. That is why the backbones came into existance in the first place.
sPh
I used to have a map of all the world's large telecomm cables (post-9/11 I imagine you can't get those anymore). There aren't really very many.
sPh
That is the problem with Neil Stephenson's "data haven" by the way: what happens when the US sends it cable-cutting submarine over and cuts all the lines leading into that island?
Anyone who didn't see this coming is naive at best.
sPh
sPh
> If you had end-to-end, trusted QoS,
> lag would never be noticable.
I think that is called a "circuit".
sPj
This is in fact a question that many who read Stephenson's work have.
sPh